diff --git a/patches/0002-Add-nil-checks-for-sql-database-instance-flattening.patch b/patches/0002-Add-nil-checks-for-sql-database-instance-flattening.patch index d3c7eafc1f..3ce2fc5d75 100644 --- a/patches/0002-Add-nil-checks-for-sql-database-instance-flattening.patch +++ b/patches/0002-Add-nil-checks-for-sql-database-instance-flattening.patch @@ -5,7 +5,7 @@ Subject: [PATCH] Add nil checks for sql database instance flattening diff --git a/google-beta/services/sql/resource_sql_database_instance.go b/google-beta/services/sql/resource_sql_database_instance.go -index 16cc296c2..da372674a 100644 +index a828724b0..196f48c7e 100644 --- a/google-beta/services/sql/resource_sql_database_instance.go +++ b/google-beta/services/sql/resource_sql_database_instance.go @@ -2062,6 +2062,10 @@ func resourceSqlDatabaseInstanceImport(d *schema.ResourceData, meta interface{}) diff --git a/patches/0006-docs-patching.patch b/patches/0006-docs-patching.patch index 758c807d95..98f952cfd6 100644 --- a/patches/0006-docs-patching.patch +++ b/patches/0006-docs-patching.patch @@ -522,12 +522,12 @@ index c3e738686..4ab0fb25d 100644 * `project` - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. diff --git a/website/docs/r/composer_environment.html.markdown b/website/docs/r/composer_environment.html.markdown -index 77abc0296..46bd484a8 100644 +index bc7b99b97..2e32cd9b9 100644 --- a/website/docs/r/composer_environment.html.markdown +++ b/website/docs/r/composer_environment.html.markdown -@@ -32,24 +32,21 @@ To get more information about Environments, see: +@@ -31,24 +31,21 @@ To get more information about Environments, see: + of Airflow, bugfixes, and security updates. We recommend using Cloud Composer 2 or Cloud Composer 3 instead. - -Several special considerations apply to managing Cloud Composer environments -with Terraform: @@ -1611,7 +1611,7 @@ index f18c91533..924ad4cc0 100644
diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown -index 411ac707c..117c575f2 100644 +index 73120a1c1..93f2c3d03 100644 --- a/website/docs/r/container_cluster.html.markdown +++ b/website/docs/r/container_cluster.html.markdown @@ -13,15 +13,12 @@ To get more information about GKE clusters, see: @@ -1702,7 +1702,7 @@ index 411ac707c..117c575f2 100644 release channel, but will not unenroll it. Instead, use the `"UNSPECIFIED"` channel. Structure is [documented below](#nested_release_channel). -@@ -870,8 +888,6 @@ gvnic { +@@ -874,8 +892,6 @@ gvnic { * `guest_accelerator` - (Optional) List of the type and count of accelerator cards attached to the instance. Structure [documented below](#nested_guest_accelerator). @@ -1711,7 +1711,7 @@ index 411ac707c..117c575f2 100644 * `image_type` - (Optional) The image type to use for this node. Note that changing the image type will delete and recreate all nodes in the node pool. -@@ -892,7 +908,7 @@ gvnic { +@@ -896,7 +912,7 @@ gvnic { * `metadata` - (Optional) The metadata key/value pairs assigned to instances in the cluster. From GKE `1.12` onwards, `disable-legacy-endpoints` is set to `true` by the API; if `metadata` is set but that default value is not @@ -1720,7 +1720,7 @@ index 411ac707c..117c575f2 100644 value in your config. * `min_cpu_platform` - (Optional) Minimum CPU platform to be used by this instance. -@@ -917,10 +933,7 @@ gvnic { +@@ -921,10 +937,7 @@ gvnic { See the [official documentation](https://cloud.google.com/kubernetes-engine/docs/concepts/spot-vms) for more information. Defaults to false. @@ -1732,7 +1732,7 @@ index 411ac707c..117c575f2 100644 * `service_account` - (Optional) The service account to be used by the Node VMs. If not specified, the "default" service account is used. -@@ -932,13 +945,14 @@ gvnic { +@@ -936,13 +949,14 @@ gvnic { * `resource_manager_tags` - (Optional) A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found [here](https://cloud.google.com/vpc/docs/tags-firewalls-overview#specifications). A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. `tagKeys/{tag_key_id}=tagValues/{tag_value_id}` 2. `{org_id}/{tag_key_name}={tag_value_name}` 3. `{project_id}/{tag_key_name}={tag_value_name}`. @@ -1754,7 +1754,7 @@ index 411ac707c..117c575f2 100644 * `workload_metadata_config` - (Optional) Metadata configuration to expose to workloads on the node pool. Structure is [documented below](#nested_workload_metadata_config). -@@ -991,6 +1005,20 @@ sole_tenant_config { +@@ -995,6 +1009,20 @@ sole_tenant_config { * `enable_nested_virtualization`- (Optional) Defines whether the instance should have nested virtualization enabled. Defaults to false. @@ -1775,7 +1775,7 @@ index 411ac707c..117c575f2 100644 The `ephemeral_storage_config` block supports: * `local_ssd_count` (Required) - Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage. -@@ -1151,7 +1179,7 @@ for more details. This field only applies to private clusters, when +@@ -1155,7 +1183,7 @@ for more details. This field only applies to private clusters, when * `private_endpoint_subnetwork` - (Optional) Subnetwork in cluster's network where master's endpoint will be provisioned. * `master_global_access_config` (Optional) - Controls cluster master global @@ -1784,7 +1784,7 @@ index 411ac707c..117c575f2 100644 not modify the previously-set value. Structure is [documented below](#nested_master_global_access_config). In addition, the `private_cluster_config` allows access to the following read-only fields: -@@ -1252,9 +1280,9 @@ Enables monitoring and attestation of the boot integrity of the instance. The at +@@ -1256,9 +1284,9 @@ Enables monitoring and attestation of the boot integrity of the instance. The at * `mode` (Required) How to expose the node metadata to the workload running on the node. Accepted values are: @@ -2707,7 +2707,7 @@ index 1e419d9e4..16c9465d2 100644 ## Example Usage diff --git a/website/docs/r/google_project.html.markdown b/website/docs/r/google_project.html.markdown -index 00ee09dc4..304699bf9 100644 +index fff53a4a8..f9dc5f497 100644 --- a/website/docs/r/google_project.html.markdown +++ b/website/docs/r/google_project.html.markdown @@ -11,15 +11,13 @@ Allows creation and management of a Google Cloud Platform project. @@ -2738,11 +2738,11 @@ index 00ee09dc4..304699bf9 100644 See [Google Cloud Billing API Access Control](https://cloud.google.com/billing/docs/how-to/billing-access) for more details. --* `skip_delete` - (Optional) If true, the Terraform resource can be deleted -+* `skip_delete` - (Optional) If true, the resource can be deleted - without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. - - * `labels` - (Optional) A set of key/value label pairs to assign to the project. +-* `skip_delete` - (Optional) If true, the Terraform resource can be deleted without ++* `skip_delete` - (Optional) If true, the resource can be deleted without + deleting the Project via the Google API. `skip_delete` is deprecated and will be + removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` diff --git a/website/docs/r/google_project_iam.html.markdown b/website/docs/r/google_project_iam.html.markdown index 46cae09f8..69b15c96e 100644 --- a/website/docs/r/google_project_iam.html.markdown @@ -3599,7 +3599,7 @@ index 2ac02739f..da87bdaae 100644 The `encryption_config` block supports: diff --git a/website/docs/r/sql_database_instance.html.markdown b/website/docs/r/sql_database_instance.html.markdown -index 429b84d0d..195b61f47 100644 +index da7cc31cf..56e5111f0 100644 --- a/website/docs/r/sql_database_instance.html.markdown +++ b/website/docs/r/sql_database_instance.html.markdown @@ -10,12 +10,12 @@ Creates a new Google SQL Database Instance. For more information, see the [offic @@ -3790,7 +3790,7 @@ index 762e52b5f..e0fd45e24 100644 ## Attributes Reference diff --git a/website/docs/r/storage_bucket_object.html.markdown b/website/docs/r/storage_bucket_object.html.markdown -index 92eec523d..2ecef695c 100644 +index c58c1c856..4278b76f6 100644 --- a/website/docs/r/storage_bucket_object.html.markdown +++ b/website/docs/r/storage_bucket_object.html.markdown @@ -48,7 +48,7 @@ The following arguments are supported: diff --git a/patches/0009-Fix-794-with-an-unconditional-read.patch b/patches/0009-Fix-794-with-an-unconditional-read.patch index 83b53e133c..3929de57c5 100644 --- a/patches/0009-Fix-794-with-an-unconditional-read.patch +++ b/patches/0009-Fix-794-with-an-unconditional-read.patch @@ -5,7 +5,7 @@ Subject: [PATCH] Fix #794 with an unconditional read. diff --git a/google-beta/services/sql/resource_sql_database_instance.go b/google-beta/services/sql/resource_sql_database_instance.go -index da372674a..db76a3d3e 100644 +index 196f48c7e..ae5e9d0c7 100644 --- a/google-beta/services/sql/resource_sql_database_instance.go +++ b/google-beta/services/sql/resource_sql_database_instance.go @@ -1917,10 +1917,11 @@ func resourceSqlDatabaseInstanceUpdate(d *schema.ResourceData, meta interface{}) diff --git a/provider/cmd/pulumi-resource-gcp/bridge-metadata.json b/provider/cmd/pulumi-resource-gcp/bridge-metadata.json index 95bdbbc8c8..f3bdb6f812 100644 --- a/provider/cmd/pulumi-resource-gcp/bridge-metadata.json +++ b/provider/cmd/pulumi-resource-gcp/bridge-metadata.json @@ -493,6 +493,87 @@ } } }, + "google_access_context_manager_service_perimeter_dry_run_egress_policy": { + "current": "gcp:accesscontextmanager/servicePerimeterDryRunEgressPolicy:ServicePerimeterDryRunEgressPolicy", + "majorVersion": 7, + "fields": { + "egress_from": { + "maxItemsOne": true, + "elem": { + "fields": { + "identities": { + "maxItemsOne": false + }, + "sources": { + "maxItemsOne": false + } + } + } + }, + "egress_to": { + "maxItemsOne": true, + "elem": { + "fields": { + "external_resources": { + "maxItemsOne": false + }, + "operations": { + "maxItemsOne": false, + "elem": { + "fields": { + "method_selectors": { + "maxItemsOne": false + } + } + } + }, + "resources": { + "maxItemsOne": false + } + } + } + } + } + }, + "google_access_context_manager_service_perimeter_dry_run_ingress_policy": { + "current": "gcp:accesscontextmanager/servicePerimeterDryRunIngressPolicy:ServicePerimeterDryRunIngressPolicy", + "majorVersion": 7, + "fields": { + "ingress_from": { + "maxItemsOne": true, + "elem": { + "fields": { + "identities": { + "maxItemsOne": false + }, + "sources": { + "maxItemsOne": false + } + } + } + }, + "ingress_to": { + "maxItemsOne": true, + "elem": { + "fields": { + "operations": { + "maxItemsOne": false, + "elem": { + "fields": { + "method_selectors": { + "maxItemsOne": false + } + } + } + }, + "resources": { + "maxItemsOne": false + } + } + } + } + } + }, "google_access_context_manager_service_perimeter_dry_run_resource": { "current": "gcp:accesscontextmanager/servicePerimeterDryRunResource:ServicePerimeterDryRunResource", "majorVersion": 7 @@ -9672,6 +9753,9 @@ } } }, + "auto_provisioning_locations": { + "maxItemsOne": false + }, "resource_limits": { "maxItemsOne": false } @@ -24244,6 +24328,10 @@ "current": "gcp:securitycenter/sourceIamPolicy:SourceIamPolicy", "majorVersion": 7 }, + "google_scc_v2_folder_mute_config": { + "current": "gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig", + "majorVersion": 7 + }, "google_scc_v2_organization_mute_config": { "current": "gcp:securitycenter/v2OrganizationMuteConfig:V2OrganizationMuteConfig", "majorVersion": 7 @@ -24257,6 +24345,48 @@ } } }, + "google_scc_v2_organization_source": { + "current": "gcp:securitycenter/v2OrganizationSource:V2OrganizationSource", + "majorVersion": 7 + }, + "google_scc_v2_organization_source_iam_binding": { + "current": "gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding", + "majorVersion": 7, + "fields": { + "condition": { + "maxItemsOne": true + }, + "members": { + "maxItemsOne": false + } + } + }, + "google_scc_v2_organization_source_iam_member": { + "current": "gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember", + "majorVersion": 7, + "fields": { + "condition": { + "maxItemsOne": true + } + } + }, + "google_scc_v2_organization_source_iam_policy": { + "current": "gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy", + "majorVersion": 7 + }, + "google_scc_v2_project_mute_config": { + "current": "gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig", + "majorVersion": 7 + }, + "google_scc_v2_project_notification_config": { + "current": "gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig", + "majorVersion": 7, + "fields": { + "streaming_config": { + "maxItemsOne": true + } + } + }, "google_secret_manager_secret": { "current": "gcp:secretmanager/secret:Secret", "majorVersion": 7, @@ -29343,6 +29473,9 @@ } } }, + "auto_provisioning_locations": { + "maxItemsOne": false + }, "resource_limits": { "maxItemsOne": false } @@ -31098,6 +31231,10 @@ "current": "gcp:securitycenter/getSourceIamPolicy:getSourceIamPolicy", "majorVersion": 7 }, + "google_scc_v2_organization_source_iam_policy": { + "current": "gcp:securitycenter/getV2OrganizationSourceIamPolicy:getV2OrganizationSourceIamPolicy", + "majorVersion": 7 + }, "google_secret_manager_secret": { "current": "gcp:secretmanager/getSecret:getSecret", "majorVersion": 7, @@ -32904,6 +33041,8 @@ "gcp:accesscontextmanager/gcpUserAccessBinding:GcpUserAccessBinding": 0, "gcp:accesscontextmanager/ingressPolicy:IngressPolicy": 0, "gcp:accesscontextmanager/servicePerimeter:ServicePerimeter": 0, + "gcp:accesscontextmanager/servicePerimeterDryRunEgressPolicy:ServicePerimeterDryRunEgressPolicy": 0, + "gcp:accesscontextmanager/servicePerimeterDryRunIngressPolicy:ServicePerimeterDryRunIngressPolicy": 0, "gcp:accesscontextmanager/servicePerimeterDryRunResource:ServicePerimeterDryRunResource": 0, "gcp:accesscontextmanager/servicePerimeterEgressPolicy:ServicePerimeterEgressPolicy": 0, "gcp:accesscontextmanager/servicePerimeterIngressPolicy:ServicePerimeterIngressPolicy": 0, @@ -33733,8 +33872,15 @@ "gcp:securitycenter/sourceIamBinding:SourceIamBinding": 0, "gcp:securitycenter/sourceIamMember:SourceIamMember": 0, "gcp:securitycenter/sourceIamPolicy:SourceIamPolicy": 0, + "gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig": 0, "gcp:securitycenter/v2OrganizationMuteConfig:V2OrganizationMuteConfig": 0, "gcp:securitycenter/v2OrganizationNotificationConfig:V2OrganizationNotificationConfig": 0, + "gcp:securitycenter/v2OrganizationSource:V2OrganizationSource": 0, + "gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding": 0, + "gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember": 0, + "gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy": 0, + "gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig": 0, + "gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig": 0, "gcp:securityposture/posture:Posture": 0, "gcp:securityposture/postureDeployment:PostureDeployment": 0, "gcp:serviceaccount/account:Account": 0, @@ -34103,6 +34249,7 @@ "gcp:securesourcemanager/getInstanceIamPolicy:getInstanceIamPolicy": 0, "gcp:securesourcemanager/getRepositoryIamPolicy:getRepositoryIamPolicy": 0, "gcp:securitycenter/getSourceIamPolicy:getSourceIamPolicy": 0, + "gcp:securitycenter/getV2OrganizationSourceIamPolicy:getV2OrganizationSourceIamPolicy": 0, "gcp:serviceaccount/getAccount:getAccount": 0, "gcp:serviceaccount/getAccountAccessToken:getAccountAccessToken": 0, "gcp:serviceaccount/getAccountIdToken:getAccountIdToken": 0, diff --git a/provider/cmd/pulumi-resource-gcp/schema.json b/provider/cmd/pulumi-resource-gcp/schema.json index 810132da08..144cbefa32 100644 --- a/provider/cmd/pulumi-resource-gcp/schema.json +++ b/provider/cmd/pulumi-resource-gcp/schema.json @@ -1284,6 +1284,204 @@ "title" ] }, + "gcp:accesscontextmanager/ServicePerimeterDryRunEgressPolicyEgressFrom:ServicePerimeterDryRunEgressPolicyEgressFrom": { + "properties": { + "identities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of identities that are allowed access through this `EgressPolicy`.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.\n", + "willReplaceOnChanges": true + }, + "identityType": { + "type": "string", + "description": "Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of `identities` field will\nbe allowed access.\nPossible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`.\n", + "willReplaceOnChanges": true + }, + "sourceRestriction": { + "type": "string", + "description": "Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`.\nPossible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`.\n", + "willReplaceOnChanges": true + }, + "sources": { + "type": "array", + "items": { + "$ref": "#/types/gcp:accesscontextmanager/ServicePerimeterDryRunEgressPolicyEgressFromSource:ServicePerimeterDryRunEgressPolicyEgressFromSource" + }, + "description": "Sources that this EgressPolicy authorizes access from.\nStructure is documented below.\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + }, + "gcp:accesscontextmanager/ServicePerimeterDryRunEgressPolicyEgressFromSource:ServicePerimeterDryRunEgressPolicyEgressFromSource": { + "properties": { + "accessLevel": { + "type": "string", + "description": "An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + }, + "gcp:accesscontextmanager/ServicePerimeterDryRunEgressPolicyEgressTo:ServicePerimeterDryRunEgressPolicyEgressTo": { + "properties": { + "externalResources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.\n", + "willReplaceOnChanges": true + }, + "operations": { + "type": "array", + "items": { + "$ref": "#/types/gcp:accesscontextmanager/ServicePerimeterDryRunEgressPolicyEgressToOperation:ServicePerimeterDryRunEgressPolicyEgressToOperation" + }, + "description": "A list of `ApiOperations` that this egress rule applies to. A request matches\nif it contains an operation/service in this list.\nStructure is documented below.\n", + "willReplaceOnChanges": true + }, + "resources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of resources, currently only projects in the form\n`projects/\u003cprojectnumber\u003e`, that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this `EgressTo` rule will authorize access to all resources outside\nthe perimeter.\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + }, + "gcp:accesscontextmanager/ServicePerimeterDryRunEgressPolicyEgressToOperation:ServicePerimeterDryRunEgressPolicyEgressToOperation": { + "properties": { + "methodSelectors": { + "type": "array", + "items": { + "$ref": "#/types/gcp:accesscontextmanager/ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector:ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector" + }, + "description": "API methods or permissions to allow. Method or permission must belong\nto the service specified by `serviceName` field. A single MethodSelector\nentry with `*` specified for the `method` field will allow all methods\nAND permissions for the service specified in `serviceName`.\nStructure is documented below.\n", + "willReplaceOnChanges": true + }, + "serviceName": { + "type": "string", + "description": "The name of the API whose methods or permissions the `IngressPolicy` or\n`EgressPolicy` want to allow. A single `ApiOperation` with serviceName\nfield set to `*` will allow all methods AND permissions for all services.\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + }, + "gcp:accesscontextmanager/ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector:ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector": { + "properties": { + "method": { + "type": "string", + "description": "Value for `method` should be a valid method name for the corresponding\n`serviceName` in `ApiOperation`. If `*` used as value for method,\nthen ALL methods and permissions are allowed.\n", + "willReplaceOnChanges": true + }, + "permission": { + "type": "string", + "description": "Value for permission should be a valid Cloud IAM permission for the\ncorresponding `serviceName` in `ApiOperation`.\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + }, + "gcp:accesscontextmanager/ServicePerimeterDryRunIngressPolicyIngressFrom:ServicePerimeterDryRunIngressPolicyIngressFrom": { + "properties": { + "identities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.\n", + "willReplaceOnChanges": true + }, + "identityType": { + "type": "string", + "description": "Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of `identities` field will be\nallowed access.\nPossible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`.\n", + "willReplaceOnChanges": true + }, + "sources": { + "type": "array", + "items": { + "$ref": "#/types/gcp:accesscontextmanager/ServicePerimeterDryRunIngressPolicyIngressFromSource:ServicePerimeterDryRunIngressPolicyIngressFromSource" + }, + "description": "Sources that this `IngressPolicy` authorizes access from.\nStructure is documented below.\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + }, + "gcp:accesscontextmanager/ServicePerimeterDryRunIngressPolicyIngressFromSource:ServicePerimeterDryRunIngressPolicyIngressFromSource": { + "properties": { + "accessLevel": { + "type": "string", + "description": "An `AccessLevel` resource name that allow resources within the\n`ServicePerimeters` to be accessed from the internet. `AccessLevels` listed\nmust be in the same policy as this `ServicePerimeter`. Referencing a nonexistent\n`AccessLevel` will cause an error. If no `AccessLevel` names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.`\nIf * is specified, then all IngressSources will be allowed.\n", + "willReplaceOnChanges": true + }, + "resource": { + "type": "string", + "description": "A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format `projects/{project_number}`\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. `*` is not allowed, the case\nof allowing all Google Cloud resources only is not supported.\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + }, + "gcp:accesscontextmanager/ServicePerimeterDryRunIngressPolicyIngressTo:ServicePerimeterDryRunIngressPolicyIngressTo": { + "properties": { + "operations": { + "type": "array", + "items": { + "$ref": "#/types/gcp:accesscontextmanager/ServicePerimeterDryRunIngressPolicyIngressToOperation:ServicePerimeterDryRunIngressPolicyIngressToOperation" + }, + "description": "A list of `ApiOperations` the sources specified in corresponding `IngressFrom`\nare allowed to perform in this `ServicePerimeter`.\nStructure is documented below.\n", + "willReplaceOnChanges": true + }, + "resources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of resources, currently only projects in the form\n`projects/\u003cprojectnumber\u003e`, protected by this `ServicePerimeter`\nthat are allowed to be accessed by sources defined in the\ncorresponding `IngressFrom`. A request matches if it contains\na resource in this list. If `*` is specified for resources,\nthen this `IngressTo` rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the `operations` field.\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + }, + "gcp:accesscontextmanager/ServicePerimeterDryRunIngressPolicyIngressToOperation:ServicePerimeterDryRunIngressPolicyIngressToOperation": { + "properties": { + "methodSelectors": { + "type": "array", + "items": { + "$ref": "#/types/gcp:accesscontextmanager/ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector:ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector" + }, + "description": "API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single `MethodSelector` entry\nwith `*` specified for the method field will allow all methods AND\npermissions for the service specified in `serviceName`.\nStructure is documented below.\n", + "willReplaceOnChanges": true + }, + "serviceName": { + "type": "string", + "description": "The name of the API whose methods or permissions the `IngressPolicy` or\n`EgressPolicy` want to allow. A single `ApiOperation` with `serviceName`\nfield set to `*` will allow all methods AND permissions for all services.\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + }, + "gcp:accesscontextmanager/ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector:ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector": { + "properties": { + "method": { + "type": "string", + "description": "Value for method should be a valid method name for the corresponding\nserviceName in `ApiOperation`. If `*` used as value for `method`, then\nALL methods and permissions are allowed.\n", + "willReplaceOnChanges": true + }, + "permission": { + "type": "string", + "description": "Value for permission should be a valid Cloud IAM permission for the\ncorresponding `serviceName` in `ApiOperation`.\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + }, "gcp:accesscontextmanager/ServicePerimeterEgressPolicyEgressFrom:ServicePerimeterEgressPolicyEgressFrom": { "properties": { "identities": { @@ -18334,6 +18532,10 @@ "internalIp": { "type": "boolean", "description": "Optional. If true, `cluster` is accessed using the private IP address of the control plane endpoint. Otherwise, the default IP address of the control plane endpoint is used. The default IP address is the private IP address for clusters with private control-plane endpoints and the public IP address otherwise. Only specify this option when `cluster` is a [private GKE cluster](https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept).\n" + }, + "proxyUrl": { + "type": "string", + "description": "Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server.\n" } }, "type": "object" @@ -23143,6 +23345,10 @@ "type": "string", "description": "If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass\n" }, + "policy": { + "type": "string", + "description": "The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name}\n" + }, "useDefault": { "type": "boolean", "description": "If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.\n" @@ -23776,6 +23982,10 @@ "type": "string", "description": "If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass\n" }, + "policy": { + "type": "string", + "description": "The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name}\n" + }, "useDefault": { "type": "boolean", "description": "If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.\n" @@ -24704,6 +24914,10 @@ "type": "string", "description": "If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass\n" }, + "policy": { + "type": "string", + "description": "The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name}\n" + }, "useDefault": { "type": "boolean", "description": "If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.\n" @@ -24712,6 +24926,7 @@ "type": "object", "required": [ "breakglassJustification", + "policy", "useDefault" ], "language": { @@ -25440,6 +25655,10 @@ "type": "string", "description": "If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass\n" }, + "policy": { + "type": "string", + "description": "The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name}\n" + }, "useDefault": { "type": "boolean", "description": "If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.\n" @@ -25448,6 +25667,7 @@ "type": "object", "required": [ "breakglassJustification", + "policy", "useDefault" ], "language": { @@ -51101,6 +51321,13 @@ "$ref": "#/types/gcp:container/ClusterClusterAutoscalingAutoProvisioningDefaults:ClusterClusterAutoscalingAutoProvisioningDefaults", "description": "Contains defaults for a node pool created by NAP. A subset of fields also apply to\nGKE Autopilot clusters.\nStructure is documented below.\n" }, + "autoProvisioningLocations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of Google Compute Engine \n[zones](https://cloud.google.com/compute/docs/zones#available) in which the\nNodePool's nodes can be created by NAP.\n" + }, "autoscalingProfile": { "type": "string", "description": "Configuration\noptions for the [Autoscaling profile](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler#autoscaling_profiles)\nfeature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability\nwhen deciding to remove nodes from a cluster. Can be `BALANCED` or `OPTIMIZE_UTILIZATION`. Defaults to `BALANCED`.\n" @@ -51122,6 +51349,7 @@ "nodejs": { "requiredOutputs": [ "autoProvisioningDefaults", + "autoProvisioningLocations", "enabled" ] } @@ -55603,6 +55831,13 @@ }, "description": "Contains defaults for a node pool created by NAP.\n" }, + "autoProvisioningLocations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP.\n" + }, "autoscalingProfile": { "type": "string", "description": "Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.\n" @@ -55622,6 +55857,7 @@ "type": "object", "required": [ "autoProvisioningDefaults", + "autoProvisioningLocations", "autoscalingProfile", "enabled", "resourceLimits" @@ -82257,6 +82493,10 @@ "$ref": "#/types/gcp:gkehub/FeatureFleetDefaultMemberConfigConfigmanagementConfigSync:FeatureFleetDefaultMemberConfigConfigmanagementConfigSync", "description": "ConfigSync configuration for the cluster\nStructure is documented below.\n" }, + "management": { + "type": "string", + "description": "Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades.\nPossible values are: `MANAGEMENT_UNSPECIFIED`, `MANAGEMENT_AUTOMATIC`, `MANAGEMENT_MANUAL`.\n" + }, "version": { "type": "string", "description": "Version of ACM installed\n" @@ -82687,6 +82927,10 @@ "$ref": "#/types/gcp:gkehub/FeatureMembershipConfigmanagementHierarchyController:FeatureMembershipConfigmanagementHierarchyController", "description": "Hierarchy Controller configuration for the cluster. Structure is documented below.\n" }, + "management": { + "type": "string", + "description": "Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades.\n" + }, "policyController": { "$ref": "#/types/gcp:gkehub/FeatureMembershipConfigmanagementPolicyController:FeatureMembershipConfigmanagementPolicyController", "description": "Policy Controller configuration for the cluster. Structure is documented below.\n" @@ -82701,6 +82945,7 @@ "nodejs": { "requiredOutputs": [ "binauthz", + "management", "version" ] } @@ -82717,6 +82962,10 @@ }, "gcp:gkehub/FeatureMembershipConfigmanagementConfigSync:FeatureMembershipConfigmanagementConfigSync": { "properties": { + "enabled": { + "type": "boolean", + "description": "Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field.\n" + }, "git": { "$ref": "#/types/gcp:gkehub/FeatureMembershipConfigmanagementConfigSyncGit:FeatureMembershipConfigmanagementConfigSyncGit", "description": "(Optional) Structure is documented below.\n" @@ -92339,11 +92588,11 @@ }, "totalTransferDuration": { "type": "string", - "description": "(Output)\nTotal time taken so far during current transfer.\n" + "description": "(Output)\nCumulative time taken across all transfers for the replication relationship.\n" }, "transferBytes": { "type": "string", - "description": "(Output)\nNumber of bytes transferred so far in current transfer.\n" + "description": "(Output)\nCumulative bytes transferred so far for the replication relationship.\n" }, "updateTime": { "type": "string", @@ -102237,6 +102486,60 @@ "filter" ] }, + "gcp:securitycenter/V2OrganizationSourceIamBindingCondition:V2OrganizationSourceIamBindingCondition": { + "properties": { + "description": { + "type": "string", + "willReplaceOnChanges": true + }, + "expression": { + "type": "string", + "willReplaceOnChanges": true + }, + "title": { + "type": "string", + "willReplaceOnChanges": true + } + }, + "type": "object", + "required": [ + "expression", + "title" + ] + }, + "gcp:securitycenter/V2OrganizationSourceIamMemberCondition:V2OrganizationSourceIamMemberCondition": { + "properties": { + "description": { + "type": "string", + "willReplaceOnChanges": true + }, + "expression": { + "type": "string", + "willReplaceOnChanges": true + }, + "title": { + "type": "string", + "willReplaceOnChanges": true + } + }, + "type": "object", + "required": [ + "expression", + "title" + ] + }, + "gcp:securitycenter/V2ProjectNotificationConfigStreamingConfig:V2ProjectNotificationConfigStreamingConfig": { + "properties": { + "filter": { + "type": "string", + "description": "Expression that defines the filter to apply across create/update\nevents of assets or findings as specified by the event type. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\nThe supported operators are:\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\nThe supported value types are:\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.\n\n- - -\n" + } + }, + "type": "object", + "required": [ + "filter" + ] + }, "gcp:securityposture/PosturePolicySet:PosturePolicySet": { "properties": { "description": { @@ -103397,7 +103700,7 @@ }, "connectorEnforcement": { "type": "string", - "description": "Specifies if connections must use Cloud SQL connectors.\n" + "description": "Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected.\n" }, "dataCacheConfig": { "$ref": "#/types/gcp:sql/DatabaseInstanceSettingsDataCacheConfig:DatabaseInstanceSettingsDataCacheConfig", @@ -104183,7 +104486,7 @@ }, "connectorEnforcement": { "type": "string", - "description": "Specifies if connections must use Cloud SQL connectors.\n" + "description": "Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected.\n" }, "dataCacheConfigs": { "type": "array", @@ -105152,7 +105455,7 @@ }, "connectorEnforcement": { "type": "string", - "description": "Specifies if connections must use Cloud SQL connectors.\n" + "description": "Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected.\n" }, "dataCacheConfigs": { "type": "array", @@ -112853,6 +113156,128 @@ "type": "object" } }, + "gcp:accesscontextmanager/servicePerimeterDryRunEgressPolicy:ServicePerimeterDryRunEgressPolicy": { + "description": "Manage a single EgressPolicy in the spec (dry-run) configuration for a service perimeter.\nEgressPolicies match requests based on egressFrom and egressTo stanzas.\nFor an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched.\nIf an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter\nboundary. For example, an EgressPolicy can be used to allow VMs on networks\nwithin the ServicePerimeter to access a defined set of projects outside the\nperimeter in certain contexts (e.g. to read data from a Cloud Storage bucket\nor query against a BigQuery dataset).\n\n\u003e **Note:** By default, updates to this resource will remove the EgressPolicy from the\nfrom the perimeter and add it back in a non-atomic manner. To ensure that the new EgressPolicy\nis added before the old one is removed, add a `lifecycle` block with `create_before_destroy = true` to this resource.\n\n\nTo get more information about ServicePerimeterDryRunEgressPolicy, see:\n\n* [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#egresspolicy)\n\n## Example Usage\n\n", + "properties": { + "egressFrom": { + "$ref": "#/types/gcp:accesscontextmanager/ServicePerimeterDryRunEgressPolicyEgressFrom:ServicePerimeterDryRunEgressPolicyEgressFrom", + "description": "Defines conditions on the source of a request causing this `EgressPolicy` to apply.\nStructure is documented below.\n" + }, + "egressTo": { + "$ref": "#/types/gcp:accesscontextmanager/ServicePerimeterDryRunEgressPolicyEgressTo:ServicePerimeterDryRunEgressPolicyEgressTo", + "description": "Defines the conditions on the `ApiOperation` and destination resources that\ncause this `EgressPolicy` to apply.\nStructure is documented below.\n" + }, + "perimeter": { + "type": "string", + "description": "The name of the Service Perimeter to add this resource to.\n\n\n- - -\n" + } + }, + "required": [ + "perimeter" + ], + "inputProperties": { + "egressFrom": { + "$ref": "#/types/gcp:accesscontextmanager/ServicePerimeterDryRunEgressPolicyEgressFrom:ServicePerimeterDryRunEgressPolicyEgressFrom", + "description": "Defines conditions on the source of a request causing this `EgressPolicy` to apply.\nStructure is documented below.\n", + "willReplaceOnChanges": true + }, + "egressTo": { + "$ref": "#/types/gcp:accesscontextmanager/ServicePerimeterDryRunEgressPolicyEgressTo:ServicePerimeterDryRunEgressPolicyEgressTo", + "description": "Defines the conditions on the `ApiOperation` and destination resources that\ncause this `EgressPolicy` to apply.\nStructure is documented below.\n", + "willReplaceOnChanges": true + }, + "perimeter": { + "type": "string", + "description": "The name of the Service Perimeter to add this resource to.\n\n\n- - -\n", + "willReplaceOnChanges": true + } + }, + "requiredInputs": [ + "perimeter" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ServicePerimeterDryRunEgressPolicy resources.\n", + "properties": { + "egressFrom": { + "$ref": "#/types/gcp:accesscontextmanager/ServicePerimeterDryRunEgressPolicyEgressFrom:ServicePerimeterDryRunEgressPolicyEgressFrom", + "description": "Defines conditions on the source of a request causing this `EgressPolicy` to apply.\nStructure is documented below.\n", + "willReplaceOnChanges": true + }, + "egressTo": { + "$ref": "#/types/gcp:accesscontextmanager/ServicePerimeterDryRunEgressPolicyEgressTo:ServicePerimeterDryRunEgressPolicyEgressTo", + "description": "Defines the conditions on the `ApiOperation` and destination resources that\ncause this `EgressPolicy` to apply.\nStructure is documented below.\n", + "willReplaceOnChanges": true + }, + "perimeter": { + "type": "string", + "description": "The name of the Service Perimeter to add this resource to.\n\n\n- - -\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, + "gcp:accesscontextmanager/servicePerimeterDryRunIngressPolicy:ServicePerimeterDryRunIngressPolicy": { + "description": "Manage a single IngressPolicy in the spec (dry-run) configuration for a service perimeter.\nIngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match,\nboth the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request,\nthe request is allowed through the perimeter boundary from outside the perimeter.\nFor example, access from the internet can be allowed either based on an AccessLevel or,\nfor traffic hosted on Google Cloud, the project of the source network.\nFor access from private networks, using the project of the hosting network is required.\nIndividual ingress policies can be limited by restricting which services and/\nor actions they match using the ingressTo field.\n\n\u003e **Note:** By default, updates to this resource will remove the IngressPolicy from the\nfrom the perimeter and add it back in a non-atomic manner. To ensure that the new IngressPolicy\nis added before the old one is removed, add a `lifecycle` block with `create_before_destroy = true` to this resource.\n\n\nTo get more information about ServicePerimeterDryRunIngressPolicy, see:\n\n* [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#ingresspolicy)\n\n## Example Usage\n\n", + "properties": { + "ingressFrom": { + "$ref": "#/types/gcp:accesscontextmanager/ServicePerimeterDryRunIngressPolicyIngressFrom:ServicePerimeterDryRunIngressPolicyIngressFrom", + "description": "Defines the conditions on the source of a request causing this `IngressPolicy`\nto apply.\nStructure is documented below.\n" + }, + "ingressTo": { + "$ref": "#/types/gcp:accesscontextmanager/ServicePerimeterDryRunIngressPolicyIngressTo:ServicePerimeterDryRunIngressPolicyIngressTo", + "description": "Defines the conditions on the `ApiOperation` and request destination that cause\nthis `IngressPolicy` to apply.\nStructure is documented below.\n" + }, + "perimeter": { + "type": "string", + "description": "The name of the Service Perimeter to add this resource to.\n\n\n- - -\n" + } + }, + "required": [ + "perimeter" + ], + "inputProperties": { + "ingressFrom": { + "$ref": "#/types/gcp:accesscontextmanager/ServicePerimeterDryRunIngressPolicyIngressFrom:ServicePerimeterDryRunIngressPolicyIngressFrom", + "description": "Defines the conditions on the source of a request causing this `IngressPolicy`\nto apply.\nStructure is documented below.\n", + "willReplaceOnChanges": true + }, + "ingressTo": { + "$ref": "#/types/gcp:accesscontextmanager/ServicePerimeterDryRunIngressPolicyIngressTo:ServicePerimeterDryRunIngressPolicyIngressTo", + "description": "Defines the conditions on the `ApiOperation` and request destination that cause\nthis `IngressPolicy` to apply.\nStructure is documented below.\n", + "willReplaceOnChanges": true + }, + "perimeter": { + "type": "string", + "description": "The name of the Service Perimeter to add this resource to.\n\n\n- - -\n", + "willReplaceOnChanges": true + } + }, + "requiredInputs": [ + "perimeter" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ServicePerimeterDryRunIngressPolicy resources.\n", + "properties": { + "ingressFrom": { + "$ref": "#/types/gcp:accesscontextmanager/ServicePerimeterDryRunIngressPolicyIngressFrom:ServicePerimeterDryRunIngressPolicyIngressFrom", + "description": "Defines the conditions on the source of a request causing this `IngressPolicy`\nto apply.\nStructure is documented below.\n", + "willReplaceOnChanges": true + }, + "ingressTo": { + "$ref": "#/types/gcp:accesscontextmanager/ServicePerimeterDryRunIngressPolicyIngressTo:ServicePerimeterDryRunIngressPolicyIngressTo", + "description": "Defines the conditions on the `ApiOperation` and request destination that cause\nthis `IngressPolicy` to apply.\nStructure is documented below.\n", + "willReplaceOnChanges": true + }, + "perimeter": { + "type": "string", + "description": "The name of the Service Perimeter to add this resource to.\n\n\n- - -\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, "gcp:accesscontextmanager/servicePerimeterDryRunResource:ServicePerimeterDryRunResource": { "description": "Allows configuring a single GCP resource that should be inside of the `spec` block of a dry run service perimeter.\nThis resource is intended to be used in cases where it is not possible to compile a full list\nof projects to include in a `gcp.accesscontextmanager.ServicePerimeter` resource,\nto enable them to be added separately.\nIf your perimeter is NOT in dry-run mode use `gcp.accesscontextmanager.ServicePerimeterResource` instead.\n\n\u003e **Note:** If this resource is used alongside a `gcp.accesscontextmanager.ServicePerimeter` resource,\nthe service perimeter resource must have a `lifecycle` block with `ignore_changes = [spec[0].resources]` so\nthey don't fight over which resources should be in the policy.\n\n\nTo get more information about ServicePerimeterDryRunResource, see:\n\n* [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters)\n* How-to Guides\n * [Service Perimeter Quickstart](https://cloud.google.com/vpc-service-controls/docs/quickstart)\n\n\u003e **Warning:** If you are using User ADCs (Application Default Credentials) with this resource,\nyou must specify a `billing_project` and set `user_project_override` to true\nin the provider configuration. Otherwise the ACM API will return a 403 error.\nYour account must have the `serviceusage.services.use` permission on the\n`billing_project` you defined.\n\n## Example Usage\n\n### Access Context Manager Service Perimeter Dry Run Resource Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst access_policy = new gcp.accesscontextmanager.AccessPolicy(\"access-policy\", {\n parent: \"organizations/123456789\",\n title: \"my policy\",\n});\nconst service_perimeter_dry_run_resourceServicePerimeter = new gcp.accesscontextmanager.ServicePerimeter(\"service-perimeter-dry-run-resource\", {\n parent: pulumi.interpolate`accessPolicies/${access_policy.name}`,\n name: pulumi.interpolate`accessPolicies/${access_policy.name}/servicePerimeters/restrict_all`,\n title: \"restrict_all\",\n spec: {\n restrictedServices: [\"storage.googleapis.com\"],\n },\n useExplicitDryRunSpec: true,\n});\nconst service_perimeter_dry_run_resource = new gcp.accesscontextmanager.ServicePerimeterDryRunResource(\"service-perimeter-dry-run-resource\", {\n perimeterName: service_perimeter_dry_run_resourceServicePerimeter.name,\n resource: \"projects/987654321\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\naccess_policy = gcp.accesscontextmanager.AccessPolicy(\"access-policy\",\n parent=\"organizations/123456789\",\n title=\"my policy\")\nservice_perimeter_dry_run_resource_service_perimeter = gcp.accesscontextmanager.ServicePerimeter(\"service-perimeter-dry-run-resource\",\n parent=access_policy.name.apply(lambda name: f\"accessPolicies/{name}\"),\n name=access_policy.name.apply(lambda name: f\"accessPolicies/{name}/servicePerimeters/restrict_all\"),\n title=\"restrict_all\",\n spec={\n \"restricted_services\": [\"storage.googleapis.com\"],\n },\n use_explicit_dry_run_spec=True)\nservice_perimeter_dry_run_resource = gcp.accesscontextmanager.ServicePerimeterDryRunResource(\"service-perimeter-dry-run-resource\",\n perimeter_name=service_perimeter_dry_run_resource_service_perimeter.name,\n resource=\"projects/987654321\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var access_policy = new Gcp.AccessContextManager.AccessPolicy(\"access-policy\", new()\n {\n Parent = \"organizations/123456789\",\n Title = \"my policy\",\n });\n\n var service_perimeter_dry_run_resourceServicePerimeter = new Gcp.AccessContextManager.ServicePerimeter(\"service-perimeter-dry-run-resource\", new()\n {\n Parent = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}\"),\n Name = access_policy.Name.Apply(name =\u003e $\"accessPolicies/{name}/servicePerimeters/restrict_all\"),\n Title = \"restrict_all\",\n Spec = new Gcp.AccessContextManager.Inputs.ServicePerimeterSpecArgs\n {\n RestrictedServices = new[]\n {\n \"storage.googleapis.com\",\n },\n },\n UseExplicitDryRunSpec = true,\n });\n\n var service_perimeter_dry_run_resource = new Gcp.AccessContextManager.ServicePerimeterDryRunResource(\"service-perimeter-dry-run-resource\", new()\n {\n PerimeterName = service_perimeter_dry_run_resourceServicePerimeter.Name,\n Resource = \"projects/987654321\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicy(ctx, \"access-policy\", \u0026accesscontextmanager.AccessPolicyArgs{\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tTitle: pulumi.String(\"my policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewServicePerimeter(ctx, \"service-perimeter-dry-run-resource\", \u0026accesscontextmanager.ServicePerimeterArgs{\n\t\t\tParent: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tName: access_policy.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"accessPolicies/%v/servicePerimeters/restrict_all\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tTitle: pulumi.String(\"restrict_all\"),\n\t\t\tSpec: \u0026accesscontextmanager.ServicePerimeterSpecArgs{\n\t\t\t\tRestrictedServices: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"storage.googleapis.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tUseExplicitDryRunSpec: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewServicePerimeterDryRunResource(ctx, \"service-perimeter-dry-run-resource\", \u0026accesscontextmanager.ServicePerimeterDryRunResourceArgs{\n\t\t\tPerimeterName: service_perimeter_dry_run_resourceServicePerimeter.Name,\n\t\t\tResource: pulumi.String(\"projects/987654321\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimeter;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimeterArgs;\nimport com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterSpecArgs;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimeterDryRunResource;\nimport com.pulumi.gcp.accesscontextmanager.ServicePerimeterDryRunResourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var access_policy = new AccessPolicy(\"access-policy\", AccessPolicyArgs.builder()\n .parent(\"organizations/123456789\")\n .title(\"my policy\")\n .build());\n\n var service_perimeter_dry_run_resourceServicePerimeter = new ServicePerimeter(\"service-perimeter-dry-run-resourceServicePerimeter\", ServicePerimeterArgs.builder()\n .parent(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s\", name)))\n .name(access_policy.name().applyValue(name -\u003e String.format(\"accessPolicies/%s/servicePerimeters/restrict_all\", name)))\n .title(\"restrict_all\")\n .spec(ServicePerimeterSpecArgs.builder()\n .restrictedServices(\"storage.googleapis.com\")\n .build())\n .useExplicitDryRunSpec(true)\n .build());\n\n var service_perimeter_dry_run_resource = new ServicePerimeterDryRunResource(\"service-perimeter-dry-run-resource\", ServicePerimeterDryRunResourceArgs.builder()\n .perimeterName(service_perimeter_dry_run_resourceServicePerimeter.name())\n .resource(\"projects/987654321\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n service-perimeter-dry-run-resource:\n type: gcp:accesscontextmanager:ServicePerimeterDryRunResource\n properties:\n perimeterName: ${[\"service-perimeter-dry-run-resourceServicePerimeter\"].name}\n resource: projects/987654321\n service-perimeter-dry-run-resourceServicePerimeter:\n type: gcp:accesscontextmanager:ServicePerimeter\n name: service-perimeter-dry-run-resource\n properties:\n parent: accessPolicies/${[\"access-policy\"].name}\n name: accessPolicies/${[\"access-policy\"].name}/servicePerimeters/restrict_all\n title: restrict_all\n spec:\n restrictedServices:\n - storage.googleapis.com\n useExplicitDryRunSpec: true\n access-policy:\n type: gcp:accesscontextmanager:AccessPolicy\n properties:\n parent: organizations/123456789\n title: my policy\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nServicePerimeterDryRunResource can be imported using any of these accepted formats:\n\n* `{{perimeter_name}}/{{resource}}`\n\nWhen using the `pulumi import` command, ServicePerimeterDryRunResource can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:accesscontextmanager/servicePerimeterDryRunResource:ServicePerimeterDryRunResource default {{perimeter_name}}/{{resource}}\n```\n\n", "properties": { @@ -112903,7 +113328,7 @@ } }, "gcp:accesscontextmanager/servicePerimeterEgressPolicy:ServicePerimeterEgressPolicy": { - "description": "EgressPolicies match requests based on egressFrom and egressTo stanzas.\nFor an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched.\nIf an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter\nboundary. For example, an EgressPolicy can be used to allow VMs on networks\nwithin the ServicePerimeter to access a defined set of projects outside the\nperimeter in certain contexts (e.g. to read data from a Cloud Storage bucket\nor query against a BigQuery dataset).\n\n\u003e **Note:** By default, updates to this resource will remove the EgressPolicy from the\nfrom the perimeter and add it back in a non-atomic manner. To ensure that the new EgressPolicy\nis added before the old one is removed, add a `lifecycle` block with `create_before_destroy = true` to this resource.\n\n\nTo get more information about ServicePerimeterEgressPolicy, see:\n\n* [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#egresspolicy)\n\n## Example Usage\n\n## Import\n\nServicePerimeterEgressPolicy can be imported using any of these accepted formats:\n\n* `{{perimeter}}`\n\nWhen using the `pulumi import` command, ServicePerimeterEgressPolicy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:accesscontextmanager/servicePerimeterEgressPolicy:ServicePerimeterEgressPolicy default {{perimeter}}\n```\n\n", + "description": "Manage a single EgressPolicy in the status (enforced) configuration for a service perimeter.\nEgressPolicies match requests based on egressFrom and egressTo stanzas.\nFor an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched.\nIf an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter\nboundary. For example, an EgressPolicy can be used to allow VMs on networks\nwithin the ServicePerimeter to access a defined set of projects outside the\nperimeter in certain contexts (e.g. to read data from a Cloud Storage bucket\nor query against a BigQuery dataset).\n\n\u003e **Note:** By default, updates to this resource will remove the EgressPolicy from the\nfrom the perimeter and add it back in a non-atomic manner. To ensure that the new EgressPolicy\nis added before the old one is removed, add a `lifecycle` block with `create_before_destroy = true` to this resource.\n\n\nTo get more information about ServicePerimeterEgressPolicy, see:\n\n* [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#egresspolicy)\n\n## Example Usage\n\n", "properties": { "egressFrom": { "$ref": "#/types/gcp:accesscontextmanager/ServicePerimeterEgressPolicyEgressFrom:ServicePerimeterEgressPolicyEgressFrom", @@ -112964,7 +113389,7 @@ } }, "gcp:accesscontextmanager/servicePerimeterIngressPolicy:ServicePerimeterIngressPolicy": { - "description": "IngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match,\nboth the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request,\nthe request is allowed through the perimeter boundary from outside the perimeter.\nFor example, access from the internet can be allowed either based on an AccessLevel or,\nfor traffic hosted on Google Cloud, the project of the source network.\nFor access from private networks, using the project of the hosting network is required.\nIndividual ingress policies can be limited by restricting which services and/\nor actions they match using the ingressTo field.\n\n\u003e **Note:** By default, updates to this resource will remove the IngressPolicy from the\nfrom the perimeter and add it back in a non-atomic manner. To ensure that the new IngressPolicy\nis added before the old one is removed, add a `lifecycle` block with `create_before_destroy = true` to this resource.\n\n\nTo get more information about ServicePerimeterIngressPolicy, see:\n\n* [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#ingresspolicy)\n\n## Example Usage\n\n## Import\n\nServicePerimeterIngressPolicy can be imported using any of these accepted formats:\n\n* `{{perimeter}}`\n\nWhen using the `pulumi import` command, ServicePerimeterIngressPolicy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:accesscontextmanager/servicePerimeterIngressPolicy:ServicePerimeterIngressPolicy default {{perimeter}}\n```\n\n", + "description": "Manage a single IngressPolicy in the status (enforced) configuration for a service perimeter.\nIngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match,\nboth the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request,\nthe request is allowed through the perimeter boundary from outside the perimeter.\nFor example, access from the internet can be allowed either based on an AccessLevel or,\nfor traffic hosted on Google Cloud, the project of the source network.\nFor access from private networks, using the project of the hosting network is required.\nIndividual ingress policies can be limited by restricting which services and/\nor actions they match using the ingressTo field.\n\n\u003e **Note:** By default, updates to this resource will remove the IngressPolicy from the\nfrom the perimeter and add it back in a non-atomic manner. To ensure that the new IngressPolicy\nis added before the old one is removed, add a `lifecycle` block with `create_before_destroy = true` to this resource.\n\n\nTo get more information about ServicePerimeterIngressPolicy, see:\n\n* [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#ingresspolicy)\n\n## Example Usage\n\n", "properties": { "ingressFrom": { "$ref": "#/types/gcp:accesscontextmanager/ServicePerimeterIngressPolicyIngressFrom:ServicePerimeterIngressPolicyIngressFrom", @@ -121115,7 +121540,7 @@ } }, "gcp:applicationintegration/client:Client": { - "description": "Application Integration Client.\n\n\nTo get more information about Client, see:\n\n* [API documentation](https://cloud.google.com/application-integration/docs/reference/rest/v1/projects.locations.clients)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/application-integration/docs/overview)\n * [Set up Application Integration](https://cloud.google.com/application-integration/docs/setup-application-integration)\n\n## Example Usage\n\n### Integrations Client Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.applicationintegration.Client(\"example\", {location: \"us-central1\"});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.applicationintegration.Client(\"example\", location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.ApplicationIntegration.Client(\"example\", new()\n {\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/applicationintegration\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := applicationintegration.NewClient(ctx, \"example\", \u0026applicationintegration.ClientArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.applicationintegration.Client;\nimport com.pulumi.gcp.applicationintegration.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Client(\"example\", ClientArgs.builder()\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:applicationintegration:Client\n properties:\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Integrations Client Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst testProject = gcp.organizations.getProject({});\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"my-keyring\",\n location: \"us-east1\",\n});\nconst cryptokey = new gcp.kms.CryptoKey(\"cryptokey\", {\n name: \"crypto-key-example\",\n keyRing: keyring.id,\n rotationPeriod: \"7776000s\",\n});\nconst testKey = new gcp.kms.CryptoKeyVersion(\"test_key\", {cryptoKey: cryptokey.id});\nconst serviceAccount = new gcp.serviceaccount.Account(\"service_account\", {\n accountId: \"service-account-id\",\n displayName: \"Service Account\",\n});\nconst example = new gcp.applicationintegration.Client(\"example\", {\n location: \"us-east1\",\n createSampleIntegrations: true,\n runAsServiceAccount: serviceAccount.email,\n cloudKmsConfig: {\n kmsLocation: \"us-east1\",\n kmsRing: keyring.id,\n key: cryptokey.id,\n keyVersion: testKey.id,\n kmsProjectId: testProject.then(testProject =\u003e testProject.projectId),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest_project = gcp.organizations.get_project()\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"my-keyring\",\n location=\"us-east1\")\ncryptokey = gcp.kms.CryptoKey(\"cryptokey\",\n name=\"crypto-key-example\",\n key_ring=keyring.id,\n rotation_period=\"7776000s\")\ntest_key = gcp.kms.CryptoKeyVersion(\"test_key\", crypto_key=cryptokey.id)\nservice_account = gcp.serviceaccount.Account(\"service_account\",\n account_id=\"service-account-id\",\n display_name=\"Service Account\")\nexample = gcp.applicationintegration.Client(\"example\",\n location=\"us-east1\",\n create_sample_integrations=True,\n run_as_service_account=service_account.email,\n cloud_kms_config={\n \"kms_location\": \"us-east1\",\n \"kms_ring\": keyring.id,\n \"key\": cryptokey.id,\n \"key_version\": test_key.id,\n \"kms_project_id\": test_project.project_id,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testProject = Gcp.Organizations.GetProject.Invoke();\n\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"my-keyring\",\n Location = \"us-east1\",\n });\n\n var cryptokey = new Gcp.Kms.CryptoKey(\"cryptokey\", new()\n {\n Name = \"crypto-key-example\",\n KeyRing = keyring.Id,\n RotationPeriod = \"7776000s\",\n });\n\n var testKey = new Gcp.Kms.CryptoKeyVersion(\"test_key\", new()\n {\n CryptoKey = cryptokey.Id,\n });\n\n var serviceAccount = new Gcp.ServiceAccount.Account(\"service_account\", new()\n {\n AccountId = \"service-account-id\",\n DisplayName = \"Service Account\",\n });\n\n var example = new Gcp.ApplicationIntegration.Client(\"example\", new()\n {\n Location = \"us-east1\",\n CreateSampleIntegrations = true,\n RunAsServiceAccount = serviceAccount.Email,\n CloudKmsConfig = new Gcp.ApplicationIntegration.Inputs.ClientCloudKmsConfigArgs\n {\n KmsLocation = \"us-east1\",\n KmsRing = keyring.Id,\n Key = cryptokey.Id,\n KeyVersion = testKey.Id,\n KmsProjectId = testProject.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/applicationintegration\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestProject, err := organizations.LookupProject(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"my-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-east1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptokey, err := kms.NewCryptoKey(ctx, \"cryptokey\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"crypto-key-example\"),\n\t\t\tKeyRing: keyring.ID(),\n\t\t\tRotationPeriod: pulumi.String(\"7776000s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestKey, err := kms.NewCryptoKeyVersion(ctx, \"test_key\", \u0026kms.CryptoKeyVersionArgs{\n\t\t\tCryptoKey: cryptokey.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceAccount, err := serviceaccount.NewAccount(ctx, \"service_account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"service-account-id\"),\n\t\t\tDisplayName: pulumi.String(\"Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = applicationintegration.NewClient(ctx, \"example\", \u0026applicationintegration.ClientArgs{\n\t\t\tLocation: pulumi.String(\"us-east1\"),\n\t\t\tCreateSampleIntegrations: pulumi.Bool(true),\n\t\t\tRunAsServiceAccount: serviceAccount.Email,\n\t\t\tCloudKmsConfig: \u0026applicationintegration.ClientCloudKmsConfigArgs{\n\t\t\t\tKmsLocation: pulumi.String(\"us-east1\"),\n\t\t\t\tKmsRing: keyring.ID(),\n\t\t\t\tKey: cryptokey.ID(),\n\t\t\t\tKeyVersion: testKey.ID(),\n\t\t\t\tKmsProjectId: pulumi.String(testProject.ProjectId),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyVersion;\nimport com.pulumi.gcp.kms.CryptoKeyVersionArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.applicationintegration.Client;\nimport com.pulumi.gcp.applicationintegration.ClientArgs;\nimport com.pulumi.gcp.applicationintegration.inputs.ClientCloudKmsConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testProject = OrganizationsFunctions.getProject();\n\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"my-keyring\")\n .location(\"us-east1\")\n .build());\n\n var cryptokey = new CryptoKey(\"cryptokey\", CryptoKeyArgs.builder()\n .name(\"crypto-key-example\")\n .keyRing(keyring.id())\n .rotationPeriod(\"7776000s\")\n .build());\n\n var testKey = new CryptoKeyVersion(\"testKey\", CryptoKeyVersionArgs.builder()\n .cryptoKey(cryptokey.id())\n .build());\n\n var serviceAccount = new Account(\"serviceAccount\", AccountArgs.builder()\n .accountId(\"service-account-id\")\n .displayName(\"Service Account\")\n .build());\n\n var example = new Client(\"example\", ClientArgs.builder()\n .location(\"us-east1\")\n .createSampleIntegrations(true)\n .runAsServiceAccount(serviceAccount.email())\n .cloudKmsConfig(ClientCloudKmsConfigArgs.builder()\n .kmsLocation(\"us-east1\")\n .kmsRing(keyring.id())\n .key(cryptokey.id())\n .keyVersion(testKey.id())\n .kmsProjectId(testProject.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: my-keyring\n location: us-east1\n cryptokey:\n type: gcp:kms:CryptoKey\n properties:\n name: crypto-key-example\n keyRing: ${keyring.id}\n rotationPeriod: 7776000s\n testKey:\n type: gcp:kms:CryptoKeyVersion\n name: test_key\n properties:\n cryptoKey: ${cryptokey.id}\n serviceAccount:\n type: gcp:serviceaccount:Account\n name: service_account\n properties:\n accountId: service-account-id\n displayName: Service Account\n example:\n type: gcp:applicationintegration:Client\n properties:\n location: us-east1\n createSampleIntegrations: true\n runAsServiceAccount: ${serviceAccount.email}\n cloudKmsConfig:\n kmsLocation: us-east1\n kmsRing: ${keyring.id}\n key: ${cryptokey.id}\n keyVersion: ${testKey.id}\n kmsProjectId: ${testProject.projectId}\nvariables:\n testProject:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nClient can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/clients`\n\n* `{{project}}/{{location}}`\n\n* `{{location}}`\n\nWhen using the `pulumi import` command, Client can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:applicationintegration/client:Client default projects/{{project}}/locations/{{location}}/clients\n```\n\n```sh\n$ pulumi import gcp:applicationintegration/client:Client default {{project}}/{{location}}\n```\n\n```sh\n$ pulumi import gcp:applicationintegration/client:Client default {{location}}\n```\n\n", + "description": "Application Integration Client.\n\n\nTo get more information about Client, see:\n\n* [API documentation](https://cloud.google.com/application-integration/docs/reference/rest/v1/projects.locations.clients)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/application-integration/docs/overview)\n * [Set up Application Integration](https://cloud.google.com/application-integration/docs/setup-application-integration)\n\n## Example Usage\n\n### Integrations Client Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst example = new gcp.applicationintegration.Client(\"example\", {location: \"us-central1\"});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nexample = gcp.applicationintegration.Client(\"example\", location=\"us-central1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Gcp.ApplicationIntegration.Client(\"example\", new()\n {\n Location = \"us-central1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/applicationintegration\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := applicationintegration.NewClient(ctx, \"example\", \u0026applicationintegration.ClientArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.applicationintegration.Client;\nimport com.pulumi.gcp.applicationintegration.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Client(\"example\", ClientArgs.builder()\n .location(\"us-central1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: gcp:applicationintegration:Client\n properties:\n location: us-central1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Integrations Client Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst testProject = gcp.organizations.getProject({});\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"my-keyring\",\n location: \"us-east1\",\n});\nconst cryptokey = new gcp.kms.CryptoKey(\"cryptokey\", {\n name: \"crypto-key-example\",\n keyRing: keyring.id,\n rotationPeriod: \"7776000s\",\n});\nconst testKey = new gcp.kms.CryptoKeyVersion(\"test_key\", {cryptoKey: cryptokey.id});\nconst serviceAccount = new gcp.serviceaccount.Account(\"service_account\", {\n accountId: \"my-service-acc\",\n displayName: \"Service Account\",\n});\nconst example = new gcp.applicationintegration.Client(\"example\", {\n location: \"us-east1\",\n createSampleIntegrations: true,\n runAsServiceAccount: serviceAccount.email,\n cloudKmsConfig: {\n kmsLocation: \"us-east1\",\n kmsRing: keyring.id,\n key: cryptokey.id,\n keyVersion: testKey.id,\n kmsProjectId: testProject.then(testProject =\u003e testProject.projectId),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ntest_project = gcp.organizations.get_project()\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"my-keyring\",\n location=\"us-east1\")\ncryptokey = gcp.kms.CryptoKey(\"cryptokey\",\n name=\"crypto-key-example\",\n key_ring=keyring.id,\n rotation_period=\"7776000s\")\ntest_key = gcp.kms.CryptoKeyVersion(\"test_key\", crypto_key=cryptokey.id)\nservice_account = gcp.serviceaccount.Account(\"service_account\",\n account_id=\"my-service-acc\",\n display_name=\"Service Account\")\nexample = gcp.applicationintegration.Client(\"example\",\n location=\"us-east1\",\n create_sample_integrations=True,\n run_as_service_account=service_account.email,\n cloud_kms_config={\n \"kms_location\": \"us-east1\",\n \"kms_ring\": keyring.id,\n \"key\": cryptokey.id,\n \"key_version\": test_key.id,\n \"kms_project_id\": test_project.project_id,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testProject = Gcp.Organizations.GetProject.Invoke();\n\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"my-keyring\",\n Location = \"us-east1\",\n });\n\n var cryptokey = new Gcp.Kms.CryptoKey(\"cryptokey\", new()\n {\n Name = \"crypto-key-example\",\n KeyRing = keyring.Id,\n RotationPeriod = \"7776000s\",\n });\n\n var testKey = new Gcp.Kms.CryptoKeyVersion(\"test_key\", new()\n {\n CryptoKey = cryptokey.Id,\n });\n\n var serviceAccount = new Gcp.ServiceAccount.Account(\"service_account\", new()\n {\n AccountId = \"my-service-acc\",\n DisplayName = \"Service Account\",\n });\n\n var example = new Gcp.ApplicationIntegration.Client(\"example\", new()\n {\n Location = \"us-east1\",\n CreateSampleIntegrations = true,\n RunAsServiceAccount = serviceAccount.Email,\n CloudKmsConfig = new Gcp.ApplicationIntegration.Inputs.ClientCloudKmsConfigArgs\n {\n KmsLocation = \"us-east1\",\n KmsRing = keyring.Id,\n Key = cryptokey.Id,\n KeyVersion = testKey.Id,\n KmsProjectId = testProject.Apply(getProjectResult =\u003e getProjectResult.ProjectId),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/applicationintegration\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestProject, err := organizations.LookupProject(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"my-keyring\"),\n\t\t\tLocation: pulumi.String(\"us-east1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptokey, err := kms.NewCryptoKey(ctx, \"cryptokey\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"crypto-key-example\"),\n\t\t\tKeyRing: keyring.ID(),\n\t\t\tRotationPeriod: pulumi.String(\"7776000s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestKey, err := kms.NewCryptoKeyVersion(ctx, \"test_key\", \u0026kms.CryptoKeyVersionArgs{\n\t\t\tCryptoKey: cryptokey.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceAccount, err := serviceaccount.NewAccount(ctx, \"service_account\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-acc\"),\n\t\t\tDisplayName: pulumi.String(\"Service Account\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = applicationintegration.NewClient(ctx, \"example\", \u0026applicationintegration.ClientArgs{\n\t\t\tLocation: pulumi.String(\"us-east1\"),\n\t\t\tCreateSampleIntegrations: pulumi.Bool(true),\n\t\t\tRunAsServiceAccount: serviceAccount.Email,\n\t\t\tCloudKmsConfig: \u0026applicationintegration.ClientCloudKmsConfigArgs{\n\t\t\t\tKmsLocation: pulumi.String(\"us-east1\"),\n\t\t\t\tKmsRing: keyring.ID(),\n\t\t\t\tKey: cryptokey.ID(),\n\t\t\t\tKeyVersion: testKey.ID(),\n\t\t\t\tKmsProjectId: pulumi.String(testProject.ProjectId),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyVersion;\nimport com.pulumi.gcp.kms.CryptoKeyVersionArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.applicationintegration.Client;\nimport com.pulumi.gcp.applicationintegration.ClientArgs;\nimport com.pulumi.gcp.applicationintegration.inputs.ClientCloudKmsConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var testProject = OrganizationsFunctions.getProject();\n\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"my-keyring\")\n .location(\"us-east1\")\n .build());\n\n var cryptokey = new CryptoKey(\"cryptokey\", CryptoKeyArgs.builder()\n .name(\"crypto-key-example\")\n .keyRing(keyring.id())\n .rotationPeriod(\"7776000s\")\n .build());\n\n var testKey = new CryptoKeyVersion(\"testKey\", CryptoKeyVersionArgs.builder()\n .cryptoKey(cryptokey.id())\n .build());\n\n var serviceAccount = new Account(\"serviceAccount\", AccountArgs.builder()\n .accountId(\"my-service-acc\")\n .displayName(\"Service Account\")\n .build());\n\n var example = new Client(\"example\", ClientArgs.builder()\n .location(\"us-east1\")\n .createSampleIntegrations(true)\n .runAsServiceAccount(serviceAccount.email())\n .cloudKmsConfig(ClientCloudKmsConfigArgs.builder()\n .kmsLocation(\"us-east1\")\n .kmsRing(keyring.id())\n .key(cryptokey.id())\n .keyVersion(testKey.id())\n .kmsProjectId(testProject.applyValue(getProjectResult -\u003e getProjectResult.projectId()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: my-keyring\n location: us-east1\n cryptokey:\n type: gcp:kms:CryptoKey\n properties:\n name: crypto-key-example\n keyRing: ${keyring.id}\n rotationPeriod: 7776000s\n testKey:\n type: gcp:kms:CryptoKeyVersion\n name: test_key\n properties:\n cryptoKey: ${cryptokey.id}\n serviceAccount:\n type: gcp:serviceaccount:Account\n name: service_account\n properties:\n accountId: my-service-acc\n displayName: Service Account\n example:\n type: gcp:applicationintegration:Client\n properties:\n location: us-east1\n createSampleIntegrations: true\n runAsServiceAccount: ${serviceAccount.email}\n cloudKmsConfig:\n kmsLocation: us-east1\n kmsRing: ${keyring.id}\n key: ${cryptokey.id}\n keyVersion: ${testKey.id}\n kmsProjectId: ${testProject.projectId}\nvariables:\n testProject:\n fn::invoke:\n Function: gcp:organizations:getProject\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nClient can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/clients`\n\n* `{{project}}/{{location}}`\n\n* `{{location}}`\n\nWhen using the `pulumi import` command, Client can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:applicationintegration/client:Client default projects/{{project}}/locations/{{location}}/clients\n```\n\n```sh\n$ pulumi import gcp:applicationintegration/client:Client default {{project}}/{{location}}\n```\n\n```sh\n$ pulumi import gcp:applicationintegration/client:Client default {{location}}\n```\n\n", "properties": { "cloudKmsConfig": { "$ref": "#/types/gcp:applicationintegration/ClientCloudKmsConfig:ClientCloudKmsConfig", @@ -161557,7 +161982,7 @@ }, "serverTlsPolicy": { "type": "string", - "description": "A URL referring to a networksecurity.ServerTlsPolicy\nresource that describes how the proxy should authenticate inbound\ntraffic. serverTlsPolicy only applies to a global TargetHttpsProxy\nattached to globalForwardingRules with the loadBalancingScheme\nset to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED.\nFor details which ServerTlsPolicy resources are accepted with\nINTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED\nloadBalancingScheme consult ServerTlsPolicy documentation.\nIf left blank, communications are not encrypted.\n" + "description": "A URL referring to a networksecurity.ServerTlsPolicy\nresource that describes how the proxy should authenticate inbound\ntraffic. serverTlsPolicy only applies to a global TargetHttpsProxy\nattached to globalForwardingRules with the loadBalancingScheme\nset to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED.\nFor details which ServerTlsPolicy resources are accepted with\nINTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED\nloadBalancingScheme consult ServerTlsPolicy documentation.\nIf left blank, communications are not encrypted.\nIf you remove this field from your configuration at the same time as\ndeleting or recreating a referenced ServerTlsPolicy resource, you will\nreceive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy\nwithin the ServerTlsPolicy resource to avoid this.\n" }, "sslCertificates": { "type": "array", @@ -161614,8 +162039,7 @@ }, "serverTlsPolicy": { "type": "string", - "description": "A URL referring to a networksecurity.ServerTlsPolicy\nresource that describes how the proxy should authenticate inbound\ntraffic. serverTlsPolicy only applies to a global TargetHttpsProxy\nattached to globalForwardingRules with the loadBalancingScheme\nset to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED.\nFor details which ServerTlsPolicy resources are accepted with\nINTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED\nloadBalancingScheme consult ServerTlsPolicy documentation.\nIf left blank, communications are not encrypted.\n", - "willReplaceOnChanges": true + "description": "A URL referring to a networksecurity.ServerTlsPolicy\nresource that describes how the proxy should authenticate inbound\ntraffic. serverTlsPolicy only applies to a global TargetHttpsProxy\nattached to globalForwardingRules with the loadBalancingScheme\nset to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED.\nFor details which ServerTlsPolicy resources are accepted with\nINTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED\nloadBalancingScheme consult ServerTlsPolicy documentation.\nIf left blank, communications are not encrypted.\nIf you remove this field from your configuration at the same time as\ndeleting or recreating a referenced ServerTlsPolicy resource, you will\nreceive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy\nwithin the ServerTlsPolicy resource to avoid this.\n" }, "sslCertificates": { "type": "array", @@ -161680,8 +162104,7 @@ }, "serverTlsPolicy": { "type": "string", - "description": "A URL referring to a networksecurity.ServerTlsPolicy\nresource that describes how the proxy should authenticate inbound\ntraffic. serverTlsPolicy only applies to a global TargetHttpsProxy\nattached to globalForwardingRules with the loadBalancingScheme\nset to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED.\nFor details which ServerTlsPolicy resources are accepted with\nINTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED\nloadBalancingScheme consult ServerTlsPolicy documentation.\nIf left blank, communications are not encrypted.\n", - "willReplaceOnChanges": true + "description": "A URL referring to a networksecurity.ServerTlsPolicy\nresource that describes how the proxy should authenticate inbound\ntraffic. serverTlsPolicy only applies to a global TargetHttpsProxy\nattached to globalForwardingRules with the loadBalancingScheme\nset to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED.\nFor details which ServerTlsPolicy resources are accepted with\nINTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED\nloadBalancingScheme consult ServerTlsPolicy documentation.\nIf left blank, communications are not encrypted.\nIf you remove this field from your configuration at the same time as\ndeleting or recreating a referenced ServerTlsPolicy resource, you will\nreceive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy\nwithin the ServerTlsPolicy resource to avoid this.\n" }, "sslCertificates": { "type": "array", @@ -166603,8 +167026,7 @@ }, "serverTlsPolicy": { "type": "string", - "description": "A URL referring to a networksecurity.ServerTlsPolicy\nresource that describes how the proxy should authenticate inbound\ntraffic. serverTlsPolicy only applies to a global TargetHttpsProxy\nattached to globalForwardingRules with the loadBalancingScheme\nset to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED.\nFor details which ServerTlsPolicy resources are accepted with\nINTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED\nloadBalancingScheme consult ServerTlsPolicy documentation.\nIf left blank, communications are not encrypted.\n", - "willReplaceOnChanges": true + "description": "A URL referring to a networksecurity.ServerTlsPolicy\nresource that describes how the proxy should authenticate inbound\ntraffic. serverTlsPolicy only applies to a global TargetHttpsProxy\nattached to globalForwardingRules with the loadBalancingScheme\nset to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED.\nFor details which ServerTlsPolicy resources are accepted with\nINTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED\nloadBalancingScheme consult ServerTlsPolicy documentation.\nIf left blank, communications are not encrypted.\n" }, "sslCertificates": { "type": "array", @@ -166687,8 +167109,7 @@ }, "serverTlsPolicy": { "type": "string", - "description": "A URL referring to a networksecurity.ServerTlsPolicy\nresource that describes how the proxy should authenticate inbound\ntraffic. serverTlsPolicy only applies to a global TargetHttpsProxy\nattached to globalForwardingRules with the loadBalancingScheme\nset to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED.\nFor details which ServerTlsPolicy resources are accepted with\nINTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED\nloadBalancingScheme consult ServerTlsPolicy documentation.\nIf left blank, communications are not encrypted.\n", - "willReplaceOnChanges": true + "description": "A URL referring to a networksecurity.ServerTlsPolicy\nresource that describes how the proxy should authenticate inbound\ntraffic. serverTlsPolicy only applies to a global TargetHttpsProxy\nattached to globalForwardingRules with the loadBalancingScheme\nset to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED.\nFor details which ServerTlsPolicy resources are accepted with\nINTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED\nloadBalancingScheme consult ServerTlsPolicy documentation.\nIf left blank, communications are not encrypted.\n" }, "sslCertificates": { "type": "array", @@ -174863,7 +175284,7 @@ } }, "gcp:dataform/repository:Repository": { - "description": "## Example Usage\n\n### Dataform Repository\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret = new gcp.secretmanager.Secret(\"secret\", {\n secretId: \"my-secret\",\n replication: {\n auto: {},\n },\n});\nconst secretVersion = new gcp.secretmanager.SecretVersion(\"secret_version\", {\n secret: secret.id,\n secretData: \"secret-data\",\n});\nconst dataformRepository = new gcp.dataform.Repository(\"dataform_repository\", {\n name: \"dataform_repository\",\n displayName: \"dataform_repository\",\n npmrcEnvironmentVariablesSecretVersion: secretVersion.id,\n labels: {\n label_foo1: \"label-bar1\",\n },\n gitRemoteSettings: {\n url: \"https://github.com/OWNER/REPOSITORY.git\",\n defaultBranch: \"main\",\n authenticationTokenSecretVersion: secretVersion.id,\n },\n workspaceCompilationOverrides: {\n defaultDatabase: \"database\",\n schemaSuffix: \"_suffix\",\n tablePrefix: \"prefix_\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret = gcp.secretmanager.Secret(\"secret\",\n secret_id=\"my-secret\",\n replication={\n \"auto\": {},\n })\nsecret_version = gcp.secretmanager.SecretVersion(\"secret_version\",\n secret=secret.id,\n secret_data=\"secret-data\")\ndataform_repository = gcp.dataform.Repository(\"dataform_repository\",\n name=\"dataform_repository\",\n display_name=\"dataform_repository\",\n npmrc_environment_variables_secret_version=secret_version.id,\n labels={\n \"label_foo1\": \"label-bar1\",\n },\n git_remote_settings={\n \"url\": \"https://github.com/OWNER/REPOSITORY.git\",\n \"default_branch\": \"main\",\n \"authentication_token_secret_version\": secret_version.id,\n },\n workspace_compilation_overrides={\n \"default_database\": \"database\",\n \"schema_suffix\": \"_suffix\",\n \"table_prefix\": \"prefix_\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret = new Gcp.SecretManager.Secret(\"secret\", new()\n {\n SecretId = \"my-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var secretVersion = new Gcp.SecretManager.SecretVersion(\"secret_version\", new()\n {\n Secret = secret.Id,\n SecretData = \"secret-data\",\n });\n\n var dataformRepository = new Gcp.Dataform.Repository(\"dataform_repository\", new()\n {\n Name = \"dataform_repository\",\n DisplayName = \"dataform_repository\",\n NpmrcEnvironmentVariablesSecretVersion = secretVersion.Id,\n Labels = \n {\n { \"label_foo1\", \"label-bar1\" },\n },\n GitRemoteSettings = new Gcp.Dataform.Inputs.RepositoryGitRemoteSettingsArgs\n {\n Url = \"https://github.com/OWNER/REPOSITORY.git\",\n DefaultBranch = \"main\",\n AuthenticationTokenSecretVersion = secretVersion.Id,\n },\n WorkspaceCompilationOverrides = new Gcp.Dataform.Inputs.RepositoryWorkspaceCompilationOverridesArgs\n {\n DefaultDatabase = \"database\",\n SchemaSuffix = \"_suffix\",\n TablePrefix = \"prefix_\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataform\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsecret, err := secretmanager.NewSecret(ctx, \"secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"my-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: nil,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecretVersion, err := secretmanager.NewSecretVersion(ctx, \"secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataform.NewRepository(ctx, \"dataform_repository\", \u0026dataform.RepositoryArgs{\n\t\t\tName: pulumi.String(\"dataform_repository\"),\n\t\t\tDisplayName: pulumi.String(\"dataform_repository\"),\n\t\t\tNpmrcEnvironmentVariablesSecretVersion: secretVersion.ID(),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label_foo1\": pulumi.String(\"label-bar1\"),\n\t\t\t},\n\t\t\tGitRemoteSettings: \u0026dataform.RepositoryGitRemoteSettingsArgs{\n\t\t\t\tUrl: pulumi.String(\"https://github.com/OWNER/REPOSITORY.git\"),\n\t\t\t\tDefaultBranch: pulumi.String(\"main\"),\n\t\t\t\tAuthenticationTokenSecretVersion: secretVersion.ID(),\n\t\t\t},\n\t\t\tWorkspaceCompilationOverrides: \u0026dataform.RepositoryWorkspaceCompilationOverridesArgs{\n\t\t\t\tDefaultDatabase: pulumi.String(\"database\"),\n\t\t\t\tSchemaSuffix: pulumi.String(\"_suffix\"),\n\t\t\t\tTablePrefix: pulumi.String(\"prefix_\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.dataform.Repository;\nimport com.pulumi.gcp.dataform.RepositoryArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryGitRemoteSettingsArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryWorkspaceCompilationOverridesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret = new Secret(\"secret\", SecretArgs.builder()\n .secretId(\"my-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var secretVersion = new SecretVersion(\"secretVersion\", SecretVersionArgs.builder()\n .secret(secret.id())\n .secretData(\"secret-data\")\n .build());\n\n var dataformRepository = new Repository(\"dataformRepository\", RepositoryArgs.builder()\n .name(\"dataform_repository\")\n .displayName(\"dataform_repository\")\n .npmrcEnvironmentVariablesSecretVersion(secretVersion.id())\n .labels(Map.of(\"label_foo1\", \"label-bar1\"))\n .gitRemoteSettings(RepositoryGitRemoteSettingsArgs.builder()\n .url(\"https://github.com/OWNER/REPOSITORY.git\")\n .defaultBranch(\"main\")\n .authenticationTokenSecretVersion(secretVersion.id())\n .build())\n .workspaceCompilationOverrides(RepositoryWorkspaceCompilationOverridesArgs.builder()\n .defaultDatabase(\"database\")\n .schemaSuffix(\"_suffix\")\n .tablePrefix(\"prefix_\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: my-secret\n replication:\n auto: {}\n secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: secret_version\n properties:\n secret: ${secret.id}\n secretData: secret-data\n dataformRepository:\n type: gcp:dataform:Repository\n name: dataform_repository\n properties:\n name: dataform_repository\n displayName: dataform_repository\n npmrcEnvironmentVariablesSecretVersion: ${secretVersion.id}\n labels:\n label_foo1: label-bar1\n gitRemoteSettings:\n url: https://github.com/OWNER/REPOSITORY.git\n defaultBranch: main\n authenticationTokenSecretVersion: ${secretVersion.id}\n workspaceCompilationOverrides:\n defaultDatabase: database\n schemaSuffix: _suffix\n tablePrefix: prefix_\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRepository can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/repositories/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Repository can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:dataform/repository:Repository default projects/{{project}}/locations/{{region}}/repositories/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repository:Repository default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repository:Repository default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repository:Repository default {{name}}\n```\n\n", + "description": "## Example Usage\n\n### Dataform Repository\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret = new gcp.secretmanager.Secret(\"secret\", {\n secretId: \"my-secret\",\n replication: {\n auto: {},\n },\n});\nconst secretVersion = new gcp.secretmanager.SecretVersion(\"secret_version\", {\n secret: secret.id,\n secretData: \"secret-data\",\n});\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"example-key-ring\",\n location: \"us-central1\",\n});\nconst exampleKey = new gcp.kms.CryptoKey(\"example_key\", {\n name: \"example-crypto-key-name\",\n keyRing: keyring.id,\n});\nconst cryptoKeyBinding = new gcp.kms.CryptoKeyIAMBinding(\"crypto_key_binding\", {\n cryptoKeyId: exampleKey.id,\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members: [`serviceAccount:service-${project.number}@gcp-sa-dataform.iam.gserviceaccount.com`],\n});\nconst dataformRepository = new gcp.dataform.Repository(\"dataform_repository\", {\n name: \"dataform_repository\",\n displayName: \"dataform_repository\",\n npmrcEnvironmentVariablesSecretVersion: secretVersion.id,\n kmsKeyName: exampleKey.id,\n labels: {\n label_foo1: \"label-bar1\",\n },\n gitRemoteSettings: {\n url: \"https://github.com/OWNER/REPOSITORY.git\",\n defaultBranch: \"main\",\n authenticationTokenSecretVersion: secretVersion.id,\n },\n workspaceCompilationOverrides: {\n defaultDatabase: \"database\",\n schemaSuffix: \"_suffix\",\n tablePrefix: \"prefix_\",\n },\n}, {\n dependsOn: [cryptoKeyBinding],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret = gcp.secretmanager.Secret(\"secret\",\n secret_id=\"my-secret\",\n replication={\n \"auto\": {},\n })\nsecret_version = gcp.secretmanager.SecretVersion(\"secret_version\",\n secret=secret.id,\n secret_data=\"secret-data\")\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"example-key-ring\",\n location=\"us-central1\")\nexample_key = gcp.kms.CryptoKey(\"example_key\",\n name=\"example-crypto-key-name\",\n key_ring=keyring.id)\ncrypto_key_binding = gcp.kms.CryptoKeyIAMBinding(\"crypto_key_binding\",\n crypto_key_id=example_key.id,\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n members=[f\"serviceAccount:service-{project['number']}@gcp-sa-dataform.iam.gserviceaccount.com\"])\ndataform_repository = gcp.dataform.Repository(\"dataform_repository\",\n name=\"dataform_repository\",\n display_name=\"dataform_repository\",\n npmrc_environment_variables_secret_version=secret_version.id,\n kms_key_name=example_key.id,\n labels={\n \"label_foo1\": \"label-bar1\",\n },\n git_remote_settings={\n \"url\": \"https://github.com/OWNER/REPOSITORY.git\",\n \"default_branch\": \"main\",\n \"authentication_token_secret_version\": secret_version.id,\n },\n workspace_compilation_overrides={\n \"default_database\": \"database\",\n \"schema_suffix\": \"_suffix\",\n \"table_prefix\": \"prefix_\",\n },\n opts = pulumi.ResourceOptions(depends_on=[crypto_key_binding]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret = new Gcp.SecretManager.Secret(\"secret\", new()\n {\n SecretId = \"my-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var secretVersion = new Gcp.SecretManager.SecretVersion(\"secret_version\", new()\n {\n Secret = secret.Id,\n SecretData = \"secret-data\",\n });\n\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"example-key-ring\",\n Location = \"us-central1\",\n });\n\n var exampleKey = new Gcp.Kms.CryptoKey(\"example_key\", new()\n {\n Name = \"example-crypto-key-name\",\n KeyRing = keyring.Id,\n });\n\n var cryptoKeyBinding = new Gcp.Kms.CryptoKeyIAMBinding(\"crypto_key_binding\", new()\n {\n CryptoKeyId = exampleKey.Id,\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Members = new[]\n {\n $\"serviceAccount:service-{project.Number}@gcp-sa-dataform.iam.gserviceaccount.com\",\n },\n });\n\n var dataformRepository = new Gcp.Dataform.Repository(\"dataform_repository\", new()\n {\n Name = \"dataform_repository\",\n DisplayName = \"dataform_repository\",\n NpmrcEnvironmentVariablesSecretVersion = secretVersion.Id,\n KmsKeyName = exampleKey.Id,\n Labels = \n {\n { \"label_foo1\", \"label-bar1\" },\n },\n GitRemoteSettings = new Gcp.Dataform.Inputs.RepositoryGitRemoteSettingsArgs\n {\n Url = \"https://github.com/OWNER/REPOSITORY.git\",\n DefaultBranch = \"main\",\n AuthenticationTokenSecretVersion = secretVersion.Id,\n },\n WorkspaceCompilationOverrides = new Gcp.Dataform.Inputs.RepositoryWorkspaceCompilationOverridesArgs\n {\n DefaultDatabase = \"database\",\n SchemaSuffix = \"_suffix\",\n TablePrefix = \"prefix_\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKeyBinding,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataform\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsecret, err := secretmanager.NewSecret(ctx, \"secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"my-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: nil,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecretVersion, err := secretmanager.NewSecretVersion(ctx, \"secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"example-key-ring\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleKey, err := kms.NewCryptoKey(ctx, \"example_key\", \u0026kms.CryptoKeyArgs{\n\t\t\tName: pulumi.String(\"example-crypto-key-name\"),\n\t\t\tKeyRing: keyring.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKeyBinding, err := kms.NewCryptoKeyIAMBinding(ctx, \"crypto_key_binding\", \u0026kms.CryptoKeyIAMBindingArgs{\n\t\t\tCryptoKeyId: exampleKey.ID(),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-dataform.iam.gserviceaccount.com\", project.Number),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataform.NewRepository(ctx, \"dataform_repository\", \u0026dataform.RepositoryArgs{\n\t\t\tName: pulumi.String(\"dataform_repository\"),\n\t\t\tDisplayName: pulumi.String(\"dataform_repository\"),\n\t\t\tNpmrcEnvironmentVariablesSecretVersion: secretVersion.ID(),\n\t\t\tKmsKeyName: exampleKey.ID(),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label_foo1\": pulumi.String(\"label-bar1\"),\n\t\t\t},\n\t\t\tGitRemoteSettings: \u0026dataform.RepositoryGitRemoteSettingsArgs{\n\t\t\t\tUrl: pulumi.String(\"https://github.com/OWNER/REPOSITORY.git\"),\n\t\t\t\tDefaultBranch: pulumi.String(\"main\"),\n\t\t\t\tAuthenticationTokenSecretVersion: secretVersion.ID(),\n\t\t\t},\n\t\t\tWorkspaceCompilationOverrides: \u0026dataform.RepositoryWorkspaceCompilationOverridesArgs{\n\t\t\t\tDefaultDatabase: pulumi.String(\"database\"),\n\t\t\t\tSchemaSuffix: pulumi.String(\"_suffix\"),\n\t\t\t\tTablePrefix: pulumi.String(\"prefix_\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKeyBinding,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.kms.CryptoKey;\nimport com.pulumi.gcp.kms.CryptoKeyArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBinding;\nimport com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;\nimport com.pulumi.gcp.dataform.Repository;\nimport com.pulumi.gcp.dataform.RepositoryArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryGitRemoteSettingsArgs;\nimport com.pulumi.gcp.dataform.inputs.RepositoryWorkspaceCompilationOverridesArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret = new Secret(\"secret\", SecretArgs.builder()\n .secretId(\"my-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var secretVersion = new SecretVersion(\"secretVersion\", SecretVersionArgs.builder()\n .secret(secret.id())\n .secretData(\"secret-data\")\n .build());\n\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder()\n .name(\"example-key-ring\")\n .location(\"us-central1\")\n .build());\n\n var exampleKey = new CryptoKey(\"exampleKey\", CryptoKeyArgs.builder()\n .name(\"example-crypto-key-name\")\n .keyRing(keyring.id())\n .build());\n\n var cryptoKeyBinding = new CryptoKeyIAMBinding(\"cryptoKeyBinding\", CryptoKeyIAMBindingArgs.builder()\n .cryptoKeyId(exampleKey.id())\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .members(String.format(\"serviceAccount:service-%s@gcp-sa-dataform.iam.gserviceaccount.com\", project.number()))\n .build());\n\n var dataformRepository = new Repository(\"dataformRepository\", RepositoryArgs.builder()\n .name(\"dataform_repository\")\n .displayName(\"dataform_repository\")\n .npmrcEnvironmentVariablesSecretVersion(secretVersion.id())\n .kmsKeyName(exampleKey.id())\n .labels(Map.of(\"label_foo1\", \"label-bar1\"))\n .gitRemoteSettings(RepositoryGitRemoteSettingsArgs.builder()\n .url(\"https://github.com/OWNER/REPOSITORY.git\")\n .defaultBranch(\"main\")\n .authenticationTokenSecretVersion(secretVersion.id())\n .build())\n .workspaceCompilationOverrides(RepositoryWorkspaceCompilationOverridesArgs.builder()\n .defaultDatabase(\"database\")\n .schemaSuffix(\"_suffix\")\n .tablePrefix(\"prefix_\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKeyBinding)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: my-secret\n replication:\n auto: {}\n secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: secret_version\n properties:\n secret: ${secret.id}\n secretData: secret-data\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: example-key-ring\n location: us-central1\n exampleKey:\n type: gcp:kms:CryptoKey\n name: example_key\n properties:\n name: example-crypto-key-name\n keyRing: ${keyring.id}\n cryptoKeyBinding:\n type: gcp:kms:CryptoKeyIAMBinding\n name: crypto_key_binding\n properties:\n cryptoKeyId: ${exampleKey.id}\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n members:\n - serviceAccount:service-${project.number}@gcp-sa-dataform.iam.gserviceaccount.com\n dataformRepository:\n type: gcp:dataform:Repository\n name: dataform_repository\n properties:\n name: dataform_repository\n displayName: dataform_repository\n npmrcEnvironmentVariablesSecretVersion: ${secretVersion.id}\n kmsKeyName: ${exampleKey.id}\n labels:\n label_foo1: label-bar1\n gitRemoteSettings:\n url: https://github.com/OWNER/REPOSITORY.git\n defaultBranch: main\n authenticationTokenSecretVersion: ${secretVersion.id}\n workspaceCompilationOverrides:\n defaultDatabase: database\n schemaSuffix: _suffix\n tablePrefix: prefix_\n options:\n dependson:\n - ${cryptoKeyBinding}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRepository can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/repositories/{{name}}`\n\n* `{{project}}/{{region}}/{{name}}`\n\n* `{{region}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Repository can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:dataform/repository:Repository default projects/{{project}}/locations/{{region}}/repositories/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repository:Repository default {{project}}/{{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repository:Repository default {{region}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:dataform/repository:Repository default {{name}}\n```\n\n", "properties": { "displayName": { "type": "string", @@ -174881,6 +175302,10 @@ "$ref": "#/types/gcp:dataform/RepositoryGitRemoteSettings:RepositoryGitRemoteSettings", "description": "Optional. If set, configures this repository to be linked to a Git remote.\nStructure is documented below.\n" }, + "kmsKeyName": { + "type": "string", + "description": "Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources.\nIt is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key]\n" + }, "labels": { "type": "object", "additionalProperties": { @@ -174936,6 +175361,10 @@ "$ref": "#/types/gcp:dataform/RepositoryGitRemoteSettings:RepositoryGitRemoteSettings", "description": "Optional. If set, configures this repository to be linked to a Git remote.\nStructure is documented below.\n" }, + "kmsKeyName": { + "type": "string", + "description": "Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources.\nIt is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key]\n" + }, "labels": { "type": "object", "additionalProperties": { @@ -174990,6 +175419,10 @@ "$ref": "#/types/gcp:dataform/RepositoryGitRemoteSettings:RepositoryGitRemoteSettings", "description": "Optional. If set, configures this repository to be linked to a Git remote.\nStructure is documented below.\n" }, + "kmsKeyName": { + "type": "string", + "description": "Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources.\nIt is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key]\n" + }, "labels": { "type": "object", "additionalProperties": { @@ -187594,7 +188027,7 @@ } }, "gcp:discoveryengine/dataStore:DataStore": { - "description": "Data store is a collection of websites and documents used to find answers for\nend-user's questions in Discovery Engine (a.k.a. Vertex AI Search and\nConversation).\n\n\nTo get more information about DataStore, see:\n\n* [API documentation](https://cloud.google.com/generative-ai-app-builder/docs/reference/rest/v1/projects.locations.collections.dataStores)\n* How-to Guides\n * [Create a search data store](https://cloud.google.com/generative-ai-app-builder/docs/create-data-store-es)\n\n## Example Usage\n\n### Discoveryengine Datastore Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.discoveryengine.DataStore(\"basic\", {\n location: \"global\",\n dataStoreId: \"data-store-id\",\n displayName: \"tf-test-structured-datastore\",\n industryVertical: \"GENERIC\",\n contentConfig: \"NO_CONTENT\",\n solutionTypes: [\"SOLUTION_TYPE_SEARCH\"],\n createAdvancedSiteSearch: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.discoveryengine.DataStore(\"basic\",\n location=\"global\",\n data_store_id=\"data-store-id\",\n display_name=\"tf-test-structured-datastore\",\n industry_vertical=\"GENERIC\",\n content_config=\"NO_CONTENT\",\n solution_types=[\"SOLUTION_TYPE_SEARCH\"],\n create_advanced_site_search=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.DiscoveryEngine.DataStore(\"basic\", new()\n {\n Location = \"global\",\n DataStoreId = \"data-store-id\",\n DisplayName = \"tf-test-structured-datastore\",\n IndustryVertical = \"GENERIC\",\n ContentConfig = \"NO_CONTENT\",\n SolutionTypes = new[]\n {\n \"SOLUTION_TYPE_SEARCH\",\n },\n CreateAdvancedSiteSearch = false,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/discoveryengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := discoveryengine.NewDataStore(ctx, \"basic\", \u0026discoveryengine.DataStoreArgs{\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDataStoreId: pulumi.String(\"data-store-id\"),\n\t\t\tDisplayName: pulumi.String(\"tf-test-structured-datastore\"),\n\t\t\tIndustryVertical: pulumi.String(\"GENERIC\"),\n\t\t\tContentConfig: pulumi.String(\"NO_CONTENT\"),\n\t\t\tSolutionTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SOLUTION_TYPE_SEARCH\"),\n\t\t\t},\n\t\t\tCreateAdvancedSiteSearch: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.discoveryengine.DataStore;\nimport com.pulumi.gcp.discoveryengine.DataStoreArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new DataStore(\"basic\", DataStoreArgs.builder()\n .location(\"global\")\n .dataStoreId(\"data-store-id\")\n .displayName(\"tf-test-structured-datastore\")\n .industryVertical(\"GENERIC\")\n .contentConfig(\"NO_CONTENT\")\n .solutionTypes(\"SOLUTION_TYPE_SEARCH\")\n .createAdvancedSiteSearch(false)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basic:\n type: gcp:discoveryengine:DataStore\n properties:\n location: global\n dataStoreId: data-store-id\n displayName: tf-test-structured-datastore\n industryVertical: GENERIC\n contentConfig: NO_CONTENT\n solutionTypes:\n - SOLUTION_TYPE_SEARCH\n createAdvancedSiteSearch: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Discoveryengine Datastore Document Processing Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst documentProcessingConfig = new gcp.discoveryengine.DataStore(\"document_processing_config\", {\n location: \"global\",\n dataStoreId: \"data-store-id\",\n displayName: \"tf-test-structured-datastore\",\n industryVertical: \"GENERIC\",\n contentConfig: \"NO_CONTENT\",\n solutionTypes: [\"SOLUTION_TYPE_SEARCH\"],\n createAdvancedSiteSearch: false,\n documentProcessingConfig: {\n defaultParsingConfig: {\n digitalParsingConfig: {},\n },\n parsingConfigOverrides: [{\n fileType: \"pdf\",\n ocrParsingConfig: {\n useNativeText: true,\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndocument_processing_config = gcp.discoveryengine.DataStore(\"document_processing_config\",\n location=\"global\",\n data_store_id=\"data-store-id\",\n display_name=\"tf-test-structured-datastore\",\n industry_vertical=\"GENERIC\",\n content_config=\"NO_CONTENT\",\n solution_types=[\"SOLUTION_TYPE_SEARCH\"],\n create_advanced_site_search=False,\n document_processing_config={\n \"default_parsing_config\": {\n \"digital_parsing_config\": {},\n },\n \"parsing_config_overrides\": [{\n \"file_type\": \"pdf\",\n \"ocr_parsing_config\": {\n \"use_native_text\": True,\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var documentProcessingConfig = new Gcp.DiscoveryEngine.DataStore(\"document_processing_config\", new()\n {\n Location = \"global\",\n DataStoreId = \"data-store-id\",\n DisplayName = \"tf-test-structured-datastore\",\n IndustryVertical = \"GENERIC\",\n ContentConfig = \"NO_CONTENT\",\n SolutionTypes = new[]\n {\n \"SOLUTION_TYPE_SEARCH\",\n },\n CreateAdvancedSiteSearch = false,\n DocumentProcessingConfig = new Gcp.DiscoveryEngine.Inputs.DataStoreDocumentProcessingConfigArgs\n {\n DefaultParsingConfig = new Gcp.DiscoveryEngine.Inputs.DataStoreDocumentProcessingConfigDefaultParsingConfigArgs\n {\n DigitalParsingConfig = null,\n },\n ParsingConfigOverrides = new[]\n {\n new Gcp.DiscoveryEngine.Inputs.DataStoreDocumentProcessingConfigParsingConfigOverrideArgs\n {\n FileType = \"pdf\",\n OcrParsingConfig = new Gcp.DiscoveryEngine.Inputs.DataStoreDocumentProcessingConfigParsingConfigOverrideOcrParsingConfigArgs\n {\n UseNativeText = true,\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/discoveryengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := discoveryengine.NewDataStore(ctx, \"document_processing_config\", \u0026discoveryengine.DataStoreArgs{\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDataStoreId: pulumi.String(\"data-store-id\"),\n\t\t\tDisplayName: pulumi.String(\"tf-test-structured-datastore\"),\n\t\t\tIndustryVertical: pulumi.String(\"GENERIC\"),\n\t\t\tContentConfig: pulumi.String(\"NO_CONTENT\"),\n\t\t\tSolutionTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SOLUTION_TYPE_SEARCH\"),\n\t\t\t},\n\t\t\tCreateAdvancedSiteSearch: pulumi.Bool(false),\n\t\t\tDocumentProcessingConfig: \u0026discoveryengine.DataStoreDocumentProcessingConfigArgs{\n\t\t\t\tDefaultParsingConfig: \u0026discoveryengine.DataStoreDocumentProcessingConfigDefaultParsingConfigArgs{\n\t\t\t\t\tDigitalParsingConfig: nil,\n\t\t\t\t},\n\t\t\t\tParsingConfigOverrides: discoveryengine.DataStoreDocumentProcessingConfigParsingConfigOverrideArray{\n\t\t\t\t\t\u0026discoveryengine.DataStoreDocumentProcessingConfigParsingConfigOverrideArgs{\n\t\t\t\t\t\tFileType: pulumi.String(\"pdf\"),\n\t\t\t\t\t\tOcrParsingConfig: \u0026discoveryengine.DataStoreDocumentProcessingConfigParsingConfigOverrideOcrParsingConfigArgs{\n\t\t\t\t\t\t\tUseNativeText: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.discoveryengine.DataStore;\nimport com.pulumi.gcp.discoveryengine.DataStoreArgs;\nimport com.pulumi.gcp.discoveryengine.inputs.DataStoreDocumentProcessingConfigArgs;\nimport com.pulumi.gcp.discoveryengine.inputs.DataStoreDocumentProcessingConfigDefaultParsingConfigArgs;\nimport com.pulumi.gcp.discoveryengine.inputs.DataStoreDocumentProcessingConfigDefaultParsingConfigDigitalParsingConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var documentProcessingConfig = new DataStore(\"documentProcessingConfig\", DataStoreArgs.builder()\n .location(\"global\")\n .dataStoreId(\"data-store-id\")\n .displayName(\"tf-test-structured-datastore\")\n .industryVertical(\"GENERIC\")\n .contentConfig(\"NO_CONTENT\")\n .solutionTypes(\"SOLUTION_TYPE_SEARCH\")\n .createAdvancedSiteSearch(false)\n .documentProcessingConfig(DataStoreDocumentProcessingConfigArgs.builder()\n .defaultParsingConfig(DataStoreDocumentProcessingConfigDefaultParsingConfigArgs.builder()\n .digitalParsingConfig()\n .build())\n .parsingConfigOverrides(DataStoreDocumentProcessingConfigParsingConfigOverrideArgs.builder()\n .fileType(\"pdf\")\n .ocrParsingConfig(DataStoreDocumentProcessingConfigParsingConfigOverrideOcrParsingConfigArgs.builder()\n .useNativeText(true)\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n documentProcessingConfig:\n type: gcp:discoveryengine:DataStore\n name: document_processing_config\n properties:\n location: global\n dataStoreId: data-store-id\n displayName: tf-test-structured-datastore\n industryVertical: GENERIC\n contentConfig: NO_CONTENT\n solutionTypes:\n - SOLUTION_TYPE_SEARCH\n createAdvancedSiteSearch: false\n documentProcessingConfig:\n defaultParsingConfig:\n digitalParsingConfig: {}\n parsingConfigOverrides:\n - fileType: pdf\n ocrParsingConfig:\n useNativeText: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDataStore can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/collections/default_collection/dataStores/{{data_store_id}}`\n\n* `{{project}}/{{location}}/{{data_store_id}}`\n\n* `{{location}}/{{data_store_id}}`\n\nWhen using the `pulumi import` command, DataStore can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:discoveryengine/dataStore:DataStore default projects/{{project}}/locations/{{location}}/collections/default_collection/dataStores/{{data_store_id}}\n```\n\n```sh\n$ pulumi import gcp:discoveryengine/dataStore:DataStore default {{project}}/{{location}}/{{data_store_id}}\n```\n\n```sh\n$ pulumi import gcp:discoveryengine/dataStore:DataStore default {{location}}/{{data_store_id}}\n```\n\n", + "description": "Data store is a collection of websites and documents used to find answers for\nend-user's questions in Discovery Engine (a.k.a. Vertex AI Search and\nConversation).\n\n\nTo get more information about DataStore, see:\n\n* [API documentation](https://cloud.google.com/generative-ai-app-builder/docs/reference/rest/v1/projects.locations.collections.dataStores)\n* How-to Guides\n * [Create a search data store](https://cloud.google.com/generative-ai-app-builder/docs/create-data-store-es)\n\n## Example Usage\n\n### Discoveryengine Datastore Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.discoveryengine.DataStore(\"basic\", {\n location: \"global\",\n dataStoreId: \"data-store-id\",\n displayName: \"tf-test-structured-datastore\",\n industryVertical: \"GENERIC\",\n contentConfig: \"NO_CONTENT\",\n solutionTypes: [\"SOLUTION_TYPE_SEARCH\"],\n createAdvancedSiteSearch: false,\n skipDefaultSchemaCreation: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.discoveryengine.DataStore(\"basic\",\n location=\"global\",\n data_store_id=\"data-store-id\",\n display_name=\"tf-test-structured-datastore\",\n industry_vertical=\"GENERIC\",\n content_config=\"NO_CONTENT\",\n solution_types=[\"SOLUTION_TYPE_SEARCH\"],\n create_advanced_site_search=False,\n skip_default_schema_creation=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.DiscoveryEngine.DataStore(\"basic\", new()\n {\n Location = \"global\",\n DataStoreId = \"data-store-id\",\n DisplayName = \"tf-test-structured-datastore\",\n IndustryVertical = \"GENERIC\",\n ContentConfig = \"NO_CONTENT\",\n SolutionTypes = new[]\n {\n \"SOLUTION_TYPE_SEARCH\",\n },\n CreateAdvancedSiteSearch = false,\n SkipDefaultSchemaCreation = false,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/discoveryengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := discoveryengine.NewDataStore(ctx, \"basic\", \u0026discoveryengine.DataStoreArgs{\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDataStoreId: pulumi.String(\"data-store-id\"),\n\t\t\tDisplayName: pulumi.String(\"tf-test-structured-datastore\"),\n\t\t\tIndustryVertical: pulumi.String(\"GENERIC\"),\n\t\t\tContentConfig: pulumi.String(\"NO_CONTENT\"),\n\t\t\tSolutionTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SOLUTION_TYPE_SEARCH\"),\n\t\t\t},\n\t\t\tCreateAdvancedSiteSearch: pulumi.Bool(false),\n\t\t\tSkipDefaultSchemaCreation: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.discoveryengine.DataStore;\nimport com.pulumi.gcp.discoveryengine.DataStoreArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new DataStore(\"basic\", DataStoreArgs.builder()\n .location(\"global\")\n .dataStoreId(\"data-store-id\")\n .displayName(\"tf-test-structured-datastore\")\n .industryVertical(\"GENERIC\")\n .contentConfig(\"NO_CONTENT\")\n .solutionTypes(\"SOLUTION_TYPE_SEARCH\")\n .createAdvancedSiteSearch(false)\n .skipDefaultSchemaCreation(false)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basic:\n type: gcp:discoveryengine:DataStore\n properties:\n location: global\n dataStoreId: data-store-id\n displayName: tf-test-structured-datastore\n industryVertical: GENERIC\n contentConfig: NO_CONTENT\n solutionTypes:\n - SOLUTION_TYPE_SEARCH\n createAdvancedSiteSearch: false\n skipDefaultSchemaCreation: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Discoveryengine Datastore Document Processing Config\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst documentProcessingConfig = new gcp.discoveryengine.DataStore(\"document_processing_config\", {\n location: \"global\",\n dataStoreId: \"data-store-id\",\n displayName: \"tf-test-structured-datastore\",\n industryVertical: \"GENERIC\",\n contentConfig: \"NO_CONTENT\",\n solutionTypes: [\"SOLUTION_TYPE_SEARCH\"],\n createAdvancedSiteSearch: false,\n documentProcessingConfig: {\n defaultParsingConfig: {\n digitalParsingConfig: {},\n },\n parsingConfigOverrides: [{\n fileType: \"pdf\",\n ocrParsingConfig: {\n useNativeText: true,\n },\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndocument_processing_config = gcp.discoveryengine.DataStore(\"document_processing_config\",\n location=\"global\",\n data_store_id=\"data-store-id\",\n display_name=\"tf-test-structured-datastore\",\n industry_vertical=\"GENERIC\",\n content_config=\"NO_CONTENT\",\n solution_types=[\"SOLUTION_TYPE_SEARCH\"],\n create_advanced_site_search=False,\n document_processing_config={\n \"default_parsing_config\": {\n \"digital_parsing_config\": {},\n },\n \"parsing_config_overrides\": [{\n \"file_type\": \"pdf\",\n \"ocr_parsing_config\": {\n \"use_native_text\": True,\n },\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var documentProcessingConfig = new Gcp.DiscoveryEngine.DataStore(\"document_processing_config\", new()\n {\n Location = \"global\",\n DataStoreId = \"data-store-id\",\n DisplayName = \"tf-test-structured-datastore\",\n IndustryVertical = \"GENERIC\",\n ContentConfig = \"NO_CONTENT\",\n SolutionTypes = new[]\n {\n \"SOLUTION_TYPE_SEARCH\",\n },\n CreateAdvancedSiteSearch = false,\n DocumentProcessingConfig = new Gcp.DiscoveryEngine.Inputs.DataStoreDocumentProcessingConfigArgs\n {\n DefaultParsingConfig = new Gcp.DiscoveryEngine.Inputs.DataStoreDocumentProcessingConfigDefaultParsingConfigArgs\n {\n DigitalParsingConfig = null,\n },\n ParsingConfigOverrides = new[]\n {\n new Gcp.DiscoveryEngine.Inputs.DataStoreDocumentProcessingConfigParsingConfigOverrideArgs\n {\n FileType = \"pdf\",\n OcrParsingConfig = new Gcp.DiscoveryEngine.Inputs.DataStoreDocumentProcessingConfigParsingConfigOverrideOcrParsingConfigArgs\n {\n UseNativeText = true,\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/discoveryengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := discoveryengine.NewDataStore(ctx, \"document_processing_config\", \u0026discoveryengine.DataStoreArgs{\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDataStoreId: pulumi.String(\"data-store-id\"),\n\t\t\tDisplayName: pulumi.String(\"tf-test-structured-datastore\"),\n\t\t\tIndustryVertical: pulumi.String(\"GENERIC\"),\n\t\t\tContentConfig: pulumi.String(\"NO_CONTENT\"),\n\t\t\tSolutionTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SOLUTION_TYPE_SEARCH\"),\n\t\t\t},\n\t\t\tCreateAdvancedSiteSearch: pulumi.Bool(false),\n\t\t\tDocumentProcessingConfig: \u0026discoveryengine.DataStoreDocumentProcessingConfigArgs{\n\t\t\t\tDefaultParsingConfig: \u0026discoveryengine.DataStoreDocumentProcessingConfigDefaultParsingConfigArgs{\n\t\t\t\t\tDigitalParsingConfig: nil,\n\t\t\t\t},\n\t\t\t\tParsingConfigOverrides: discoveryengine.DataStoreDocumentProcessingConfigParsingConfigOverrideArray{\n\t\t\t\t\t\u0026discoveryengine.DataStoreDocumentProcessingConfigParsingConfigOverrideArgs{\n\t\t\t\t\t\tFileType: pulumi.String(\"pdf\"),\n\t\t\t\t\t\tOcrParsingConfig: \u0026discoveryengine.DataStoreDocumentProcessingConfigParsingConfigOverrideOcrParsingConfigArgs{\n\t\t\t\t\t\t\tUseNativeText: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.discoveryengine.DataStore;\nimport com.pulumi.gcp.discoveryengine.DataStoreArgs;\nimport com.pulumi.gcp.discoveryengine.inputs.DataStoreDocumentProcessingConfigArgs;\nimport com.pulumi.gcp.discoveryengine.inputs.DataStoreDocumentProcessingConfigDefaultParsingConfigArgs;\nimport com.pulumi.gcp.discoveryengine.inputs.DataStoreDocumentProcessingConfigDefaultParsingConfigDigitalParsingConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var documentProcessingConfig = new DataStore(\"documentProcessingConfig\", DataStoreArgs.builder()\n .location(\"global\")\n .dataStoreId(\"data-store-id\")\n .displayName(\"tf-test-structured-datastore\")\n .industryVertical(\"GENERIC\")\n .contentConfig(\"NO_CONTENT\")\n .solutionTypes(\"SOLUTION_TYPE_SEARCH\")\n .createAdvancedSiteSearch(false)\n .documentProcessingConfig(DataStoreDocumentProcessingConfigArgs.builder()\n .defaultParsingConfig(DataStoreDocumentProcessingConfigDefaultParsingConfigArgs.builder()\n .digitalParsingConfig()\n .build())\n .parsingConfigOverrides(DataStoreDocumentProcessingConfigParsingConfigOverrideArgs.builder()\n .fileType(\"pdf\")\n .ocrParsingConfig(DataStoreDocumentProcessingConfigParsingConfigOverrideOcrParsingConfigArgs.builder()\n .useNativeText(true)\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n documentProcessingConfig:\n type: gcp:discoveryengine:DataStore\n name: document_processing_config\n properties:\n location: global\n dataStoreId: data-store-id\n displayName: tf-test-structured-datastore\n industryVertical: GENERIC\n contentConfig: NO_CONTENT\n solutionTypes:\n - SOLUTION_TYPE_SEARCH\n createAdvancedSiteSearch: false\n documentProcessingConfig:\n defaultParsingConfig:\n digitalParsingConfig: {}\n parsingConfigOverrides:\n - fileType: pdf\n ocrParsingConfig:\n useNativeText: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDataStore can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/collections/default_collection/dataStores/{{data_store_id}}`\n\n* `{{project}}/{{location}}/{{data_store_id}}`\n\n* `{{location}}/{{data_store_id}}`\n\nWhen using the `pulumi import` command, DataStore can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:discoveryengine/dataStore:DataStore default projects/{{project}}/locations/{{location}}/collections/default_collection/dataStores/{{data_store_id}}\n```\n\n```sh\n$ pulumi import gcp:discoveryengine/dataStore:DataStore default {{project}}/{{location}}/{{data_store_id}}\n```\n\n```sh\n$ pulumi import gcp:discoveryengine/dataStore:DataStore default {{location}}/{{data_store_id}}\n```\n\n", "properties": { "contentConfig": { "type": "string", @@ -187640,6 +188073,10 @@ "type": "string", "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the provider project is used.\n" }, + "skipDefaultSchemaCreation": { + "type": "boolean", + "description": "A boolean flag indicating whether to skip the default schema creation for\nthe data store. Only enable this flag if you are certain that the default\nschema is incompatible with your use case.\nIf set to true, you must manually create a schema for the data store\nbefore any documents can be ingested.\nThis flag cannot be specified if `data_store.starting_schema` is\nspecified.\n" + }, "solutionTypes": { "type": "array", "items": { @@ -187698,6 +188135,10 @@ "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the provider project is used.\n", "willReplaceOnChanges": true }, + "skipDefaultSchemaCreation": { + "type": "boolean", + "description": "A boolean flag indicating whether to skip the default schema creation for\nthe data store. Only enable this flag if you are certain that the default\nschema is incompatible with your use case.\nIf set to true, you must manually create a schema for the data store\nbefore any documents can be ingested.\nThis flag cannot be specified if `data_store.starting_schema` is\nspecified.\n" + }, "solutionTypes": { "type": "array", "items": { @@ -187767,6 +188208,10 @@ "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the provider project is used.\n", "willReplaceOnChanges": true }, + "skipDefaultSchemaCreation": { + "type": "boolean", + "description": "A boolean flag indicating whether to skip the default schema creation for\nthe data store. Only enable this flag if you are certain that the default\nschema is incompatible with your use case.\nIf set to true, you must manually create a schema for the data store\nbefore any documents can be ingested.\nThis flag cannot be specified if `data_store.starting_schema` is\nspecified.\n" + }, "solutionTypes": { "type": "array", "items": { @@ -211300,7 +211745,7 @@ } }, "gcp:logging/logViewIamBinding:LogViewIamBinding": { - "description": "\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud (Stackdriver) Logging logview IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamBinding:LogViewIamBinding editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamBinding:LogViewIamBinding editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamBinding:LogViewIamBinding editor {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case:\n\n* `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached.\n* `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved.\n* `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview\n\n\u003e **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.logging.LogViewIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026logging.LogViewIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(LogViewIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026logging.LogViewIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .condition(LogViewIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## \u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud (Stackdriver) Logging LogView\nThree different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case:\n\n* `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached.\n* `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved.\n* `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview\n\n\u003e **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.logging.LogViewIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026logging.LogViewIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(LogViewIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026logging.LogViewIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .condition(LogViewIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud (Stackdriver) Logging logview IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamBinding:LogViewIamBinding editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamBinding:LogViewIamBinding editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamBinding:LogViewIamBinding editor {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "bucket": { "type": "string", @@ -211441,7 +211886,7 @@ } }, "gcp:logging/logViewIamMember:LogViewIamMember": { - "description": "\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud (Stackdriver) Logging logview IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamMember:LogViewIamMember editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamMember:LogViewIamMember editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamMember:LogViewIamMember editor {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case:\n\n* `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached.\n* `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved.\n* `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview\n\n\u003e **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.logging.LogViewIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026logging.LogViewIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(LogViewIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026logging.LogViewIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .condition(LogViewIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## \u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud (Stackdriver) Logging LogView\nThree different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case:\n\n* `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached.\n* `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved.\n* `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview\n\n\u003e **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.logging.LogViewIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026logging.LogViewIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(LogViewIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026logging.LogViewIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .condition(LogViewIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud (Stackdriver) Logging logview IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamMember:LogViewIamMember editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamMember:LogViewIamMember editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamMember:LogViewIamMember editor {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "bucket": { "type": "string", @@ -211575,7 +212020,7 @@ } }, "gcp:logging/logViewIamPolicy:LogViewIamPolicy": { - "description": "\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud (Stackdriver) Logging logview IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamPolicy:LogViewIamPolicy editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamPolicy:LogViewIamPolicy editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamPolicy:LogViewIamPolicy editor {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case:\n\n* `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached.\n* `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved.\n* `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview\n\n\u003e **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.logging.LogViewIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026logging.LogViewIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(LogViewIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026logging.LogViewIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .condition(LogViewIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## \u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Cloud (Stackdriver) Logging LogView\nThree different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case:\n\n* `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached.\n* `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved.\n* `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview\n\n\u003e **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n## gcp.logging.LogViewIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.logging.LogViewIamPolicy(\"policy\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/logging.admin\",\n \"members\": [\"user:jane@example.com\"],\n \"condition\": {\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n}])\npolicy = gcp.logging.LogViewIamPolicy(\"policy\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Logging.LogViewIamPolicy(\"policy\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/logging.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = logging.NewLogViewIamPolicy(ctx, \"policy\", \u0026logging.LogViewIamPolicyArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.logging.LogViewIamPolicy;\nimport com.pulumi.gcp.logging.LogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new LogViewIamPolicy(\"policy\", LogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:logging:LogViewIamPolicy\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.logging.LogViewIamBinding(\"binding\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.logging.LogViewIamBinding(\"binding\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n members=[\"user:jane@example.com\"],\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Logging.LogViewIamBinding(\"binding\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamBinding(ctx, \"binding\", \u0026logging.LogViewIamBindingArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026logging.LogViewIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamBinding;\nimport com.pulumi.gcp.logging.LogViewIamBindingArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LogViewIamBinding(\"binding\", LogViewIamBindingArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .members(\"user:jane@example.com\")\n .condition(LogViewIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:logging:LogViewIamBinding\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## gcp.logging.LogViewIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.logging.LogViewIamMember(\"member\", {\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n role: \"roles/logging.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.logging.LogViewIamMember(\"member\",\n parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"],\n role=\"roles/logging.admin\",\n member=\"user:jane@example.com\",\n condition={\n \"title\": \"expires_after_2019_12_31\",\n \"description\": \"Expiring at midnight of 2019-12-31\",\n \"expression\": \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Logging.LogViewIamMember(\"member\", new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n Role = \"roles/logging.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.NewLogViewIamMember(ctx, \"member\", \u0026logging.LogViewIamMemberArgs{\n\t\t\tParent: pulumi.Any(loggingLogView.Parent),\n\t\t\tLocation: pulumi.Any(loggingLogView.Location),\n\t\t\tBucket: pulumi.Any(loggingLogView.Bucket),\n\t\t\tName: pulumi.Any(loggingLogView.Name),\n\t\t\tRole: pulumi.String(\"roles/logging.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026logging.LogViewIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LogViewIamMember;\nimport com.pulumi.gcp.logging.LogViewIamMemberArgs;\nimport com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LogViewIamMember(\"member\", LogViewIamMemberArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .role(\"roles/logging.admin\")\n .member(\"user:jane@example.com\")\n .condition(LogViewIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:logging:LogViewIamMember\n properties:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n role: roles/logging.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud (Stackdriver) Logging logview IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamPolicy:LogViewIamPolicy editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamPolicy:LogViewIamPolicy editor \"{{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}} roles/logging.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:logging/logViewIamPolicy:LogViewIamPolicy editor {{parent}}/locations/{{location}}/buckets/{{bucket}}/views/{{log_view}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "bucket": { "type": "string", @@ -218521,7 +218966,7 @@ } }, "gcp:networkconnectivity/regionalEndpoint:RegionalEndpoint": { - "description": "Regional Private Service Connect (PSC) endpoint resource.\n\n\nTo get more information about RegionalEndpoint, see:\n\n* [API documentation](https://cloud.google.com/network-connectivity/docs/reference/networkconnectivity/rest/v1/projects.locations.regionalEndpoints)\n* How-to Guides\n * [Access regional Google APIs through endpoints](https://cloud.google.com/vpc/docs/access-regional-google-apis-endpoints)\n\n## Example Usage\n\n### Network Connectivity Regional Endpoint Regional Access\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myNetwork = new gcp.compute.Network(\"my_network\", {\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst mySubnetwork = new gcp.compute.Subnetwork(\"my_subnetwork\", {\n name: \"my-subnetwork\",\n ipCidrRange: \"192.168.0.0/24\",\n region: \"us-central1\",\n network: myNetwork.id,\n});\nconst _default = new gcp.networkconnectivity.RegionalEndpoint(\"default\", {\n name: \"my-rep\",\n location: \"us-central1\",\n targetGoogleApi: \"boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com\",\n accessType: \"REGIONAL\",\n address: \"192.168.0.5\",\n network: myNetwork.id,\n subnetwork: mySubnetwork.id,\n description: \"My RegionalEndpoint targeting Google API boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com\",\n labels: {\n env: \"default\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_network = gcp.compute.Network(\"my_network\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nmy_subnetwork = gcp.compute.Subnetwork(\"my_subnetwork\",\n name=\"my-subnetwork\",\n ip_cidr_range=\"192.168.0.0/24\",\n region=\"us-central1\",\n network=my_network.id)\ndefault = gcp.networkconnectivity.RegionalEndpoint(\"default\",\n name=\"my-rep\",\n location=\"us-central1\",\n target_google_api=\"boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com\",\n access_type=\"REGIONAL\",\n address=\"192.168.0.5\",\n network=my_network.id,\n subnetwork=my_subnetwork.id,\n description=\"My RegionalEndpoint targeting Google API boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com\",\n labels={\n \"env\": \"default\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myNetwork = new Gcp.Compute.Network(\"my_network\", new()\n {\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var mySubnetwork = new Gcp.Compute.Subnetwork(\"my_subnetwork\", new()\n {\n Name = \"my-subnetwork\",\n IpCidrRange = \"192.168.0.0/24\",\n Region = \"us-central1\",\n Network = myNetwork.Id,\n });\n\n var @default = new Gcp.NetworkConnectivity.RegionalEndpoint(\"default\", new()\n {\n Name = \"my-rep\",\n Location = \"us-central1\",\n TargetGoogleApi = \"boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com\",\n AccessType = \"REGIONAL\",\n Address = \"192.168.0.5\",\n Network = myNetwork.Id,\n Subnetwork = mySubnetwork.Id,\n Description = \"My RegionalEndpoint targeting Google API boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com\",\n Labels = \n {\n { \"env\", \"default\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyNetwork, err := compute.NewNetwork(ctx, \"my_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmySubnetwork, err := compute.NewSubnetwork(ctx, \"my_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"192.168.0.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: myNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewRegionalEndpoint(ctx, \"default\", \u0026networkconnectivity.RegionalEndpointArgs{\n\t\t\tName: pulumi.String(\"my-rep\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTargetGoogleApi: pulumi.String(\"boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com\"),\n\t\t\tAccessType: pulumi.String(\"REGIONAL\"),\n\t\t\tAddress: pulumi.String(\"192.168.0.5\"),\n\t\t\tNetwork: myNetwork.ID(),\n\t\t\tSubnetwork: mySubnetwork.ID(),\n\t\t\tDescription: pulumi.String(\"My RegionalEndpoint targeting Google API boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"env\": pulumi.String(\"default\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.RegionalEndpoint;\nimport com.pulumi.gcp.networkconnectivity.RegionalEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myNetwork = new Network(\"myNetwork\", NetworkArgs.builder()\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var mySubnetwork = new Subnetwork(\"mySubnetwork\", SubnetworkArgs.builder()\n .name(\"my-subnetwork\")\n .ipCidrRange(\"192.168.0.0/24\")\n .region(\"us-central1\")\n .network(myNetwork.id())\n .build());\n\n var default_ = new RegionalEndpoint(\"default\", RegionalEndpointArgs.builder()\n .name(\"my-rep\")\n .location(\"us-central1\")\n .targetGoogleApi(\"boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com\")\n .accessType(\"REGIONAL\")\n .address(\"192.168.0.5\")\n .network(myNetwork.id())\n .subnetwork(mySubnetwork.id())\n .description(\"My RegionalEndpoint targeting Google API boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com\")\n .labels(Map.of(\"env\", \"default\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myNetwork:\n type: gcp:compute:Network\n name: my_network\n properties:\n name: my-network\n autoCreateSubnetworks: false\n mySubnetwork:\n type: gcp:compute:Subnetwork\n name: my_subnetwork\n properties:\n name: my-subnetwork\n ipCidrRange: 192.168.0.0/24\n region: us-central1\n network: ${myNetwork.id}\n default:\n type: gcp:networkconnectivity:RegionalEndpoint\n properties:\n name: my-rep\n location: us-central1\n targetGoogleApi: boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com\n accessType: REGIONAL\n address: 192.168.0.5\n network: ${myNetwork.id}\n subnetwork: ${mySubnetwork.id}\n description: My RegionalEndpoint targeting Google API boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com\n labels:\n env: default\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Connectivity Regional Endpoint Global Access\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myNetwork = new gcp.compute.Network(\"my_network\", {\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst mySubnetwork = new gcp.compute.Subnetwork(\"my_subnetwork\", {\n name: \"my-subnetwork\",\n ipCidrRange: \"192.168.0.0/24\",\n region: \"us-central1\",\n network: myNetwork.id,\n});\nconst _default = new gcp.networkconnectivity.RegionalEndpoint(\"default\", {\n name: \"my-rep\",\n location: \"us-central1\",\n targetGoogleApi: \"boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com\",\n accessType: \"GLOBAL\",\n address: \"192.168.0.4\",\n network: myNetwork.id,\n subnetwork: mySubnetwork.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_network = gcp.compute.Network(\"my_network\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nmy_subnetwork = gcp.compute.Subnetwork(\"my_subnetwork\",\n name=\"my-subnetwork\",\n ip_cidr_range=\"192.168.0.0/24\",\n region=\"us-central1\",\n network=my_network.id)\ndefault = gcp.networkconnectivity.RegionalEndpoint(\"default\",\n name=\"my-rep\",\n location=\"us-central1\",\n target_google_api=\"boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com\",\n access_type=\"GLOBAL\",\n address=\"192.168.0.4\",\n network=my_network.id,\n subnetwork=my_subnetwork.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myNetwork = new Gcp.Compute.Network(\"my_network\", new()\n {\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var mySubnetwork = new Gcp.Compute.Subnetwork(\"my_subnetwork\", new()\n {\n Name = \"my-subnetwork\",\n IpCidrRange = \"192.168.0.0/24\",\n Region = \"us-central1\",\n Network = myNetwork.Id,\n });\n\n var @default = new Gcp.NetworkConnectivity.RegionalEndpoint(\"default\", new()\n {\n Name = \"my-rep\",\n Location = \"us-central1\",\n TargetGoogleApi = \"boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com\",\n AccessType = \"GLOBAL\",\n Address = \"192.168.0.4\",\n Network = myNetwork.Id,\n Subnetwork = mySubnetwork.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyNetwork, err := compute.NewNetwork(ctx, \"my_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmySubnetwork, err := compute.NewSubnetwork(ctx, \"my_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"192.168.0.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: myNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewRegionalEndpoint(ctx, \"default\", \u0026networkconnectivity.RegionalEndpointArgs{\n\t\t\tName: pulumi.String(\"my-rep\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTargetGoogleApi: pulumi.String(\"boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com\"),\n\t\t\tAccessType: pulumi.String(\"GLOBAL\"),\n\t\t\tAddress: pulumi.String(\"192.168.0.4\"),\n\t\t\tNetwork: myNetwork.ID(),\n\t\t\tSubnetwork: mySubnetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.RegionalEndpoint;\nimport com.pulumi.gcp.networkconnectivity.RegionalEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myNetwork = new Network(\"myNetwork\", NetworkArgs.builder()\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var mySubnetwork = new Subnetwork(\"mySubnetwork\", SubnetworkArgs.builder()\n .name(\"my-subnetwork\")\n .ipCidrRange(\"192.168.0.0/24\")\n .region(\"us-central1\")\n .network(myNetwork.id())\n .build());\n\n var default_ = new RegionalEndpoint(\"default\", RegionalEndpointArgs.builder()\n .name(\"my-rep\")\n .location(\"us-central1\")\n .targetGoogleApi(\"boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com\")\n .accessType(\"GLOBAL\")\n .address(\"192.168.0.4\")\n .network(myNetwork.id())\n .subnetwork(mySubnetwork.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myNetwork:\n type: gcp:compute:Network\n name: my_network\n properties:\n name: my-network\n autoCreateSubnetworks: false\n mySubnetwork:\n type: gcp:compute:Subnetwork\n name: my_subnetwork\n properties:\n name: my-subnetwork\n ipCidrRange: 192.168.0.0/24\n region: us-central1\n network: ${myNetwork.id}\n default:\n type: gcp:networkconnectivity:RegionalEndpoint\n properties:\n name: my-rep\n location: us-central1\n targetGoogleApi: boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com\n accessType: GLOBAL\n address: 192.168.0.4\n network: ${myNetwork.id}\n subnetwork: ${mySubnetwork.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionalEndpoint can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/regionalEndpoints/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, RegionalEndpoint can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networkconnectivity/regionalEndpoint:RegionalEndpoint default projects/{{project}}/locations/{{location}}/regionalEndpoints/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkconnectivity/regionalEndpoint:RegionalEndpoint default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkconnectivity/regionalEndpoint:RegionalEndpoint default {{location}}/{{name}}\n```\n\n", + "description": "Regional Private Service Connect (PSC) endpoint resource.\n\n\nTo get more information about RegionalEndpoint, see:\n\n* [API documentation](https://cloud.google.com/network-connectivity/docs/reference/networkconnectivity/rest/v1/projects.locations.regionalEndpoints)\n* How-to Guides\n * [Access regional Google APIs through endpoints](https://cloud.google.com/vpc/docs/access-regional-google-apis-endpoints)\n\n## Example Usage\n\n### Network Connectivity Regional Endpoint Regional Access\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myNetwork = new gcp.compute.Network(\"my_network\", {\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst mySubnetwork = new gcp.compute.Subnetwork(\"my_subnetwork\", {\n name: \"my-subnetwork\",\n ipCidrRange: \"192.168.0.0/24\",\n region: \"us-central1\",\n network: myNetwork.id,\n});\nconst _default = new gcp.networkconnectivity.RegionalEndpoint(\"default\", {\n name: \"my-rep\",\n location: \"us-central1\",\n targetGoogleApi: \"storage.us-central1.p.rep.googleapis.com\",\n accessType: \"REGIONAL\",\n address: \"192.168.0.5\",\n network: myNetwork.id,\n subnetwork: mySubnetwork.id,\n description: \"My RegionalEndpoint targeting Google API storage.us-central1.p.rep.googleapis.com\",\n labels: {\n env: \"default\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_network = gcp.compute.Network(\"my_network\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nmy_subnetwork = gcp.compute.Subnetwork(\"my_subnetwork\",\n name=\"my-subnetwork\",\n ip_cidr_range=\"192.168.0.0/24\",\n region=\"us-central1\",\n network=my_network.id)\ndefault = gcp.networkconnectivity.RegionalEndpoint(\"default\",\n name=\"my-rep\",\n location=\"us-central1\",\n target_google_api=\"storage.us-central1.p.rep.googleapis.com\",\n access_type=\"REGIONAL\",\n address=\"192.168.0.5\",\n network=my_network.id,\n subnetwork=my_subnetwork.id,\n description=\"My RegionalEndpoint targeting Google API storage.us-central1.p.rep.googleapis.com\",\n labels={\n \"env\": \"default\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myNetwork = new Gcp.Compute.Network(\"my_network\", new()\n {\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var mySubnetwork = new Gcp.Compute.Subnetwork(\"my_subnetwork\", new()\n {\n Name = \"my-subnetwork\",\n IpCidrRange = \"192.168.0.0/24\",\n Region = \"us-central1\",\n Network = myNetwork.Id,\n });\n\n var @default = new Gcp.NetworkConnectivity.RegionalEndpoint(\"default\", new()\n {\n Name = \"my-rep\",\n Location = \"us-central1\",\n TargetGoogleApi = \"storage.us-central1.p.rep.googleapis.com\",\n AccessType = \"REGIONAL\",\n Address = \"192.168.0.5\",\n Network = myNetwork.Id,\n Subnetwork = mySubnetwork.Id,\n Description = \"My RegionalEndpoint targeting Google API storage.us-central1.p.rep.googleapis.com\",\n Labels = \n {\n { \"env\", \"default\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyNetwork, err := compute.NewNetwork(ctx, \"my_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmySubnetwork, err := compute.NewSubnetwork(ctx, \"my_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"192.168.0.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: myNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewRegionalEndpoint(ctx, \"default\", \u0026networkconnectivity.RegionalEndpointArgs{\n\t\t\tName: pulumi.String(\"my-rep\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTargetGoogleApi: pulumi.String(\"storage.us-central1.p.rep.googleapis.com\"),\n\t\t\tAccessType: pulumi.String(\"REGIONAL\"),\n\t\t\tAddress: pulumi.String(\"192.168.0.5\"),\n\t\t\tNetwork: myNetwork.ID(),\n\t\t\tSubnetwork: mySubnetwork.ID(),\n\t\t\tDescription: pulumi.String(\"My RegionalEndpoint targeting Google API storage.us-central1.p.rep.googleapis.com\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"env\": pulumi.String(\"default\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.RegionalEndpoint;\nimport com.pulumi.gcp.networkconnectivity.RegionalEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myNetwork = new Network(\"myNetwork\", NetworkArgs.builder()\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var mySubnetwork = new Subnetwork(\"mySubnetwork\", SubnetworkArgs.builder()\n .name(\"my-subnetwork\")\n .ipCidrRange(\"192.168.0.0/24\")\n .region(\"us-central1\")\n .network(myNetwork.id())\n .build());\n\n var default_ = new RegionalEndpoint(\"default\", RegionalEndpointArgs.builder()\n .name(\"my-rep\")\n .location(\"us-central1\")\n .targetGoogleApi(\"storage.us-central1.p.rep.googleapis.com\")\n .accessType(\"REGIONAL\")\n .address(\"192.168.0.5\")\n .network(myNetwork.id())\n .subnetwork(mySubnetwork.id())\n .description(\"My RegionalEndpoint targeting Google API storage.us-central1.p.rep.googleapis.com\")\n .labels(Map.of(\"env\", \"default\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myNetwork:\n type: gcp:compute:Network\n name: my_network\n properties:\n name: my-network\n autoCreateSubnetworks: false\n mySubnetwork:\n type: gcp:compute:Subnetwork\n name: my_subnetwork\n properties:\n name: my-subnetwork\n ipCidrRange: 192.168.0.0/24\n region: us-central1\n network: ${myNetwork.id}\n default:\n type: gcp:networkconnectivity:RegionalEndpoint\n properties:\n name: my-rep\n location: us-central1\n targetGoogleApi: storage.us-central1.p.rep.googleapis.com\n accessType: REGIONAL\n address: 192.168.0.5\n network: ${myNetwork.id}\n subnetwork: ${mySubnetwork.id}\n description: My RegionalEndpoint targeting Google API storage.us-central1.p.rep.googleapis.com\n labels:\n env: default\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Connectivity Regional Endpoint Global Access\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst myNetwork = new gcp.compute.Network(\"my_network\", {\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst mySubnetwork = new gcp.compute.Subnetwork(\"my_subnetwork\", {\n name: \"my-subnetwork\",\n ipCidrRange: \"192.168.0.0/24\",\n region: \"us-central1\",\n network: myNetwork.id,\n});\nconst _default = new gcp.networkconnectivity.RegionalEndpoint(\"default\", {\n name: \"my-rep\",\n location: \"us-central1\",\n targetGoogleApi: \"storage.us-central1.p.rep.googleapis.com\",\n accessType: \"GLOBAL\",\n address: \"192.168.0.4\",\n network: myNetwork.id,\n subnetwork: mySubnetwork.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_network = gcp.compute.Network(\"my_network\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nmy_subnetwork = gcp.compute.Subnetwork(\"my_subnetwork\",\n name=\"my-subnetwork\",\n ip_cidr_range=\"192.168.0.0/24\",\n region=\"us-central1\",\n network=my_network.id)\ndefault = gcp.networkconnectivity.RegionalEndpoint(\"default\",\n name=\"my-rep\",\n location=\"us-central1\",\n target_google_api=\"storage.us-central1.p.rep.googleapis.com\",\n access_type=\"GLOBAL\",\n address=\"192.168.0.4\",\n network=my_network.id,\n subnetwork=my_subnetwork.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myNetwork = new Gcp.Compute.Network(\"my_network\", new()\n {\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var mySubnetwork = new Gcp.Compute.Subnetwork(\"my_subnetwork\", new()\n {\n Name = \"my-subnetwork\",\n IpCidrRange = \"192.168.0.0/24\",\n Region = \"us-central1\",\n Network = myNetwork.Id,\n });\n\n var @default = new Gcp.NetworkConnectivity.RegionalEndpoint(\"default\", new()\n {\n Name = \"my-rep\",\n Location = \"us-central1\",\n TargetGoogleApi = \"storage.us-central1.p.rep.googleapis.com\",\n AccessType = \"GLOBAL\",\n Address = \"192.168.0.4\",\n Network = myNetwork.Id,\n Subnetwork = mySubnetwork.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/networkconnectivity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyNetwork, err := compute.NewNetwork(ctx, \"my_network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmySubnetwork, err := compute.NewSubnetwork(ctx, \"my_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"192.168.0.0/24\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: myNetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkconnectivity.NewRegionalEndpoint(ctx, \"default\", \u0026networkconnectivity.RegionalEndpointArgs{\n\t\t\tName: pulumi.String(\"my-rep\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tTargetGoogleApi: pulumi.String(\"storage.us-central1.p.rep.googleapis.com\"),\n\t\t\tAccessType: pulumi.String(\"GLOBAL\"),\n\t\t\tAddress: pulumi.String(\"192.168.0.4\"),\n\t\t\tNetwork: myNetwork.ID(),\n\t\t\tSubnetwork: mySubnetwork.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.networkconnectivity.RegionalEndpoint;\nimport com.pulumi.gcp.networkconnectivity.RegionalEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myNetwork = new Network(\"myNetwork\", NetworkArgs.builder()\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var mySubnetwork = new Subnetwork(\"mySubnetwork\", SubnetworkArgs.builder()\n .name(\"my-subnetwork\")\n .ipCidrRange(\"192.168.0.0/24\")\n .region(\"us-central1\")\n .network(myNetwork.id())\n .build());\n\n var default_ = new RegionalEndpoint(\"default\", RegionalEndpointArgs.builder()\n .name(\"my-rep\")\n .location(\"us-central1\")\n .targetGoogleApi(\"storage.us-central1.p.rep.googleapis.com\")\n .accessType(\"GLOBAL\")\n .address(\"192.168.0.4\")\n .network(myNetwork.id())\n .subnetwork(mySubnetwork.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myNetwork:\n type: gcp:compute:Network\n name: my_network\n properties:\n name: my-network\n autoCreateSubnetworks: false\n mySubnetwork:\n type: gcp:compute:Subnetwork\n name: my_subnetwork\n properties:\n name: my-subnetwork\n ipCidrRange: 192.168.0.0/24\n region: us-central1\n network: ${myNetwork.id}\n default:\n type: gcp:networkconnectivity:RegionalEndpoint\n properties:\n name: my-rep\n location: us-central1\n targetGoogleApi: storage.us-central1.p.rep.googleapis.com\n accessType: GLOBAL\n address: 192.168.0.4\n network: ${myNetwork.id}\n subnetwork: ${mySubnetwork.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRegionalEndpoint can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/regionalEndpoints/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, RegionalEndpoint can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networkconnectivity/regionalEndpoint:RegionalEndpoint default projects/{{project}}/locations/{{location}}/regionalEndpoints/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkconnectivity/regionalEndpoint:RegionalEndpoint default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkconnectivity/regionalEndpoint:RegionalEndpoint default {{location}}/{{name}}\n```\n\n", "properties": { "accessType": { "type": "string", @@ -227023,6 +227468,9 @@ "type": "string", "description": "The alphanumeric ID of the billing account this project\nbelongs to. The user or service account performing this operation with the provider\nmust have at mininum Billing Account User privileges (`roles/billing.user`) on the billing account.\nSee [Google Cloud Billing API Access Control](https://cloud.google.com/billing/docs/how-to/billing-access)\nfor more details.\n" }, + "deletionPolicy": { + "type": "string" + }, "effectiveLabels": { "type": "object", "additionalProperties": { @@ -227068,8 +227516,8 @@ }, "skipDelete": { "type": "boolean", - "description": "If true, the resource can be deleted\nwithout deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead.\n", - "deprecationMessage": "skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead." + "description": "If true, the resource can be deleted without\ndeleting the Project via the Google API. `skip_delete` is deprecated and will be\nremoved in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false`\ncan be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true`\nto a `deletion_policy` value of `ABANDON` for equivalent behavior.\n", + "deprecationMessage": "skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior." } }, "required": [ @@ -227089,6 +227537,9 @@ "type": "string", "description": "The alphanumeric ID of the billing account this project\nbelongs to. The user or service account performing this operation with the provider\nmust have at mininum Billing Account User privileges (`roles/billing.user`) on the billing account.\nSee [Google Cloud Billing API Access Control](https://cloud.google.com/billing/docs/how-to/billing-access)\nfor more details.\n" }, + "deletionPolicy": { + "type": "string" + }, "folderId": { "type": "string", "description": "The numeric ID of the folder this project should be\ncreated under. Only one of `org_id` or `folder_id` may be\nspecified. If the `folder_id` is specified, then the project is\ncreated under the specified folder. Changing this forces the\nproject to be migrated to the newly specified folder.\n" @@ -227115,8 +227566,8 @@ }, "skipDelete": { "type": "boolean", - "description": "If true, the resource can be deleted\nwithout deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead.\n", - "deprecationMessage": "skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead." + "description": "If true, the resource can be deleted without\ndeleting the Project via the Google API. `skip_delete` is deprecated and will be\nremoved in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false`\ncan be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true`\nto a `deletion_policy` value of `ABANDON` for equivalent behavior.\n", + "deprecationMessage": "skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior." } }, "stateInputs": { @@ -227130,6 +227581,9 @@ "type": "string", "description": "The alphanumeric ID of the billing account this project\nbelongs to. The user or service account performing this operation with the provider\nmust have at mininum Billing Account User privileges (`roles/billing.user`) on the billing account.\nSee [Google Cloud Billing API Access Control](https://cloud.google.com/billing/docs/how-to/billing-access)\nfor more details.\n" }, + "deletionPolicy": { + "type": "string" + }, "effectiveLabels": { "type": "object", "additionalProperties": { @@ -227176,8 +227630,8 @@ }, "skipDelete": { "type": "boolean", - "description": "If true, the resource can be deleted\nwithout deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead.\n", - "deprecationMessage": "skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead." + "description": "If true, the resource can be deleted without\ndeleting the Project via the Google API. `skip_delete` is deprecated and will be\nremoved in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false`\ncan be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true`\nto a `deletion_policy` value of `ABANDON` for equivalent behavior.\n", + "deprecationMessage": "skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior." } }, "type": "object" @@ -236277,6 +236731,145 @@ "type": "object" } }, + "gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig": { + "description": "Mute Findings is a volume management feature in Security Command Center\nthat lets you manually or programmatically hide irrelevant findings,\nand create filters to automatically silence existing and future\nfindings based on criteria you specify.\n\n\nTo get more information about FolderMuteConfig, see:\n\n* [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/folders.muteConfigs)\n\n## Example Usage\n\n### Scc V2 Folder Mute Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.organizations.Folder(\"folder\", {\n parent: \"organizations/123456789\",\n displayName: \"folder-name\",\n});\nconst _default = new gcp.securitycenter.V2FolderMuteConfig(\"default\", {\n muteConfigId: \"my-config\",\n folder: folder.folderId,\n location: \"global\",\n description: \"My custom Cloud Security Command Center Finding Folder mute Configuration\",\n filter: \"severity = \\\"HIGH\\\"\",\n type: \"STATIC\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.organizations.Folder(\"folder\",\n parent=\"organizations/123456789\",\n display_name=\"folder-name\")\ndefault = gcp.securitycenter.V2FolderMuteConfig(\"default\",\n mute_config_id=\"my-config\",\n folder=folder.folder_id,\n location=\"global\",\n description=\"My custom Cloud Security Command Center Finding Folder mute Configuration\",\n filter=\"severity = \\\"HIGH\\\"\",\n type=\"STATIC\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Organizations.Folder(\"folder\", new()\n {\n Parent = \"organizations/123456789\",\n DisplayName = \"folder-name\",\n });\n\n var @default = new Gcp.SecurityCenter.V2FolderMuteConfig(\"default\", new()\n {\n MuteConfigId = \"my-config\",\n Folder = folder.FolderId,\n Location = \"global\",\n Description = \"My custom Cloud Security Command Center Finding Folder mute Configuration\",\n Filter = \"severity = \\\"HIGH\\\"\",\n Type = \"STATIC\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfolder, err := organizations.NewFolder(ctx, \"folder\", \u0026organizations.FolderArgs{\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDisplayName: pulumi.String(\"folder-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2FolderMuteConfig(ctx, \"default\", \u0026securitycenter.V2FolderMuteConfigArgs{\n\t\t\tMuteConfigId: pulumi.String(\"my-config\"),\n\t\t\tFolder: folder.FolderId,\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDescription: pulumi.String(\"My custom Cloud Security Command Center Finding Folder mute Configuration\"),\n\t\t\tFilter: pulumi.String(\"severity = \\\"HIGH\\\"\"),\n\t\t\tType: pulumi.String(\"STATIC\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Folder;\nimport com.pulumi.gcp.organizations.FolderArgs;\nimport com.pulumi.gcp.securitycenter.V2FolderMuteConfig;\nimport com.pulumi.gcp.securitycenter.V2FolderMuteConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new Folder(\"folder\", FolderArgs.builder()\n .parent(\"organizations/123456789\")\n .displayName(\"folder-name\")\n .build());\n\n var default_ = new V2FolderMuteConfig(\"default\", V2FolderMuteConfigArgs.builder()\n .muteConfigId(\"my-config\")\n .folder(folder.folderId())\n .location(\"global\")\n .description(\"My custom Cloud Security Command Center Finding Folder mute Configuration\")\n .filter(\"severity = \\\"HIGH\\\"\")\n .type(\"STATIC\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:organizations:Folder\n properties:\n parent: organizations/123456789\n displayName: folder-name\n default:\n type: gcp:securitycenter:V2FolderMuteConfig\n properties:\n muteConfigId: my-config\n folder: ${folder.folderId}\n location: global\n description: My custom Cloud Security Command Center Finding Folder mute Configuration\n filter: severity = \"HIGH\"\n type: STATIC\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFolderMuteConfig can be imported using any of these accepted formats:\n\n* `folders/{{folder}}/locations/{{location}}/muteConfigs/{{mute_config_id}}`\n\n* `{{folder}}/{{location}}/{{mute_config_id}}`\n\nWhen using the `pulumi import` command, FolderMuteConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig default folders/{{folder}}/locations/{{location}}/muteConfigs/{{mute_config_id}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig default {{folder}}/{{location}}/{{mute_config_id}}\n```\n\n", + "properties": { + "createTime": { + "type": "string", + "description": "The time at which the mute config was created. This field is set by\nthe server and will be ignored if provided on config creation.\n" + }, + "description": { + "type": "string", + "description": "A description of the mute config.\n" + }, + "filter": { + "type": "string", + "description": "An expression that defines the filter to apply across create/update\nevents of findings. While creating a filter string, be mindful of\nthe scope in which the mute configuration is being created. E.g.,\nIf a filter contains project = X but is created under the\nproject = Y scope, it might not match any findings.\n" + }, + "folder": { + "type": "string", + "description": "The folder whose Cloud Security Command Center the Mute\nConfig lives in.\n" + }, + "location": { + "type": "string", + "description": "location Id is provided by folder. If not provided, Use global as default.\n" + }, + "mostRecentEditor": { + "type": "string", + "description": "Email address of the user who last edited the mute config. This\nfield is set by the server and will be ignored if provided on\nconfig creation or update.\n" + }, + "muteConfigId": { + "type": "string", + "description": "Unique identifier provided by the client within the parent scope.\n\n\n- - -\n" + }, + "name": { + "type": "string", + "description": "Name of the mute config. Its format is\norganizations/{organization}/locations/global/muteConfigs/{configId},\nfolders/{folder}/locations/global/muteConfigs/{configId},\nor projects/{project}/locations/global/muteConfigs/{configId}\n" + }, + "type": { + "type": "string", + "description": "The type of the mute config.\n" + }, + "updateTime": { + "type": "string", + "description": "Output only. The most recent time at which the mute config was\nupdated. This field is set by the server and will be ignored if\nprovided on config creation or update.\n" + } + }, + "required": [ + "createTime", + "filter", + "folder", + "mostRecentEditor", + "muteConfigId", + "name", + "type", + "updateTime" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "A description of the mute config.\n" + }, + "filter": { + "type": "string", + "description": "An expression that defines the filter to apply across create/update\nevents of findings. While creating a filter string, be mindful of\nthe scope in which the mute configuration is being created. E.g.,\nIf a filter contains project = X but is created under the\nproject = Y scope, it might not match any findings.\n" + }, + "folder": { + "type": "string", + "description": "The folder whose Cloud Security Command Center the Mute\nConfig lives in.\n", + "willReplaceOnChanges": true + }, + "location": { + "type": "string", + "description": "location Id is provided by folder. If not provided, Use global as default.\n", + "willReplaceOnChanges": true + }, + "muteConfigId": { + "type": "string", + "description": "Unique identifier provided by the client within the parent scope.\n\n\n- - -\n", + "willReplaceOnChanges": true + }, + "type": { + "type": "string", + "description": "The type of the mute config.\n" + } + }, + "requiredInputs": [ + "filter", + "folder", + "muteConfigId", + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering V2FolderMuteConfig resources.\n", + "properties": { + "createTime": { + "type": "string", + "description": "The time at which the mute config was created. This field is set by\nthe server and will be ignored if provided on config creation.\n" + }, + "description": { + "type": "string", + "description": "A description of the mute config.\n" + }, + "filter": { + "type": "string", + "description": "An expression that defines the filter to apply across create/update\nevents of findings. While creating a filter string, be mindful of\nthe scope in which the mute configuration is being created. E.g.,\nIf a filter contains project = X but is created under the\nproject = Y scope, it might not match any findings.\n" + }, + "folder": { + "type": "string", + "description": "The folder whose Cloud Security Command Center the Mute\nConfig lives in.\n", + "willReplaceOnChanges": true + }, + "location": { + "type": "string", + "description": "location Id is provided by folder. If not provided, Use global as default.\n", + "willReplaceOnChanges": true + }, + "mostRecentEditor": { + "type": "string", + "description": "Email address of the user who last edited the mute config. This\nfield is set by the server and will be ignored if provided on\nconfig creation or update.\n" + }, + "muteConfigId": { + "type": "string", + "description": "Unique identifier provided by the client within the parent scope.\n\n\n- - -\n", + "willReplaceOnChanges": true + }, + "name": { + "type": "string", + "description": "Name of the mute config. Its format is\norganizations/{organization}/locations/global/muteConfigs/{configId},\nfolders/{folder}/locations/global/muteConfigs/{configId},\nor projects/{project}/locations/global/muteConfigs/{configId}\n" + }, + "type": { + "type": "string", + "description": "The type of the mute config.\n" + }, + "updateTime": { + "type": "string", + "description": "Output only. The most recent time at which the mute config was\nupdated. This field is set by the server and will be ignored if\nprovided on config creation or update.\n" + } + }, + "type": "object" + } + }, "gcp:securitycenter/v2OrganizationMuteConfig:V2OrganizationMuteConfig": { "description": "Mute Findings is a volume management feature in Security Command Center\nthat lets you manually or programmatically hide irrelevant findings,\nand create filters to automatically silence existing and future\nfindings based on criteria you specify.\n\n\nTo get more information about OrganizationMuteConfig, see:\n\n* [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/organizations.muteConfigs)\n\n## Example Usage\n\n### Scc V2 Organization Mute Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.securitycenter.V2OrganizationMuteConfig(\"default\", {\n muteConfigId: \"my-config\",\n organization: \"123456789\",\n location: \"global\",\n description: \"My custom Cloud Security Command Center Finding Organization mute Configuration\",\n filter: \"severity = \\\"HIGH\\\"\",\n type: \"STATIC\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.securitycenter.V2OrganizationMuteConfig(\"default\",\n mute_config_id=\"my-config\",\n organization=\"123456789\",\n location=\"global\",\n description=\"My custom Cloud Security Command Center Finding Organization mute Configuration\",\n filter=\"severity = \\\"HIGH\\\"\",\n type=\"STATIC\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.SecurityCenter.V2OrganizationMuteConfig(\"default\", new()\n {\n MuteConfigId = \"my-config\",\n Organization = \"123456789\",\n Location = \"global\",\n Description = \"My custom Cloud Security Command Center Finding Organization mute Configuration\",\n Filter = \"severity = \\\"HIGH\\\"\",\n Type = \"STATIC\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationMuteConfig(ctx, \"default\", \u0026securitycenter.V2OrganizationMuteConfigArgs{\n\t\t\tMuteConfigId: pulumi.String(\"my-config\"),\n\t\t\tOrganization: pulumi.String(\"123456789\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDescription: pulumi.String(\"My custom Cloud Security Command Center Finding Organization mute Configuration\"),\n\t\t\tFilter: pulumi.String(\"severity = \\\"HIGH\\\"\"),\n\t\t\tType: pulumi.String(\"STATIC\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationMuteConfig;\nimport com.pulumi.gcp.securitycenter.V2OrganizationMuteConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new V2OrganizationMuteConfig(\"default\", V2OrganizationMuteConfigArgs.builder()\n .muteConfigId(\"my-config\")\n .organization(\"123456789\")\n .location(\"global\")\n .description(\"My custom Cloud Security Command Center Finding Organization mute Configuration\")\n .filter(\"severity = \\\"HIGH\\\"\")\n .type(\"STATIC\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:securitycenter:V2OrganizationMuteConfig\n properties:\n muteConfigId: my-config\n organization: '123456789'\n location: global\n description: My custom Cloud Security Command Center Finding Organization mute Configuration\n filter: severity = \"HIGH\"\n type: STATIC\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOrganizationMuteConfig can be imported using any of these accepted formats:\n\n* `organizations/{{organization}}/locations/{{location}}/muteConfigs/{{mute_config_id}}`\n\n* `{{organization}}/{{location}}/{{mute_config_id}}`\n\nWhen using the `pulumi import` command, OrganizationMuteConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationMuteConfig:V2OrganizationMuteConfig default organizations/{{organization}}/locations/{{location}}/muteConfigs/{{mute_config_id}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationMuteConfig:V2OrganizationMuteConfig default {{organization}}/{{location}}/{{mute_config_id}}\n```\n\n", "properties": { @@ -236537,6 +237130,599 @@ "type": "object" } }, + "gcp:securitycenter/v2OrganizationSource:V2OrganizationSource": { + "description": "A Cloud Security Command Center's (Cloud SCC) finding source. A finding\nsource is an entity or a mechanism that can produce a finding. A source is\nlike a container of findings that come from the same scanner, logger,\nmonitor, etc.\n\n\nTo get more information about OrganizationSource, see:\n\n* [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/organizations.sources)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/security-command-center/docs)\n\n## Example Usage\n\n### Scc Source Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst customSource = new gcp.securitycenter.Source(\"custom_source\", {\n displayName: \"My Source\",\n organization: \"123456789\",\n description: \"My custom Cloud Security Command Center Finding Source\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ncustom_source = gcp.securitycenter.Source(\"custom_source\",\n display_name=\"My Source\",\n organization=\"123456789\",\n description=\"My custom Cloud Security Command Center Finding Source\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var customSource = new Gcp.SecurityCenter.Source(\"custom_source\", new()\n {\n DisplayName = \"My Source\",\n Organization = \"123456789\",\n Description = \"My custom Cloud Security Command Center Finding Source\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewSource(ctx, \"custom_source\", \u0026securitycenter.SourceArgs{\n\t\t\tDisplayName: pulumi.String(\"My Source\"),\n\t\t\tOrganization: pulumi.String(\"123456789\"),\n\t\t\tDescription: pulumi.String(\"My custom Cloud Security Command Center Finding Source\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.Source;\nimport com.pulumi.gcp.securitycenter.SourceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var customSource = new Source(\"customSource\", SourceArgs.builder()\n .displayName(\"My Source\")\n .organization(\"123456789\")\n .description(\"My custom Cloud Security Command Center Finding Source\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n customSource:\n type: gcp:securitycenter:Source\n name: custom_source\n properties:\n displayName: My Source\n organization: '123456789'\n description: My custom Cloud Security Command Center Finding Source\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nOrganizationSource can be imported using any of these accepted formats:\n\n* `organizations/{{organization}}/sources/{{name}}`\n\n* `{{organization}}/{{name}}`\n\nWhen using the `pulumi import` command, OrganizationSource can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSource:V2OrganizationSource default organizations/{{organization}}/sources/{{name}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSource:V2OrganizationSource default {{organization}}/{{name}}\n```\n\n", + "properties": { + "description": { + "type": "string", + "description": "The description of the source (max of 1024 characters).\n" + }, + "displayName": { + "type": "string", + "description": "The source’s display name. A source’s display name must be unique\namongst its siblings, for example, two sources with the same parent\ncan't share the same display name. The display name must start and end\nwith a letter or digit, may contain letters, digits, spaces, hyphens,\nand underscores, and can be no longer than 32 characters.\n" + }, + "name": { + "type": "string", + "description": "The resource name of this source, in the format\n`organizations/{{organization}}/sources/{{source}}`.\n" + }, + "organization": { + "type": "string", + "description": "The organization whose Cloud Security Command Center the Source\nlives in.\n\n\n- - -\n" + } + }, + "required": [ + "displayName", + "name", + "organization" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the source (max of 1024 characters).\n" + }, + "displayName": { + "type": "string", + "description": "The source’s display name. A source’s display name must be unique\namongst its siblings, for example, two sources with the same parent\ncan't share the same display name. The display name must start and end\nwith a letter or digit, may contain letters, digits, spaces, hyphens,\nand underscores, and can be no longer than 32 characters.\n" + }, + "organization": { + "type": "string", + "description": "The organization whose Cloud Security Command Center the Source\nlives in.\n\n\n- - -\n", + "willReplaceOnChanges": true + } + }, + "requiredInputs": [ + "displayName", + "organization" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering V2OrganizationSource resources.\n", + "properties": { + "description": { + "type": "string", + "description": "The description of the source (max of 1024 characters).\n" + }, + "displayName": { + "type": "string", + "description": "The source’s display name. A source’s display name must be unique\namongst its siblings, for example, two sources with the same parent\ncan't share the same display name. The display name must start and end\nwith a letter or digit, may contain letters, digits, spaces, hyphens,\nand underscores, and can be no longer than 32 characters.\n" + }, + "name": { + "type": "string", + "description": "The resource name of this source, in the format\n`organizations/{{organization}}/sources/{{source}}`.\n" + }, + "organization": { + "type": "string", + "description": "The organization whose Cloud Security Command Center the Source\nlives in.\n\n\n- - -\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, + "gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding": { + "description": "Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case:\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached.\n* `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved.\n* `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securitycenter.V2OrganizationSourceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\", {\n source: customSource.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\",\n source=custom_source[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy(\"policy\", new()\n {\n Source = customSource.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, \"policy\", \u0026securitycenter.V2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new V2OrganizationSourceIamPolicy(\"policy\", V2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securitycenter:V2OrganizationSourceIamPolicy\n properties:\n source: ${customSource.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\", {\n source: customSource.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding(\"binding\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, \"binding\", \u0026securitycenter.V2OrganizationSourceIamBindingArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new V2OrganizationSourceIamBinding(\"binding\", V2OrganizationSourceIamBindingArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securitycenter:V2OrganizationSourceIamBinding\n properties:\n source: ${customSource.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securitycenter.V2OrganizationSourceIamMember(\"member\", {\n source: customSource.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securitycenter.V2OrganizationSourceIamMember(\"member\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember(\"member\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, \"member\", \u0026securitycenter.V2OrganizationSourceIamMemberArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new V2OrganizationSourceIamMember(\"member\", V2OrganizationSourceIamMemberArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securitycenter:V2OrganizationSourceIamMember\n properties:\n source: ${customSource.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Security Command Center (SCC)v2 API OrganizationSource\nThree different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case:\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached.\n* `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved.\n* `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securitycenter.V2OrganizationSourceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\", {\n source: customSource.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\",\n source=custom_source[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy(\"policy\", new()\n {\n Source = customSource.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, \"policy\", \u0026securitycenter.V2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new V2OrganizationSourceIamPolicy(\"policy\", V2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securitycenter:V2OrganizationSourceIamPolicy\n properties:\n source: ${customSource.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\", {\n source: customSource.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding(\"binding\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, \"binding\", \u0026securitycenter.V2OrganizationSourceIamBindingArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new V2OrganizationSourceIamBinding(\"binding\", V2OrganizationSourceIamBindingArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securitycenter:V2OrganizationSourceIamBinding\n properties:\n source: ${customSource.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securitycenter.V2OrganizationSourceIamMember(\"member\", {\n source: customSource.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securitycenter.V2OrganizationSourceIamMember(\"member\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember(\"member\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, \"member\", \u0026securitycenter.V2OrganizationSourceIamMemberArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new V2OrganizationSourceIamMember(\"member\", V2OrganizationSourceIamMemberArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securitycenter:V2OrganizationSourceIamMember\n properties:\n source: ${customSource.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* organizations/{{organization}}/sources/{{source}}\n\n* {{organization}}/{{source}}\n\n* {{source}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecurity Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor \"organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor \"organizations/{{organization}}/sources/{{source}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor organizations/{{organization}}/sources/{{source}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "properties": { + "condition": { + "$ref": "#/types/gcp:securitycenter/V2OrganizationSourceIamBindingCondition:V2OrganizationSourceIamBindingCondition" + }, + "etag": { + "type": "string", + "description": "(Computed) The etag of the IAM policy.\n" + }, + "members": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + }, + "organization": { + "type": "string" + }, + "role": { + "type": "string", + "description": "The role that should be applied. Only one\n`gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format\n`[projects|organizations]/{parent-name}/roles/{role-name}`.\n" + }, + "source": { + "type": "string", + "description": "Used to find the parent resource to bind the IAM policy to\n" + } + }, + "required": [ + "etag", + "members", + "organization", + "role", + "source" + ], + "inputProperties": { + "condition": { + "$ref": "#/types/gcp:securitycenter/V2OrganizationSourceIamBindingCondition:V2OrganizationSourceIamBindingCondition", + "willReplaceOnChanges": true + }, + "members": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + }, + "organization": { + "type": "string", + "willReplaceOnChanges": true + }, + "role": { + "type": "string", + "description": "The role that should be applied. Only one\n`gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format\n`[projects|organizations]/{parent-name}/roles/{role-name}`.\n", + "willReplaceOnChanges": true + }, + "source": { + "type": "string", + "description": "Used to find the parent resource to bind the IAM policy to\n", + "willReplaceOnChanges": true + } + }, + "requiredInputs": [ + "members", + "organization", + "role", + "source" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering V2OrganizationSourceIamBinding resources.\n", + "properties": { + "condition": { + "$ref": "#/types/gcp:securitycenter/V2OrganizationSourceIamBindingCondition:V2OrganizationSourceIamBindingCondition", + "willReplaceOnChanges": true + }, + "etag": { + "type": "string", + "description": "(Computed) The etag of the IAM policy.\n" + }, + "members": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + }, + "organization": { + "type": "string", + "willReplaceOnChanges": true + }, + "role": { + "type": "string", + "description": "The role that should be applied. Only one\n`gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format\n`[projects|organizations]/{parent-name}/roles/{role-name}`.\n", + "willReplaceOnChanges": true + }, + "source": { + "type": "string", + "description": "Used to find the parent resource to bind the IAM policy to\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, + "gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember": { + "description": "Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case:\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached.\n* `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved.\n* `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securitycenter.V2OrganizationSourceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\", {\n source: customSource.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\",\n source=custom_source[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy(\"policy\", new()\n {\n Source = customSource.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, \"policy\", \u0026securitycenter.V2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new V2OrganizationSourceIamPolicy(\"policy\", V2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securitycenter:V2OrganizationSourceIamPolicy\n properties:\n source: ${customSource.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\", {\n source: customSource.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding(\"binding\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, \"binding\", \u0026securitycenter.V2OrganizationSourceIamBindingArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new V2OrganizationSourceIamBinding(\"binding\", V2OrganizationSourceIamBindingArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securitycenter:V2OrganizationSourceIamBinding\n properties:\n source: ${customSource.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securitycenter.V2OrganizationSourceIamMember(\"member\", {\n source: customSource.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securitycenter.V2OrganizationSourceIamMember(\"member\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember(\"member\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, \"member\", \u0026securitycenter.V2OrganizationSourceIamMemberArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new V2OrganizationSourceIamMember(\"member\", V2OrganizationSourceIamMemberArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securitycenter:V2OrganizationSourceIamMember\n properties:\n source: ${customSource.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Security Command Center (SCC)v2 API OrganizationSource\nThree different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case:\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached.\n* `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved.\n* `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securitycenter.V2OrganizationSourceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\", {\n source: customSource.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\",\n source=custom_source[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy(\"policy\", new()\n {\n Source = customSource.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, \"policy\", \u0026securitycenter.V2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new V2OrganizationSourceIamPolicy(\"policy\", V2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securitycenter:V2OrganizationSourceIamPolicy\n properties:\n source: ${customSource.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\", {\n source: customSource.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding(\"binding\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, \"binding\", \u0026securitycenter.V2OrganizationSourceIamBindingArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new V2OrganizationSourceIamBinding(\"binding\", V2OrganizationSourceIamBindingArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securitycenter:V2OrganizationSourceIamBinding\n properties:\n source: ${customSource.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securitycenter.V2OrganizationSourceIamMember(\"member\", {\n source: customSource.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securitycenter.V2OrganizationSourceIamMember(\"member\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember(\"member\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, \"member\", \u0026securitycenter.V2OrganizationSourceIamMemberArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new V2OrganizationSourceIamMember(\"member\", V2OrganizationSourceIamMemberArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securitycenter:V2OrganizationSourceIamMember\n properties:\n source: ${customSource.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* organizations/{{organization}}/sources/{{source}}\n\n* {{organization}}/{{source}}\n\n* {{source}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecurity Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor \"organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor \"organizations/{{organization}}/sources/{{source}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor organizations/{{organization}}/sources/{{source}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "properties": { + "condition": { + "$ref": "#/types/gcp:securitycenter/V2OrganizationSourceIamMemberCondition:V2OrganizationSourceIamMemberCondition" + }, + "etag": { + "type": "string", + "description": "(Computed) The etag of the IAM policy.\n" + }, + "member": { + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + }, + "organization": { + "type": "string" + }, + "role": { + "type": "string", + "description": "The role that should be applied. Only one\n`gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format\n`[projects|organizations]/{parent-name}/roles/{role-name}`.\n" + }, + "source": { + "type": "string", + "description": "Used to find the parent resource to bind the IAM policy to\n" + } + }, + "required": [ + "etag", + "member", + "organization", + "role", + "source" + ], + "inputProperties": { + "condition": { + "$ref": "#/types/gcp:securitycenter/V2OrganizationSourceIamMemberCondition:V2OrganizationSourceIamMemberCondition", + "willReplaceOnChanges": true + }, + "member": { + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "willReplaceOnChanges": true + }, + "organization": { + "type": "string", + "willReplaceOnChanges": true + }, + "role": { + "type": "string", + "description": "The role that should be applied. Only one\n`gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format\n`[projects|organizations]/{parent-name}/roles/{role-name}`.\n", + "willReplaceOnChanges": true + }, + "source": { + "type": "string", + "description": "Used to find the parent resource to bind the IAM policy to\n", + "willReplaceOnChanges": true + } + }, + "requiredInputs": [ + "member", + "organization", + "role", + "source" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering V2OrganizationSourceIamMember resources.\n", + "properties": { + "condition": { + "$ref": "#/types/gcp:securitycenter/V2OrganizationSourceIamMemberCondition:V2OrganizationSourceIamMemberCondition", + "willReplaceOnChanges": true + }, + "etag": { + "type": "string", + "description": "(Computed) The etag of the IAM policy.\n" + }, + "member": { + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "willReplaceOnChanges": true + }, + "organization": { + "type": "string", + "willReplaceOnChanges": true + }, + "role": { + "type": "string", + "description": "The role that should be applied. Only one\n`gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format\n`[projects|organizations]/{parent-name}/roles/{role-name}`.\n", + "willReplaceOnChanges": true + }, + "source": { + "type": "string", + "description": "Used to find the parent resource to bind the IAM policy to\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, + "gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy": { + "description": "Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case:\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached.\n* `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved.\n* `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securitycenter.V2OrganizationSourceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\", {\n source: customSource.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\",\n source=custom_source[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy(\"policy\", new()\n {\n Source = customSource.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, \"policy\", \u0026securitycenter.V2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new V2OrganizationSourceIamPolicy(\"policy\", V2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securitycenter:V2OrganizationSourceIamPolicy\n properties:\n source: ${customSource.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\", {\n source: customSource.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding(\"binding\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, \"binding\", \u0026securitycenter.V2OrganizationSourceIamBindingArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new V2OrganizationSourceIamBinding(\"binding\", V2OrganizationSourceIamBindingArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securitycenter:V2OrganizationSourceIamBinding\n properties:\n source: ${customSource.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securitycenter.V2OrganizationSourceIamMember(\"member\", {\n source: customSource.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securitycenter.V2OrganizationSourceIamMember(\"member\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember(\"member\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, \"member\", \u0026securitycenter.V2OrganizationSourceIamMemberArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new V2OrganizationSourceIamMember(\"member\", V2OrganizationSourceIamMemberArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securitycenter:V2OrganizationSourceIamMember\n properties:\n source: ${customSource.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## \u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n-\n\n# IAM policy for Security Command Center (SCC)v2 API OrganizationSource\nThree different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case:\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached.\n* `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved.\n* `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## gcp.securitycenter.V2OrganizationSourceIamPolicy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\", {\n source: customSource.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[{\n \"role\": \"roles/viewer\",\n \"members\": [\"user:jane@example.com\"],\n}])\npolicy = gcp.securitycenter.V2OrganizationSourceIamPolicy(\"policy\",\n source=custom_source[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy(\"policy\", new()\n {\n Source = customSource.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, \"policy\", \u0026securitycenter.V2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new V2OrganizationSourceIamPolicy(\"policy\", V2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:securitycenter:V2OrganizationSourceIamPolicy\n properties:\n source: ${customSource.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamBinding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\", {\n source: customSource.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.securitycenter.V2OrganizationSourceIamBinding(\"binding\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding(\"binding\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, \"binding\", \u0026securitycenter.V2OrganizationSourceIamBindingArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new V2OrganizationSourceIamBinding(\"binding\", V2OrganizationSourceIamBindingArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:securitycenter:V2OrganizationSourceIamBinding\n properties:\n source: ${customSource.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## gcp.securitycenter.V2OrganizationSourceIamMember\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.securitycenter.V2OrganizationSourceIamMember(\"member\", {\n source: customSource.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.securitycenter.V2OrganizationSourceIamMember(\"member\",\n source=custom_source[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember(\"member\", new()\n {\n Source = customSource.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, \"member\", \u0026securitycenter.V2OrganizationSourceIamMemberArgs{\n\t\t\tSource: pulumi.Any(customSource.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;\nimport com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new V2OrganizationSourceIamMember(\"member\", V2OrganizationSourceIamMemberArgs.builder()\n .source(customSource.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:securitycenter:V2OrganizationSourceIamMember\n properties:\n source: ${customSource.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* organizations/{{organization}}/sources/{{source}}\n\n* {{organization}}/{{source}}\n\n* {{source}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecurity Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor \"organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor \"organizations/{{organization}}/sources/{{source}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor organizations/{{organization}}/sources/{{source}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "properties": { + "etag": { + "type": "string", + "description": "(Computed) The etag of the IAM policy.\n" + }, + "organization": { + "type": "string" + }, + "policyData": { + "type": "string", + "description": "The policy data generated by\na `gcp.organizations.getIAMPolicy` data source.\n" + }, + "source": { + "type": "string", + "description": "Used to find the parent resource to bind the IAM policy to\n" + } + }, + "required": [ + "etag", + "organization", + "policyData", + "source" + ], + "inputProperties": { + "organization": { + "type": "string", + "willReplaceOnChanges": true + }, + "policyData": { + "type": "string", + "description": "The policy data generated by\na `gcp.organizations.getIAMPolicy` data source.\n" + }, + "source": { + "type": "string", + "description": "Used to find the parent resource to bind the IAM policy to\n", + "willReplaceOnChanges": true + } + }, + "requiredInputs": [ + "organization", + "policyData", + "source" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering V2OrganizationSourceIamPolicy resources.\n", + "properties": { + "etag": { + "type": "string", + "description": "(Computed) The etag of the IAM policy.\n" + }, + "organization": { + "type": "string", + "willReplaceOnChanges": true + }, + "policyData": { + "type": "string", + "description": "The policy data generated by\na `gcp.organizations.getIAMPolicy` data source.\n" + }, + "source": { + "type": "string", + "description": "Used to find the parent resource to bind the IAM policy to\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, + "gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig": { + "description": "Mute Findings is a volume management feature in Security Command Center\nthat lets you manually or programmatically hide irrelevant findings,\nand create filters to automatically silence existing and future\nfindings based on criteria you specify.\n\n\nTo get more information about ProjectMuteConfig, see:\n\n* [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/projects.muteConfigs)\n\n## Example Usage\n\n### Scc V2 Project Mute Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.securitycenter.V2ProjectMuteConfig(\"default\", {\n muteConfigId: \"my-config\",\n project: \"\",\n location: \"global\",\n description: \"My custom Cloud Security Command Center Finding Project mute Configuration\",\n filter: \"severity = \\\"HIGH\\\"\",\n type: \"STATIC\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.securitycenter.V2ProjectMuteConfig(\"default\",\n mute_config_id=\"my-config\",\n project=\"\",\n location=\"global\",\n description=\"My custom Cloud Security Command Center Finding Project mute Configuration\",\n filter=\"severity = \\\"HIGH\\\"\",\n type=\"STATIC\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.SecurityCenter.V2ProjectMuteConfig(\"default\", new()\n {\n MuteConfigId = \"my-config\",\n Project = \"\",\n Location = \"global\",\n Description = \"My custom Cloud Security Command Center Finding Project mute Configuration\",\n Filter = \"severity = \\\"HIGH\\\"\",\n Type = \"STATIC\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.NewV2ProjectMuteConfig(ctx, \"default\", \u0026securitycenter.V2ProjectMuteConfigArgs{\n\t\t\tMuteConfigId: pulumi.String(\"my-config\"),\n\t\t\tProject: pulumi.String(\"\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDescription: pulumi.String(\"My custom Cloud Security Command Center Finding Project mute Configuration\"),\n\t\t\tFilter: pulumi.String(\"severity = \\\"HIGH\\\"\"),\n\t\t\tType: pulumi.String(\"STATIC\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.V2ProjectMuteConfig;\nimport com.pulumi.gcp.securitycenter.V2ProjectMuteConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new V2ProjectMuteConfig(\"default\", V2ProjectMuteConfigArgs.builder()\n .muteConfigId(\"my-config\")\n .project(\"\")\n .location(\"global\")\n .description(\"My custom Cloud Security Command Center Finding Project mute Configuration\")\n .filter(\"severity = \\\"HIGH\\\"\")\n .type(\"STATIC\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:securitycenter:V2ProjectMuteConfig\n properties:\n muteConfigId: my-config\n project:\n location: global\n description: My custom Cloud Security Command Center Finding Project mute Configuration\n filter: severity = \"HIGH\"\n type: STATIC\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProjectMuteConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/muteConfigs/{{mute_config_id}}`\n\n* `{{project}}/{{location}}/{{mute_config_id}}`\n\n* `{{location}}/{{mute_config_id}}`\n\nWhen using the `pulumi import` command, ProjectMuteConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default projects/{{project}}/locations/{{location}}/muteConfigs/{{mute_config_id}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default {{project}}/{{location}}/{{mute_config_id}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default {{location}}/{{mute_config_id}}\n```\n\n", + "properties": { + "createTime": { + "type": "string", + "description": "The time at which the mute config was created. This field is set by\nthe server and will be ignored if provided on config creation.\n" + }, + "description": { + "type": "string", + "description": "A description of the mute config.\n" + }, + "filter": { + "type": "string", + "description": "An expression that defines the filter to apply across create/update\nevents of findings. While creating a filter string, be mindful of\nthe scope in which the mute configuration is being created. E.g.,\nIf a filter contains project = X but is created under the\nproject = Y scope, it might not match any findings.\n" + }, + "location": { + "type": "string", + "description": "location Id is provided by project. If not provided, Use global as default.\n" + }, + "mostRecentEditor": { + "type": "string", + "description": "Email address of the user who last edited the mute config. This\nfield is set by the server and will be ignored if provided on\nconfig creation or update.\n" + }, + "muteConfigId": { + "type": "string", + "description": "Unique identifier provided by the client within the parent scope.\n\n\n- - -\n" + }, + "name": { + "type": "string", + "description": "Name of the mute config. Its format is\nprojects/{project}/locations/global/muteConfigs/{configId},\nfolders/{folder}/locations/global/muteConfigs/{configId},\nor organizations/{organization}/locations/global/muteConfigs/{configId}\n" + }, + "project": { + "type": "string", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the provider project is used.\n" + }, + "type": { + "type": "string", + "description": "The type of the mute config.\n" + }, + "updateTime": { + "type": "string", + "description": "Output only. The most recent time at which the mute config was\nupdated. This field is set by the server and will be ignored if\nprovided on config creation or update.\n" + } + }, + "required": [ + "createTime", + "filter", + "mostRecentEditor", + "muteConfigId", + "name", + "project", + "type", + "updateTime" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "A description of the mute config.\n" + }, + "filter": { + "type": "string", + "description": "An expression that defines the filter to apply across create/update\nevents of findings. While creating a filter string, be mindful of\nthe scope in which the mute configuration is being created. E.g.,\nIf a filter contains project = X but is created under the\nproject = Y scope, it might not match any findings.\n" + }, + "location": { + "type": "string", + "description": "location Id is provided by project. If not provided, Use global as default.\n", + "willReplaceOnChanges": true + }, + "muteConfigId": { + "type": "string", + "description": "Unique identifier provided by the client within the parent scope.\n\n\n- - -\n", + "willReplaceOnChanges": true + }, + "project": { + "type": "string", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the provider project is used.\n", + "willReplaceOnChanges": true + }, + "type": { + "type": "string", + "description": "The type of the mute config.\n" + } + }, + "requiredInputs": [ + "filter", + "muteConfigId", + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering V2ProjectMuteConfig resources.\n", + "properties": { + "createTime": { + "type": "string", + "description": "The time at which the mute config was created. This field is set by\nthe server and will be ignored if provided on config creation.\n" + }, + "description": { + "type": "string", + "description": "A description of the mute config.\n" + }, + "filter": { + "type": "string", + "description": "An expression that defines the filter to apply across create/update\nevents of findings. While creating a filter string, be mindful of\nthe scope in which the mute configuration is being created. E.g.,\nIf a filter contains project = X but is created under the\nproject = Y scope, it might not match any findings.\n" + }, + "location": { + "type": "string", + "description": "location Id is provided by project. If not provided, Use global as default.\n", + "willReplaceOnChanges": true + }, + "mostRecentEditor": { + "type": "string", + "description": "Email address of the user who last edited the mute config. This\nfield is set by the server and will be ignored if provided on\nconfig creation or update.\n" + }, + "muteConfigId": { + "type": "string", + "description": "Unique identifier provided by the client within the parent scope.\n\n\n- - -\n", + "willReplaceOnChanges": true + }, + "name": { + "type": "string", + "description": "Name of the mute config. Its format is\nprojects/{project}/locations/global/muteConfigs/{configId},\nfolders/{folder}/locations/global/muteConfigs/{configId},\nor organizations/{organization}/locations/global/muteConfigs/{configId}\n" + }, + "project": { + "type": "string", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the provider project is used.\n", + "willReplaceOnChanges": true + }, + "type": { + "type": "string", + "description": "The type of the mute config.\n" + }, + "updateTime": { + "type": "string", + "description": "Output only. The most recent time at which the mute config was\nupdated. This field is set by the server and will be ignored if\nprovided on config creation or update.\n" + } + }, + "type": "object" + } + }, + "gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig": { + "description": "A Cloud Security Command Center (Cloud SCC) notification configs. A\nnotification config is a Cloud SCC resource that contains the\nconfiguration to send notifications for create/update events of\nfindings, assets and etc.\n\u003e **Note:** In order to use Cloud SCC resources, your organization must be enrolled\nin [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center).\nWithout doing so, you may run into errors during resource creation.\n\n\nTo get more information about ProjectNotificationConfig, see:\n\n* [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/projects.locations.notificationConfigs)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/security-command-center/docs)\n\n## Example Usage\n\n### Scc V2 Project Notification Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sccV2ProjectNotification = new gcp.pubsub.Topic(\"scc_v2_project_notification\", {name: \"my-topic\"});\nconst customNotificationConfig = new gcp.securitycenter.V2ProjectNotificationConfig(\"custom_notification_config\", {\n configId: \"my-config\",\n project: \"my-project-name\",\n location: \"global\",\n description: \"My custom Cloud Security Command Center Finding Notification Configuration\",\n pubsubTopic: sccV2ProjectNotification.id,\n streamingConfig: {\n filter: \"category = \\\"OPEN_FIREWALL\\\" AND state = \\\"ACTIVE\\\"\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nscc_v2_project_notification = gcp.pubsub.Topic(\"scc_v2_project_notification\", name=\"my-topic\")\ncustom_notification_config = gcp.securitycenter.V2ProjectNotificationConfig(\"custom_notification_config\",\n config_id=\"my-config\",\n project=\"my-project-name\",\n location=\"global\",\n description=\"My custom Cloud Security Command Center Finding Notification Configuration\",\n pubsub_topic=scc_v2_project_notification.id,\n streaming_config={\n \"filter\": \"category = \\\"OPEN_FIREWALL\\\" AND state = \\\"ACTIVE\\\"\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sccV2ProjectNotification = new Gcp.PubSub.Topic(\"scc_v2_project_notification\", new()\n {\n Name = \"my-topic\",\n });\n\n var customNotificationConfig = new Gcp.SecurityCenter.V2ProjectNotificationConfig(\"custom_notification_config\", new()\n {\n ConfigId = \"my-config\",\n Project = \"my-project-name\",\n Location = \"global\",\n Description = \"My custom Cloud Security Command Center Finding Notification Configuration\",\n PubsubTopic = sccV2ProjectNotification.Id,\n StreamingConfig = new Gcp.SecurityCenter.Inputs.V2ProjectNotificationConfigStreamingConfigArgs\n {\n Filter = \"category = \\\"OPEN_FIREWALL\\\" AND state = \\\"ACTIVE\\\"\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsccV2ProjectNotification, err := pubsub.NewTopic(ctx, \"scc_v2_project_notification\", \u0026pubsub.TopicArgs{\n\t\t\tName: pulumi.String(\"my-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securitycenter.NewV2ProjectNotificationConfig(ctx, \"custom_notification_config\", \u0026securitycenter.V2ProjectNotificationConfigArgs{\n\t\t\tConfigId: pulumi.String(\"my-config\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tDescription: pulumi.String(\"My custom Cloud Security Command Center Finding Notification Configuration\"),\n\t\t\tPubsubTopic: sccV2ProjectNotification.ID(),\n\t\t\tStreamingConfig: \u0026securitycenter.V2ProjectNotificationConfigStreamingConfigArgs{\n\t\t\t\tFilter: pulumi.String(\"category = \\\"OPEN_FIREWALL\\\" AND state = \\\"ACTIVE\\\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.Topic;\nimport com.pulumi.gcp.pubsub.TopicArgs;\nimport com.pulumi.gcp.securitycenter.V2ProjectNotificationConfig;\nimport com.pulumi.gcp.securitycenter.V2ProjectNotificationConfigArgs;\nimport com.pulumi.gcp.securitycenter.inputs.V2ProjectNotificationConfigStreamingConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sccV2ProjectNotification = new Topic(\"sccV2ProjectNotification\", TopicArgs.builder()\n .name(\"my-topic\")\n .build());\n\n var customNotificationConfig = new V2ProjectNotificationConfig(\"customNotificationConfig\", V2ProjectNotificationConfigArgs.builder()\n .configId(\"my-config\")\n .project(\"my-project-name\")\n .location(\"global\")\n .description(\"My custom Cloud Security Command Center Finding Notification Configuration\")\n .pubsubTopic(sccV2ProjectNotification.id())\n .streamingConfig(V2ProjectNotificationConfigStreamingConfigArgs.builder()\n .filter(\"category = \\\"OPEN_FIREWALL\\\" AND state = \\\"ACTIVE\\\"\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sccV2ProjectNotification:\n type: gcp:pubsub:Topic\n name: scc_v2_project_notification\n properties:\n name: my-topic\n customNotificationConfig:\n type: gcp:securitycenter:V2ProjectNotificationConfig\n name: custom_notification_config\n properties:\n configId: my-config\n project: my-project-name\n location: global\n description: My custom Cloud Security Command Center Finding Notification Configuration\n pubsubTopic: ${sccV2ProjectNotification.id}\n streamingConfig:\n filter: category = \"OPEN_FIREWALL\" AND state = \"ACTIVE\"\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProjectNotificationConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/notificationConfigs/{{config_id}}`\n\n* `{{project}}/{{location}}/{{config_id}}`\n\n* `{{location}}/{{config_id}}`\n\nWhen using the `pulumi import` command, ProjectNotificationConfig can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default projects/{{project}}/locations/{{location}}/notificationConfigs/{{config_id}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default {{project}}/{{location}}/{{config_id}}\n```\n\n```sh\n$ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default {{location}}/{{config_id}}\n```\n\n", + "properties": { + "configId": { + "type": "string", + "description": "This must be unique within the project.\n" + }, + "description": { + "type": "string", + "description": "The description of the notification config (max of 1024 characters).\n" + }, + "location": { + "type": "string", + "description": "Location ID of the parent organization. Only global is supported at the moment.\n" + }, + "name": { + "type": "string", + "description": "The resource name of this notification config, in the format\n`projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}`.\n" + }, + "project": { + "type": "string" + }, + "pubsubTopic": { + "type": "string", + "description": "The Pub/Sub topic to send notifications to. Its format is \"projects/[project_id]/topics/[topic]\".\n" + }, + "serviceAccount": { + "type": "string", + "description": "The service account that needs \"pubsub.topics.publish\" permission to\npublish to the Pub/Sub topic.\n" + }, + "streamingConfig": { + "$ref": "#/types/gcp:securitycenter/V2ProjectNotificationConfigStreamingConfig:V2ProjectNotificationConfigStreamingConfig", + "description": "The config for triggering streaming-based notifications.\nStructure is documented below.\n" + } + }, + "required": [ + "configId", + "name", + "project", + "serviceAccount", + "streamingConfig" + ], + "inputProperties": { + "configId": { + "type": "string", + "description": "This must be unique within the project.\n", + "willReplaceOnChanges": true + }, + "description": { + "type": "string", + "description": "The description of the notification config (max of 1024 characters).\n" + }, + "location": { + "type": "string", + "description": "Location ID of the parent organization. Only global is supported at the moment.\n", + "willReplaceOnChanges": true + }, + "project": { + "type": "string", + "willReplaceOnChanges": true + }, + "pubsubTopic": { + "type": "string", + "description": "The Pub/Sub topic to send notifications to. Its format is \"projects/[project_id]/topics/[topic]\".\n" + }, + "streamingConfig": { + "$ref": "#/types/gcp:securitycenter/V2ProjectNotificationConfigStreamingConfig:V2ProjectNotificationConfigStreamingConfig", + "description": "The config for triggering streaming-based notifications.\nStructure is documented below.\n" + } + }, + "requiredInputs": [ + "configId", + "streamingConfig" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering V2ProjectNotificationConfig resources.\n", + "properties": { + "configId": { + "type": "string", + "description": "This must be unique within the project.\n", + "willReplaceOnChanges": true + }, + "description": { + "type": "string", + "description": "The description of the notification config (max of 1024 characters).\n" + }, + "location": { + "type": "string", + "description": "Location ID of the parent organization. Only global is supported at the moment.\n", + "willReplaceOnChanges": true + }, + "name": { + "type": "string", + "description": "The resource name of this notification config, in the format\n`projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}`.\n" + }, + "project": { + "type": "string", + "willReplaceOnChanges": true + }, + "pubsubTopic": { + "type": "string", + "description": "The Pub/Sub topic to send notifications to. Its format is \"projects/[project_id]/topics/[topic]\".\n" + }, + "serviceAccount": { + "type": "string", + "description": "The service account that needs \"pubsub.topics.publish\" permission to\npublish to the Pub/Sub topic.\n" + }, + "streamingConfig": { + "$ref": "#/types/gcp:securitycenter/V2ProjectNotificationConfigStreamingConfig:V2ProjectNotificationConfigStreamingConfig", + "description": "The config for triggering streaming-based notifications.\nStructure is documented below.\n" + } + }, + "type": "object" + } + }, "gcp:securityposture/posture:Posture": { "description": "A Posture represents a collection of policy set including its name, state, description\nand policy sets. A policy set includes set of policies along with their definition.\nA posture can be created at the organization level.\nEvery update to a deployed posture creates a new posture revision with an updated revision_id.\n\n\nTo get more information about Posture, see:\n\n* How-to Guides\n * [Create and deploy a posture](https://cloud.google.com/security-command-center/docs/how-to-use-security-posture)\n\n## Example Usage\n\n### Securityposture Posture Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst posture1 = new gcp.securityposture.Posture(\"posture1\", {\n postureId: \"posture_example\",\n parent: \"organizations/123456789\",\n location: \"global\",\n state: \"ACTIVE\",\n description: \"a new posture\",\n policySets: [\n {\n policySetId: \"org_policy_set\",\n description: \"set of org policies\",\n policies: [\n {\n policyId: \"canned_org_policy\",\n constraint: {\n orgPolicyConstraint: {\n cannedConstraintId: \"storage.uniformBucketLevelAccess\",\n policyRules: [{\n enforce: true,\n condition: {\n description: \"condition description\",\n expression: \"resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')\",\n title: \"a CEL condition\",\n },\n }],\n },\n },\n },\n {\n policyId: \"custom_org_policy\",\n constraint: {\n orgPolicyConstraintCustom: {\n customConstraint: {\n name: \"organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade\",\n displayName: \"Disable GKE auto upgrade\",\n description: \"Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.\",\n actionType: \"ALLOW\",\n condition: \"resource.management.autoUpgrade == false\",\n methodTypes: [\n \"CREATE\",\n \"UPDATE\",\n ],\n resourceTypes: [\"container.googleapis.com/NodePool\"],\n },\n policyRules: [{\n enforce: true,\n condition: {\n description: \"condition description\",\n expression: \"resource.matchTagId('tagKeys/key_id','tagValues/value_id')\",\n title: \"a CEL condition\",\n },\n }],\n },\n },\n },\n ],\n },\n {\n policySetId: \"sha_policy_set\",\n description: \"set of sha policies\",\n policies: [\n {\n policyId: \"sha_builtin_module\",\n constraint: {\n securityHealthAnalyticsModule: {\n moduleName: \"BIGQUERY_TABLE_CMEK_DISABLED\",\n moduleEnablementState: \"ENABLED\",\n },\n },\n description: \"enable BIGQUERY_TABLE_CMEK_DISABLED\",\n },\n {\n policyId: \"sha_custom_module\",\n constraint: {\n securityHealthAnalyticsCustomModule: {\n displayName: \"custom_SHA_policy\",\n config: {\n predicate: {\n expression: \"resource.rotationPeriod \u003e duration('2592000s')\",\n },\n customOutput: {\n properties: [{\n name: \"duration\",\n valueExpression: {\n expression: \"resource.rotationPeriod\",\n },\n }],\n },\n resourceSelector: {\n resourceTypes: [\"cloudkms.googleapis.com/CryptoKey\"],\n },\n severity: \"LOW\",\n description: \"Custom Module\",\n recommendation: \"Testing custom modules\",\n },\n moduleEnablementState: \"ENABLED\",\n },\n },\n },\n ],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nposture1 = gcp.securityposture.Posture(\"posture1\",\n posture_id=\"posture_example\",\n parent=\"organizations/123456789\",\n location=\"global\",\n state=\"ACTIVE\",\n description=\"a new posture\",\n policy_sets=[\n {\n \"policy_set_id\": \"org_policy_set\",\n \"description\": \"set of org policies\",\n \"policies\": [\n {\n \"policy_id\": \"canned_org_policy\",\n \"constraint\": {\n \"org_policy_constraint\": {\n \"canned_constraint_id\": \"storage.uniformBucketLevelAccess\",\n \"policy_rules\": [{\n \"enforce\": True,\n \"condition\": {\n \"description\": \"condition description\",\n \"expression\": \"resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')\",\n \"title\": \"a CEL condition\",\n },\n }],\n },\n },\n },\n {\n \"policy_id\": \"custom_org_policy\",\n \"constraint\": {\n \"org_policy_constraint_custom\": {\n \"custom_constraint\": {\n \"name\": \"organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade\",\n \"display_name\": \"Disable GKE auto upgrade\",\n \"description\": \"Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.\",\n \"action_type\": \"ALLOW\",\n \"condition\": \"resource.management.autoUpgrade == false\",\n \"method_types\": [\n \"CREATE\",\n \"UPDATE\",\n ],\n \"resource_types\": [\"container.googleapis.com/NodePool\"],\n },\n \"policy_rules\": [{\n \"enforce\": True,\n \"condition\": {\n \"description\": \"condition description\",\n \"expression\": \"resource.matchTagId('tagKeys/key_id','tagValues/value_id')\",\n \"title\": \"a CEL condition\",\n },\n }],\n },\n },\n },\n ],\n },\n {\n \"policy_set_id\": \"sha_policy_set\",\n \"description\": \"set of sha policies\",\n \"policies\": [\n {\n \"policy_id\": \"sha_builtin_module\",\n \"constraint\": {\n \"security_health_analytics_module\": {\n \"module_name\": \"BIGQUERY_TABLE_CMEK_DISABLED\",\n \"module_enablement_state\": \"ENABLED\",\n },\n },\n \"description\": \"enable BIGQUERY_TABLE_CMEK_DISABLED\",\n },\n {\n \"policy_id\": \"sha_custom_module\",\n \"constraint\": {\n \"security_health_analytics_custom_module\": {\n \"display_name\": \"custom_SHA_policy\",\n \"config\": {\n \"predicate\": {\n \"expression\": \"resource.rotationPeriod \u003e duration('2592000s')\",\n },\n \"custom_output\": {\n \"properties\": [{\n \"name\": \"duration\",\n \"value_expression\": {\n \"expression\": \"resource.rotationPeriod\",\n },\n }],\n },\n \"resource_selector\": {\n \"resource_types\": [\"cloudkms.googleapis.com/CryptoKey\"],\n },\n \"severity\": \"LOW\",\n \"description\": \"Custom Module\",\n \"recommendation\": \"Testing custom modules\",\n },\n \"module_enablement_state\": \"ENABLED\",\n },\n },\n },\n ],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var posture1 = new Gcp.SecurityPosture.Posture(\"posture1\", new()\n {\n PostureId = \"posture_example\",\n Parent = \"organizations/123456789\",\n Location = \"global\",\n State = \"ACTIVE\",\n Description = \"a new posture\",\n PolicySets = new[]\n {\n new Gcp.SecurityPosture.Inputs.PosturePolicySetArgs\n {\n PolicySetId = \"org_policy_set\",\n Description = \"set of org policies\",\n Policies = new[]\n {\n new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs\n {\n PolicyId = \"canned_org_policy\",\n Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs\n {\n OrgPolicyConstraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs\n {\n CannedConstraintId = \"storage.uniformBucketLevelAccess\",\n PolicyRules = new[]\n {\n new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs\n {\n Enforce = true,\n Condition = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs\n {\n Description = \"condition description\",\n Expression = \"resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')\",\n Title = \"a CEL condition\",\n },\n },\n },\n },\n },\n },\n new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs\n {\n PolicyId = \"custom_org_policy\",\n Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs\n {\n OrgPolicyConstraintCustom = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs\n {\n CustomConstraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs\n {\n Name = \"organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade\",\n DisplayName = \"Disable GKE auto upgrade\",\n Description = \"Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.\",\n ActionType = \"ALLOW\",\n Condition = \"resource.management.autoUpgrade == false\",\n MethodTypes = new[]\n {\n \"CREATE\",\n \"UPDATE\",\n },\n ResourceTypes = new[]\n {\n \"container.googleapis.com/NodePool\",\n },\n },\n PolicyRules = new[]\n {\n new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs\n {\n Enforce = true,\n Condition = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs\n {\n Description = \"condition description\",\n Expression = \"resource.matchTagId('tagKeys/key_id','tagValues/value_id')\",\n Title = \"a CEL condition\",\n },\n },\n },\n },\n },\n },\n },\n },\n new Gcp.SecurityPosture.Inputs.PosturePolicySetArgs\n {\n PolicySetId = \"sha_policy_set\",\n Description = \"set of sha policies\",\n Policies = new[]\n {\n new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs\n {\n PolicyId = \"sha_builtin_module\",\n Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs\n {\n SecurityHealthAnalyticsModule = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs\n {\n ModuleName = \"BIGQUERY_TABLE_CMEK_DISABLED\",\n ModuleEnablementState = \"ENABLED\",\n },\n },\n Description = \"enable BIGQUERY_TABLE_CMEK_DISABLED\",\n },\n new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs\n {\n PolicyId = \"sha_custom_module\",\n Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs\n {\n SecurityHealthAnalyticsCustomModule = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs\n {\n DisplayName = \"custom_SHA_policy\",\n Config = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs\n {\n Predicate = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs\n {\n Expression = \"resource.rotationPeriod \u003e duration('2592000s')\",\n },\n CustomOutput = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs\n {\n Properties = new[]\n {\n new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs\n {\n Name = \"duration\",\n ValueExpression = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs\n {\n Expression = \"resource.rotationPeriod\",\n },\n },\n },\n },\n ResourceSelector = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs\n {\n ResourceTypes = new[]\n {\n \"cloudkms.googleapis.com/CryptoKey\",\n },\n },\n Severity = \"LOW\",\n Description = \"Custom Module\",\n Recommendation = \"Testing custom modules\",\n },\n ModuleEnablementState = \"ENABLED\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securityposture\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securityposture.NewPosture(ctx, \"posture1\", \u0026securityposture.PostureArgs{\n\t\t\tPostureId: pulumi.String(\"posture_example\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tState: pulumi.String(\"ACTIVE\"),\n\t\t\tDescription: pulumi.String(\"a new posture\"),\n\t\t\tPolicySets: securityposture.PosturePolicySetArray{\n\t\t\t\t\u0026securityposture.PosturePolicySetArgs{\n\t\t\t\t\tPolicySetId: pulumi.String(\"org_policy_set\"),\n\t\t\t\t\tDescription: pulumi.String(\"set of org policies\"),\n\t\t\t\t\tPolicies: securityposture.PosturePolicySetPolicyArray{\n\t\t\t\t\t\t\u0026securityposture.PosturePolicySetPolicyArgs{\n\t\t\t\t\t\t\tPolicyId: pulumi.String(\"canned_org_policy\"),\n\t\t\t\t\t\t\tConstraint: \u0026securityposture.PosturePolicySetPolicyConstraintArgs{\n\t\t\t\t\t\t\t\tOrgPolicyConstraint: \u0026securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs{\n\t\t\t\t\t\t\t\t\tCannedConstraintId: pulumi.String(\"storage.uniformBucketLevelAccess\"),\n\t\t\t\t\t\t\t\t\tPolicyRules: securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArray{\n\t\t\t\t\t\t\t\t\t\t\u0026securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs{\n\t\t\t\t\t\t\t\t\t\t\tEnforce: pulumi.Bool(true),\n\t\t\t\t\t\t\t\t\t\t\tCondition: \u0026securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tDescription: pulumi.String(\"condition description\"),\n\t\t\t\t\t\t\t\t\t\t\t\tExpression: pulumi.String(\"resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')\"),\n\t\t\t\t\t\t\t\t\t\t\t\tTitle: pulumi.String(\"a CEL condition\"),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026securityposture.PosturePolicySetPolicyArgs{\n\t\t\t\t\t\t\tPolicyId: pulumi.String(\"custom_org_policy\"),\n\t\t\t\t\t\t\tConstraint: \u0026securityposture.PosturePolicySetPolicyConstraintArgs{\n\t\t\t\t\t\t\t\tOrgPolicyConstraintCustom: \u0026securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs{\n\t\t\t\t\t\t\t\t\tCustomConstraint: \u0026securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs{\n\t\t\t\t\t\t\t\t\t\tName: pulumi.String(\"organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade\"),\n\t\t\t\t\t\t\t\t\t\tDisplayName: pulumi.String(\"Disable GKE auto upgrade\"),\n\t\t\t\t\t\t\t\t\t\tDescription: pulumi.String(\"Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.\"),\n\t\t\t\t\t\t\t\t\t\tActionType: pulumi.String(\"ALLOW\"),\n\t\t\t\t\t\t\t\t\t\tCondition: pulumi.String(\"resource.management.autoUpgrade == false\"),\n\t\t\t\t\t\t\t\t\t\tMethodTypes: pulumi.StringArray{\n\t\t\t\t\t\t\t\t\t\t\tpulumi.String(\"CREATE\"),\n\t\t\t\t\t\t\t\t\t\t\tpulumi.String(\"UPDATE\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tResourceTypes: pulumi.StringArray{\n\t\t\t\t\t\t\t\t\t\t\tpulumi.String(\"container.googleapis.com/NodePool\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\tPolicyRules: securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArray{\n\t\t\t\t\t\t\t\t\t\t\u0026securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs{\n\t\t\t\t\t\t\t\t\t\t\tEnforce: pulumi.Bool(true),\n\t\t\t\t\t\t\t\t\t\t\tCondition: \u0026securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tDescription: pulumi.String(\"condition description\"),\n\t\t\t\t\t\t\t\t\t\t\t\tExpression: pulumi.String(\"resource.matchTagId('tagKeys/key_id','tagValues/value_id')\"),\n\t\t\t\t\t\t\t\t\t\t\t\tTitle: pulumi.String(\"a CEL condition\"),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026securityposture.PosturePolicySetArgs{\n\t\t\t\t\tPolicySetId: pulumi.String(\"sha_policy_set\"),\n\t\t\t\t\tDescription: pulumi.String(\"set of sha policies\"),\n\t\t\t\t\tPolicies: securityposture.PosturePolicySetPolicyArray{\n\t\t\t\t\t\t\u0026securityposture.PosturePolicySetPolicyArgs{\n\t\t\t\t\t\t\tPolicyId: pulumi.String(\"sha_builtin_module\"),\n\t\t\t\t\t\t\tConstraint: \u0026securityposture.PosturePolicySetPolicyConstraintArgs{\n\t\t\t\t\t\t\t\tSecurityHealthAnalyticsModule: \u0026securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs{\n\t\t\t\t\t\t\t\t\tModuleName: pulumi.String(\"BIGQUERY_TABLE_CMEK_DISABLED\"),\n\t\t\t\t\t\t\t\t\tModuleEnablementState: pulumi.String(\"ENABLED\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tDescription: pulumi.String(\"enable BIGQUERY_TABLE_CMEK_DISABLED\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026securityposture.PosturePolicySetPolicyArgs{\n\t\t\t\t\t\t\tPolicyId: pulumi.String(\"sha_custom_module\"),\n\t\t\t\t\t\t\tConstraint: \u0026securityposture.PosturePolicySetPolicyConstraintArgs{\n\t\t\t\t\t\t\t\tSecurityHealthAnalyticsCustomModule: \u0026securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs{\n\t\t\t\t\t\t\t\t\tDisplayName: pulumi.String(\"custom_SHA_policy\"),\n\t\t\t\t\t\t\t\t\tConfig: \u0026securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs{\n\t\t\t\t\t\t\t\t\t\tPredicate: \u0026securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs{\n\t\t\t\t\t\t\t\t\t\t\tExpression: pulumi.String(\"resource.rotationPeriod \u003e duration('2592000s')\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tCustomOutput: securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs{\n\t\t\t\t\t\t\t\t\t\t\tProperties: securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArray{\n\t\t\t\t\t\t\t\t\t\t\t\t\u0026securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs{\n\t\t\t\t\t\t\t\t\t\t\t\t\tName: pulumi.String(\"duration\"),\n\t\t\t\t\t\t\t\t\t\t\t\t\tValueExpression: \u0026securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs{\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tExpression: pulumi.String(\"resource.rotationPeriod\"),\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tResourceSelector: \u0026securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs{\n\t\t\t\t\t\t\t\t\t\t\tResourceTypes: pulumi.StringArray{\n\t\t\t\t\t\t\t\t\t\t\t\tpulumi.String(\"cloudkms.googleapis.com/CryptoKey\"),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tSeverity: pulumi.String(\"LOW\"),\n\t\t\t\t\t\t\t\t\t\tDescription: pulumi.String(\"Custom Module\"),\n\t\t\t\t\t\t\t\t\t\tRecommendation: pulumi.String(\"Testing custom modules\"),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\tModuleEnablementState: pulumi.String(\"ENABLED\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securityposture.Posture;\nimport com.pulumi.gcp.securityposture.PostureArgs;\nimport com.pulumi.gcp.securityposture.inputs.PosturePolicySetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var posture1 = new Posture(\"posture1\", PostureArgs.builder()\n .postureId(\"posture_example\")\n .parent(\"organizations/123456789\")\n .location(\"global\")\n .state(\"ACTIVE\")\n .description(\"a new posture\")\n .policySets( \n PosturePolicySetArgs.builder()\n .policySetId(\"org_policy_set\")\n .description(\"set of org policies\")\n .policies( \n PosturePolicySetPolicyArgs.builder()\n .policyId(\"canned_org_policy\")\n .constraint(PosturePolicySetPolicyConstraintArgs.builder()\n .orgPolicyConstraint(PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs.builder()\n .cannedConstraintId(\"storage.uniformBucketLevelAccess\")\n .policyRules(PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs.builder()\n .enforce(true)\n .condition(PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs.builder()\n .description(\"condition description\")\n .expression(\"resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')\")\n .title(\"a CEL condition\")\n .build())\n .build())\n .build())\n .build())\n .build(),\n PosturePolicySetPolicyArgs.builder()\n .policyId(\"custom_org_policy\")\n .constraint(PosturePolicySetPolicyConstraintArgs.builder()\n .orgPolicyConstraintCustom(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs.builder()\n .customConstraint(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs.builder()\n .name(\"organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade\")\n .displayName(\"Disable GKE auto upgrade\")\n .description(\"Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.\")\n .actionType(\"ALLOW\")\n .condition(\"resource.management.autoUpgrade == false\")\n .methodTypes( \n \"CREATE\",\n \"UPDATE\")\n .resourceTypes(\"container.googleapis.com/NodePool\")\n .build())\n .policyRules(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs.builder()\n .enforce(true)\n .condition(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs.builder()\n .description(\"condition description\")\n .expression(\"resource.matchTagId('tagKeys/key_id','tagValues/value_id')\")\n .title(\"a CEL condition\")\n .build())\n .build())\n .build())\n .build())\n .build())\n .build(),\n PosturePolicySetArgs.builder()\n .policySetId(\"sha_policy_set\")\n .description(\"set of sha policies\")\n .policies( \n PosturePolicySetPolicyArgs.builder()\n .policyId(\"sha_builtin_module\")\n .constraint(PosturePolicySetPolicyConstraintArgs.builder()\n .securityHealthAnalyticsModule(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs.builder()\n .moduleName(\"BIGQUERY_TABLE_CMEK_DISABLED\")\n .moduleEnablementState(\"ENABLED\")\n .build())\n .build())\n .description(\"enable BIGQUERY_TABLE_CMEK_DISABLED\")\n .build(),\n PosturePolicySetPolicyArgs.builder()\n .policyId(\"sha_custom_module\")\n .constraint(PosturePolicySetPolicyConstraintArgs.builder()\n .securityHealthAnalyticsCustomModule(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs.builder()\n .displayName(\"custom_SHA_policy\")\n .config(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs.builder()\n .predicate(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs.builder()\n .expression(\"resource.rotationPeriod \u003e duration('2592000s')\")\n .build())\n .customOutput(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs.builder()\n .properties(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs.builder()\n .name(\"duration\")\n .valueExpression(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs.builder()\n .expression(\"resource.rotationPeriod\")\n .build())\n .build())\n .build())\n .resourceSelector(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs.builder()\n .resourceTypes(\"cloudkms.googleapis.com/CryptoKey\")\n .build())\n .severity(\"LOW\")\n .description(\"Custom Module\")\n .recommendation(\"Testing custom modules\")\n .build())\n .moduleEnablementState(\"ENABLED\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n posture1:\n type: gcp:securityposture:Posture\n properties:\n postureId: posture_example\n parent: organizations/123456789\n location: global\n state: ACTIVE\n description: a new posture\n policySets:\n - policySetId: org_policy_set\n description: set of org policies\n policies:\n - policyId: canned_org_policy\n constraint:\n orgPolicyConstraint:\n cannedConstraintId: storage.uniformBucketLevelAccess\n policyRules:\n - enforce: true\n condition:\n description: condition description\n expression: resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')\n title: a CEL condition\n - policyId: custom_org_policy\n constraint:\n orgPolicyConstraintCustom:\n customConstraint:\n name: organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade\n displayName: Disable GKE auto upgrade\n description: Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.\n actionType: ALLOW\n condition: resource.management.autoUpgrade == false\n methodTypes:\n - CREATE\n - UPDATE\n resourceTypes:\n - container.googleapis.com/NodePool\n policyRules:\n - enforce: true\n condition:\n description: condition description\n expression: resource.matchTagId('tagKeys/key_id','tagValues/value_id')\n title: a CEL condition\n - policySetId: sha_policy_set\n description: set of sha policies\n policies:\n - policyId: sha_builtin_module\n constraint:\n securityHealthAnalyticsModule:\n moduleName: BIGQUERY_TABLE_CMEK_DISABLED\n moduleEnablementState: ENABLED\n description: enable BIGQUERY_TABLE_CMEK_DISABLED\n - policyId: sha_custom_module\n constraint:\n securityHealthAnalyticsCustomModule:\n displayName: custom_SHA_policy\n config:\n predicate:\n expression: resource.rotationPeriod \u003e duration('2592000s')\n customOutput:\n properties:\n - name: duration\n valueExpression:\n expression: resource.rotationPeriod\n resourceSelector:\n resourceTypes:\n - cloudkms.googleapis.com/CryptoKey\n severity: LOW\n description: Custom Module\n recommendation: Testing custom modules\n moduleEnablementState: ENABLED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nPosture can be imported using any of these accepted formats:\n\n* `{{parent}}/locations/{{location}}/postures/{{posture_id}}`\n\nWhen using the `pulumi import` command, Posture can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:securityposture/posture:Posture default {{parent}}/locations/{{location}}/postures/{{posture_id}}\n```\n\n", "properties": { @@ -239539,7 +240725,7 @@ }, "name": { "type": "string", - "description": "A unique identifier for the instance, which cannot be changed after\nthe instance is created. The name must be between 6 and 30 characters\nin length.\n\nIf not provided, a random string starting with `tf-` will be selected.\n" + "description": "A unique identifier for the instance, which cannot be changed after\nthe instance is created. The name must be between 6 and 30 characters\nin length.\nIf not provided, a random string starting with `tf-` will be selected.\n" }, "numNodes": { "type": "integer" @@ -239602,7 +240788,7 @@ }, "name": { "type": "string", - "description": "A unique identifier for the instance, which cannot be changed after\nthe instance is created. The name must be between 6 and 30 characters\nin length.\n\nIf not provided, a random string starting with `tf-` will be selected.\n", + "description": "A unique identifier for the instance, which cannot be changed after\nthe instance is created. The name must be between 6 and 30 characters\nin length.\nIf not provided, a random string starting with `tf-` will be selected.\n", "willReplaceOnChanges": true }, "numNodes": { @@ -239658,7 +240844,7 @@ }, "name": { "type": "string", - "description": "A unique identifier for the instance, which cannot be changed after\nthe instance is created. The name must be between 6 and 30 characters\nin length.\n\nIf not provided, a random string starting with `tf-` will be selected.\n", + "description": "A unique identifier for the instance, which cannot be changed after\nthe instance is created. The name must be between 6 and 30 characters\nin length.\nIf not provided, a random string starting with `tf-` will be selected.\n", "willReplaceOnChanges": true }, "numNodes": { @@ -241864,6 +243050,10 @@ "type": "boolean", "description": "Whether an object is under [event-based hold](https://cloud.google.com/storage/docs/object-holds#hold-types). Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).\n" }, + "generation": { + "type": "integer", + "description": "(Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete).\n" + }, "kmsKeyName": { "type": "string", "description": "The resource name of the Cloud KMS key that will be used to [encrypt](https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys) the object.\n" @@ -241917,6 +243107,7 @@ "content", "contentType", "crc32c", + "generation", "kmsKeyName", "md5hash", "mediaLink", @@ -242067,6 +243258,10 @@ "type": "boolean", "description": "Whether an object is under [event-based hold](https://cloud.google.com/storage/docs/object-holds#hold-types). Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).\n" }, + "generation": { + "type": "integer", + "description": "(Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete).\n" + }, "kmsKeyName": { "type": "string", "description": "The resource name of the Cloud KMS key that will be used to [encrypt](https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys) the object.\n", @@ -242503,7 +243698,7 @@ } }, "gcp:storage/managedFolder:ManagedFolder": { - "description": "A Google Cloud Storage Managed Folder.\n\nYou can apply Identity and Access Management (IAM) policies to\nmanaged folders to grant principals access only to the objects\nwithin the managed folder, which lets you more finely control access\nfor specific data sets and tables within a bucket. You can nest\nmanaged folders up to 15 levels deep, including the parent managed\nfolder.\n\nManaged folders can only be created in buckets that have uniform\nbucket-level access enabled.\n\n\nTo get more information about ManagedFolder, see:\n\n* [API documentation](https://cloud.google.com/storage/docs/json_api/v1/managedFolder)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/storage/docs/managed-folders)\n\n## Example Usage\n\n### Storage Managed Folder Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"my-bucket\",\n location: \"EU\",\n uniformBucketLevelAccess: true,\n});\nconst folder = new gcp.storage.ManagedFolder(\"folder\", {\n bucket: bucket.name,\n name: \"managed/folder/name/\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"my-bucket\",\n location=\"EU\",\n uniform_bucket_level_access=True)\nfolder = gcp.storage.ManagedFolder(\"folder\",\n bucket=bucket.name,\n name=\"managed/folder/name/\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"my-bucket\",\n Location = \"EU\",\n UniformBucketLevelAccess = true,\n });\n\n var folder = new Gcp.Storage.ManagedFolder(\"folder\", new()\n {\n Bucket = bucket.Name,\n Name = \"managed/folder/name/\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"my-bucket\"),\n\t\t\tLocation: pulumi.String(\"EU\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolder(ctx, \"folder\", \u0026storage.ManagedFolderArgs{\n\t\t\tBucket: bucket.Name,\n\t\t\tName: pulumi.String(\"managed/folder/name/\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.ManagedFolder;\nimport com.pulumi.gcp.storage.ManagedFolderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"my-bucket\")\n .location(\"EU\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var folder = new ManagedFolder(\"folder\", ManagedFolderArgs.builder()\n .bucket(bucket.name())\n .name(\"managed/folder/name/\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: my-bucket\n location: EU\n uniformBucketLevelAccess: true\n folder:\n type: gcp:storage:ManagedFolder\n properties:\n bucket: ${bucket.name}\n name: managed/folder/name/\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nManagedFolder can be imported using any of these accepted formats:\n\n* `{{bucket}}/managedFolders/{{name}}`\n\n* `{{bucket}}/{{name}}`\n\nWhen using the `pulumi import` command, ManagedFolder can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:storage/managedFolder:ManagedFolder default {{bucket}}/managedFolders/{{name}}\n```\n\n```sh\n$ pulumi import gcp:storage/managedFolder:ManagedFolder default {{bucket}}/{{name}}\n```\n\n", + "description": "A Google Cloud Storage Managed Folder.\n\nYou can apply Identity and Access Management (IAM) policies to\nmanaged folders to grant principals access only to the objects\nwithin the managed folder, which lets you more finely control access\nfor specific data sets and tables within a bucket. You can nest\nmanaged folders up to 15 levels deep, including the parent managed\nfolder.\n\nManaged folders can only be created in buckets that have uniform\nbucket-level access enabled.\n\n\nTo get more information about ManagedFolder, see:\n\n* [API documentation](https://cloud.google.com/storage/docs/json_api/v1/managedFolder)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/storage/docs/managed-folders)\n\n## Example Usage\n\n### Storage Managed Folder Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n name: \"my-bucket\",\n location: \"EU\",\n uniformBucketLevelAccess: true,\n});\nconst folder = new gcp.storage.ManagedFolder(\"folder\", {\n bucket: bucket.name,\n name: \"managed/folder/name/\",\n forceDestroy: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbucket = gcp.storage.Bucket(\"bucket\",\n name=\"my-bucket\",\n location=\"EU\",\n uniform_bucket_level_access=True)\nfolder = gcp.storage.ManagedFolder(\"folder\",\n bucket=bucket.name,\n name=\"managed/folder/name/\",\n force_destroy=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Name = \"my-bucket\",\n Location = \"EU\",\n UniformBucketLevelAccess = true,\n });\n\n var folder = new Gcp.Storage.ManagedFolder(\"folder\", new()\n {\n Bucket = bucket.Name,\n Name = \"managed/folder/name/\",\n ForceDestroy = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tName: pulumi.String(\"my-bucket\"),\n\t\t\tLocation: pulumi.String(\"EU\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewManagedFolder(ctx, \"folder\", \u0026storage.ManagedFolderArgs{\n\t\t\tBucket: bucket.Name,\n\t\t\tName: pulumi.String(\"managed/folder/name/\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.ManagedFolder;\nimport com.pulumi.gcp.storage.ManagedFolderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .name(\"my-bucket\")\n .location(\"EU\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var folder = new ManagedFolder(\"folder\", ManagedFolderArgs.builder()\n .bucket(bucket.name())\n .name(\"managed/folder/name/\")\n .forceDestroy(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: gcp:storage:Bucket\n properties:\n name: my-bucket\n location: EU\n uniformBucketLevelAccess: true\n folder:\n type: gcp:storage:ManagedFolder\n properties:\n bucket: ${bucket.name}\n name: managed/folder/name/\n forceDestroy: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nManagedFolder can be imported using any of these accepted formats:\n\n* `{{bucket}}/managedFolders/{{name}}`\n\n* `{{bucket}}/{{name}}`\n\nWhen using the `pulumi import` command, ManagedFolder can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:storage/managedFolder:ManagedFolder default {{bucket}}/managedFolders/{{name}}\n```\n\n```sh\n$ pulumi import gcp:storage/managedFolder:ManagedFolder default {{bucket}}/{{name}}\n```\n\n", "properties": { "bucket": { "type": "string", @@ -242513,6 +243708,10 @@ "type": "string", "description": "The timestamp at which this managed folder was created.\n" }, + "forceDestroy": { + "type": "boolean", + "description": "Allows the deletion of a managed folder even if contains\nobjects. If a non-empty managed folder is deleted, any objects\nwithin the folder will remain in a simulated folder with the\nsame name.\n" + }, "metageneration": { "type": "string", "description": "The metadata generation of the managed folder.\n" @@ -242544,6 +243743,10 @@ "description": "The name of the bucket that contains the managed folder.\n", "willReplaceOnChanges": true }, + "forceDestroy": { + "type": "boolean", + "description": "Allows the deletion of a managed folder even if contains\nobjects. If a non-empty managed folder is deleted, any objects\nwithin the folder will remain in a simulated folder with the\nsame name.\n" + }, "name": { "type": "string", "description": "The name of the managed folder expressed as a path. Must include\ntrailing '/'. For example, `example_dir/example_dir2/`.\n\n\n- - -\n", @@ -242565,6 +243768,10 @@ "type": "string", "description": "The timestamp at which this managed folder was created.\n" }, + "forceDestroy": { + "type": "boolean", + "description": "Allows the deletion of a managed folder even if contains\nobjects. If a non-empty managed folder is deleted, any objects\nwithin the folder will remain in a simulated folder with the\nsame name.\n" + }, "metageneration": { "type": "string", "description": "The metadata generation of the managed folder.\n" @@ -249097,7 +250304,7 @@ } }, "gcp:vmwareengine/networkPolicy:NetworkPolicy": { - "description": "Represents a network policy resource. Network policies are regional resources.\n\n\nTo get more information about NetworkPolicy, see:\n\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.networkPolicies)\n\n## Example Usage\n\n### Vmware Engine Network Policy Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network_policy_nw = new gcp.vmwareengine.Network(\"network-policy-nw\", {\n name: \"standard-nw\",\n location: \"global\",\n type: \"STANDARD\",\n description: \"VMwareEngine standard network sample\",\n});\nconst vmw_engine_network_policy = new gcp.vmwareengine.NetworkPolicy(\"vmw-engine-network-policy\", {\n location: \"us-west1\",\n name: \"sample-network-policy\",\n edgeServicesCidr: \"192.168.30.0/26\",\n vmwareEngineNetwork: network_policy_nw.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork_policy_nw = gcp.vmwareengine.Network(\"network-policy-nw\",\n name=\"standard-nw\",\n location=\"global\",\n type=\"STANDARD\",\n description=\"VMwareEngine standard network sample\")\nvmw_engine_network_policy = gcp.vmwareengine.NetworkPolicy(\"vmw-engine-network-policy\",\n location=\"us-west1\",\n name=\"sample-network-policy\",\n edge_services_cidr=\"192.168.30.0/26\",\n vmware_engine_network=network_policy_nw.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network_policy_nw = new Gcp.VMwareEngine.Network(\"network-policy-nw\", new()\n {\n Name = \"standard-nw\",\n Location = \"global\",\n Type = \"STANDARD\",\n Description = \"VMwareEngine standard network sample\",\n });\n\n var vmw_engine_network_policy = new Gcp.VMwareEngine.NetworkPolicy(\"vmw-engine-network-policy\", new()\n {\n Location = \"us-west1\",\n Name = \"sample-network-policy\",\n EdgeServicesCidr = \"192.168.30.0/26\",\n VmwareEngineNetwork = network_policy_nw.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.NewNetwork(ctx, \"network-policy-nw\", \u0026vmwareengine.NetworkArgs{\n\t\t\tName: pulumi.String(\"standard-nw\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tType: pulumi.String(\"STANDARD\"),\n\t\t\tDescription: pulumi.String(\"VMwareEngine standard network sample\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vmwareengine.NewNetworkPolicy(ctx, \"vmw-engine-network-policy\", \u0026vmwareengine.NetworkPolicyArgs{\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"sample-network-policy\"),\n\t\t\tEdgeServicesCidr: pulumi.String(\"192.168.30.0/26\"),\n\t\t\tVmwareEngineNetwork: network_policy_nw.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.Network;\nimport com.pulumi.gcp.vmwareengine.NetworkArgs;\nimport com.pulumi.gcp.vmwareengine.NetworkPolicy;\nimport com.pulumi.gcp.vmwareengine.NetworkPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network_policy_nw = new Network(\"network-policy-nw\", NetworkArgs.builder()\n .name(\"standard-nw\")\n .location(\"global\")\n .type(\"STANDARD\")\n .description(\"VMwareEngine standard network sample\")\n .build());\n\n var vmw_engine_network_policy = new NetworkPolicy(\"vmw-engine-network-policy\", NetworkPolicyArgs.builder()\n .location(\"us-west1\")\n .name(\"sample-network-policy\")\n .edgeServicesCidr(\"192.168.30.0/26\")\n .vmwareEngineNetwork(network_policy_nw.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network-policy-nw:\n type: gcp:vmwareengine:Network\n properties:\n name: standard-nw\n location: global\n type: STANDARD\n description: VMwareEngine standard network sample\n vmw-engine-network-policy:\n type: gcp:vmwareengine:NetworkPolicy\n properties:\n location: us-west1\n name: sample-network-policy\n edgeServicesCidr: 192.168.30.0/26\n vmwareEngineNetwork: ${[\"network-policy-nw\"].id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vmware Engine Network Policy Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network_policy_nw = new gcp.vmwareengine.Network(\"network-policy-nw\", {\n name: \"standard-full-nw\",\n location: \"global\",\n type: \"STANDARD\",\n description: \"VMwareEngine standard network sample\",\n});\nconst vmw_engine_network_policy = new gcp.vmwareengine.NetworkPolicy(\"vmw-engine-network-policy\", {\n location: \"us-west1\",\n name: \"sample-network-policy-full\",\n edgeServicesCidr: \"192.168.30.0/26\",\n vmwareEngineNetwork: network_policy_nw.id,\n description: \"Sample Network Policy\",\n internetAccess: {\n enabled: true,\n },\n externalIp: {\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork_policy_nw = gcp.vmwareengine.Network(\"network-policy-nw\",\n name=\"standard-full-nw\",\n location=\"global\",\n type=\"STANDARD\",\n description=\"VMwareEngine standard network sample\")\nvmw_engine_network_policy = gcp.vmwareengine.NetworkPolicy(\"vmw-engine-network-policy\",\n location=\"us-west1\",\n name=\"sample-network-policy-full\",\n edge_services_cidr=\"192.168.30.0/26\",\n vmware_engine_network=network_policy_nw.id,\n description=\"Sample Network Policy\",\n internet_access={\n \"enabled\": True,\n },\n external_ip={\n \"enabled\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network_policy_nw = new Gcp.VMwareEngine.Network(\"network-policy-nw\", new()\n {\n Name = \"standard-full-nw\",\n Location = \"global\",\n Type = \"STANDARD\",\n Description = \"VMwareEngine standard network sample\",\n });\n\n var vmw_engine_network_policy = new Gcp.VMwareEngine.NetworkPolicy(\"vmw-engine-network-policy\", new()\n {\n Location = \"us-west1\",\n Name = \"sample-network-policy-full\",\n EdgeServicesCidr = \"192.168.30.0/26\",\n VmwareEngineNetwork = network_policy_nw.Id,\n Description = \"Sample Network Policy\",\n InternetAccess = new Gcp.VMwareEngine.Inputs.NetworkPolicyInternetAccessArgs\n {\n Enabled = true,\n },\n ExternalIp = new Gcp.VMwareEngine.Inputs.NetworkPolicyExternalIpArgs\n {\n Enabled = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.NewNetwork(ctx, \"network-policy-nw\", \u0026vmwareengine.NetworkArgs{\n\t\t\tName: pulumi.String(\"standard-full-nw\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tType: pulumi.String(\"STANDARD\"),\n\t\t\tDescription: pulumi.String(\"VMwareEngine standard network sample\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vmwareengine.NewNetworkPolicy(ctx, \"vmw-engine-network-policy\", \u0026vmwareengine.NetworkPolicyArgs{\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"sample-network-policy-full\"),\n\t\t\tEdgeServicesCidr: pulumi.String(\"192.168.30.0/26\"),\n\t\t\tVmwareEngineNetwork: network_policy_nw.ID(),\n\t\t\tDescription: pulumi.String(\"Sample Network Policy\"),\n\t\t\tInternetAccess: \u0026vmwareengine.NetworkPolicyInternetAccessArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tExternalIp: \u0026vmwareengine.NetworkPolicyExternalIpArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.Network;\nimport com.pulumi.gcp.vmwareengine.NetworkArgs;\nimport com.pulumi.gcp.vmwareengine.NetworkPolicy;\nimport com.pulumi.gcp.vmwareengine.NetworkPolicyArgs;\nimport com.pulumi.gcp.vmwareengine.inputs.NetworkPolicyInternetAccessArgs;\nimport com.pulumi.gcp.vmwareengine.inputs.NetworkPolicyExternalIpArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network_policy_nw = new Network(\"network-policy-nw\", NetworkArgs.builder()\n .name(\"standard-full-nw\")\n .location(\"global\")\n .type(\"STANDARD\")\n .description(\"VMwareEngine standard network sample\")\n .build());\n\n var vmw_engine_network_policy = new NetworkPolicy(\"vmw-engine-network-policy\", NetworkPolicyArgs.builder()\n .location(\"us-west1\")\n .name(\"sample-network-policy-full\")\n .edgeServicesCidr(\"192.168.30.0/26\")\n .vmwareEngineNetwork(network_policy_nw.id())\n .description(\"Sample Network Policy\")\n .internetAccess(NetworkPolicyInternetAccessArgs.builder()\n .enabled(true)\n .build())\n .externalIp(NetworkPolicyExternalIpArgs.builder()\n .enabled(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network-policy-nw:\n type: gcp:vmwareengine:Network\n properties:\n name: standard-full-nw\n location: global\n type: STANDARD\n description: VMwareEngine standard network sample\n vmw-engine-network-policy:\n type: gcp:vmwareengine:NetworkPolicy\n properties:\n location: us-west1\n name: sample-network-policy-full\n edgeServicesCidr: 192.168.30.0/26\n vmwareEngineNetwork: ${[\"network-policy-nw\"].id}\n description: Sample Network Policy\n internetAccess:\n enabled: true\n externalIp:\n enabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNetworkPolicy can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/networkPolicies/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, NetworkPolicy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:vmwareengine/networkPolicy:NetworkPolicy default projects/{{project}}/locations/{{location}}/networkPolicies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vmwareengine/networkPolicy:NetworkPolicy default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vmwareengine/networkPolicy:NetworkPolicy default {{location}}/{{name}}\n```\n\n", + "description": "Represents a network policy resource. Network policies are regional resources.\n\n\nTo get more information about NetworkPolicy, see:\n\n* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.networkPolicies)\n\n## Example Usage\n\n### Vmware Engine Network Policy Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network_policy_nw = new gcp.vmwareengine.Network(\"network-policy-nw\", {\n name: \"sample-network\",\n location: \"global\",\n type: \"STANDARD\",\n description: \"VMwareEngine standard network sample\",\n});\nconst vmw_engine_network_policy = new gcp.vmwareengine.NetworkPolicy(\"vmw-engine-network-policy\", {\n location: \"us-west1\",\n name: \"sample-network-policy\",\n edgeServicesCidr: \"192.168.30.0/26\",\n vmwareEngineNetwork: network_policy_nw.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork_policy_nw = gcp.vmwareengine.Network(\"network-policy-nw\",\n name=\"sample-network\",\n location=\"global\",\n type=\"STANDARD\",\n description=\"VMwareEngine standard network sample\")\nvmw_engine_network_policy = gcp.vmwareengine.NetworkPolicy(\"vmw-engine-network-policy\",\n location=\"us-west1\",\n name=\"sample-network-policy\",\n edge_services_cidr=\"192.168.30.0/26\",\n vmware_engine_network=network_policy_nw.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network_policy_nw = new Gcp.VMwareEngine.Network(\"network-policy-nw\", new()\n {\n Name = \"sample-network\",\n Location = \"global\",\n Type = \"STANDARD\",\n Description = \"VMwareEngine standard network sample\",\n });\n\n var vmw_engine_network_policy = new Gcp.VMwareEngine.NetworkPolicy(\"vmw-engine-network-policy\", new()\n {\n Location = \"us-west1\",\n Name = \"sample-network-policy\",\n EdgeServicesCidr = \"192.168.30.0/26\",\n VmwareEngineNetwork = network_policy_nw.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.NewNetwork(ctx, \"network-policy-nw\", \u0026vmwareengine.NetworkArgs{\n\t\t\tName: pulumi.String(\"sample-network\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tType: pulumi.String(\"STANDARD\"),\n\t\t\tDescription: pulumi.String(\"VMwareEngine standard network sample\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vmwareengine.NewNetworkPolicy(ctx, \"vmw-engine-network-policy\", \u0026vmwareengine.NetworkPolicyArgs{\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"sample-network-policy\"),\n\t\t\tEdgeServicesCidr: pulumi.String(\"192.168.30.0/26\"),\n\t\t\tVmwareEngineNetwork: network_policy_nw.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.Network;\nimport com.pulumi.gcp.vmwareengine.NetworkArgs;\nimport com.pulumi.gcp.vmwareengine.NetworkPolicy;\nimport com.pulumi.gcp.vmwareengine.NetworkPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network_policy_nw = new Network(\"network-policy-nw\", NetworkArgs.builder()\n .name(\"sample-network\")\n .location(\"global\")\n .type(\"STANDARD\")\n .description(\"VMwareEngine standard network sample\")\n .build());\n\n var vmw_engine_network_policy = new NetworkPolicy(\"vmw-engine-network-policy\", NetworkPolicyArgs.builder()\n .location(\"us-west1\")\n .name(\"sample-network-policy\")\n .edgeServicesCidr(\"192.168.30.0/26\")\n .vmwareEngineNetwork(network_policy_nw.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network-policy-nw:\n type: gcp:vmwareengine:Network\n properties:\n name: sample-network\n location: global\n type: STANDARD\n description: VMwareEngine standard network sample\n vmw-engine-network-policy:\n type: gcp:vmwareengine:NetworkPolicy\n properties:\n location: us-west1\n name: sample-network-policy\n edgeServicesCidr: 192.168.30.0/26\n vmwareEngineNetwork: ${[\"network-policy-nw\"].id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Vmware Engine Network Policy Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network_policy_nw = new gcp.vmwareengine.Network(\"network-policy-nw\", {\n name: \"sample-network\",\n location: \"global\",\n type: \"STANDARD\",\n description: \"VMwareEngine standard network sample\",\n});\nconst vmw_engine_network_policy = new gcp.vmwareengine.NetworkPolicy(\"vmw-engine-network-policy\", {\n location: \"us-west1\",\n name: \"sample-network-policy\",\n edgeServicesCidr: \"192.168.30.0/26\",\n vmwareEngineNetwork: network_policy_nw.id,\n description: \"Sample Network Policy\",\n internetAccess: {\n enabled: true,\n },\n externalIp: {\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork_policy_nw = gcp.vmwareengine.Network(\"network-policy-nw\",\n name=\"sample-network\",\n location=\"global\",\n type=\"STANDARD\",\n description=\"VMwareEngine standard network sample\")\nvmw_engine_network_policy = gcp.vmwareengine.NetworkPolicy(\"vmw-engine-network-policy\",\n location=\"us-west1\",\n name=\"sample-network-policy\",\n edge_services_cidr=\"192.168.30.0/26\",\n vmware_engine_network=network_policy_nw.id,\n description=\"Sample Network Policy\",\n internet_access={\n \"enabled\": True,\n },\n external_ip={\n \"enabled\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network_policy_nw = new Gcp.VMwareEngine.Network(\"network-policy-nw\", new()\n {\n Name = \"sample-network\",\n Location = \"global\",\n Type = \"STANDARD\",\n Description = \"VMwareEngine standard network sample\",\n });\n\n var vmw_engine_network_policy = new Gcp.VMwareEngine.NetworkPolicy(\"vmw-engine-network-policy\", new()\n {\n Location = \"us-west1\",\n Name = \"sample-network-policy\",\n EdgeServicesCidr = \"192.168.30.0/26\",\n VmwareEngineNetwork = network_policy_nw.Id,\n Description = \"Sample Network Policy\",\n InternetAccess = new Gcp.VMwareEngine.Inputs.NetworkPolicyInternetAccessArgs\n {\n Enabled = true,\n },\n ExternalIp = new Gcp.VMwareEngine.Inputs.NetworkPolicyExternalIpArgs\n {\n Enabled = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/vmwareengine\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := vmwareengine.NewNetwork(ctx, \"network-policy-nw\", \u0026vmwareengine.NetworkArgs{\n\t\t\tName: pulumi.String(\"sample-network\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tType: pulumi.String(\"STANDARD\"),\n\t\t\tDescription: pulumi.String(\"VMwareEngine standard network sample\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vmwareengine.NewNetworkPolicy(ctx, \"vmw-engine-network-policy\", \u0026vmwareengine.NetworkPolicyArgs{\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tName: pulumi.String(\"sample-network-policy\"),\n\t\t\tEdgeServicesCidr: pulumi.String(\"192.168.30.0/26\"),\n\t\t\tVmwareEngineNetwork: network_policy_nw.ID(),\n\t\t\tDescription: pulumi.String(\"Sample Network Policy\"),\n\t\t\tInternetAccess: \u0026vmwareengine.NetworkPolicyInternetAccessArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tExternalIp: \u0026vmwareengine.NetworkPolicyExternalIpArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.vmwareengine.Network;\nimport com.pulumi.gcp.vmwareengine.NetworkArgs;\nimport com.pulumi.gcp.vmwareengine.NetworkPolicy;\nimport com.pulumi.gcp.vmwareengine.NetworkPolicyArgs;\nimport com.pulumi.gcp.vmwareengine.inputs.NetworkPolicyInternetAccessArgs;\nimport com.pulumi.gcp.vmwareengine.inputs.NetworkPolicyExternalIpArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network_policy_nw = new Network(\"network-policy-nw\", NetworkArgs.builder()\n .name(\"sample-network\")\n .location(\"global\")\n .type(\"STANDARD\")\n .description(\"VMwareEngine standard network sample\")\n .build());\n\n var vmw_engine_network_policy = new NetworkPolicy(\"vmw-engine-network-policy\", NetworkPolicyArgs.builder()\n .location(\"us-west1\")\n .name(\"sample-network-policy\")\n .edgeServicesCidr(\"192.168.30.0/26\")\n .vmwareEngineNetwork(network_policy_nw.id())\n .description(\"Sample Network Policy\")\n .internetAccess(NetworkPolicyInternetAccessArgs.builder()\n .enabled(true)\n .build())\n .externalIp(NetworkPolicyExternalIpArgs.builder()\n .enabled(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network-policy-nw:\n type: gcp:vmwareengine:Network\n properties:\n name: sample-network\n location: global\n type: STANDARD\n description: VMwareEngine standard network sample\n vmw-engine-network-policy:\n type: gcp:vmwareengine:NetworkPolicy\n properties:\n location: us-west1\n name: sample-network-policy\n edgeServicesCidr: 192.168.30.0/26\n vmwareEngineNetwork: ${[\"network-policy-nw\"].id}\n description: Sample Network Policy\n internetAccess:\n enabled: true\n externalIp:\n enabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNetworkPolicy can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/networkPolicies/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, NetworkPolicy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:vmwareengine/networkPolicy:NetworkPolicy default projects/{{project}}/locations/{{location}}/networkPolicies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vmwareengine/networkPolicy:NetworkPolicy default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:vmwareengine/networkPolicy:NetworkPolicy default {{location}}/{{name}}\n```\n\n", "properties": { "createTime": { "type": "string", @@ -268152,6 +269359,7 @@ } }, "gcp:logging/getLogViewIamPolicy:getLogViewIamPolicy": { + "description": "Retrieves the current IAM policy data for logview\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.logging.getLogViewIamPolicy({\n parent: loggingLogView.parent,\n location: loggingLogView.location,\n bucket: loggingLogView.bucket,\n name: loggingLogView.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.logging.get_log_view_iam_policy(parent=logging_log_view[\"parent\"],\n location=logging_log_view[\"location\"],\n bucket=logging_log_view[\"bucket\"],\n name=logging_log_view[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.Logging.GetLogViewIamPolicy.Invoke(new()\n {\n Parent = loggingLogView.Parent,\n Location = loggingLogView.Location,\n Bucket = loggingLogView.Bucket,\n Name = loggingLogView.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := logging.LookupLogViewIamPolicy(ctx, \u0026logging.LookupLogViewIamPolicyArgs{\n\t\t\tParent: loggingLogView.Parent,\n\t\t\tLocation: pulumi.StringRef(loggingLogView.Location),\n\t\t\tBucket: loggingLogView.Bucket,\n\t\t\tName: loggingLogView.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.logging.LoggingFunctions;\nimport com.pulumi.gcp.logging.inputs.GetLogViewIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = LoggingFunctions.getLogViewIamPolicy(GetLogViewIamPolicyArgs.builder()\n .parent(loggingLogView.parent())\n .location(loggingLogView.location())\n .bucket(loggingLogView.bucket())\n .name(loggingLogView.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:logging:getLogViewIamPolicy\n Arguments:\n parent: ${loggingLogView.parent}\n location: ${loggingLogView.location}\n bucket: ${loggingLogView.bucket}\n name: ${loggingLogView.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getLogViewIamPolicy.\n", "properties": { @@ -269632,6 +270840,9 @@ "billingAccount": { "type": "string" }, + "deletionPolicy": { + "type": "string" + }, "effectiveLabels": { "additionalProperties": { "type": "string" @@ -269679,6 +270890,7 @@ "required": [ "autoCreateNetwork", "billingAccount", + "deletionPolicy", "effectiveLabels", "folderId", "labels", @@ -271188,6 +272400,59 @@ "type": "object" } }, + "gcp:securitycenter/getV2OrganizationSourceIamPolicy:getV2OrganizationSourceIamPolicy": { + "description": "Retrieves the current IAM policy data for organizationsource\n\n\n## example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst policy = gcp.securitycenter.getV2OrganizationSourceIamPolicy({\n source: customSource.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\npolicy = gcp.securitycenter.get_v2_organization_source_iam_policy(source=custom_source[\"name\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policy = Gcp.SecurityCenter.GetV2OrganizationSourceIamPolicy.Invoke(new()\n {\n Source = customSource.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securitycenter.LookupV2OrganizationSourceIamPolicy(ctx, \u0026securitycenter.LookupV2OrganizationSourceIamPolicyArgs{\n\t\t\tSource: customSource.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.securitycenter.SecuritycenterFunctions;\nimport com.pulumi.gcp.securitycenter.inputs.GetV2OrganizationSourceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var policy = SecuritycenterFunctions.getV2OrganizationSourceIamPolicy(GetV2OrganizationSourceIamPolicyArgs.builder()\n .source(customSource.name())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n policy:\n fn::invoke:\n Function: gcp:securitycenter:getV2OrganizationSourceIamPolicy\n Arguments:\n source: ${customSource.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "inputs": { + "description": "A collection of arguments for invoking getV2OrganizationSourceIamPolicy.\n", + "properties": { + "organization": { + "type": "string", + "willReplaceOnChanges": true + }, + "source": { + "type": "string", + "description": "Used to find the parent resource to bind the IAM policy to\n", + "willReplaceOnChanges": true + } + }, + "type": "object", + "required": [ + "organization", + "source" + ] + }, + "outputs": { + "description": "A collection of values returned by getV2OrganizationSourceIamPolicy.\n", + "properties": { + "etag": { + "description": "(Computed) The etag of the IAM policy.\n", + "type": "string" + }, + "id": { + "description": "The provider-assigned unique ID for this managed resource.\n", + "type": "string" + }, + "organization": { + "type": "string" + }, + "policyData": { + "description": "(Required only by `gcp.securitycenter.V2OrganizationSourceIamPolicy`) The policy data generated by\na `gcp.organizations.getIAMPolicy` data source.\n", + "type": "string" + }, + "source": { + "type": "string" + } + }, + "required": [ + "etag", + "organization", + "policyData", + "source", + "id" + ], + "type": "object" + } + }, "gcp:serviceaccount/getAccount:getAccount": { "description": "Get the service account from a project. For more information see\nthe official [API](https://cloud.google.com/compute/docs/access/service-accounts) documentation.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst objectViewer = gcp.serviceaccount.getAccount({\n accountId: \"object-viewer\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nobject_viewer = gcp.serviceaccount.get_account(account_id=\"object-viewer\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var objectViewer = Gcp.ServiceAccount.GetAccount.Invoke(new()\n {\n AccountId = \"object-viewer\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := serviceaccount.LookupAccount(ctx, \u0026serviceaccount.LookupAccountArgs{\n\t\t\tAccountId: \"object-viewer\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetAccountArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var objectViewer = ServiceaccountFunctions.getAccount(GetAccountArgs.builder()\n .accountId(\"object-viewer\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n objectViewer:\n fn::invoke:\n Function: gcp:serviceaccount:getAccount\n Arguments:\n accountId: object-viewer\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Save Key In Kubernetes Secret\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as kubernetes from \"@pulumi/kubernetes\";\nimport * as std from \"@pulumi/std\";\n\nconst myaccount = gcp.serviceaccount.getAccount({\n accountId: \"myaccount-id\",\n});\nconst mykey = new gcp.serviceaccount.Key(\"mykey\", {serviceAccountId: myaccount.then(myaccount =\u003e myaccount.name)});\nconst google_application_credentials = new kubernetes.core.v1.Secret(\"google-application-credentials\", {\n metadata: {\n name: \"google-application-credentials\",\n },\n data: {\n json: std.base64decodeOutput({\n input: mykey.privateKey,\n }).apply(invoke =\u003e invoke.result),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_kubernetes as kubernetes\nimport pulumi_std as std\n\nmyaccount = gcp.serviceaccount.get_account(account_id=\"myaccount-id\")\nmykey = gcp.serviceaccount.Key(\"mykey\", service_account_id=myaccount.name)\ngoogle_application_credentials = kubernetes.core.v1.Secret(\"google-application-credentials\",\n metadata={\n \"name\": \"google-application-credentials\",\n },\n data={\n \"json\": std.base64decode_output(input=mykey.private_key).apply(lambda invoke: invoke.result),\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Kubernetes = Pulumi.Kubernetes;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myaccount = Gcp.ServiceAccount.GetAccount.Invoke(new()\n {\n AccountId = \"myaccount-id\",\n });\n\n var mykey = new Gcp.ServiceAccount.Key(\"mykey\", new()\n {\n ServiceAccountId = myaccount.Apply(getAccountResult =\u003e getAccountResult.Name),\n });\n\n var google_application_credentials = new Kubernetes.Core.V1.Secret(\"google-application-credentials\", new()\n {\n Metadata = new Kubernetes.Types.Inputs.Meta.V1.ObjectMetaArgs\n {\n Name = \"google-application-credentials\",\n },\n Data = \n {\n { \"json\", Std.Base64decode.Invoke(new()\n {\n Input = mykey.PrivateKey,\n }).Apply(invoke =\u003e invoke.Result) },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\tcorev1 \"github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/core/v1\"\n\tmetav1 \"github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/meta/v1\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyaccount, err := serviceaccount.LookupAccount(ctx, \u0026serviceaccount.LookupAccountArgs{\n\t\t\tAccountId: \"myaccount-id\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmykey, err := serviceaccount.NewKey(ctx, \"mykey\", \u0026serviceaccount.KeyArgs{\n\t\t\tServiceAccountId: pulumi.String(myaccount.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = corev1.NewSecret(ctx, \"google-application-credentials\", \u0026corev1.SecretArgs{\n\t\t\tMetadata: \u0026metav1.ObjectMetaArgs{\n\t\t\t\tName: pulumi.String(\"google-application-credentials\"),\n\t\t\t},\n\t\t\tData: pulumi.StringMap{\n\t\t\t\t\"json\": pulumi.String(std.Base64decodeOutput(ctx, std.Base64decodeOutputArgs{\n\t\t\t\t\tInput: mykey.PrivateKey,\n\t\t\t\t}, nil).ApplyT(func(invoke std.Base64decodeResult) (*string, error) {\n\t\t\t\t\treturn invoke.Result, nil\n\t\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.ServiceaccountFunctions;\nimport com.pulumi.gcp.serviceaccount.inputs.GetAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Key;\nimport com.pulumi.gcp.serviceaccount.KeyArgs;\nimport com.pulumi.kubernetes.core_v1.Secret;\nimport com.pulumi.kubernetes.core_v1.SecretArgs;\nimport com.pulumi.kubernetes.meta_v1.inputs.ObjectMetaArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var myaccount = ServiceaccountFunctions.getAccount(GetAccountArgs.builder()\n .accountId(\"myaccount-id\")\n .build());\n\n var mykey = new Key(\"mykey\", KeyArgs.builder()\n .serviceAccountId(myaccount.applyValue(getAccountResult -\u003e getAccountResult.name()))\n .build());\n\n var google_application_credentials = new Secret(\"google-application-credentials\", SecretArgs.builder()\n .metadata(ObjectMetaArgs.builder()\n .name(\"google-application-credentials\")\n .build())\n .data(Map.of(\"json\", StdFunctions.base64decode().applyValue(invoke -\u003e invoke.result())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n mykey:\n type: gcp:serviceaccount:Key\n properties:\n serviceAccountId: ${myaccount.name}\n google-application-credentials:\n type: kubernetes:core/v1:Secret\n properties:\n metadata:\n name: google-application-credentials\n data:\n json:\n fn::invoke:\n Function: std:base64decode\n Arguments:\n input: ${mykey.privateKey}\n Return: result\nvariables:\n myaccount:\n fn::invoke:\n Function: gcp:serviceaccount:getAccount\n Arguments:\n accountId: myaccount-id\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { @@ -272928,6 +274193,10 @@ "description": "(Computed) Whether an object is under [event-based hold](https://cloud.google.com/storage/docs/object-holds#hold-types). Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).\n", "type": "boolean" }, + "generation": { + "description": "(Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete).\n", + "type": "integer" + }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" @@ -272988,6 +274257,7 @@ "customerEncryptions", "detectMd5hash", "eventBasedHold", + "generation", "kmsKeyName", "md5hash", "mediaLink", @@ -273067,6 +274337,9 @@ "eventBasedHold": { "type": "boolean" }, + "generation": { + "type": "integer" + }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" @@ -273122,6 +274395,7 @@ "customerEncryptions", "detectMd5hash", "eventBasedHold", + "generation", "kmsKeyName", "md5hash", "mediaLink", diff --git a/provider/go.mod b/provider/go.mod index a27014b036..02b7c1b8c6 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -42,7 +42,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect github.com/BurntSushi/toml v1.2.1 // indirect - github.com/GoogleCloudPlatform/declarative-resource-client-library v1.68.0 // indirect + github.com/GoogleCloudPlatform/declarative-resource-client-library v1.70.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver v1.5.0 // indirect github.com/Masterminds/semver/v3 v3.2.1 // indirect diff --git a/provider/go.sum b/provider/go.sum index 1448d9a4a8..e6c16661aa 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -1177,8 +1177,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak= github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/GoogleCloudPlatform/declarative-resource-client-library v1.68.0 h1:LIPIYi4hy7ttUSrziY/TYwMDuEvvV593n80kRmz6nZ4= -github.com/GoogleCloudPlatform/declarative-resource-client-library v1.68.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k= +github.com/GoogleCloudPlatform/declarative-resource-client-library v1.70.0 h1:dqqxHZYK0tlzViFqAbKzMIkfboQVWYN1CTEM2sjBtmQ= +github.com/GoogleCloudPlatform/declarative-resource-client-library v1.70.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k= github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM= github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk= diff --git a/provider/provider_yaml_test.go b/provider/provider_yaml_test.go index 2994f5cfdb..2ab099f335 100644 --- a/provider/provider_yaml_test.go +++ b/provider/provider_yaml_test.go @@ -468,12 +468,14 @@ func TestOrganizationsProjectAutoNaming(t *testing.T) { "inputs": { "__defaults": [ "autoCreateNetwork", + "deletionPolicy", "name", "projectId" ], "autoCreateNetwork": true, "name": "my-proj", - "projectId": "my-proj-760b06d" + "projectId": "my-proj-760b06d", + "deletionPolicy": "DELETE" } }, "metadata": { diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressFromArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressFromArgs.cs new file mode 100644 index 0000000000..049d1b41d5 --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressFromArgs.cs @@ -0,0 +1,63 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Inputs +{ + + public sealed class ServicePerimeterDryRunEgressPolicyEgressFromArgs : global::Pulumi.ResourceArgs + { + [Input("identities")] + private InputList? _identities; + + /// + /// A list of identities that are allowed access through this `EgressPolicy`. + /// Should be in the format of email address. The email address should + /// represent individual user or service account only. + /// + public InputList Identities + { + get => _identities ?? (_identities = new InputList()); + set => _identities = value; + } + + /// + /// Specifies the type of identities that are allowed access to outside the + /// perimeter. If left unspecified, then members of `identities` field will + /// be allowed access. + /// Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + /// + [Input("identityType")] + public Input? IdentityType { get; set; } + + /// + /// Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. + /// Possible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`. + /// + [Input("sourceRestriction")] + public Input? SourceRestriction { get; set; } + + [Input("sources")] + private InputList? _sources; + + /// + /// Sources that this EgressPolicy authorizes access from. + /// Structure is documented below. + /// + public InputList Sources + { + get => _sources ?? (_sources = new InputList()); + set => _sources = value; + } + + public ServicePerimeterDryRunEgressPolicyEgressFromArgs() + { + } + public static new ServicePerimeterDryRunEgressPolicyEgressFromArgs Empty => new ServicePerimeterDryRunEgressPolicyEgressFromArgs(); + } +} diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressFromGetArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressFromGetArgs.cs new file mode 100644 index 0000000000..cca996cb52 --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressFromGetArgs.cs @@ -0,0 +1,63 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Inputs +{ + + public sealed class ServicePerimeterDryRunEgressPolicyEgressFromGetArgs : global::Pulumi.ResourceArgs + { + [Input("identities")] + private InputList? _identities; + + /// + /// A list of identities that are allowed access through this `EgressPolicy`. + /// Should be in the format of email address. The email address should + /// represent individual user or service account only. + /// + public InputList Identities + { + get => _identities ?? (_identities = new InputList()); + set => _identities = value; + } + + /// + /// Specifies the type of identities that are allowed access to outside the + /// perimeter. If left unspecified, then members of `identities` field will + /// be allowed access. + /// Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + /// + [Input("identityType")] + public Input? IdentityType { get; set; } + + /// + /// Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. + /// Possible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`. + /// + [Input("sourceRestriction")] + public Input? SourceRestriction { get; set; } + + [Input("sources")] + private InputList? _sources; + + /// + /// Sources that this EgressPolicy authorizes access from. + /// Structure is documented below. + /// + public InputList Sources + { + get => _sources ?? (_sources = new InputList()); + set => _sources = value; + } + + public ServicePerimeterDryRunEgressPolicyEgressFromGetArgs() + { + } + public static new ServicePerimeterDryRunEgressPolicyEgressFromGetArgs Empty => new ServicePerimeterDryRunEgressPolicyEgressFromGetArgs(); + } +} diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs.cs new file mode 100644 index 0000000000..69f2d25e2b --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs.cs @@ -0,0 +1,26 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Inputs +{ + + public sealed class ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs : global::Pulumi.ResourceArgs + { + /// + /// An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside. + /// + [Input("accessLevel")] + public Input? AccessLevel { get; set; } + + public ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs() + { + } + public static new ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs Empty => new ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs(); + } +} diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressFromSourceGetArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressFromSourceGetArgs.cs new file mode 100644 index 0000000000..c325bc5dab --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressFromSourceGetArgs.cs @@ -0,0 +1,26 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Inputs +{ + + public sealed class ServicePerimeterDryRunEgressPolicyEgressFromSourceGetArgs : global::Pulumi.ResourceArgs + { + /// + /// An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside. + /// + [Input("accessLevel")] + public Input? AccessLevel { get; set; } + + public ServicePerimeterDryRunEgressPolicyEgressFromSourceGetArgs() + { + } + public static new ServicePerimeterDryRunEgressPolicyEgressFromSourceGetArgs Empty => new ServicePerimeterDryRunEgressPolicyEgressFromSourceGetArgs(); + } +} diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressToArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressToArgs.cs new file mode 100644 index 0000000000..be464455ea --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressToArgs.cs @@ -0,0 +1,64 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Inputs +{ + + public sealed class ServicePerimeterDryRunEgressPolicyEgressToArgs : global::Pulumi.ResourceArgs + { + [Input("externalResources")] + private InputList? _externalResources; + + /// + /// A list of external resources that are allowed to be accessed. A request + /// matches if it contains an external resource in this list (Example: + /// s3://bucket/path). Currently '*' is not allowed. + /// + public InputList ExternalResources + { + get => _externalResources ?? (_externalResources = new InputList()); + set => _externalResources = value; + } + + [Input("operations")] + private InputList? _operations; + + /// + /// A list of `ApiOperations` that this egress rule applies to. A request matches + /// if it contains an operation/service in this list. + /// Structure is documented below. + /// + public InputList Operations + { + get => _operations ?? (_operations = new InputList()); + set => _operations = value; + } + + [Input("resources")] + private InputList? _resources; + + /// + /// A list of resources, currently only projects in the form + /// `projects/<projectnumber>`, that match this to stanza. A request matches + /// if it contains a resource in this list. If * is specified for resources, + /// then this `EgressTo` rule will authorize access to all resources outside + /// the perimeter. + /// + public InputList Resources + { + get => _resources ?? (_resources = new InputList()); + set => _resources = value; + } + + public ServicePerimeterDryRunEgressPolicyEgressToArgs() + { + } + public static new ServicePerimeterDryRunEgressPolicyEgressToArgs Empty => new ServicePerimeterDryRunEgressPolicyEgressToArgs(); + } +} diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressToGetArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressToGetArgs.cs new file mode 100644 index 0000000000..575cf0e016 --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressToGetArgs.cs @@ -0,0 +1,64 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Inputs +{ + + public sealed class ServicePerimeterDryRunEgressPolicyEgressToGetArgs : global::Pulumi.ResourceArgs + { + [Input("externalResources")] + private InputList? _externalResources; + + /// + /// A list of external resources that are allowed to be accessed. A request + /// matches if it contains an external resource in this list (Example: + /// s3://bucket/path). Currently '*' is not allowed. + /// + public InputList ExternalResources + { + get => _externalResources ?? (_externalResources = new InputList()); + set => _externalResources = value; + } + + [Input("operations")] + private InputList? _operations; + + /// + /// A list of `ApiOperations` that this egress rule applies to. A request matches + /// if it contains an operation/service in this list. + /// Structure is documented below. + /// + public InputList Operations + { + get => _operations ?? (_operations = new InputList()); + set => _operations = value; + } + + [Input("resources")] + private InputList? _resources; + + /// + /// A list of resources, currently only projects in the form + /// `projects/<projectnumber>`, that match this to stanza. A request matches + /// if it contains a resource in this list. If * is specified for resources, + /// then this `EgressTo` rule will authorize access to all resources outside + /// the perimeter. + /// + public InputList Resources + { + get => _resources ?? (_resources = new InputList()); + set => _resources = value; + } + + public ServicePerimeterDryRunEgressPolicyEgressToGetArgs() + { + } + public static new ServicePerimeterDryRunEgressPolicyEgressToGetArgs Empty => new ServicePerimeterDryRunEgressPolicyEgressToGetArgs(); + } +} diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressToOperationArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressToOperationArgs.cs new file mode 100644 index 0000000000..e21958fb3a --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressToOperationArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Inputs +{ + + public sealed class ServicePerimeterDryRunEgressPolicyEgressToOperationArgs : global::Pulumi.ResourceArgs + { + [Input("methodSelectors")] + private InputList? _methodSelectors; + + /// + /// API methods or permissions to allow. Method or permission must belong + /// to the service specified by `serviceName` field. A single MethodSelector + /// entry with `*` specified for the `method` field will allow all methods + /// AND permissions for the service specified in `serviceName`. + /// Structure is documented below. + /// + public InputList MethodSelectors + { + get => _methodSelectors ?? (_methodSelectors = new InputList()); + set => _methodSelectors = value; + } + + /// + /// The name of the API whose methods or permissions the `IngressPolicy` or + /// `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + /// field set to `*` will allow all methods AND permissions for all services. + /// + [Input("serviceName")] + public Input? ServiceName { get; set; } + + public ServicePerimeterDryRunEgressPolicyEgressToOperationArgs() + { + } + public static new ServicePerimeterDryRunEgressPolicyEgressToOperationArgs Empty => new ServicePerimeterDryRunEgressPolicyEgressToOperationArgs(); + } +} diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressToOperationGetArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressToOperationGetArgs.cs new file mode 100644 index 0000000000..d521d38fba --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressToOperationGetArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Inputs +{ + + public sealed class ServicePerimeterDryRunEgressPolicyEgressToOperationGetArgs : global::Pulumi.ResourceArgs + { + [Input("methodSelectors")] + private InputList? _methodSelectors; + + /// + /// API methods or permissions to allow. Method or permission must belong + /// to the service specified by `serviceName` field. A single MethodSelector + /// entry with `*` specified for the `method` field will allow all methods + /// AND permissions for the service specified in `serviceName`. + /// Structure is documented below. + /// + public InputList MethodSelectors + { + get => _methodSelectors ?? (_methodSelectors = new InputList()); + set => _methodSelectors = value; + } + + /// + /// The name of the API whose methods or permissions the `IngressPolicy` or + /// `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + /// field set to `*` will allow all methods AND permissions for all services. + /// + [Input("serviceName")] + public Input? ServiceName { get; set; } + + public ServicePerimeterDryRunEgressPolicyEgressToOperationGetArgs() + { + } + public static new ServicePerimeterDryRunEgressPolicyEgressToOperationGetArgs Empty => new ServicePerimeterDryRunEgressPolicyEgressToOperationGetArgs(); + } +} diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs.cs new file mode 100644 index 0000000000..3da4109009 --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs.cs @@ -0,0 +1,35 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Inputs +{ + + public sealed class ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs : global::Pulumi.ResourceArgs + { + /// + /// Value for `method` should be a valid method name for the corresponding + /// `serviceName` in `ApiOperation`. If `*` used as value for method, + /// then ALL methods and permissions are allowed. + /// + [Input("method")] + public Input? Method { get; set; } + + /// + /// Value for permission should be a valid Cloud IAM permission for the + /// corresponding `serviceName` in `ApiOperation`. + /// + [Input("permission")] + public Input? Permission { get; set; } + + public ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs() + { + } + public static new ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs Empty => new ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs(); + } +} diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorGetArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorGetArgs.cs new file mode 100644 index 0000000000..95fcb16f68 --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorGetArgs.cs @@ -0,0 +1,35 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Inputs +{ + + public sealed class ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Value for `method` should be a valid method name for the corresponding + /// `serviceName` in `ApiOperation`. If `*` used as value for method, + /// then ALL methods and permissions are allowed. + /// + [Input("method")] + public Input? Method { get; set; } + + /// + /// Value for permission should be a valid Cloud IAM permission for the + /// corresponding `serviceName` in `ApiOperation`. + /// + [Input("permission")] + public Input? Permission { get; set; } + + public ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorGetArgs() + { + } + public static new ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorGetArgs Empty => new ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorGetArgs(); + } +} diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressFromArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressFromArgs.cs new file mode 100644 index 0000000000..c0004f828d --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressFromArgs.cs @@ -0,0 +1,56 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Inputs +{ + + public sealed class ServicePerimeterDryRunIngressPolicyIngressFromArgs : global::Pulumi.ResourceArgs + { + [Input("identities")] + private InputList? _identities; + + /// + /// A list of identities that are allowed access through this ingress policy. + /// Should be in the format of email address. The email address should represent + /// individual user or service account only. + /// + public InputList Identities + { + get => _identities ?? (_identities = new InputList()); + set => _identities = value; + } + + /// + /// Specifies the type of identities that are allowed access from outside the + /// perimeter. If left unspecified, then members of `identities` field will be + /// allowed access. + /// Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + /// + [Input("identityType")] + public Input? IdentityType { get; set; } + + [Input("sources")] + private InputList? _sources; + + /// + /// Sources that this `IngressPolicy` authorizes access from. + /// Structure is documented below. + /// + public InputList Sources + { + get => _sources ?? (_sources = new InputList()); + set => _sources = value; + } + + public ServicePerimeterDryRunIngressPolicyIngressFromArgs() + { + } + public static new ServicePerimeterDryRunIngressPolicyIngressFromArgs Empty => new ServicePerimeterDryRunIngressPolicyIngressFromArgs(); + } +} diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressFromGetArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressFromGetArgs.cs new file mode 100644 index 0000000000..8a65d4de2b --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressFromGetArgs.cs @@ -0,0 +1,56 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Inputs +{ + + public sealed class ServicePerimeterDryRunIngressPolicyIngressFromGetArgs : global::Pulumi.ResourceArgs + { + [Input("identities")] + private InputList? _identities; + + /// + /// A list of identities that are allowed access through this ingress policy. + /// Should be in the format of email address. The email address should represent + /// individual user or service account only. + /// + public InputList Identities + { + get => _identities ?? (_identities = new InputList()); + set => _identities = value; + } + + /// + /// Specifies the type of identities that are allowed access from outside the + /// perimeter. If left unspecified, then members of `identities` field will be + /// allowed access. + /// Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + /// + [Input("identityType")] + public Input? IdentityType { get; set; } + + [Input("sources")] + private InputList? _sources; + + /// + /// Sources that this `IngressPolicy` authorizes access from. + /// Structure is documented below. + /// + public InputList Sources + { + get => _sources ?? (_sources = new InputList()); + set => _sources = value; + } + + public ServicePerimeterDryRunIngressPolicyIngressFromGetArgs() + { + } + public static new ServicePerimeterDryRunIngressPolicyIngressFromGetArgs Empty => new ServicePerimeterDryRunIngressPolicyIngressFromGetArgs(); + } +} diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs.cs new file mode 100644 index 0000000000..26b0e55673 --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Inputs +{ + + public sealed class ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs : global::Pulumi.ResourceArgs + { + /// + /// An `AccessLevel` resource name that allow resources within the + /// `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + /// must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + /// `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + /// resources within the perimeter can only be accessed via Google Cloud calls + /// with request origins within the perimeter. + /// Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + /// If * is specified, then all IngressSources will be allowed. + /// + [Input("accessLevel")] + public Input? AccessLevel { get; set; } + + /// + /// A Google Cloud resource that is allowed to ingress the perimeter. + /// Requests from these resources will be allowed to access perimeter data. + /// Currently only projects are allowed. Format `projects/{project_number}` + /// The project may be in any Google Cloud organization, not just the + /// organization that the perimeter is defined in. `*` is not allowed, the case + /// of allowing all Google Cloud resources only is not supported. + /// + [Input("resource")] + public Input? Resource { get; set; } + + public ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs() + { + } + public static new ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs Empty => new ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs(); + } +} diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressFromSourceGetArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressFromSourceGetArgs.cs new file mode 100644 index 0000000000..7a23ff1f4b --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressFromSourceGetArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Inputs +{ + + public sealed class ServicePerimeterDryRunIngressPolicyIngressFromSourceGetArgs : global::Pulumi.ResourceArgs + { + /// + /// An `AccessLevel` resource name that allow resources within the + /// `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + /// must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + /// `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + /// resources within the perimeter can only be accessed via Google Cloud calls + /// with request origins within the perimeter. + /// Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + /// If * is specified, then all IngressSources will be allowed. + /// + [Input("accessLevel")] + public Input? AccessLevel { get; set; } + + /// + /// A Google Cloud resource that is allowed to ingress the perimeter. + /// Requests from these resources will be allowed to access perimeter data. + /// Currently only projects are allowed. Format `projects/{project_number}` + /// The project may be in any Google Cloud organization, not just the + /// organization that the perimeter is defined in. `*` is not allowed, the case + /// of allowing all Google Cloud resources only is not supported. + /// + [Input("resource")] + public Input? Resource { get; set; } + + public ServicePerimeterDryRunIngressPolicyIngressFromSourceGetArgs() + { + } + public static new ServicePerimeterDryRunIngressPolicyIngressFromSourceGetArgs Empty => new ServicePerimeterDryRunIngressPolicyIngressFromSourceGetArgs(); + } +} diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressToArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressToArgs.cs new file mode 100644 index 0000000000..aaf9e3ff0a --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressToArgs.cs @@ -0,0 +1,53 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Inputs +{ + + public sealed class ServicePerimeterDryRunIngressPolicyIngressToArgs : global::Pulumi.ResourceArgs + { + [Input("operations")] + private InputList? _operations; + + /// + /// A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + /// are allowed to perform in this `ServicePerimeter`. + /// Structure is documented below. + /// + public InputList Operations + { + get => _operations ?? (_operations = new InputList()); + set => _operations = value; + } + + [Input("resources")] + private InputList? _resources; + + /// + /// A list of resources, currently only projects in the form + /// `projects/<projectnumber>`, protected by this `ServicePerimeter` + /// that are allowed to be accessed by sources defined in the + /// corresponding `IngressFrom`. A request matches if it contains + /// a resource in this list. If `*` is specified for resources, + /// then this `IngressTo` rule will authorize access to all + /// resources inside the perimeter, provided that the request + /// also matches the `operations` field. + /// + public InputList Resources + { + get => _resources ?? (_resources = new InputList()); + set => _resources = value; + } + + public ServicePerimeterDryRunIngressPolicyIngressToArgs() + { + } + public static new ServicePerimeterDryRunIngressPolicyIngressToArgs Empty => new ServicePerimeterDryRunIngressPolicyIngressToArgs(); + } +} diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressToGetArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressToGetArgs.cs new file mode 100644 index 0000000000..dfe40beaa7 --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressToGetArgs.cs @@ -0,0 +1,53 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Inputs +{ + + public sealed class ServicePerimeterDryRunIngressPolicyIngressToGetArgs : global::Pulumi.ResourceArgs + { + [Input("operations")] + private InputList? _operations; + + /// + /// A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + /// are allowed to perform in this `ServicePerimeter`. + /// Structure is documented below. + /// + public InputList Operations + { + get => _operations ?? (_operations = new InputList()); + set => _operations = value; + } + + [Input("resources")] + private InputList? _resources; + + /// + /// A list of resources, currently only projects in the form + /// `projects/<projectnumber>`, protected by this `ServicePerimeter` + /// that are allowed to be accessed by sources defined in the + /// corresponding `IngressFrom`. A request matches if it contains + /// a resource in this list. If `*` is specified for resources, + /// then this `IngressTo` rule will authorize access to all + /// resources inside the perimeter, provided that the request + /// also matches the `operations` field. + /// + public InputList Resources + { + get => _resources ?? (_resources = new InputList()); + set => _resources = value; + } + + public ServicePerimeterDryRunIngressPolicyIngressToGetArgs() + { + } + public static new ServicePerimeterDryRunIngressPolicyIngressToGetArgs Empty => new ServicePerimeterDryRunIngressPolicyIngressToGetArgs(); + } +} diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressToOperationArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressToOperationArgs.cs new file mode 100644 index 0000000000..5bf8765b54 --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressToOperationArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Inputs +{ + + public sealed class ServicePerimeterDryRunIngressPolicyIngressToOperationArgs : global::Pulumi.ResourceArgs + { + [Input("methodSelectors")] + private InputList? _methodSelectors; + + /// + /// API methods or permissions to allow. Method or permission must belong to + /// the service specified by serviceName field. A single `MethodSelector` entry + /// with `*` specified for the method field will allow all methods AND + /// permissions for the service specified in `serviceName`. + /// Structure is documented below. + /// + public InputList MethodSelectors + { + get => _methodSelectors ?? (_methodSelectors = new InputList()); + set => _methodSelectors = value; + } + + /// + /// The name of the API whose methods or permissions the `IngressPolicy` or + /// `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + /// field set to `*` will allow all methods AND permissions for all services. + /// + [Input("serviceName")] + public Input? ServiceName { get; set; } + + public ServicePerimeterDryRunIngressPolicyIngressToOperationArgs() + { + } + public static new ServicePerimeterDryRunIngressPolicyIngressToOperationArgs Empty => new ServicePerimeterDryRunIngressPolicyIngressToOperationArgs(); + } +} diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressToOperationGetArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressToOperationGetArgs.cs new file mode 100644 index 0000000000..0bd81e88ad --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressToOperationGetArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Inputs +{ + + public sealed class ServicePerimeterDryRunIngressPolicyIngressToOperationGetArgs : global::Pulumi.ResourceArgs + { + [Input("methodSelectors")] + private InputList? _methodSelectors; + + /// + /// API methods or permissions to allow. Method or permission must belong to + /// the service specified by serviceName field. A single `MethodSelector` entry + /// with `*` specified for the method field will allow all methods AND + /// permissions for the service specified in `serviceName`. + /// Structure is documented below. + /// + public InputList MethodSelectors + { + get => _methodSelectors ?? (_methodSelectors = new InputList()); + set => _methodSelectors = value; + } + + /// + /// The name of the API whose methods or permissions the `IngressPolicy` or + /// `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + /// field set to `*` will allow all methods AND permissions for all services. + /// + [Input("serviceName")] + public Input? ServiceName { get; set; } + + public ServicePerimeterDryRunIngressPolicyIngressToOperationGetArgs() + { + } + public static new ServicePerimeterDryRunIngressPolicyIngressToOperationGetArgs Empty => new ServicePerimeterDryRunIngressPolicyIngressToOperationGetArgs(); + } +} diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs.cs new file mode 100644 index 0000000000..5db950dd0f --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs.cs @@ -0,0 +1,35 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Inputs +{ + + public sealed class ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs : global::Pulumi.ResourceArgs + { + /// + /// Value for method should be a valid method name for the corresponding + /// serviceName in `ApiOperation`. If `*` used as value for `method`, then + /// ALL methods and permissions are allowed. + /// + [Input("method")] + public Input? Method { get; set; } + + /// + /// Value for permission should be a valid Cloud IAM permission for the + /// corresponding `serviceName` in `ApiOperation`. + /// + [Input("permission")] + public Input? Permission { get; set; } + + public ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs() + { + } + public static new ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs Empty => new ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs(); + } +} diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorGetArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorGetArgs.cs new file mode 100644 index 0000000000..3cb297ec9f --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorGetArgs.cs @@ -0,0 +1,35 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Inputs +{ + + public sealed class ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Value for method should be a valid method name for the corresponding + /// serviceName in `ApiOperation`. If `*` used as value for `method`, then + /// ALL methods and permissions are allowed. + /// + [Input("method")] + public Input? Method { get; set; } + + /// + /// Value for permission should be a valid Cloud IAM permission for the + /// corresponding `serviceName` in `ApiOperation`. + /// + [Input("permission")] + public Input? Permission { get; set; } + + public ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorGetArgs() + { + } + public static new ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorGetArgs Empty => new ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorGetArgs(); + } +} diff --git a/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunEgressPolicyEgressFrom.cs b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunEgressPolicyEgressFrom.cs new file mode 100644 index 0000000000..aa67cac9be --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunEgressPolicyEgressFrom.cs @@ -0,0 +1,56 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Outputs +{ + + [OutputType] + public sealed class ServicePerimeterDryRunEgressPolicyEgressFrom + { + /// + /// A list of identities that are allowed access through this `EgressPolicy`. + /// Should be in the format of email address. The email address should + /// represent individual user or service account only. + /// + public readonly ImmutableArray Identities; + /// + /// Specifies the type of identities that are allowed access to outside the + /// perimeter. If left unspecified, then members of `identities` field will + /// be allowed access. + /// Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + /// + public readonly string? IdentityType; + /// + /// Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. + /// Possible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`. + /// + public readonly string? SourceRestriction; + /// + /// Sources that this EgressPolicy authorizes access from. + /// Structure is documented below. + /// + public readonly ImmutableArray Sources; + + [OutputConstructor] + private ServicePerimeterDryRunEgressPolicyEgressFrom( + ImmutableArray identities, + + string? identityType, + + string? sourceRestriction, + + ImmutableArray sources) + { + Identities = identities; + IdentityType = identityType; + SourceRestriction = sourceRestriction; + Sources = sources; + } + } +} diff --git a/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunEgressPolicyEgressFromSource.cs b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunEgressPolicyEgressFromSource.cs new file mode 100644 index 0000000000..3cbc30692a --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunEgressPolicyEgressFromSource.cs @@ -0,0 +1,27 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Outputs +{ + + [OutputType] + public sealed class ServicePerimeterDryRunEgressPolicyEgressFromSource + { + /// + /// An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside. + /// + public readonly string? AccessLevel; + + [OutputConstructor] + private ServicePerimeterDryRunEgressPolicyEgressFromSource(string? accessLevel) + { + AccessLevel = accessLevel; + } + } +} diff --git a/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunEgressPolicyEgressTo.cs b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunEgressPolicyEgressTo.cs new file mode 100644 index 0000000000..79b5697b87 --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunEgressPolicyEgressTo.cs @@ -0,0 +1,50 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Outputs +{ + + [OutputType] + public sealed class ServicePerimeterDryRunEgressPolicyEgressTo + { + /// + /// A list of external resources that are allowed to be accessed. A request + /// matches if it contains an external resource in this list (Example: + /// s3://bucket/path). Currently '*' is not allowed. + /// + public readonly ImmutableArray ExternalResources; + /// + /// A list of `ApiOperations` that this egress rule applies to. A request matches + /// if it contains an operation/service in this list. + /// Structure is documented below. + /// + public readonly ImmutableArray Operations; + /// + /// A list of resources, currently only projects in the form + /// `projects/<projectnumber>`, that match this to stanza. A request matches + /// if it contains a resource in this list. If * is specified for resources, + /// then this `EgressTo` rule will authorize access to all resources outside + /// the perimeter. + /// + public readonly ImmutableArray Resources; + + [OutputConstructor] + private ServicePerimeterDryRunEgressPolicyEgressTo( + ImmutableArray externalResources, + + ImmutableArray operations, + + ImmutableArray resources) + { + ExternalResources = externalResources; + Operations = operations; + Resources = resources; + } + } +} diff --git a/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunEgressPolicyEgressToOperation.cs b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunEgressPolicyEgressToOperation.cs new file mode 100644 index 0000000000..f94a867c80 --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunEgressPolicyEgressToOperation.cs @@ -0,0 +1,41 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Outputs +{ + + [OutputType] + public sealed class ServicePerimeterDryRunEgressPolicyEgressToOperation + { + /// + /// API methods or permissions to allow. Method or permission must belong + /// to the service specified by `serviceName` field. A single MethodSelector + /// entry with `*` specified for the `method` field will allow all methods + /// AND permissions for the service specified in `serviceName`. + /// Structure is documented below. + /// + public readonly ImmutableArray MethodSelectors; + /// + /// The name of the API whose methods or permissions the `IngressPolicy` or + /// `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + /// field set to `*` will allow all methods AND permissions for all services. + /// + public readonly string? ServiceName; + + [OutputConstructor] + private ServicePerimeterDryRunEgressPolicyEgressToOperation( + ImmutableArray methodSelectors, + + string? serviceName) + { + MethodSelectors = methodSelectors; + ServiceName = serviceName; + } + } +} diff --git a/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector.cs b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector.cs new file mode 100644 index 0000000000..11c16e300c --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Outputs +{ + + [OutputType] + public sealed class ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector + { + /// + /// Value for `method` should be a valid method name for the corresponding + /// `serviceName` in `ApiOperation`. If `*` used as value for method, + /// then ALL methods and permissions are allowed. + /// + public readonly string? Method; + /// + /// Value for permission should be a valid Cloud IAM permission for the + /// corresponding `serviceName` in `ApiOperation`. + /// + public readonly string? Permission; + + [OutputConstructor] + private ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector( + string? method, + + string? permission) + { + Method = method; + Permission = permission; + } + } +} diff --git a/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunIngressPolicyIngressFrom.cs b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunIngressPolicyIngressFrom.cs new file mode 100644 index 0000000000..657d3d861e --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunIngressPolicyIngressFrom.cs @@ -0,0 +1,48 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Outputs +{ + + [OutputType] + public sealed class ServicePerimeterDryRunIngressPolicyIngressFrom + { + /// + /// A list of identities that are allowed access through this ingress policy. + /// Should be in the format of email address. The email address should represent + /// individual user or service account only. + /// + public readonly ImmutableArray Identities; + /// + /// Specifies the type of identities that are allowed access from outside the + /// perimeter. If left unspecified, then members of `identities` field will be + /// allowed access. + /// Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + /// + public readonly string? IdentityType; + /// + /// Sources that this `IngressPolicy` authorizes access from. + /// Structure is documented below. + /// + public readonly ImmutableArray Sources; + + [OutputConstructor] + private ServicePerimeterDryRunIngressPolicyIngressFrom( + ImmutableArray identities, + + string? identityType, + + ImmutableArray sources) + { + Identities = identities; + IdentityType = identityType; + Sources = sources; + } + } +} diff --git a/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunIngressPolicyIngressFromSource.cs b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunIngressPolicyIngressFromSource.cs new file mode 100644 index 0000000000..de8476dac7 --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunIngressPolicyIngressFromSource.cs @@ -0,0 +1,47 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Outputs +{ + + [OutputType] + public sealed class ServicePerimeterDryRunIngressPolicyIngressFromSource + { + /// + /// An `AccessLevel` resource name that allow resources within the + /// `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + /// must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + /// `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + /// resources within the perimeter can only be accessed via Google Cloud calls + /// with request origins within the perimeter. + /// Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + /// If * is specified, then all IngressSources will be allowed. + /// + public readonly string? AccessLevel; + /// + /// A Google Cloud resource that is allowed to ingress the perimeter. + /// Requests from these resources will be allowed to access perimeter data. + /// Currently only projects are allowed. Format `projects/{project_number}` + /// The project may be in any Google Cloud organization, not just the + /// organization that the perimeter is defined in. `*` is not allowed, the case + /// of allowing all Google Cloud resources only is not supported. + /// + public readonly string? Resource; + + [OutputConstructor] + private ServicePerimeterDryRunIngressPolicyIngressFromSource( + string? accessLevel, + + string? resource) + { + AccessLevel = accessLevel; + Resource = resource; + } + } +} diff --git a/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunIngressPolicyIngressTo.cs b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunIngressPolicyIngressTo.cs new file mode 100644 index 0000000000..0cf48541d0 --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunIngressPolicyIngressTo.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Outputs +{ + + [OutputType] + public sealed class ServicePerimeterDryRunIngressPolicyIngressTo + { + /// + /// A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + /// are allowed to perform in this `ServicePerimeter`. + /// Structure is documented below. + /// + public readonly ImmutableArray Operations; + /// + /// A list of resources, currently only projects in the form + /// `projects/<projectnumber>`, protected by this `ServicePerimeter` + /// that are allowed to be accessed by sources defined in the + /// corresponding `IngressFrom`. A request matches if it contains + /// a resource in this list. If `*` is specified for resources, + /// then this `IngressTo` rule will authorize access to all + /// resources inside the perimeter, provided that the request + /// also matches the `operations` field. + /// + public readonly ImmutableArray Resources; + + [OutputConstructor] + private ServicePerimeterDryRunIngressPolicyIngressTo( + ImmutableArray operations, + + ImmutableArray resources) + { + Operations = operations; + Resources = resources; + } + } +} diff --git a/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunIngressPolicyIngressToOperation.cs b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunIngressPolicyIngressToOperation.cs new file mode 100644 index 0000000000..81b078aded --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunIngressPolicyIngressToOperation.cs @@ -0,0 +1,41 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Outputs +{ + + [OutputType] + public sealed class ServicePerimeterDryRunIngressPolicyIngressToOperation + { + /// + /// API methods or permissions to allow. Method or permission must belong to + /// the service specified by serviceName field. A single `MethodSelector` entry + /// with `*` specified for the method field will allow all methods AND + /// permissions for the service specified in `serviceName`. + /// Structure is documented below. + /// + public readonly ImmutableArray MethodSelectors; + /// + /// The name of the API whose methods or permissions the `IngressPolicy` or + /// `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + /// field set to `*` will allow all methods AND permissions for all services. + /// + public readonly string? ServiceName; + + [OutputConstructor] + private ServicePerimeterDryRunIngressPolicyIngressToOperation( + ImmutableArray methodSelectors, + + string? serviceName) + { + MethodSelectors = methodSelectors; + ServiceName = serviceName; + } + } +} diff --git a/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector.cs b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector.cs new file mode 100644 index 0000000000..5986248130 --- /dev/null +++ b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager.Outputs +{ + + [OutputType] + public sealed class ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector + { + /// + /// Value for method should be a valid method name for the corresponding + /// serviceName in `ApiOperation`. If `*` used as value for `method`, then + /// ALL methods and permissions are allowed. + /// + public readonly string? Method; + /// + /// Value for permission should be a valid Cloud IAM permission for the + /// corresponding `serviceName` in `ApiOperation`. + /// + public readonly string? Permission; + + [OutputConstructor] + private ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector( + string? method, + + string? permission) + { + Method = method; + Permission = permission; + } + } +} diff --git a/sdk/dotnet/AccessContextManager/ServicePerimeterDryRunEgressPolicy.cs b/sdk/dotnet/AccessContextManager/ServicePerimeterDryRunEgressPolicy.cs new file mode 100644 index 0000000000..8c044ef8ac --- /dev/null +++ b/sdk/dotnet/AccessContextManager/ServicePerimeterDryRunEgressPolicy.cs @@ -0,0 +1,166 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager +{ + /// + /// Manage a single EgressPolicy in the spec (dry-run) configuration for a service perimeter. + /// EgressPolicies match requests based on egressFrom and egressTo stanzas. + /// For an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched. + /// If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter + /// boundary. For example, an EgressPolicy can be used to allow VMs on networks + /// within the ServicePerimeter to access a defined set of projects outside the + /// perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket + /// or query against a BigQuery dataset). + /// + /// > **Note:** By default, updates to this resource will remove the EgressPolicy from the + /// from the perimeter and add it back in a non-atomic manner. To ensure that the new EgressPolicy + /// is added before the old one is removed, add a `lifecycle` block with `create_before_destroy = true` to this resource. + /// + /// To get more information about ServicePerimeterDryRunEgressPolicy, see: + /// + /// * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#egresspolicy) + /// + /// ## Example Usage + /// + [GcpResourceType("gcp:accesscontextmanager/servicePerimeterDryRunEgressPolicy:ServicePerimeterDryRunEgressPolicy")] + public partial class ServicePerimeterDryRunEgressPolicy : global::Pulumi.CustomResource + { + /// + /// Defines conditions on the source of a request causing this `EgressPolicy` to apply. + /// Structure is documented below. + /// + [Output("egressFrom")] + public Output EgressFrom { get; private set; } = null!; + + /// + /// Defines the conditions on the `ApiOperation` and destination resources that + /// cause this `EgressPolicy` to apply. + /// Structure is documented below. + /// + [Output("egressTo")] + public Output EgressTo { get; private set; } = null!; + + /// + /// The name of the Service Perimeter to add this resource to. + /// + /// + /// - - - + /// + [Output("perimeter")] + public Output Perimeter { get; private set; } = null!; + + + /// + /// Create a ServicePerimeterDryRunEgressPolicy resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public ServicePerimeterDryRunEgressPolicy(string name, ServicePerimeterDryRunEgressPolicyArgs args, CustomResourceOptions? options = null) + : base("gcp:accesscontextmanager/servicePerimeterDryRunEgressPolicy:ServicePerimeterDryRunEgressPolicy", name, args ?? new ServicePerimeterDryRunEgressPolicyArgs(), MakeResourceOptions(options, "")) + { + } + + private ServicePerimeterDryRunEgressPolicy(string name, Input id, ServicePerimeterDryRunEgressPolicyState? state = null, CustomResourceOptions? options = null) + : base("gcp:accesscontextmanager/servicePerimeterDryRunEgressPolicy:ServicePerimeterDryRunEgressPolicy", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing ServicePerimeterDryRunEgressPolicy resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static ServicePerimeterDryRunEgressPolicy Get(string name, Input id, ServicePerimeterDryRunEgressPolicyState? state = null, CustomResourceOptions? options = null) + { + return new ServicePerimeterDryRunEgressPolicy(name, id, state, options); + } + } + + public sealed class ServicePerimeterDryRunEgressPolicyArgs : global::Pulumi.ResourceArgs + { + /// + /// Defines conditions on the source of a request causing this `EgressPolicy` to apply. + /// Structure is documented below. + /// + [Input("egressFrom")] + public Input? EgressFrom { get; set; } + + /// + /// Defines the conditions on the `ApiOperation` and destination resources that + /// cause this `EgressPolicy` to apply. + /// Structure is documented below. + /// + [Input("egressTo")] + public Input? EgressTo { get; set; } + + /// + /// The name of the Service Perimeter to add this resource to. + /// + /// + /// - - - + /// + [Input("perimeter", required: true)] + public Input Perimeter { get; set; } = null!; + + public ServicePerimeterDryRunEgressPolicyArgs() + { + } + public static new ServicePerimeterDryRunEgressPolicyArgs Empty => new ServicePerimeterDryRunEgressPolicyArgs(); + } + + public sealed class ServicePerimeterDryRunEgressPolicyState : global::Pulumi.ResourceArgs + { + /// + /// Defines conditions on the source of a request causing this `EgressPolicy` to apply. + /// Structure is documented below. + /// + [Input("egressFrom")] + public Input? EgressFrom { get; set; } + + /// + /// Defines the conditions on the `ApiOperation` and destination resources that + /// cause this `EgressPolicy` to apply. + /// Structure is documented below. + /// + [Input("egressTo")] + public Input? EgressTo { get; set; } + + /// + /// The name of the Service Perimeter to add this resource to. + /// + /// + /// - - - + /// + [Input("perimeter")] + public Input? Perimeter { get; set; } + + public ServicePerimeterDryRunEgressPolicyState() + { + } + public static new ServicePerimeterDryRunEgressPolicyState Empty => new ServicePerimeterDryRunEgressPolicyState(); + } +} diff --git a/sdk/dotnet/AccessContextManager/ServicePerimeterDryRunIngressPolicy.cs b/sdk/dotnet/AccessContextManager/ServicePerimeterDryRunIngressPolicy.cs new file mode 100644 index 0000000000..515e6fba7e --- /dev/null +++ b/sdk/dotnet/AccessContextManager/ServicePerimeterDryRunIngressPolicy.cs @@ -0,0 +1,170 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.AccessContextManager +{ + /// + /// Manage a single IngressPolicy in the spec (dry-run) configuration for a service perimeter. + /// IngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match, + /// both the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request, + /// the request is allowed through the perimeter boundary from outside the perimeter. + /// For example, access from the internet can be allowed either based on an AccessLevel or, + /// for traffic hosted on Google Cloud, the project of the source network. + /// For access from private networks, using the project of the hosting network is required. + /// Individual ingress policies can be limited by restricting which services and/ + /// or actions they match using the ingressTo field. + /// + /// > **Note:** By default, updates to this resource will remove the IngressPolicy from the + /// from the perimeter and add it back in a non-atomic manner. To ensure that the new IngressPolicy + /// is added before the old one is removed, add a `lifecycle` block with `create_before_destroy = true` to this resource. + /// + /// To get more information about ServicePerimeterDryRunIngressPolicy, see: + /// + /// * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#ingresspolicy) + /// + /// ## Example Usage + /// + [GcpResourceType("gcp:accesscontextmanager/servicePerimeterDryRunIngressPolicy:ServicePerimeterDryRunIngressPolicy")] + public partial class ServicePerimeterDryRunIngressPolicy : global::Pulumi.CustomResource + { + /// + /// Defines the conditions on the source of a request causing this `IngressPolicy` + /// to apply. + /// Structure is documented below. + /// + [Output("ingressFrom")] + public Output IngressFrom { get; private set; } = null!; + + /// + /// Defines the conditions on the `ApiOperation` and request destination that cause + /// this `IngressPolicy` to apply. + /// Structure is documented below. + /// + [Output("ingressTo")] + public Output IngressTo { get; private set; } = null!; + + /// + /// The name of the Service Perimeter to add this resource to. + /// + /// + /// - - - + /// + [Output("perimeter")] + public Output Perimeter { get; private set; } = null!; + + + /// + /// Create a ServicePerimeterDryRunIngressPolicy resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public ServicePerimeterDryRunIngressPolicy(string name, ServicePerimeterDryRunIngressPolicyArgs args, CustomResourceOptions? options = null) + : base("gcp:accesscontextmanager/servicePerimeterDryRunIngressPolicy:ServicePerimeterDryRunIngressPolicy", name, args ?? new ServicePerimeterDryRunIngressPolicyArgs(), MakeResourceOptions(options, "")) + { + } + + private ServicePerimeterDryRunIngressPolicy(string name, Input id, ServicePerimeterDryRunIngressPolicyState? state = null, CustomResourceOptions? options = null) + : base("gcp:accesscontextmanager/servicePerimeterDryRunIngressPolicy:ServicePerimeterDryRunIngressPolicy", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing ServicePerimeterDryRunIngressPolicy resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static ServicePerimeterDryRunIngressPolicy Get(string name, Input id, ServicePerimeterDryRunIngressPolicyState? state = null, CustomResourceOptions? options = null) + { + return new ServicePerimeterDryRunIngressPolicy(name, id, state, options); + } + } + + public sealed class ServicePerimeterDryRunIngressPolicyArgs : global::Pulumi.ResourceArgs + { + /// + /// Defines the conditions on the source of a request causing this `IngressPolicy` + /// to apply. + /// Structure is documented below. + /// + [Input("ingressFrom")] + public Input? IngressFrom { get; set; } + + /// + /// Defines the conditions on the `ApiOperation` and request destination that cause + /// this `IngressPolicy` to apply. + /// Structure is documented below. + /// + [Input("ingressTo")] + public Input? IngressTo { get; set; } + + /// + /// The name of the Service Perimeter to add this resource to. + /// + /// + /// - - - + /// + [Input("perimeter", required: true)] + public Input Perimeter { get; set; } = null!; + + public ServicePerimeterDryRunIngressPolicyArgs() + { + } + public static new ServicePerimeterDryRunIngressPolicyArgs Empty => new ServicePerimeterDryRunIngressPolicyArgs(); + } + + public sealed class ServicePerimeterDryRunIngressPolicyState : global::Pulumi.ResourceArgs + { + /// + /// Defines the conditions on the source of a request causing this `IngressPolicy` + /// to apply. + /// Structure is documented below. + /// + [Input("ingressFrom")] + public Input? IngressFrom { get; set; } + + /// + /// Defines the conditions on the `ApiOperation` and request destination that cause + /// this `IngressPolicy` to apply. + /// Structure is documented below. + /// + [Input("ingressTo")] + public Input? IngressTo { get; set; } + + /// + /// The name of the Service Perimeter to add this resource to. + /// + /// + /// - - - + /// + [Input("perimeter")] + public Input? Perimeter { get; set; } + + public ServicePerimeterDryRunIngressPolicyState() + { + } + public static new ServicePerimeterDryRunIngressPolicyState Empty => new ServicePerimeterDryRunIngressPolicyState(); + } +} diff --git a/sdk/dotnet/AccessContextManager/ServicePerimeterEgressPolicy.cs b/sdk/dotnet/AccessContextManager/ServicePerimeterEgressPolicy.cs index 32882c5580..8fec29261c 100644 --- a/sdk/dotnet/AccessContextManager/ServicePerimeterEgressPolicy.cs +++ b/sdk/dotnet/AccessContextManager/ServicePerimeterEgressPolicy.cs @@ -10,6 +10,7 @@ namespace Pulumi.Gcp.AccessContextManager { /// + /// Manage a single EgressPolicy in the status (enforced) configuration for a service perimeter. /// EgressPolicies match requests based on egressFrom and egressTo stanzas. /// For an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched. /// If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter @@ -27,18 +28,6 @@ namespace Pulumi.Gcp.AccessContextManager /// * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#egresspolicy) /// /// ## Example Usage - /// - /// ## Import - /// - /// ServicePerimeterEgressPolicy can be imported using any of these accepted formats: - /// - /// * `{{perimeter}}` - /// - /// When using the `pulumi import` command, ServicePerimeterEgressPolicy can be imported using one of the formats above. For example: - /// - /// ```sh - /// $ pulumi import gcp:accesscontextmanager/servicePerimeterEgressPolicy:ServicePerimeterEgressPolicy default {{perimeter}} - /// ``` /// [GcpResourceType("gcp:accesscontextmanager/servicePerimeterEgressPolicy:ServicePerimeterEgressPolicy")] public partial class ServicePerimeterEgressPolicy : global::Pulumi.CustomResource diff --git a/sdk/dotnet/AccessContextManager/ServicePerimeterIngressPolicy.cs b/sdk/dotnet/AccessContextManager/ServicePerimeterIngressPolicy.cs index 7dd31cd331..784ab59e26 100644 --- a/sdk/dotnet/AccessContextManager/ServicePerimeterIngressPolicy.cs +++ b/sdk/dotnet/AccessContextManager/ServicePerimeterIngressPolicy.cs @@ -10,6 +10,7 @@ namespace Pulumi.Gcp.AccessContextManager { /// + /// Manage a single IngressPolicy in the status (enforced) configuration for a service perimeter. /// IngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match, /// both the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request, /// the request is allowed through the perimeter boundary from outside the perimeter. @@ -28,18 +29,6 @@ namespace Pulumi.Gcp.AccessContextManager /// * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#ingresspolicy) /// /// ## Example Usage - /// - /// ## Import - /// - /// ServicePerimeterIngressPolicy can be imported using any of these accepted formats: - /// - /// * `{{perimeter}}` - /// - /// When using the `pulumi import` command, ServicePerimeterIngressPolicy can be imported using one of the formats above. For example: - /// - /// ```sh - /// $ pulumi import gcp:accesscontextmanager/servicePerimeterIngressPolicy:ServicePerimeterIngressPolicy default {{perimeter}} - /// ``` /// [GcpResourceType("gcp:accesscontextmanager/servicePerimeterIngressPolicy:ServicePerimeterIngressPolicy")] public partial class ServicePerimeterIngressPolicy : global::Pulumi.CustomResource diff --git a/sdk/dotnet/ApplicationIntegration/Client.cs b/sdk/dotnet/ApplicationIntegration/Client.cs index fecb065c55..6f4c6a13c4 100644 --- a/sdk/dotnet/ApplicationIntegration/Client.cs +++ b/sdk/dotnet/ApplicationIntegration/Client.cs @@ -70,7 +70,7 @@ namespace Pulumi.Gcp.ApplicationIntegration /// /// var serviceAccount = new Gcp.ServiceAccount.Account("service_account", new() /// { - /// AccountId = "service-account-id", + /// AccountId = "my-service-acc", /// DisplayName = "Service Account", /// }); /// diff --git a/sdk/dotnet/CloudDeploy/Inputs/TargetGkeArgs.cs b/sdk/dotnet/CloudDeploy/Inputs/TargetGkeArgs.cs index f56ffad7d4..ae237fe158 100644 --- a/sdk/dotnet/CloudDeploy/Inputs/TargetGkeArgs.cs +++ b/sdk/dotnet/CloudDeploy/Inputs/TargetGkeArgs.cs @@ -24,6 +24,12 @@ public sealed class TargetGkeArgs : global::Pulumi.ResourceArgs [Input("internalIp")] public Input? InternalIp { get; set; } + /// + /// Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server. + /// + [Input("proxyUrl")] + public Input? ProxyUrl { get; set; } + public TargetGkeArgs() { } diff --git a/sdk/dotnet/CloudDeploy/Inputs/TargetGkeGetArgs.cs b/sdk/dotnet/CloudDeploy/Inputs/TargetGkeGetArgs.cs index da46a03076..619ac2dd2c 100644 --- a/sdk/dotnet/CloudDeploy/Inputs/TargetGkeGetArgs.cs +++ b/sdk/dotnet/CloudDeploy/Inputs/TargetGkeGetArgs.cs @@ -24,6 +24,12 @@ public sealed class TargetGkeGetArgs : global::Pulumi.ResourceArgs [Input("internalIp")] public Input? InternalIp { get; set; } + /// + /// Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server. + /// + [Input("proxyUrl")] + public Input? ProxyUrl { get; set; } + public TargetGkeGetArgs() { } diff --git a/sdk/dotnet/CloudDeploy/Outputs/TargetGke.cs b/sdk/dotnet/CloudDeploy/Outputs/TargetGke.cs index 58b11b220e..f2c8b33426 100644 --- a/sdk/dotnet/CloudDeploy/Outputs/TargetGke.cs +++ b/sdk/dotnet/CloudDeploy/Outputs/TargetGke.cs @@ -21,15 +21,22 @@ public sealed class TargetGke /// Optional. If true, `cluster` is accessed using the private IP address of the control plane endpoint. Otherwise, the default IP address of the control plane endpoint is used. The default IP address is the private IP address for clusters with private control-plane endpoints and the public IP address otherwise. Only specify this option when `cluster` is a [private GKE cluster](https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept). /// public readonly bool? InternalIp; + /// + /// Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server. + /// + public readonly string? ProxyUrl; [OutputConstructor] private TargetGke( string? cluster, - bool? internalIp) + bool? internalIp, + + string? proxyUrl) { Cluster = cluster; InternalIp = internalIp; + ProxyUrl = proxyUrl; } } } diff --git a/sdk/dotnet/CloudRunV2/Inputs/JobBinaryAuthorizationArgs.cs b/sdk/dotnet/CloudRunV2/Inputs/JobBinaryAuthorizationArgs.cs index 6aa3d08045..a952b0dadb 100644 --- a/sdk/dotnet/CloudRunV2/Inputs/JobBinaryAuthorizationArgs.cs +++ b/sdk/dotnet/CloudRunV2/Inputs/JobBinaryAuthorizationArgs.cs @@ -18,6 +18,12 @@ public sealed class JobBinaryAuthorizationArgs : global::Pulumi.ResourceArgs [Input("breakglassJustification")] public Input? BreakglassJustification { get; set; } + /// + /// The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + /// + [Input("policy")] + public Input? Policy { get; set; } + /// /// If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. /// diff --git a/sdk/dotnet/CloudRunV2/Inputs/JobBinaryAuthorizationGetArgs.cs b/sdk/dotnet/CloudRunV2/Inputs/JobBinaryAuthorizationGetArgs.cs index 59b6db7061..3ad4d85c3e 100644 --- a/sdk/dotnet/CloudRunV2/Inputs/JobBinaryAuthorizationGetArgs.cs +++ b/sdk/dotnet/CloudRunV2/Inputs/JobBinaryAuthorizationGetArgs.cs @@ -18,6 +18,12 @@ public sealed class JobBinaryAuthorizationGetArgs : global::Pulumi.ResourceArgs [Input("breakglassJustification")] public Input? BreakglassJustification { get; set; } + /// + /// The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + /// + [Input("policy")] + public Input? Policy { get; set; } + /// /// If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. /// diff --git a/sdk/dotnet/CloudRunV2/Inputs/ServiceBinaryAuthorizationArgs.cs b/sdk/dotnet/CloudRunV2/Inputs/ServiceBinaryAuthorizationArgs.cs index 2756efd161..1d250a0c67 100644 --- a/sdk/dotnet/CloudRunV2/Inputs/ServiceBinaryAuthorizationArgs.cs +++ b/sdk/dotnet/CloudRunV2/Inputs/ServiceBinaryAuthorizationArgs.cs @@ -18,6 +18,12 @@ public sealed class ServiceBinaryAuthorizationArgs : global::Pulumi.ResourceArgs [Input("breakglassJustification")] public Input? BreakglassJustification { get; set; } + /// + /// The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + /// + [Input("policy")] + public Input? Policy { get; set; } + /// /// If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. /// diff --git a/sdk/dotnet/CloudRunV2/Inputs/ServiceBinaryAuthorizationGetArgs.cs b/sdk/dotnet/CloudRunV2/Inputs/ServiceBinaryAuthorizationGetArgs.cs index 6718190f11..66a27610eb 100644 --- a/sdk/dotnet/CloudRunV2/Inputs/ServiceBinaryAuthorizationGetArgs.cs +++ b/sdk/dotnet/CloudRunV2/Inputs/ServiceBinaryAuthorizationGetArgs.cs @@ -18,6 +18,12 @@ public sealed class ServiceBinaryAuthorizationGetArgs : global::Pulumi.ResourceA [Input("breakglassJustification")] public Input? BreakglassJustification { get; set; } + /// + /// The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + /// + [Input("policy")] + public Input? Policy { get; set; } + /// /// If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. /// diff --git a/sdk/dotnet/CloudRunV2/Outputs/GetJobBinaryAuthorizationResult.cs b/sdk/dotnet/CloudRunV2/Outputs/GetJobBinaryAuthorizationResult.cs index 90e237003c..c1557d782a 100644 --- a/sdk/dotnet/CloudRunV2/Outputs/GetJobBinaryAuthorizationResult.cs +++ b/sdk/dotnet/CloudRunV2/Outputs/GetJobBinaryAuthorizationResult.cs @@ -18,6 +18,10 @@ public sealed class GetJobBinaryAuthorizationResult /// public readonly string BreakglassJustification; /// + /// The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + /// + public readonly string Policy; + /// /// If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. /// public readonly bool UseDefault; @@ -26,9 +30,12 @@ public sealed class GetJobBinaryAuthorizationResult private GetJobBinaryAuthorizationResult( string breakglassJustification, + string policy, + bool useDefault) { BreakglassJustification = breakglassJustification; + Policy = policy; UseDefault = useDefault; } } diff --git a/sdk/dotnet/CloudRunV2/Outputs/GetServiceBinaryAuthorizationResult.cs b/sdk/dotnet/CloudRunV2/Outputs/GetServiceBinaryAuthorizationResult.cs index d42e4d7a22..d7b64cbca9 100644 --- a/sdk/dotnet/CloudRunV2/Outputs/GetServiceBinaryAuthorizationResult.cs +++ b/sdk/dotnet/CloudRunV2/Outputs/GetServiceBinaryAuthorizationResult.cs @@ -18,6 +18,10 @@ public sealed class GetServiceBinaryAuthorizationResult /// public readonly string BreakglassJustification; /// + /// The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + /// + public readonly string Policy; + /// /// If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. /// public readonly bool UseDefault; @@ -26,9 +30,12 @@ public sealed class GetServiceBinaryAuthorizationResult private GetServiceBinaryAuthorizationResult( string breakglassJustification, + string policy, + bool useDefault) { BreakglassJustification = breakglassJustification; + Policy = policy; UseDefault = useDefault; } } diff --git a/sdk/dotnet/CloudRunV2/Outputs/JobBinaryAuthorization.cs b/sdk/dotnet/CloudRunV2/Outputs/JobBinaryAuthorization.cs index 2afd9f775e..9056783b72 100644 --- a/sdk/dotnet/CloudRunV2/Outputs/JobBinaryAuthorization.cs +++ b/sdk/dotnet/CloudRunV2/Outputs/JobBinaryAuthorization.cs @@ -18,6 +18,10 @@ public sealed class JobBinaryAuthorization /// public readonly string? BreakglassJustification; /// + /// The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + /// + public readonly string? Policy; + /// /// If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. /// public readonly bool? UseDefault; @@ -26,9 +30,12 @@ public sealed class JobBinaryAuthorization private JobBinaryAuthorization( string? breakglassJustification, + string? policy, + bool? useDefault) { BreakglassJustification = breakglassJustification; + Policy = policy; UseDefault = useDefault; } } diff --git a/sdk/dotnet/CloudRunV2/Outputs/ServiceBinaryAuthorization.cs b/sdk/dotnet/CloudRunV2/Outputs/ServiceBinaryAuthorization.cs index 4f2733cc23..aca1775502 100644 --- a/sdk/dotnet/CloudRunV2/Outputs/ServiceBinaryAuthorization.cs +++ b/sdk/dotnet/CloudRunV2/Outputs/ServiceBinaryAuthorization.cs @@ -18,6 +18,10 @@ public sealed class ServiceBinaryAuthorization /// public readonly string? BreakglassJustification; /// + /// The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + /// + public readonly string? Policy; + /// /// If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. /// public readonly bool? UseDefault; @@ -26,9 +30,12 @@ public sealed class ServiceBinaryAuthorization private ServiceBinaryAuthorization( string? breakglassJustification, + string? policy, + bool? useDefault) { BreakglassJustification = breakglassJustification; + Policy = policy; UseDefault = useDefault; } } diff --git a/sdk/dotnet/Compute/RegionTargetHttpsProxy.cs b/sdk/dotnet/Compute/RegionTargetHttpsProxy.cs index a730b5ec3a..aaf17c26bd 100644 --- a/sdk/dotnet/Compute/RegionTargetHttpsProxy.cs +++ b/sdk/dotnet/Compute/RegionTargetHttpsProxy.cs @@ -432,6 +432,10 @@ public partial class RegionTargetHttpsProxy : global::Pulumi.CustomResource /// INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED /// loadBalancingScheme consult ServerTlsPolicy documentation. /// If left blank, communications are not encrypted. + /// If you remove this field from your configuration at the same time as + /// deleting or recreating a referenced ServerTlsPolicy resource, you will + /// receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + /// within the ServerTlsPolicy resource to avoid this. /// [Output("serverTlsPolicy")] public Output ServerTlsPolicy { get; private set; } = null!; @@ -564,6 +568,10 @@ public InputList CertificateManagerCertificates /// INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED /// loadBalancingScheme consult ServerTlsPolicy documentation. /// If left blank, communications are not encrypted. + /// If you remove this field from your configuration at the same time as + /// deleting or recreating a referenced ServerTlsPolicy resource, you will + /// receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + /// within the ServerTlsPolicy resource to avoid this. /// [Input("serverTlsPolicy")] public Input? ServerTlsPolicy { get; set; } @@ -682,6 +690,10 @@ public InputList CertificateManagerCertificates /// INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED /// loadBalancingScheme consult ServerTlsPolicy documentation. /// If left blank, communications are not encrypted. + /// If you remove this field from your configuration at the same time as + /// deleting or recreating a referenced ServerTlsPolicy resource, you will + /// receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + /// within the ServerTlsPolicy resource to avoid this. /// [Input("serverTlsPolicy")] public Input? ServerTlsPolicy { get; set; } diff --git a/sdk/dotnet/Container/Inputs/ClusterClusterAutoscalingArgs.cs b/sdk/dotnet/Container/Inputs/ClusterClusterAutoscalingArgs.cs index 66db1f5c06..287629c14f 100644 --- a/sdk/dotnet/Container/Inputs/ClusterClusterAutoscalingArgs.cs +++ b/sdk/dotnet/Container/Inputs/ClusterClusterAutoscalingArgs.cs @@ -20,6 +20,20 @@ public sealed class ClusterClusterAutoscalingArgs : global::Pulumi.ResourceArgs [Input("autoProvisioningDefaults")] public Input? AutoProvisioningDefaults { get; set; } + [Input("autoProvisioningLocations")] + private InputList? _autoProvisioningLocations; + + /// + /// The list of Google Compute Engine + /// [zones](https://cloud.google.com/compute/docs/zones#available) in which the + /// NodePool's nodes can be created by NAP. + /// + public InputList AutoProvisioningLocations + { + get => _autoProvisioningLocations ?? (_autoProvisioningLocations = new InputList()); + set => _autoProvisioningLocations = value; + } + /// /// Configuration /// options for the [Autoscaling profile](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler#autoscaling_profiles) diff --git a/sdk/dotnet/Container/Inputs/ClusterClusterAutoscalingGetArgs.cs b/sdk/dotnet/Container/Inputs/ClusterClusterAutoscalingGetArgs.cs index 9c5d8ff056..7f1984ef1a 100644 --- a/sdk/dotnet/Container/Inputs/ClusterClusterAutoscalingGetArgs.cs +++ b/sdk/dotnet/Container/Inputs/ClusterClusterAutoscalingGetArgs.cs @@ -20,6 +20,20 @@ public sealed class ClusterClusterAutoscalingGetArgs : global::Pulumi.ResourceAr [Input("autoProvisioningDefaults")] public Input? AutoProvisioningDefaults { get; set; } + [Input("autoProvisioningLocations")] + private InputList? _autoProvisioningLocations; + + /// + /// The list of Google Compute Engine + /// [zones](https://cloud.google.com/compute/docs/zones#available) in which the + /// NodePool's nodes can be created by NAP. + /// + public InputList AutoProvisioningLocations + { + get => _autoProvisioningLocations ?? (_autoProvisioningLocations = new InputList()); + set => _autoProvisioningLocations = value; + } + /// /// Configuration /// options for the [Autoscaling profile](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler#autoscaling_profiles) diff --git a/sdk/dotnet/Container/Outputs/ClusterClusterAutoscaling.cs b/sdk/dotnet/Container/Outputs/ClusterClusterAutoscaling.cs index 587a401f5c..58cf87895f 100644 --- a/sdk/dotnet/Container/Outputs/ClusterClusterAutoscaling.cs +++ b/sdk/dotnet/Container/Outputs/ClusterClusterAutoscaling.cs @@ -20,6 +20,12 @@ public sealed class ClusterClusterAutoscaling /// public readonly Outputs.ClusterClusterAutoscalingAutoProvisioningDefaults? AutoProvisioningDefaults; /// + /// The list of Google Compute Engine + /// [zones](https://cloud.google.com/compute/docs/zones#available) in which the + /// NodePool's nodes can be created by NAP. + /// + public readonly ImmutableArray AutoProvisioningLocations; + /// /// Configuration /// options for the [Autoscaling profile](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler#autoscaling_profiles) /// feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability @@ -43,6 +49,8 @@ public sealed class ClusterClusterAutoscaling private ClusterClusterAutoscaling( Outputs.ClusterClusterAutoscalingAutoProvisioningDefaults? autoProvisioningDefaults, + ImmutableArray autoProvisioningLocations, + string? autoscalingProfile, bool? enabled, @@ -50,6 +58,7 @@ private ClusterClusterAutoscaling( ImmutableArray resourceLimits) { AutoProvisioningDefaults = autoProvisioningDefaults; + AutoProvisioningLocations = autoProvisioningLocations; AutoscalingProfile = autoscalingProfile; Enabled = enabled; ResourceLimits = resourceLimits; diff --git a/sdk/dotnet/Container/Outputs/GetClusterClusterAutoscalingResult.cs b/sdk/dotnet/Container/Outputs/GetClusterClusterAutoscalingResult.cs index 7032d6e723..d39920d09e 100644 --- a/sdk/dotnet/Container/Outputs/GetClusterClusterAutoscalingResult.cs +++ b/sdk/dotnet/Container/Outputs/GetClusterClusterAutoscalingResult.cs @@ -18,6 +18,10 @@ public sealed class GetClusterClusterAutoscalingResult /// public readonly ImmutableArray AutoProvisioningDefaults; /// + /// The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP. + /// + public readonly ImmutableArray AutoProvisioningLocations; + /// /// Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED. /// public readonly string AutoscalingProfile; @@ -34,6 +38,8 @@ public sealed class GetClusterClusterAutoscalingResult private GetClusterClusterAutoscalingResult( ImmutableArray autoProvisioningDefaults, + ImmutableArray autoProvisioningLocations, + string autoscalingProfile, bool enabled, @@ -41,6 +47,7 @@ private GetClusterClusterAutoscalingResult( ImmutableArray resourceLimits) { AutoProvisioningDefaults = autoProvisioningDefaults; + AutoProvisioningLocations = autoProvisioningLocations; AutoscalingProfile = autoscalingProfile; Enabled = enabled; ResourceLimits = resourceLimits; diff --git a/sdk/dotnet/Dataform/Repository.cs b/sdk/dotnet/Dataform/Repository.cs index c517f21c3f..32b65b62a5 100644 --- a/sdk/dotnet/Dataform/Repository.cs +++ b/sdk/dotnet/Dataform/Repository.cs @@ -37,11 +37,34 @@ namespace Pulumi.Gcp.Dataform /// SecretData = "secret-data", /// }); /// + /// var keyring = new Gcp.Kms.KeyRing("keyring", new() + /// { + /// Name = "example-key-ring", + /// Location = "us-central1", + /// }); + /// + /// var exampleKey = new Gcp.Kms.CryptoKey("example_key", new() + /// { + /// Name = "example-crypto-key-name", + /// KeyRing = keyring.Id, + /// }); + /// + /// var cryptoKeyBinding = new Gcp.Kms.CryptoKeyIAMBinding("crypto_key_binding", new() + /// { + /// CryptoKeyId = exampleKey.Id, + /// Role = "roles/cloudkms.cryptoKeyEncrypterDecrypter", + /// Members = new[] + /// { + /// $"serviceAccount:service-{project.Number}@gcp-sa-dataform.iam.gserviceaccount.com", + /// }, + /// }); + /// /// var dataformRepository = new Gcp.Dataform.Repository("dataform_repository", new() /// { /// Name = "dataform_repository", /// DisplayName = "dataform_repository", /// NpmrcEnvironmentVariablesSecretVersion = secretVersion.Id, + /// KmsKeyName = exampleKey.Id, /// Labels = /// { /// { "label_foo1", "label-bar1" }, @@ -58,6 +81,12 @@ namespace Pulumi.Gcp.Dataform /// SchemaSuffix = "_suffix", /// TablePrefix = "prefix_", /// }, + /// }, new CustomResourceOptions + /// { + /// DependsOn = + /// { + /// cryptoKeyBinding, + /// }, /// }); /// /// }); @@ -115,6 +144,13 @@ public partial class Repository : global::Pulumi.CustomResource [Output("gitRemoteSettings")] public Output GitRemoteSettings { get; private set; } = null!; + /// + /// Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + /// It is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] + /// + [Output("kmsKeyName")] + public Output KmsKeyName { get; private set; } = null!; + /// /// Optional. Repository user labels. /// An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. @@ -237,6 +273,13 @@ public sealed class RepositoryArgs : global::Pulumi.ResourceArgs [Input("gitRemoteSettings")] public Input? GitRemoteSettings { get; set; } + /// + /// Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + /// It is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] + /// + [Input("kmsKeyName")] + public Input? KmsKeyName { get; set; } + [Input("labels")] private InputMap? _labels; @@ -331,6 +374,13 @@ public InputMap EffectiveLabels [Input("gitRemoteSettings")] public Input? GitRemoteSettings { get; set; } + /// + /// Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + /// It is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] + /// + [Input("kmsKeyName")] + public Input? KmsKeyName { get; set; } + [Input("labels")] private InputMap? _labels; diff --git a/sdk/dotnet/DiscoveryEngine/DataStore.cs b/sdk/dotnet/DiscoveryEngine/DataStore.cs index 72735f512e..4ae1273c35 100644 --- a/sdk/dotnet/DiscoveryEngine/DataStore.cs +++ b/sdk/dotnet/DiscoveryEngine/DataStore.cs @@ -44,6 +44,7 @@ namespace Pulumi.Gcp.DiscoveryEngine /// "SOLUTION_TYPE_SEARCH", /// }, /// CreateAdvancedSiteSearch = false, + /// SkipDefaultSchemaCreation = false, /// }); /// /// }); @@ -200,6 +201,18 @@ public partial class DataStore : global::Pulumi.CustomResource [Output("project")] public Output Project { get; private set; } = null!; + /// + /// A boolean flag indicating whether to skip the default schema creation for + /// the data store. Only enable this flag if you are certain that the default + /// schema is incompatible with your use case. + /// If set to true, you must manually create a schema for the data store + /// before any documents can be ingested. + /// This flag cannot be specified if `data_store.starting_schema` is + /// specified. + /// + [Output("skipDefaultSchemaCreation")] + public Output SkipDefaultSchemaCreation { get; private set; } = null!; + /// /// The solutions that the data store enrolls. /// Each value may be one of: `SOLUTION_TYPE_RECOMMENDATION`, `SOLUTION_TYPE_SEARCH`, `SOLUTION_TYPE_CHAT`. @@ -312,6 +325,18 @@ public sealed class DataStoreArgs : global::Pulumi.ResourceArgs [Input("project")] public Input? Project { get; set; } + /// + /// A boolean flag indicating whether to skip the default schema creation for + /// the data store. Only enable this flag if you are certain that the default + /// schema is incompatible with your use case. + /// If set to true, you must manually create a schema for the data store + /// before any documents can be ingested. + /// This flag cannot be specified if `data_store.starting_schema` is + /// specified. + /// + [Input("skipDefaultSchemaCreation")] + public Input? SkipDefaultSchemaCreation { get; set; } + [Input("solutionTypes")] private InputList? _solutionTypes; @@ -413,6 +438,18 @@ public sealed class DataStoreState : global::Pulumi.ResourceArgs [Input("project")] public Input? Project { get; set; } + /// + /// A boolean flag indicating whether to skip the default schema creation for + /// the data store. Only enable this flag if you are certain that the default + /// schema is incompatible with your use case. + /// If set to true, you must manually create a schema for the data store + /// before any documents can be ingested. + /// This flag cannot be specified if `data_store.starting_schema` is + /// specified. + /// + [Input("skipDefaultSchemaCreation")] + public Input? SkipDefaultSchemaCreation { get; set; } + [Input("solutionTypes")] private InputList? _solutionTypes; diff --git a/sdk/dotnet/GkeHub/Inputs/FeatureFleetDefaultMemberConfigConfigmanagementArgs.cs b/sdk/dotnet/GkeHub/Inputs/FeatureFleetDefaultMemberConfigConfigmanagementArgs.cs index 981e1841fa..b471afbdc4 100644 --- a/sdk/dotnet/GkeHub/Inputs/FeatureFleetDefaultMemberConfigConfigmanagementArgs.cs +++ b/sdk/dotnet/GkeHub/Inputs/FeatureFleetDefaultMemberConfigConfigmanagementArgs.cs @@ -19,6 +19,13 @@ public sealed class FeatureFleetDefaultMemberConfigConfigmanagementArgs : global [Input("configSync")] public Input? ConfigSync { get; set; } + /// + /// Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + /// Possible values are: `MANAGEMENT_UNSPECIFIED`, `MANAGEMENT_AUTOMATIC`, `MANAGEMENT_MANUAL`. + /// + [Input("management")] + public Input? Management { get; set; } + /// /// Version of ACM installed /// diff --git a/sdk/dotnet/GkeHub/Inputs/FeatureFleetDefaultMemberConfigConfigmanagementGetArgs.cs b/sdk/dotnet/GkeHub/Inputs/FeatureFleetDefaultMemberConfigConfigmanagementGetArgs.cs index 62951fcae7..cf5046659c 100644 --- a/sdk/dotnet/GkeHub/Inputs/FeatureFleetDefaultMemberConfigConfigmanagementGetArgs.cs +++ b/sdk/dotnet/GkeHub/Inputs/FeatureFleetDefaultMemberConfigConfigmanagementGetArgs.cs @@ -19,6 +19,13 @@ public sealed class FeatureFleetDefaultMemberConfigConfigmanagementGetArgs : glo [Input("configSync")] public Input? ConfigSync { get; set; } + /// + /// Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + /// Possible values are: `MANAGEMENT_UNSPECIFIED`, `MANAGEMENT_AUTOMATIC`, `MANAGEMENT_MANUAL`. + /// + [Input("management")] + public Input? Management { get; set; } + /// /// Version of ACM installed /// diff --git a/sdk/dotnet/GkeHub/Inputs/FeatureMembershipConfigmanagementArgs.cs b/sdk/dotnet/GkeHub/Inputs/FeatureMembershipConfigmanagementArgs.cs index a98c62d584..7651ebe1c3 100644 --- a/sdk/dotnet/GkeHub/Inputs/FeatureMembershipConfigmanagementArgs.cs +++ b/sdk/dotnet/GkeHub/Inputs/FeatureMembershipConfigmanagementArgs.cs @@ -30,6 +30,12 @@ public sealed class FeatureMembershipConfigmanagementArgs : global::Pulumi.Resou [Input("hierarchyController")] public Input? HierarchyController { get; set; } + /// + /// Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + /// + [Input("management")] + public Input? Management { get; set; } + /// /// Policy Controller configuration for the cluster. Structure is documented below. /// diff --git a/sdk/dotnet/GkeHub/Inputs/FeatureMembershipConfigmanagementConfigSyncArgs.cs b/sdk/dotnet/GkeHub/Inputs/FeatureMembershipConfigmanagementConfigSyncArgs.cs index 6fb6c02809..b01c756441 100644 --- a/sdk/dotnet/GkeHub/Inputs/FeatureMembershipConfigmanagementConfigSyncArgs.cs +++ b/sdk/dotnet/GkeHub/Inputs/FeatureMembershipConfigmanagementConfigSyncArgs.cs @@ -12,6 +12,12 @@ namespace Pulumi.Gcp.GkeHub.Inputs public sealed class FeatureMembershipConfigmanagementConfigSyncArgs : global::Pulumi.ResourceArgs { + /// + /// Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + /// /// (Optional) Structure is documented below. /// diff --git a/sdk/dotnet/GkeHub/Inputs/FeatureMembershipConfigmanagementConfigSyncGetArgs.cs b/sdk/dotnet/GkeHub/Inputs/FeatureMembershipConfigmanagementConfigSyncGetArgs.cs index e48f51a743..e6f4947d26 100644 --- a/sdk/dotnet/GkeHub/Inputs/FeatureMembershipConfigmanagementConfigSyncGetArgs.cs +++ b/sdk/dotnet/GkeHub/Inputs/FeatureMembershipConfigmanagementConfigSyncGetArgs.cs @@ -12,6 +12,12 @@ namespace Pulumi.Gcp.GkeHub.Inputs public sealed class FeatureMembershipConfigmanagementConfigSyncGetArgs : global::Pulumi.ResourceArgs { + /// + /// Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + /// /// (Optional) Structure is documented below. /// diff --git a/sdk/dotnet/GkeHub/Inputs/FeatureMembershipConfigmanagementGetArgs.cs b/sdk/dotnet/GkeHub/Inputs/FeatureMembershipConfigmanagementGetArgs.cs index 1c193c77c1..42723458f6 100644 --- a/sdk/dotnet/GkeHub/Inputs/FeatureMembershipConfigmanagementGetArgs.cs +++ b/sdk/dotnet/GkeHub/Inputs/FeatureMembershipConfigmanagementGetArgs.cs @@ -30,6 +30,12 @@ public sealed class FeatureMembershipConfigmanagementGetArgs : global::Pulumi.Re [Input("hierarchyController")] public Input? HierarchyController { get; set; } + /// + /// Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + /// + [Input("management")] + public Input? Management { get; set; } + /// /// Policy Controller configuration for the cluster. Structure is documented below. /// diff --git a/sdk/dotnet/GkeHub/Outputs/FeatureFleetDefaultMemberConfigConfigmanagement.cs b/sdk/dotnet/GkeHub/Outputs/FeatureFleetDefaultMemberConfigConfigmanagement.cs index 3813a76a1c..6d03f656c3 100644 --- a/sdk/dotnet/GkeHub/Outputs/FeatureFleetDefaultMemberConfigConfigmanagement.cs +++ b/sdk/dotnet/GkeHub/Outputs/FeatureFleetDefaultMemberConfigConfigmanagement.cs @@ -19,6 +19,11 @@ public sealed class FeatureFleetDefaultMemberConfigConfigmanagement /// public readonly Outputs.FeatureFleetDefaultMemberConfigConfigmanagementConfigSync? ConfigSync; /// + /// Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + /// Possible values are: `MANAGEMENT_UNSPECIFIED`, `MANAGEMENT_AUTOMATIC`, `MANAGEMENT_MANUAL`. + /// + public readonly string? Management; + /// /// Version of ACM installed /// public readonly string? Version; @@ -27,9 +32,12 @@ public sealed class FeatureFleetDefaultMemberConfigConfigmanagement private FeatureFleetDefaultMemberConfigConfigmanagement( Outputs.FeatureFleetDefaultMemberConfigConfigmanagementConfigSync? configSync, + string? management, + string? version) { ConfigSync = configSync; + Management = management; Version = version; } } diff --git a/sdk/dotnet/GkeHub/Outputs/FeatureMembershipConfigmanagement.cs b/sdk/dotnet/GkeHub/Outputs/FeatureMembershipConfigmanagement.cs index 1b25662c82..c5024ba616 100644 --- a/sdk/dotnet/GkeHub/Outputs/FeatureMembershipConfigmanagement.cs +++ b/sdk/dotnet/GkeHub/Outputs/FeatureMembershipConfigmanagement.cs @@ -26,6 +26,10 @@ public sealed class FeatureMembershipConfigmanagement /// public readonly Outputs.FeatureMembershipConfigmanagementHierarchyController? HierarchyController; /// + /// Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + /// + public readonly string? Management; + /// /// Policy Controller configuration for the cluster. Structure is documented below. /// public readonly Outputs.FeatureMembershipConfigmanagementPolicyController? PolicyController; @@ -42,6 +46,8 @@ private FeatureMembershipConfigmanagement( Outputs.FeatureMembershipConfigmanagementHierarchyController? hierarchyController, + string? management, + Outputs.FeatureMembershipConfigmanagementPolicyController? policyController, string? version) @@ -49,6 +55,7 @@ private FeatureMembershipConfigmanagement( Binauthz = binauthz; ConfigSync = configSync; HierarchyController = hierarchyController; + Management = management; PolicyController = policyController; Version = version; } diff --git a/sdk/dotnet/GkeHub/Outputs/FeatureMembershipConfigmanagementConfigSync.cs b/sdk/dotnet/GkeHub/Outputs/FeatureMembershipConfigmanagementConfigSync.cs index d27cb8ece3..34b733feff 100644 --- a/sdk/dotnet/GkeHub/Outputs/FeatureMembershipConfigmanagementConfigSync.cs +++ b/sdk/dotnet/GkeHub/Outputs/FeatureMembershipConfigmanagementConfigSync.cs @@ -13,6 +13,10 @@ namespace Pulumi.Gcp.GkeHub.Outputs [OutputType] public sealed class FeatureMembershipConfigmanagementConfigSync { + /// + /// Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. + /// + public readonly bool? Enabled; /// /// (Optional) Structure is documented below. /// @@ -38,6 +42,8 @@ public sealed class FeatureMembershipConfigmanagementConfigSync [OutputConstructor] private FeatureMembershipConfigmanagementConfigSync( + bool? enabled, + Outputs.FeatureMembershipConfigmanagementConfigSyncGit? git, string? metricsGcpServiceAccountEmail, @@ -48,6 +54,7 @@ private FeatureMembershipConfigmanagementConfigSync( string? sourceFormat) { + Enabled = enabled; Git = git; MetricsGcpServiceAccountEmail = metricsGcpServiceAccountEmail; Oci = oci; diff --git a/sdk/dotnet/Logging/GetLogViewIamPolicy.cs b/sdk/dotnet/Logging/GetLogViewIamPolicy.cs index 6ca4df54f6..eac4f8d9e2 100644 --- a/sdk/dotnet/Logging/GetLogViewIamPolicy.cs +++ b/sdk/dotnet/Logging/GetLogViewIamPolicy.cs @@ -11,9 +11,59 @@ namespace Pulumi.Gcp.Logging { public static class GetLogViewIamPolicy { + /// + /// Retrieves the current IAM policy data for logview + /// + /// + /// ## example + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var policy = Gcp.Logging.GetLogViewIamPolicy.Invoke(new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// }); + /// + /// }); + /// ``` + /// public static Task InvokeAsync(GetLogViewIamPolicyArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.InvokeAsync("gcp:logging/getLogViewIamPolicy:getLogViewIamPolicy", args ?? new GetLogViewIamPolicyArgs(), options.WithDefaults()); + /// + /// Retrieves the current IAM policy data for logview + /// + /// + /// ## example + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var policy = Gcp.Logging.GetLogViewIamPolicy.Invoke(new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// }); + /// + /// }); + /// ``` + /// public static Output Invoke(GetLogViewIamPolicyInvokeArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.Invoke("gcp:logging/getLogViewIamPolicy:getLogViewIamPolicy", args ?? new GetLogViewIamPolicyInvokeArgs(), options.WithDefaults()); } diff --git a/sdk/dotnet/Logging/LogViewIamBinding.cs b/sdk/dotnet/Logging/LogViewIamBinding.cs index c555066aa9..2f915d8a41 100644 --- a/sdk/dotnet/Logging/LogViewIamBinding.cs +++ b/sdk/dotnet/Logging/LogViewIamBinding.cs @@ -10,6 +10,420 @@ namespace Pulumi.Gcp.Logging { /// + /// Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + /// + /// * `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + /// * `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + /// * `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + /// + /// A data source can be used to retrieve policy data in advent you do not need creation + /// + /// * `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + /// + /// > **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be. + /// + /// > **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + /// + /// > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + /// + /// ## gcp.logging.LogViewIamPolicy + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Logging.LogViewIamPolicy("policy", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// + /// With IAM Conditions: + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Logging.LogViewIamPolicy("policy", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// ## gcp.logging.LogViewIamBinding + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Logging.LogViewIamBinding("binding", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// With IAM Conditions: + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Logging.LogViewIamBinding("binding", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// ## gcp.logging.LogViewIamMember + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Logging.LogViewIamMember("member", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// + /// With IAM Conditions: + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Logging.LogViewIamMember("member", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + /// + /// full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + /// --- + /// + /// # IAM policy for Cloud (Stackdriver) Logging LogView + /// Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + /// + /// * `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + /// * `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + /// * `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + /// + /// A data source can be used to retrieve policy data in advent you do not need creation + /// + /// * `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + /// + /// > **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be. + /// + /// > **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + /// + /// > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + /// + /// ## gcp.logging.LogViewIamPolicy + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Logging.LogViewIamPolicy("policy", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// + /// With IAM Conditions: + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Logging.LogViewIamPolicy("policy", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// ## gcp.logging.LogViewIamBinding + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Logging.LogViewIamBinding("binding", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// With IAM Conditions: + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Logging.LogViewIamBinding("binding", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// ## gcp.logging.LogViewIamMember + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Logging.LogViewIamMember("member", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// + /// With IAM Conditions: + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Logging.LogViewIamMember("member", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: diff --git a/sdk/dotnet/Logging/LogViewIamMember.cs b/sdk/dotnet/Logging/LogViewIamMember.cs index dd114e8b23..02155efc71 100644 --- a/sdk/dotnet/Logging/LogViewIamMember.cs +++ b/sdk/dotnet/Logging/LogViewIamMember.cs @@ -10,6 +10,420 @@ namespace Pulumi.Gcp.Logging { /// + /// Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + /// + /// * `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + /// * `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + /// * `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + /// + /// A data source can be used to retrieve policy data in advent you do not need creation + /// + /// * `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + /// + /// > **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be. + /// + /// > **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + /// + /// > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + /// + /// ## gcp.logging.LogViewIamPolicy + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Logging.LogViewIamPolicy("policy", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// + /// With IAM Conditions: + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Logging.LogViewIamPolicy("policy", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// ## gcp.logging.LogViewIamBinding + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Logging.LogViewIamBinding("binding", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// With IAM Conditions: + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Logging.LogViewIamBinding("binding", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// ## gcp.logging.LogViewIamMember + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Logging.LogViewIamMember("member", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// + /// With IAM Conditions: + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Logging.LogViewIamMember("member", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + /// + /// full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + /// --- + /// + /// # IAM policy for Cloud (Stackdriver) Logging LogView + /// Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + /// + /// * `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + /// * `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + /// * `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + /// + /// A data source can be used to retrieve policy data in advent you do not need creation + /// + /// * `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + /// + /// > **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be. + /// + /// > **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + /// + /// > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + /// + /// ## gcp.logging.LogViewIamPolicy + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Logging.LogViewIamPolicy("policy", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// + /// With IAM Conditions: + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Logging.LogViewIamPolicy("policy", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// ## gcp.logging.LogViewIamBinding + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Logging.LogViewIamBinding("binding", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// With IAM Conditions: + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Logging.LogViewIamBinding("binding", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// ## gcp.logging.LogViewIamMember + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Logging.LogViewIamMember("member", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// + /// With IAM Conditions: + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Logging.LogViewIamMember("member", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: diff --git a/sdk/dotnet/Logging/LogViewIamPolicy.cs b/sdk/dotnet/Logging/LogViewIamPolicy.cs index 75f0f219fe..58f2e12724 100644 --- a/sdk/dotnet/Logging/LogViewIamPolicy.cs +++ b/sdk/dotnet/Logging/LogViewIamPolicy.cs @@ -10,6 +10,420 @@ namespace Pulumi.Gcp.Logging { /// + /// Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + /// + /// * `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + /// * `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + /// * `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + /// + /// A data source can be used to retrieve policy data in advent you do not need creation + /// + /// * `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + /// + /// > **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be. + /// + /// > **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + /// + /// > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + /// + /// ## gcp.logging.LogViewIamPolicy + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Logging.LogViewIamPolicy("policy", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// + /// With IAM Conditions: + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Logging.LogViewIamPolicy("policy", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// ## gcp.logging.LogViewIamBinding + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Logging.LogViewIamBinding("binding", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// With IAM Conditions: + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Logging.LogViewIamBinding("binding", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// ## gcp.logging.LogViewIamMember + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Logging.LogViewIamMember("member", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// + /// With IAM Conditions: + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Logging.LogViewIamMember("member", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + /// + /// full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + /// --- + /// + /// # IAM policy for Cloud (Stackdriver) Logging LogView + /// Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + /// + /// * `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + /// * `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + /// * `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + /// + /// A data source can be used to retrieve policy data in advent you do not need creation + /// + /// * `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + /// + /// > **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be. + /// + /// > **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + /// + /// > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + /// + /// ## gcp.logging.LogViewIamPolicy + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Logging.LogViewIamPolicy("policy", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// + /// With IAM Conditions: + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Logging.LogViewIamPolicy("policy", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// ## gcp.logging.LogViewIamBinding + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Logging.LogViewIamBinding("binding", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// With IAM Conditions: + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Logging.LogViewIamBinding("binding", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Logging.Inputs.LogViewIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// ## gcp.logging.LogViewIamMember + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Logging.LogViewIamMember("member", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// + /// With IAM Conditions: + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Logging.LogViewIamMember("member", new() + /// { + /// Parent = loggingLogView.Parent, + /// Location = loggingLogView.Location, + /// Bucket = loggingLogView.Bucket, + /// Name = loggingLogView.Name, + /// Role = "roles/logging.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Logging.Inputs.LogViewIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: diff --git a/sdk/dotnet/Netapp/Inputs/VolumeReplicationTransferStatArgs.cs b/sdk/dotnet/Netapp/Inputs/VolumeReplicationTransferStatArgs.cs index 7d0e65d64a..bbbb7faa8a 100644 --- a/sdk/dotnet/Netapp/Inputs/VolumeReplicationTransferStatArgs.cs +++ b/sdk/dotnet/Netapp/Inputs/VolumeReplicationTransferStatArgs.cs @@ -51,14 +51,14 @@ public sealed class VolumeReplicationTransferStatArgs : global::Pulumi.ResourceA /// /// (Output) - /// Total time taken so far during current transfer. + /// Cumulative time taken across all transfers for the replication relationship. /// [Input("totalTransferDuration")] public Input? TotalTransferDuration { get; set; } /// /// (Output) - /// Number of bytes transferred so far in current transfer. + /// Cumulative bytes transferred so far for the replication relationship. /// [Input("transferBytes")] public Input? TransferBytes { get; set; } diff --git a/sdk/dotnet/Netapp/Inputs/VolumeReplicationTransferStatGetArgs.cs b/sdk/dotnet/Netapp/Inputs/VolumeReplicationTransferStatGetArgs.cs index a69e7616a5..a72766fee4 100644 --- a/sdk/dotnet/Netapp/Inputs/VolumeReplicationTransferStatGetArgs.cs +++ b/sdk/dotnet/Netapp/Inputs/VolumeReplicationTransferStatGetArgs.cs @@ -51,14 +51,14 @@ public sealed class VolumeReplicationTransferStatGetArgs : global::Pulumi.Resour /// /// (Output) - /// Total time taken so far during current transfer. + /// Cumulative time taken across all transfers for the replication relationship. /// [Input("totalTransferDuration")] public Input? TotalTransferDuration { get; set; } /// /// (Output) - /// Number of bytes transferred so far in current transfer. + /// Cumulative bytes transferred so far for the replication relationship. /// [Input("transferBytes")] public Input? TransferBytes { get; set; } diff --git a/sdk/dotnet/Netapp/Outputs/VolumeReplicationTransferStat.cs b/sdk/dotnet/Netapp/Outputs/VolumeReplicationTransferStat.cs index 090845ec4b..2b9b213479 100644 --- a/sdk/dotnet/Netapp/Outputs/VolumeReplicationTransferStat.cs +++ b/sdk/dotnet/Netapp/Outputs/VolumeReplicationTransferStat.cs @@ -42,12 +42,12 @@ public sealed class VolumeReplicationTransferStat public readonly string? LastTransferError; /// /// (Output) - /// Total time taken so far during current transfer. + /// Cumulative time taken across all transfers for the replication relationship. /// public readonly string? TotalTransferDuration; /// /// (Output) - /// Number of bytes transferred so far in current transfer. + /// Cumulative bytes transferred so far for the replication relationship. /// public readonly string? TransferBytes; /// diff --git a/sdk/dotnet/NetworkConnectivity/RegionalEndpoint.cs b/sdk/dotnet/NetworkConnectivity/RegionalEndpoint.cs index ebb5e7feac..d49a589f72 100644 --- a/sdk/dotnet/NetworkConnectivity/RegionalEndpoint.cs +++ b/sdk/dotnet/NetworkConnectivity/RegionalEndpoint.cs @@ -48,12 +48,12 @@ namespace Pulumi.Gcp.NetworkConnectivity /// { /// Name = "my-rep", /// Location = "us-central1", - /// TargetGoogleApi = "boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com", + /// TargetGoogleApi = "storage.us-central1.p.rep.googleapis.com", /// AccessType = "REGIONAL", /// Address = "192.168.0.5", /// Network = myNetwork.Id, /// Subnetwork = mySubnetwork.Id, - /// Description = "My RegionalEndpoint targeting Google API boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com", + /// Description = "My RegionalEndpoint targeting Google API storage.us-central1.p.rep.googleapis.com", /// Labels = /// { /// { "env", "default" }, @@ -90,7 +90,7 @@ namespace Pulumi.Gcp.NetworkConnectivity /// { /// Name = "my-rep", /// Location = "us-central1", - /// TargetGoogleApi = "boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com", + /// TargetGoogleApi = "storage.us-central1.p.rep.googleapis.com", /// AccessType = "GLOBAL", /// Address = "192.168.0.4", /// Network = myNetwork.Id, diff --git a/sdk/dotnet/Organizations/GetProject.cs b/sdk/dotnet/Organizations/GetProject.cs index 75761c15ac..10514d8bf4 100644 --- a/sdk/dotnet/Organizations/GetProject.cs +++ b/sdk/dotnet/Organizations/GetProject.cs @@ -101,6 +101,7 @@ public sealed class GetProjectResult { public readonly bool AutoCreateNetwork; public readonly string BillingAccount; + public readonly string DeletionPolicy; public readonly ImmutableDictionary EffectiveLabels; public readonly string FolderId; /// @@ -124,6 +125,8 @@ private GetProjectResult( string billingAccount, + string deletionPolicy, + ImmutableDictionary effectiveLabels, string folderId, @@ -146,6 +149,7 @@ private GetProjectResult( { AutoCreateNetwork = autoCreateNetwork; BillingAccount = billingAccount; + DeletionPolicy = deletionPolicy; EffectiveLabels = effectiveLabels; FolderId = folderId; Id = id; diff --git a/sdk/dotnet/Organizations/Project.cs b/sdk/dotnet/Organizations/Project.cs index 163bf12083..cf7ba4a6f5 100644 --- a/sdk/dotnet/Organizations/Project.cs +++ b/sdk/dotnet/Organizations/Project.cs @@ -107,6 +107,9 @@ public partial class Project : global::Pulumi.CustomResource [Output("billingAccount")] public Output BillingAccount { get; private set; } = null!; + [Output("deletionPolicy")] + public Output DeletionPolicy { get; private set; } = null!; + /// /// All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. /// @@ -167,8 +170,11 @@ public partial class Project : global::Pulumi.CustomResource public Output> PulumiLabels { get; private set; } = null!; /// - /// If true, the resource can be deleted - /// without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. + /// If true, the resource can be deleted without + /// deleting the Project via the Google API. `skip_delete` is deprecated and will be + /// removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + /// can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` + /// to a `deletion_policy` value of `ABANDON` for equivalent behavior. /// [Output("skipDelete")] public Output SkipDelete { get; private set; } = null!; @@ -242,6 +248,9 @@ public sealed class ProjectArgs : global::Pulumi.ResourceArgs [Input("billingAccount")] public Input? BillingAccount { get; set; } + [Input("deletionPolicy")] + public Input? DeletionPolicy { get; set; } + /// /// The numeric ID of the folder this project should be /// created under. Only one of `org_id` or `folder_id` may be @@ -290,8 +299,11 @@ public InputMap Labels public Input? ProjectId { get; set; } /// - /// If true, the resource can be deleted - /// without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. + /// If true, the resource can be deleted without + /// deleting the Project via the Google API. `skip_delete` is deprecated and will be + /// removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + /// can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` + /// to a `deletion_policy` value of `ABANDON` for equivalent behavior. /// [Input("skipDelete")] public Input? SkipDelete { get; set; } @@ -322,6 +334,9 @@ public sealed class ProjectState : global::Pulumi.ResourceArgs [Input("billingAccount")] public Input? BillingAccount { get; set; } + [Input("deletionPolicy")] + public Input? DeletionPolicy { get; set; } + [Input("effectiveLabels")] private InputMap? _effectiveLabels; @@ -408,8 +423,11 @@ public InputMap PulumiLabels } /// - /// If true, the resource can be deleted - /// without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. + /// If true, the resource can be deleted without + /// deleting the Project via the Google API. `skip_delete` is deprecated and will be + /// removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + /// can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` + /// to a `deletion_policy` value of `ABANDON` for equivalent behavior. /// [Input("skipDelete")] public Input? SkipDelete { get; set; } diff --git a/sdk/dotnet/SecurityCenter/GetV2OrganizationSourceIamPolicy.cs b/sdk/dotnet/SecurityCenter/GetV2OrganizationSourceIamPolicy.cs new file mode 100644 index 0000000000..e8e2a664c0 --- /dev/null +++ b/sdk/dotnet/SecurityCenter/GetV2OrganizationSourceIamPolicy.cs @@ -0,0 +1,139 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.SecurityCenter +{ + public static class GetV2OrganizationSourceIamPolicy + { + /// + /// Retrieves the current IAM policy data for organizationsource + /// + /// + /// ## example + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var policy = Gcp.SecurityCenter.GetV2OrganizationSourceIamPolicy.Invoke(new() + /// { + /// Source = customSource.Name, + /// }); + /// + /// }); + /// ``` + /// + public static Task InvokeAsync(GetV2OrganizationSourceIamPolicyArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.InvokeAsync("gcp:securitycenter/getV2OrganizationSourceIamPolicy:getV2OrganizationSourceIamPolicy", args ?? new GetV2OrganizationSourceIamPolicyArgs(), options.WithDefaults()); + + /// + /// Retrieves the current IAM policy data for organizationsource + /// + /// + /// ## example + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var policy = Gcp.SecurityCenter.GetV2OrganizationSourceIamPolicy.Invoke(new() + /// { + /// Source = customSource.Name, + /// }); + /// + /// }); + /// ``` + /// + public static Output Invoke(GetV2OrganizationSourceIamPolicyInvokeArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.Invoke("gcp:securitycenter/getV2OrganizationSourceIamPolicy:getV2OrganizationSourceIamPolicy", args ?? new GetV2OrganizationSourceIamPolicyInvokeArgs(), options.WithDefaults()); + } + + + public sealed class GetV2OrganizationSourceIamPolicyArgs : global::Pulumi.InvokeArgs + { + [Input("organization", required: true)] + public string Organization { get; set; } = null!; + + /// + /// Used to find the parent resource to bind the IAM policy to + /// + [Input("source", required: true)] + public string Source { get; set; } = null!; + + public GetV2OrganizationSourceIamPolicyArgs() + { + } + public static new GetV2OrganizationSourceIamPolicyArgs Empty => new GetV2OrganizationSourceIamPolicyArgs(); + } + + public sealed class GetV2OrganizationSourceIamPolicyInvokeArgs : global::Pulumi.InvokeArgs + { + [Input("organization", required: true)] + public Input Organization { get; set; } = null!; + + /// + /// Used to find the parent resource to bind the IAM policy to + /// + [Input("source", required: true)] + public Input Source { get; set; } = null!; + + public GetV2OrganizationSourceIamPolicyInvokeArgs() + { + } + public static new GetV2OrganizationSourceIamPolicyInvokeArgs Empty => new GetV2OrganizationSourceIamPolicyInvokeArgs(); + } + + + [OutputType] + public sealed class GetV2OrganizationSourceIamPolicyResult + { + /// + /// (Computed) The etag of the IAM policy. + /// + public readonly string Etag; + /// + /// The provider-assigned unique ID for this managed resource. + /// + public readonly string Id; + public readonly string Organization; + /// + /// (Required only by `gcp.securitycenter.V2OrganizationSourceIamPolicy`) The policy data generated by + /// a `gcp.organizations.getIAMPolicy` data source. + /// + public readonly string PolicyData; + public readonly string Source; + + [OutputConstructor] + private GetV2OrganizationSourceIamPolicyResult( + string etag, + + string id, + + string organization, + + string policyData, + + string source) + { + Etag = etag; + Id = id; + Organization = organization; + PolicyData = policyData; + Source = source; + } + } +} diff --git a/sdk/dotnet/SecurityCenter/Inputs/V2OrganizationSourceIamBindingConditionArgs.cs b/sdk/dotnet/SecurityCenter/Inputs/V2OrganizationSourceIamBindingConditionArgs.cs new file mode 100644 index 0000000000..e2a994e9ec --- /dev/null +++ b/sdk/dotnet/SecurityCenter/Inputs/V2OrganizationSourceIamBindingConditionArgs.cs @@ -0,0 +1,29 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.SecurityCenter.Inputs +{ + + public sealed class V2OrganizationSourceIamBindingConditionArgs : global::Pulumi.ResourceArgs + { + [Input("description")] + public Input? Description { get; set; } + + [Input("expression", required: true)] + public Input Expression { get; set; } = null!; + + [Input("title", required: true)] + public Input Title { get; set; } = null!; + + public V2OrganizationSourceIamBindingConditionArgs() + { + } + public static new V2OrganizationSourceIamBindingConditionArgs Empty => new V2OrganizationSourceIamBindingConditionArgs(); + } +} diff --git a/sdk/dotnet/SecurityCenter/Inputs/V2OrganizationSourceIamBindingConditionGetArgs.cs b/sdk/dotnet/SecurityCenter/Inputs/V2OrganizationSourceIamBindingConditionGetArgs.cs new file mode 100644 index 0000000000..6feb1a4968 --- /dev/null +++ b/sdk/dotnet/SecurityCenter/Inputs/V2OrganizationSourceIamBindingConditionGetArgs.cs @@ -0,0 +1,29 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.SecurityCenter.Inputs +{ + + public sealed class V2OrganizationSourceIamBindingConditionGetArgs : global::Pulumi.ResourceArgs + { + [Input("description")] + public Input? Description { get; set; } + + [Input("expression", required: true)] + public Input Expression { get; set; } = null!; + + [Input("title", required: true)] + public Input Title { get; set; } = null!; + + public V2OrganizationSourceIamBindingConditionGetArgs() + { + } + public static new V2OrganizationSourceIamBindingConditionGetArgs Empty => new V2OrganizationSourceIamBindingConditionGetArgs(); + } +} diff --git a/sdk/dotnet/SecurityCenter/Inputs/V2OrganizationSourceIamMemberConditionArgs.cs b/sdk/dotnet/SecurityCenter/Inputs/V2OrganizationSourceIamMemberConditionArgs.cs new file mode 100644 index 0000000000..1956556ca9 --- /dev/null +++ b/sdk/dotnet/SecurityCenter/Inputs/V2OrganizationSourceIamMemberConditionArgs.cs @@ -0,0 +1,29 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.SecurityCenter.Inputs +{ + + public sealed class V2OrganizationSourceIamMemberConditionArgs : global::Pulumi.ResourceArgs + { + [Input("description")] + public Input? Description { get; set; } + + [Input("expression", required: true)] + public Input Expression { get; set; } = null!; + + [Input("title", required: true)] + public Input Title { get; set; } = null!; + + public V2OrganizationSourceIamMemberConditionArgs() + { + } + public static new V2OrganizationSourceIamMemberConditionArgs Empty => new V2OrganizationSourceIamMemberConditionArgs(); + } +} diff --git a/sdk/dotnet/SecurityCenter/Inputs/V2OrganizationSourceIamMemberConditionGetArgs.cs b/sdk/dotnet/SecurityCenter/Inputs/V2OrganizationSourceIamMemberConditionGetArgs.cs new file mode 100644 index 0000000000..feaca19c92 --- /dev/null +++ b/sdk/dotnet/SecurityCenter/Inputs/V2OrganizationSourceIamMemberConditionGetArgs.cs @@ -0,0 +1,29 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.SecurityCenter.Inputs +{ + + public sealed class V2OrganizationSourceIamMemberConditionGetArgs : global::Pulumi.ResourceArgs + { + [Input("description")] + public Input? Description { get; set; } + + [Input("expression", required: true)] + public Input Expression { get; set; } = null!; + + [Input("title", required: true)] + public Input Title { get; set; } = null!; + + public V2OrganizationSourceIamMemberConditionGetArgs() + { + } + public static new V2OrganizationSourceIamMemberConditionGetArgs Empty => new V2OrganizationSourceIamMemberConditionGetArgs(); + } +} diff --git a/sdk/dotnet/SecurityCenter/Inputs/V2ProjectNotificationConfigStreamingConfigArgs.cs b/sdk/dotnet/SecurityCenter/Inputs/V2ProjectNotificationConfigStreamingConfigArgs.cs new file mode 100644 index 0000000000..3c5c5a3c8d --- /dev/null +++ b/sdk/dotnet/SecurityCenter/Inputs/V2ProjectNotificationConfigStreamingConfigArgs.cs @@ -0,0 +1,46 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.SecurityCenter.Inputs +{ + + public sealed class V2ProjectNotificationConfigStreamingConfigArgs : global::Pulumi.ResourceArgs + { + /// + /// Expression that defines the filter to apply across create/update + /// events of assets or findings as specified by the event type. The + /// expression is a list of zero or more restrictions combined via + /// logical operators AND and OR. Parentheses are supported, and OR + /// has higher precedence than AND. + /// Restrictions have the form <field> <operator> <value> and may have + /// a - character in front of them to indicate negation. The fields + /// map to those defined in the corresponding resource. + /// The supported operators are: + /// * = for all value types. + /// * >, <, >=, <= for integer values. + /// * :, meaning substring matching, for strings. + /// The supported value types are: + /// * string literals in quotes. + /// * integer literals without quotes. + /// * boolean literals true and false without quotes. + /// See + /// [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + /// for information on how to write a filter. + /// + /// - - - + /// + [Input("filter", required: true)] + public Input Filter { get; set; } = null!; + + public V2ProjectNotificationConfigStreamingConfigArgs() + { + } + public static new V2ProjectNotificationConfigStreamingConfigArgs Empty => new V2ProjectNotificationConfigStreamingConfigArgs(); + } +} diff --git a/sdk/dotnet/SecurityCenter/Inputs/V2ProjectNotificationConfigStreamingConfigGetArgs.cs b/sdk/dotnet/SecurityCenter/Inputs/V2ProjectNotificationConfigStreamingConfigGetArgs.cs new file mode 100644 index 0000000000..cda5755f3a --- /dev/null +++ b/sdk/dotnet/SecurityCenter/Inputs/V2ProjectNotificationConfigStreamingConfigGetArgs.cs @@ -0,0 +1,46 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.SecurityCenter.Inputs +{ + + public sealed class V2ProjectNotificationConfigStreamingConfigGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Expression that defines the filter to apply across create/update + /// events of assets or findings as specified by the event type. The + /// expression is a list of zero or more restrictions combined via + /// logical operators AND and OR. Parentheses are supported, and OR + /// has higher precedence than AND. + /// Restrictions have the form <field> <operator> <value> and may have + /// a - character in front of them to indicate negation. The fields + /// map to those defined in the corresponding resource. + /// The supported operators are: + /// * = for all value types. + /// * >, <, >=, <= for integer values. + /// * :, meaning substring matching, for strings. + /// The supported value types are: + /// * string literals in quotes. + /// * integer literals without quotes. + /// * boolean literals true and false without quotes. + /// See + /// [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + /// for information on how to write a filter. + /// + /// - - - + /// + [Input("filter", required: true)] + public Input Filter { get; set; } = null!; + + public V2ProjectNotificationConfigStreamingConfigGetArgs() + { + } + public static new V2ProjectNotificationConfigStreamingConfigGetArgs Empty => new V2ProjectNotificationConfigStreamingConfigGetArgs(); + } +} diff --git a/sdk/dotnet/SecurityCenter/Outputs/V2OrganizationSourceIamBindingCondition.cs b/sdk/dotnet/SecurityCenter/Outputs/V2OrganizationSourceIamBindingCondition.cs new file mode 100644 index 0000000000..0d33b55ef6 --- /dev/null +++ b/sdk/dotnet/SecurityCenter/Outputs/V2OrganizationSourceIamBindingCondition.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.SecurityCenter.Outputs +{ + + [OutputType] + public sealed class V2OrganizationSourceIamBindingCondition + { + public readonly string? Description; + public readonly string Expression; + public readonly string Title; + + [OutputConstructor] + private V2OrganizationSourceIamBindingCondition( + string? description, + + string expression, + + string title) + { + Description = description; + Expression = expression; + Title = title; + } + } +} diff --git a/sdk/dotnet/SecurityCenter/Outputs/V2OrganizationSourceIamMemberCondition.cs b/sdk/dotnet/SecurityCenter/Outputs/V2OrganizationSourceIamMemberCondition.cs new file mode 100644 index 0000000000..b925f58a2d --- /dev/null +++ b/sdk/dotnet/SecurityCenter/Outputs/V2OrganizationSourceIamMemberCondition.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.SecurityCenter.Outputs +{ + + [OutputType] + public sealed class V2OrganizationSourceIamMemberCondition + { + public readonly string? Description; + public readonly string Expression; + public readonly string Title; + + [OutputConstructor] + private V2OrganizationSourceIamMemberCondition( + string? description, + + string expression, + + string title) + { + Description = description; + Expression = expression; + Title = title; + } + } +} diff --git a/sdk/dotnet/SecurityCenter/Outputs/V2ProjectNotificationConfigStreamingConfig.cs b/sdk/dotnet/SecurityCenter/Outputs/V2ProjectNotificationConfigStreamingConfig.cs new file mode 100644 index 0000000000..2d00bbcb47 --- /dev/null +++ b/sdk/dotnet/SecurityCenter/Outputs/V2ProjectNotificationConfigStreamingConfig.cs @@ -0,0 +1,47 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.SecurityCenter.Outputs +{ + + [OutputType] + public sealed class V2ProjectNotificationConfigStreamingConfig + { + /// + /// Expression that defines the filter to apply across create/update + /// events of assets or findings as specified by the event type. The + /// expression is a list of zero or more restrictions combined via + /// logical operators AND and OR. Parentheses are supported, and OR + /// has higher precedence than AND. + /// Restrictions have the form <field> <operator> <value> and may have + /// a - character in front of them to indicate negation. The fields + /// map to those defined in the corresponding resource. + /// The supported operators are: + /// * = for all value types. + /// * >, <, >=, <= for integer values. + /// * :, meaning substring matching, for strings. + /// The supported value types are: + /// * string literals in quotes. + /// * integer literals without quotes. + /// * boolean literals true and false without quotes. + /// See + /// [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + /// for information on how to write a filter. + /// + /// - - - + /// + public readonly string Filter; + + [OutputConstructor] + private V2ProjectNotificationConfigStreamingConfig(string filter) + { + Filter = filter; + } + } +} diff --git a/sdk/dotnet/SecurityCenter/V2FolderMuteConfig.cs b/sdk/dotnet/SecurityCenter/V2FolderMuteConfig.cs new file mode 100644 index 0000000000..e900041479 --- /dev/null +++ b/sdk/dotnet/SecurityCenter/V2FolderMuteConfig.cs @@ -0,0 +1,329 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.SecurityCenter +{ + /// + /// Mute Findings is a volume management feature in Security Command Center + /// that lets you manually or programmatically hide irrelevant findings, + /// and create filters to automatically silence existing and future + /// findings based on criteria you specify. + /// + /// To get more information about FolderMuteConfig, see: + /// + /// * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/folders.muteConfigs) + /// + /// ## Example Usage + /// + /// ### Scc V2 Folder Mute Config Basic + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var folder = new Gcp.Organizations.Folder("folder", new() + /// { + /// Parent = "organizations/123456789", + /// DisplayName = "folder-name", + /// }); + /// + /// var @default = new Gcp.SecurityCenter.V2FolderMuteConfig("default", new() + /// { + /// MuteConfigId = "my-config", + /// Folder = folder.FolderId, + /// Location = "global", + /// Description = "My custom Cloud Security Command Center Finding Folder mute Configuration", + /// Filter = "severity = \"HIGH\"", + /// Type = "STATIC", + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// FolderMuteConfig can be imported using any of these accepted formats: + /// + /// * `folders/{{folder}}/locations/{{location}}/muteConfigs/{{mute_config_id}}` + /// + /// * `{{folder}}/{{location}}/{{mute_config_id}}` + /// + /// When using the `pulumi import` command, FolderMuteConfig can be imported using one of the formats above. For example: + /// + /// ```sh + /// $ pulumi import gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig default folders/{{folder}}/locations/{{location}}/muteConfigs/{{mute_config_id}} + /// ``` + /// + /// ```sh + /// $ pulumi import gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig default {{folder}}/{{location}}/{{mute_config_id}} + /// ``` + /// + [GcpResourceType("gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig")] + public partial class V2FolderMuteConfig : global::Pulumi.CustomResource + { + /// + /// The time at which the mute config was created. This field is set by + /// the server and will be ignored if provided on config creation. + /// + [Output("createTime")] + public Output CreateTime { get; private set; } = null!; + + /// + /// A description of the mute config. + /// + [Output("description")] + public Output Description { get; private set; } = null!; + + /// + /// An expression that defines the filter to apply across create/update + /// events of findings. While creating a filter string, be mindful of + /// the scope in which the mute configuration is being created. E.g., + /// If a filter contains project = X but is created under the + /// project = Y scope, it might not match any findings. + /// + [Output("filter")] + public Output Filter { get; private set; } = null!; + + /// + /// The folder whose Cloud Security Command Center the Mute + /// Config lives in. + /// + [Output("folder")] + public Output Folder { get; private set; } = null!; + + /// + /// location Id is provided by folder. If not provided, Use global as default. + /// + [Output("location")] + public Output Location { get; private set; } = null!; + + /// + /// Email address of the user who last edited the mute config. This + /// field is set by the server and will be ignored if provided on + /// config creation or update. + /// + [Output("mostRecentEditor")] + public Output MostRecentEditor { get; private set; } = null!; + + /// + /// Unique identifier provided by the client within the parent scope. + /// + /// + /// - - - + /// + [Output("muteConfigId")] + public Output MuteConfigId { get; private set; } = null!; + + /// + /// Name of the mute config. Its format is + /// organizations/{organization}/locations/global/muteConfigs/{configId}, + /// folders/{folder}/locations/global/muteConfigs/{configId}, + /// or projects/{project}/locations/global/muteConfigs/{configId} + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// The type of the mute config. + /// + [Output("type")] + public Output Type { get; private set; } = null!; + + /// + /// Output only. The most recent time at which the mute config was + /// updated. This field is set by the server and will be ignored if + /// provided on config creation or update. + /// + [Output("updateTime")] + public Output UpdateTime { get; private set; } = null!; + + + /// + /// Create a V2FolderMuteConfig resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public V2FolderMuteConfig(string name, V2FolderMuteConfigArgs args, CustomResourceOptions? options = null) + : base("gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig", name, args ?? new V2FolderMuteConfigArgs(), MakeResourceOptions(options, "")) + { + } + + private V2FolderMuteConfig(string name, Input id, V2FolderMuteConfigState? state = null, CustomResourceOptions? options = null) + : base("gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing V2FolderMuteConfig resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static V2FolderMuteConfig Get(string name, Input id, V2FolderMuteConfigState? state = null, CustomResourceOptions? options = null) + { + return new V2FolderMuteConfig(name, id, state, options); + } + } + + public sealed class V2FolderMuteConfigArgs : global::Pulumi.ResourceArgs + { + /// + /// A description of the mute config. + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// An expression that defines the filter to apply across create/update + /// events of findings. While creating a filter string, be mindful of + /// the scope in which the mute configuration is being created. E.g., + /// If a filter contains project = X but is created under the + /// project = Y scope, it might not match any findings. + /// + [Input("filter", required: true)] + public Input Filter { get; set; } = null!; + + /// + /// The folder whose Cloud Security Command Center the Mute + /// Config lives in. + /// + [Input("folder", required: true)] + public Input Folder { get; set; } = null!; + + /// + /// location Id is provided by folder. If not provided, Use global as default. + /// + [Input("location")] + public Input? Location { get; set; } + + /// + /// Unique identifier provided by the client within the parent scope. + /// + /// + /// - - - + /// + [Input("muteConfigId", required: true)] + public Input MuteConfigId { get; set; } = null!; + + /// + /// The type of the mute config. + /// + [Input("type", required: true)] + public Input Type { get; set; } = null!; + + public V2FolderMuteConfigArgs() + { + } + public static new V2FolderMuteConfigArgs Empty => new V2FolderMuteConfigArgs(); + } + + public sealed class V2FolderMuteConfigState : global::Pulumi.ResourceArgs + { + /// + /// The time at which the mute config was created. This field is set by + /// the server and will be ignored if provided on config creation. + /// + [Input("createTime")] + public Input? CreateTime { get; set; } + + /// + /// A description of the mute config. + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// An expression that defines the filter to apply across create/update + /// events of findings. While creating a filter string, be mindful of + /// the scope in which the mute configuration is being created. E.g., + /// If a filter contains project = X but is created under the + /// project = Y scope, it might not match any findings. + /// + [Input("filter")] + public Input? Filter { get; set; } + + /// + /// The folder whose Cloud Security Command Center the Mute + /// Config lives in. + /// + [Input("folder")] + public Input? Folder { get; set; } + + /// + /// location Id is provided by folder. If not provided, Use global as default. + /// + [Input("location")] + public Input? Location { get; set; } + + /// + /// Email address of the user who last edited the mute config. This + /// field is set by the server and will be ignored if provided on + /// config creation or update. + /// + [Input("mostRecentEditor")] + public Input? MostRecentEditor { get; set; } + + /// + /// Unique identifier provided by the client within the parent scope. + /// + /// + /// - - - + /// + [Input("muteConfigId")] + public Input? MuteConfigId { get; set; } + + /// + /// Name of the mute config. Its format is + /// organizations/{organization}/locations/global/muteConfigs/{configId}, + /// folders/{folder}/locations/global/muteConfigs/{configId}, + /// or projects/{project}/locations/global/muteConfigs/{configId} + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// The type of the mute config. + /// + [Input("type")] + public Input? Type { get; set; } + + /// + /// Output only. The most recent time at which the mute config was + /// updated. This field is set by the server and will be ignored if + /// provided on config creation or update. + /// + [Input("updateTime")] + public Input? UpdateTime { get; set; } + + public V2FolderMuteConfigState() + { + } + public static new V2FolderMuteConfigState Empty => new V2FolderMuteConfigState(); + } +} diff --git a/sdk/dotnet/SecurityCenter/V2OrganizationSource.cs b/sdk/dotnet/SecurityCenter/V2OrganizationSource.cs new file mode 100644 index 0000000000..31fdd1e784 --- /dev/null +++ b/sdk/dotnet/SecurityCenter/V2OrganizationSource.cs @@ -0,0 +1,218 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.SecurityCenter +{ + /// + /// A Cloud Security Command Center's (Cloud SCC) finding source. A finding + /// source is an entity or a mechanism that can produce a finding. A source is + /// like a container of findings that come from the same scanner, logger, + /// monitor, etc. + /// + /// To get more information about OrganizationSource, see: + /// + /// * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/organizations.sources) + /// * How-to Guides + /// * [Official Documentation](https://cloud.google.com/security-command-center/docs) + /// + /// ## Example Usage + /// + /// ### Scc Source Basic + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var customSource = new Gcp.SecurityCenter.Source("custom_source", new() + /// { + /// DisplayName = "My Source", + /// Organization = "123456789", + /// Description = "My custom Cloud Security Command Center Finding Source", + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// OrganizationSource can be imported using any of these accepted formats: + /// + /// * `organizations/{{organization}}/sources/{{name}}` + /// + /// * `{{organization}}/{{name}}` + /// + /// When using the `pulumi import` command, OrganizationSource can be imported using one of the formats above. For example: + /// + /// ```sh + /// $ pulumi import gcp:securitycenter/v2OrganizationSource:V2OrganizationSource default organizations/{{organization}}/sources/{{name}} + /// ``` + /// + /// ```sh + /// $ pulumi import gcp:securitycenter/v2OrganizationSource:V2OrganizationSource default {{organization}}/{{name}} + /// ``` + /// + [GcpResourceType("gcp:securitycenter/v2OrganizationSource:V2OrganizationSource")] + public partial class V2OrganizationSource : global::Pulumi.CustomResource + { + /// + /// The description of the source (max of 1024 characters). + /// + [Output("description")] + public Output Description { get; private set; } = null!; + + /// + /// The source’s display name. A source’s display name must be unique + /// amongst its siblings, for example, two sources with the same parent + /// can't share the same display name. The display name must start and end + /// with a letter or digit, may contain letters, digits, spaces, hyphens, + /// and underscores, and can be no longer than 32 characters. + /// + [Output("displayName")] + public Output DisplayName { get; private set; } = null!; + + /// + /// The resource name of this source, in the format + /// `organizations/{{organization}}/sources/{{source}}`. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// The organization whose Cloud Security Command Center the Source + /// lives in. + /// + /// + /// - - - + /// + [Output("organization")] + public Output Organization { get; private set; } = null!; + + + /// + /// Create a V2OrganizationSource resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public V2OrganizationSource(string name, V2OrganizationSourceArgs args, CustomResourceOptions? options = null) + : base("gcp:securitycenter/v2OrganizationSource:V2OrganizationSource", name, args ?? new V2OrganizationSourceArgs(), MakeResourceOptions(options, "")) + { + } + + private V2OrganizationSource(string name, Input id, V2OrganizationSourceState? state = null, CustomResourceOptions? options = null) + : base("gcp:securitycenter/v2OrganizationSource:V2OrganizationSource", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing V2OrganizationSource resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static V2OrganizationSource Get(string name, Input id, V2OrganizationSourceState? state = null, CustomResourceOptions? options = null) + { + return new V2OrganizationSource(name, id, state, options); + } + } + + public sealed class V2OrganizationSourceArgs : global::Pulumi.ResourceArgs + { + /// + /// The description of the source (max of 1024 characters). + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// The source’s display name. A source’s display name must be unique + /// amongst its siblings, for example, two sources with the same parent + /// can't share the same display name. The display name must start and end + /// with a letter or digit, may contain letters, digits, spaces, hyphens, + /// and underscores, and can be no longer than 32 characters. + /// + [Input("displayName", required: true)] + public Input DisplayName { get; set; } = null!; + + /// + /// The organization whose Cloud Security Command Center the Source + /// lives in. + /// + /// + /// - - - + /// + [Input("organization", required: true)] + public Input Organization { get; set; } = null!; + + public V2OrganizationSourceArgs() + { + } + public static new V2OrganizationSourceArgs Empty => new V2OrganizationSourceArgs(); + } + + public sealed class V2OrganizationSourceState : global::Pulumi.ResourceArgs + { + /// + /// The description of the source (max of 1024 characters). + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// The source’s display name. A source’s display name must be unique + /// amongst its siblings, for example, two sources with the same parent + /// can't share the same display name. The display name must start and end + /// with a letter or digit, may contain letters, digits, spaces, hyphens, + /// and underscores, and can be no longer than 32 characters. + /// + [Input("displayName")] + public Input? DisplayName { get; set; } + + /// + /// The resource name of this source, in the format + /// `organizations/{{organization}}/sources/{{source}}`. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// The organization whose Cloud Security Command Center the Source + /// lives in. + /// + /// + /// - - - + /// + [Input("organization")] + public Input? Organization { get; set; } + + public V2OrganizationSourceState() + { + } + public static new V2OrganizationSourceState Empty => new V2OrganizationSourceState(); + } +} diff --git a/sdk/dotnet/SecurityCenter/V2OrganizationSourceIamBinding.cs b/sdk/dotnet/SecurityCenter/V2OrganizationSourceIamBinding.cs new file mode 100644 index 0000000000..4695c577f4 --- /dev/null +++ b/sdk/dotnet/SecurityCenter/V2OrganizationSourceIamBinding.cs @@ -0,0 +1,431 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.SecurityCenter +{ + /// + /// Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + /// + /// * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + /// * `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + /// * `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + /// + /// A data source can be used to retrieve policy data in advent you do not need creation + /// + /// * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + /// + /// > **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + /// + /// > **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + /// + /// ## gcp.securitycenter.V2OrganizationSourceIamPolicy + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy("policy", new() + /// { + /// Source = customSource.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// + /// ## gcp.securitycenter.V2OrganizationSourceIamBinding + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding("binding", new() + /// { + /// Source = customSource.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// ## gcp.securitycenter.V2OrganizationSourceIamMember + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember("member", new() + /// { + /// Source = customSource.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// + /// ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + /// + /// full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + /// --- + /// + /// # IAM policy for Security Command Center (SCC)v2 API OrganizationSource + /// Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + /// + /// * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + /// * `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + /// * `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + /// + /// A data source can be used to retrieve policy data in advent you do not need creation + /// + /// * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + /// + /// > **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + /// + /// > **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + /// + /// ## gcp.securitycenter.V2OrganizationSourceIamPolicy + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy("policy", new() + /// { + /// Source = customSource.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// + /// ## gcp.securitycenter.V2OrganizationSourceIamBinding + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding("binding", new() + /// { + /// Source = customSource.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// ## gcp.securitycenter.V2OrganizationSourceIamMember + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember("member", new() + /// { + /// Source = customSource.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// For all import syntaxes, the "resource in question" can take any of the following forms: + /// + /// * organizations/{{organization}}/sources/{{source}} + /// + /// * {{organization}}/{{source}} + /// + /// * {{source}} + /// + /// Any variables not passed in the import command will be taken from the provider configuration. + /// + /// Security Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member. + /// + /// IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. + /// + /// ```sh + /// $ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor "organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com" + /// ``` + /// + /// IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. + /// + /// ```sh + /// $ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor "organizations/{{organization}}/sources/{{source}} roles/viewer" + /// ``` + /// + /// IAM policy imports use the identifier of the resource in question, e.g. + /// + /// ```sh + /// $ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor organizations/{{organization}}/sources/{{source}} + /// ``` + /// + /// -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + /// + /// full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + /// + [GcpResourceType("gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding")] + public partial class V2OrganizationSourceIamBinding : global::Pulumi.CustomResource + { + [Output("condition")] + public Output Condition { get; private set; } = null!; + + /// + /// (Computed) The etag of the IAM policy. + /// + [Output("etag")] + public Output Etag { get; private set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + [Output("organization")] + public Output Organization { get; private set; } = null!; + + /// + /// The role that should be applied. Only one + /// `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + /// `[projects|organizations]/{parent-name}/roles/{role-name}`. + /// + [Output("role")] + public Output Role { get; private set; } = null!; + + /// + /// Used to find the parent resource to bind the IAM policy to + /// + [Output("source")] + public Output Source { get; private set; } = null!; + + + /// + /// Create a V2OrganizationSourceIamBinding resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public V2OrganizationSourceIamBinding(string name, V2OrganizationSourceIamBindingArgs args, CustomResourceOptions? options = null) + : base("gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding", name, args ?? new V2OrganizationSourceIamBindingArgs(), MakeResourceOptions(options, "")) + { + } + + private V2OrganizationSourceIamBinding(string name, Input id, V2OrganizationSourceIamBindingState? state = null, CustomResourceOptions? options = null) + : base("gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing V2OrganizationSourceIamBinding resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static V2OrganizationSourceIamBinding Get(string name, Input id, V2OrganizationSourceIamBindingState? state = null, CustomResourceOptions? options = null) + { + return new V2OrganizationSourceIamBinding(name, id, state, options); + } + } + + public sealed class V2OrganizationSourceIamBindingArgs : global::Pulumi.ResourceArgs + { + [Input("condition")] + public Input? Condition { get; set; } + + [Input("members", required: true)] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + [Input("organization", required: true)] + public Input Organization { get; set; } = null!; + + /// + /// The role that should be applied. Only one + /// `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + /// `[projects|organizations]/{parent-name}/roles/{role-name}`. + /// + [Input("role", required: true)] + public Input Role { get; set; } = null!; + + /// + /// Used to find the parent resource to bind the IAM policy to + /// + [Input("source", required: true)] + public Input Source { get; set; } = null!; + + public V2OrganizationSourceIamBindingArgs() + { + } + public static new V2OrganizationSourceIamBindingArgs Empty => new V2OrganizationSourceIamBindingArgs(); + } + + public sealed class V2OrganizationSourceIamBindingState : global::Pulumi.ResourceArgs + { + [Input("condition")] + public Input? Condition { get; set; } + + /// + /// (Computed) The etag of the IAM policy. + /// + [Input("etag")] + public Input? Etag { get; set; } + + [Input("members")] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + [Input("organization")] + public Input? Organization { get; set; } + + /// + /// The role that should be applied. Only one + /// `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + /// `[projects|organizations]/{parent-name}/roles/{role-name}`. + /// + [Input("role")] + public Input? Role { get; set; } + + /// + /// Used to find the parent resource to bind the IAM policy to + /// + [Input("source")] + public Input? Source { get; set; } + + public V2OrganizationSourceIamBindingState() + { + } + public static new V2OrganizationSourceIamBindingState Empty => new V2OrganizationSourceIamBindingState(); + } +} diff --git a/sdk/dotnet/SecurityCenter/V2OrganizationSourceIamMember.cs b/sdk/dotnet/SecurityCenter/V2OrganizationSourceIamMember.cs new file mode 100644 index 0000000000..d03f509f04 --- /dev/null +++ b/sdk/dotnet/SecurityCenter/V2OrganizationSourceIamMember.cs @@ -0,0 +1,419 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.SecurityCenter +{ + /// + /// Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + /// + /// * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + /// * `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + /// * `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + /// + /// A data source can be used to retrieve policy data in advent you do not need creation + /// + /// * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + /// + /// > **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + /// + /// > **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + /// + /// ## gcp.securitycenter.V2OrganizationSourceIamPolicy + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy("policy", new() + /// { + /// Source = customSource.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// + /// ## gcp.securitycenter.V2OrganizationSourceIamBinding + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding("binding", new() + /// { + /// Source = customSource.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// ## gcp.securitycenter.V2OrganizationSourceIamMember + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember("member", new() + /// { + /// Source = customSource.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// + /// ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + /// + /// full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + /// --- + /// + /// # IAM policy for Security Command Center (SCC)v2 API OrganizationSource + /// Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + /// + /// * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + /// * `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + /// * `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + /// + /// A data source can be used to retrieve policy data in advent you do not need creation + /// + /// * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + /// + /// > **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + /// + /// > **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + /// + /// ## gcp.securitycenter.V2OrganizationSourceIamPolicy + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy("policy", new() + /// { + /// Source = customSource.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// + /// ## gcp.securitycenter.V2OrganizationSourceIamBinding + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding("binding", new() + /// { + /// Source = customSource.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// ## gcp.securitycenter.V2OrganizationSourceIamMember + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember("member", new() + /// { + /// Source = customSource.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// For all import syntaxes, the "resource in question" can take any of the following forms: + /// + /// * organizations/{{organization}}/sources/{{source}} + /// + /// * {{organization}}/{{source}} + /// + /// * {{source}} + /// + /// Any variables not passed in the import command will be taken from the provider configuration. + /// + /// Security Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member. + /// + /// IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. + /// + /// ```sh + /// $ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor "organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com" + /// ``` + /// + /// IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. + /// + /// ```sh + /// $ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor "organizations/{{organization}}/sources/{{source}} roles/viewer" + /// ``` + /// + /// IAM policy imports use the identifier of the resource in question, e.g. + /// + /// ```sh + /// $ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor organizations/{{organization}}/sources/{{source}} + /// ``` + /// + /// -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + /// + /// full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + /// + [GcpResourceType("gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember")] + public partial class V2OrganizationSourceIamMember : global::Pulumi.CustomResource + { + [Output("condition")] + public Output Condition { get; private set; } = null!; + + /// + /// (Computed) The etag of the IAM policy. + /// + [Output("etag")] + public Output Etag { get; private set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// + [Output("member")] + public Output Member { get; private set; } = null!; + + [Output("organization")] + public Output Organization { get; private set; } = null!; + + /// + /// The role that should be applied. Only one + /// `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + /// `[projects|organizations]/{parent-name}/roles/{role-name}`. + /// + [Output("role")] + public Output Role { get; private set; } = null!; + + /// + /// Used to find the parent resource to bind the IAM policy to + /// + [Output("source")] + public Output Source { get; private set; } = null!; + + + /// + /// Create a V2OrganizationSourceIamMember resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public V2OrganizationSourceIamMember(string name, V2OrganizationSourceIamMemberArgs args, CustomResourceOptions? options = null) + : base("gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember", name, args ?? new V2OrganizationSourceIamMemberArgs(), MakeResourceOptions(options, "")) + { + } + + private V2OrganizationSourceIamMember(string name, Input id, V2OrganizationSourceIamMemberState? state = null, CustomResourceOptions? options = null) + : base("gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing V2OrganizationSourceIamMember resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static V2OrganizationSourceIamMember Get(string name, Input id, V2OrganizationSourceIamMemberState? state = null, CustomResourceOptions? options = null) + { + return new V2OrganizationSourceIamMember(name, id, state, options); + } + } + + public sealed class V2OrganizationSourceIamMemberArgs : global::Pulumi.ResourceArgs + { + [Input("condition")] + public Input? Condition { get; set; } + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + [Input("organization", required: true)] + public Input Organization { get; set; } = null!; + + /// + /// The role that should be applied. Only one + /// `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + /// `[projects|organizations]/{parent-name}/roles/{role-name}`. + /// + [Input("role", required: true)] + public Input Role { get; set; } = null!; + + /// + /// Used to find the parent resource to bind the IAM policy to + /// + [Input("source", required: true)] + public Input Source { get; set; } = null!; + + public V2OrganizationSourceIamMemberArgs() + { + } + public static new V2OrganizationSourceIamMemberArgs Empty => new V2OrganizationSourceIamMemberArgs(); + } + + public sealed class V2OrganizationSourceIamMemberState : global::Pulumi.ResourceArgs + { + [Input("condition")] + public Input? Condition { get; set; } + + /// + /// (Computed) The etag of the IAM policy. + /// + [Input("etag")] + public Input? Etag { get; set; } + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// + [Input("member")] + public Input? Member { get; set; } + + [Input("organization")] + public Input? Organization { get; set; } + + /// + /// The role that should be applied. Only one + /// `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + /// `[projects|organizations]/{parent-name}/roles/{role-name}`. + /// + [Input("role")] + public Input? Role { get; set; } + + /// + /// Used to find the parent resource to bind the IAM policy to + /// + [Input("source")] + public Input? Source { get; set; } + + public V2OrganizationSourceIamMemberState() + { + } + public static new V2OrganizationSourceIamMemberState Empty => new V2OrganizationSourceIamMemberState(); + } +} diff --git a/sdk/dotnet/SecurityCenter/V2OrganizationSourceIamPolicy.cs b/sdk/dotnet/SecurityCenter/V2OrganizationSourceIamPolicy.cs new file mode 100644 index 0000000000..9bbe01697d --- /dev/null +++ b/sdk/dotnet/SecurityCenter/V2OrganizationSourceIamPolicy.cs @@ -0,0 +1,359 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.SecurityCenter +{ + /// + /// Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + /// + /// * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + /// * `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + /// * `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + /// + /// A data source can be used to retrieve policy data in advent you do not need creation + /// + /// * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + /// + /// > **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + /// + /// > **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + /// + /// ## gcp.securitycenter.V2OrganizationSourceIamPolicy + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy("policy", new() + /// { + /// Source = customSource.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// + /// ## gcp.securitycenter.V2OrganizationSourceIamBinding + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding("binding", new() + /// { + /// Source = customSource.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// ## gcp.securitycenter.V2OrganizationSourceIamMember + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember("member", new() + /// { + /// Source = customSource.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// + /// ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + /// + /// full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + /// --- + /// + /// # IAM policy for Security Command Center (SCC)v2 API OrganizationSource + /// Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + /// + /// * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + /// * `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + /// * `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + /// + /// A data source can be used to retrieve policy data in advent you do not need creation + /// + /// * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + /// + /// > **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + /// + /// > **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + /// + /// ## gcp.securitycenter.V2OrganizationSourceIamPolicy + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.SecurityCenter.V2OrganizationSourceIamPolicy("policy", new() + /// { + /// Source = customSource.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// + /// ## gcp.securitycenter.V2OrganizationSourceIamBinding + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.SecurityCenter.V2OrganizationSourceIamBinding("binding", new() + /// { + /// Source = customSource.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// ## gcp.securitycenter.V2OrganizationSourceIamMember + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.SecurityCenter.V2OrganizationSourceIamMember("member", new() + /// { + /// Source = customSource.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// For all import syntaxes, the "resource in question" can take any of the following forms: + /// + /// * organizations/{{organization}}/sources/{{source}} + /// + /// * {{organization}}/{{source}} + /// + /// * {{source}} + /// + /// Any variables not passed in the import command will be taken from the provider configuration. + /// + /// Security Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member. + /// + /// IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. + /// + /// ```sh + /// $ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor "organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com" + /// ``` + /// + /// IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. + /// + /// ```sh + /// $ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor "organizations/{{organization}}/sources/{{source}} roles/viewer" + /// ``` + /// + /// IAM policy imports use the identifier of the resource in question, e.g. + /// + /// ```sh + /// $ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor organizations/{{organization}}/sources/{{source}} + /// ``` + /// + /// -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + /// + /// full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + /// + [GcpResourceType("gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy")] + public partial class V2OrganizationSourceIamPolicy : global::Pulumi.CustomResource + { + /// + /// (Computed) The etag of the IAM policy. + /// + [Output("etag")] + public Output Etag { get; private set; } = null!; + + [Output("organization")] + public Output Organization { get; private set; } = null!; + + /// + /// The policy data generated by + /// a `gcp.organizations.getIAMPolicy` data source. + /// + [Output("policyData")] + public Output PolicyData { get; private set; } = null!; + + /// + /// Used to find the parent resource to bind the IAM policy to + /// + [Output("source")] + public Output Source { get; private set; } = null!; + + + /// + /// Create a V2OrganizationSourceIamPolicy resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public V2OrganizationSourceIamPolicy(string name, V2OrganizationSourceIamPolicyArgs args, CustomResourceOptions? options = null) + : base("gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy", name, args ?? new V2OrganizationSourceIamPolicyArgs(), MakeResourceOptions(options, "")) + { + } + + private V2OrganizationSourceIamPolicy(string name, Input id, V2OrganizationSourceIamPolicyState? state = null, CustomResourceOptions? options = null) + : base("gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing V2OrganizationSourceIamPolicy resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static V2OrganizationSourceIamPolicy Get(string name, Input id, V2OrganizationSourceIamPolicyState? state = null, CustomResourceOptions? options = null) + { + return new V2OrganizationSourceIamPolicy(name, id, state, options); + } + } + + public sealed class V2OrganizationSourceIamPolicyArgs : global::Pulumi.ResourceArgs + { + [Input("organization", required: true)] + public Input Organization { get; set; } = null!; + + /// + /// The policy data generated by + /// a `gcp.organizations.getIAMPolicy` data source. + /// + [Input("policyData", required: true)] + public Input PolicyData { get; set; } = null!; + + /// + /// Used to find the parent resource to bind the IAM policy to + /// + [Input("source", required: true)] + public Input Source { get; set; } = null!; + + public V2OrganizationSourceIamPolicyArgs() + { + } + public static new V2OrganizationSourceIamPolicyArgs Empty => new V2OrganizationSourceIamPolicyArgs(); + } + + public sealed class V2OrganizationSourceIamPolicyState : global::Pulumi.ResourceArgs + { + /// + /// (Computed) The etag of the IAM policy. + /// + [Input("etag")] + public Input? Etag { get; set; } + + [Input("organization")] + public Input? Organization { get; set; } + + /// + /// The policy data generated by + /// a `gcp.organizations.getIAMPolicy` data source. + /// + [Input("policyData")] + public Input? PolicyData { get; set; } + + /// + /// Used to find the parent resource to bind the IAM policy to + /// + [Input("source")] + public Input? Source { get; set; } + + public V2OrganizationSourceIamPolicyState() + { + } + public static new V2OrganizationSourceIamPolicyState Empty => new V2OrganizationSourceIamPolicyState(); + } +} diff --git a/sdk/dotnet/SecurityCenter/V2ProjectMuteConfig.cs b/sdk/dotnet/SecurityCenter/V2ProjectMuteConfig.cs new file mode 100644 index 0000000000..e9fb0f3936 --- /dev/null +++ b/sdk/dotnet/SecurityCenter/V2ProjectMuteConfig.cs @@ -0,0 +1,329 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.SecurityCenter +{ + /// + /// Mute Findings is a volume management feature in Security Command Center + /// that lets you manually or programmatically hide irrelevant findings, + /// and create filters to automatically silence existing and future + /// findings based on criteria you specify. + /// + /// To get more information about ProjectMuteConfig, see: + /// + /// * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/projects.muteConfigs) + /// + /// ## Example Usage + /// + /// ### Scc V2 Project Mute Config Basic + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var @default = new Gcp.SecurityCenter.V2ProjectMuteConfig("default", new() + /// { + /// MuteConfigId = "my-config", + /// Project = "", + /// Location = "global", + /// Description = "My custom Cloud Security Command Center Finding Project mute Configuration", + /// Filter = "severity = \"HIGH\"", + /// Type = "STATIC", + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// ProjectMuteConfig can be imported using any of these accepted formats: + /// + /// * `projects/{{project}}/locations/{{location}}/muteConfigs/{{mute_config_id}}` + /// + /// * `{{project}}/{{location}}/{{mute_config_id}}` + /// + /// * `{{location}}/{{mute_config_id}}` + /// + /// When using the `pulumi import` command, ProjectMuteConfig can be imported using one of the formats above. For example: + /// + /// ```sh + /// $ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default projects/{{project}}/locations/{{location}}/muteConfigs/{{mute_config_id}} + /// ``` + /// + /// ```sh + /// $ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default {{project}}/{{location}}/{{mute_config_id}} + /// ``` + /// + /// ```sh + /// $ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default {{location}}/{{mute_config_id}} + /// ``` + /// + [GcpResourceType("gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig")] + public partial class V2ProjectMuteConfig : global::Pulumi.CustomResource + { + /// + /// The time at which the mute config was created. This field is set by + /// the server and will be ignored if provided on config creation. + /// + [Output("createTime")] + public Output CreateTime { get; private set; } = null!; + + /// + /// A description of the mute config. + /// + [Output("description")] + public Output Description { get; private set; } = null!; + + /// + /// An expression that defines the filter to apply across create/update + /// events of findings. While creating a filter string, be mindful of + /// the scope in which the mute configuration is being created. E.g., + /// If a filter contains project = X but is created under the + /// project = Y scope, it might not match any findings. + /// + [Output("filter")] + public Output Filter { get; private set; } = null!; + + /// + /// location Id is provided by project. If not provided, Use global as default. + /// + [Output("location")] + public Output Location { get; private set; } = null!; + + /// + /// Email address of the user who last edited the mute config. This + /// field is set by the server and will be ignored if provided on + /// config creation or update. + /// + [Output("mostRecentEditor")] + public Output MostRecentEditor { get; private set; } = null!; + + /// + /// Unique identifier provided by the client within the parent scope. + /// + /// + /// - - - + /// + [Output("muteConfigId")] + public Output MuteConfigId { get; private set; } = null!; + + /// + /// Name of the mute config. Its format is + /// projects/{project}/locations/global/muteConfigs/{configId}, + /// folders/{folder}/locations/global/muteConfigs/{configId}, + /// or organizations/{organization}/locations/global/muteConfigs/{configId} + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the provider project is used. + /// + [Output("project")] + public Output Project { get; private set; } = null!; + + /// + /// The type of the mute config. + /// + [Output("type")] + public Output Type { get; private set; } = null!; + + /// + /// Output only. The most recent time at which the mute config was + /// updated. This field is set by the server and will be ignored if + /// provided on config creation or update. + /// + [Output("updateTime")] + public Output UpdateTime { get; private set; } = null!; + + + /// + /// Create a V2ProjectMuteConfig resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public V2ProjectMuteConfig(string name, V2ProjectMuteConfigArgs args, CustomResourceOptions? options = null) + : base("gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig", name, args ?? new V2ProjectMuteConfigArgs(), MakeResourceOptions(options, "")) + { + } + + private V2ProjectMuteConfig(string name, Input id, V2ProjectMuteConfigState? state = null, CustomResourceOptions? options = null) + : base("gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing V2ProjectMuteConfig resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static V2ProjectMuteConfig Get(string name, Input id, V2ProjectMuteConfigState? state = null, CustomResourceOptions? options = null) + { + return new V2ProjectMuteConfig(name, id, state, options); + } + } + + public sealed class V2ProjectMuteConfigArgs : global::Pulumi.ResourceArgs + { + /// + /// A description of the mute config. + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// An expression that defines the filter to apply across create/update + /// events of findings. While creating a filter string, be mindful of + /// the scope in which the mute configuration is being created. E.g., + /// If a filter contains project = X but is created under the + /// project = Y scope, it might not match any findings. + /// + [Input("filter", required: true)] + public Input Filter { get; set; } = null!; + + /// + /// location Id is provided by project. If not provided, Use global as default. + /// + [Input("location")] + public Input? Location { get; set; } + + /// + /// Unique identifier provided by the client within the parent scope. + /// + /// + /// - - - + /// + [Input("muteConfigId", required: true)] + public Input MuteConfigId { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the provider project is used. + /// + [Input("project")] + public Input? Project { get; set; } + + /// + /// The type of the mute config. + /// + [Input("type", required: true)] + public Input Type { get; set; } = null!; + + public V2ProjectMuteConfigArgs() + { + } + public static new V2ProjectMuteConfigArgs Empty => new V2ProjectMuteConfigArgs(); + } + + public sealed class V2ProjectMuteConfigState : global::Pulumi.ResourceArgs + { + /// + /// The time at which the mute config was created. This field is set by + /// the server and will be ignored if provided on config creation. + /// + [Input("createTime")] + public Input? CreateTime { get; set; } + + /// + /// A description of the mute config. + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// An expression that defines the filter to apply across create/update + /// events of findings. While creating a filter string, be mindful of + /// the scope in which the mute configuration is being created. E.g., + /// If a filter contains project = X but is created under the + /// project = Y scope, it might not match any findings. + /// + [Input("filter")] + public Input? Filter { get; set; } + + /// + /// location Id is provided by project. If not provided, Use global as default. + /// + [Input("location")] + public Input? Location { get; set; } + + /// + /// Email address of the user who last edited the mute config. This + /// field is set by the server and will be ignored if provided on + /// config creation or update. + /// + [Input("mostRecentEditor")] + public Input? MostRecentEditor { get; set; } + + /// + /// Unique identifier provided by the client within the parent scope. + /// + /// + /// - - - + /// + [Input("muteConfigId")] + public Input? MuteConfigId { get; set; } + + /// + /// Name of the mute config. Its format is + /// projects/{project}/locations/global/muteConfigs/{configId}, + /// folders/{folder}/locations/global/muteConfigs/{configId}, + /// or organizations/{organization}/locations/global/muteConfigs/{configId} + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the provider project is used. + /// + [Input("project")] + public Input? Project { get; set; } + + /// + /// The type of the mute config. + /// + [Input("type")] + public Input? Type { get; set; } + + /// + /// Output only. The most recent time at which the mute config was + /// updated. This field is set by the server and will be ignored if + /// provided on config creation or update. + /// + [Input("updateTime")] + public Input? UpdateTime { get; set; } + + public V2ProjectMuteConfigState() + { + } + public static new V2ProjectMuteConfigState Empty => new V2ProjectMuteConfigState(); + } +} diff --git a/sdk/dotnet/SecurityCenter/V2ProjectNotificationConfig.cs b/sdk/dotnet/SecurityCenter/V2ProjectNotificationConfig.cs new file mode 100644 index 0000000000..c54cbbfc64 --- /dev/null +++ b/sdk/dotnet/SecurityCenter/V2ProjectNotificationConfig.cs @@ -0,0 +1,276 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.SecurityCenter +{ + /// + /// A Cloud Security Command Center (Cloud SCC) notification configs. A + /// notification config is a Cloud SCC resource that contains the + /// configuration to send notifications for create/update events of + /// findings, assets and etc. + /// > **Note:** In order to use Cloud SCC resources, your organization must be enrolled + /// in [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center). + /// Without doing so, you may run into errors during resource creation. + /// + /// To get more information about ProjectNotificationConfig, see: + /// + /// * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/projects.locations.notificationConfigs) + /// * How-to Guides + /// * [Official Documentation](https://cloud.google.com/security-command-center/docs) + /// + /// ## Example Usage + /// + /// ### Scc V2 Project Notification Config Basic + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var sccV2ProjectNotification = new Gcp.PubSub.Topic("scc_v2_project_notification", new() + /// { + /// Name = "my-topic", + /// }); + /// + /// var customNotificationConfig = new Gcp.SecurityCenter.V2ProjectNotificationConfig("custom_notification_config", new() + /// { + /// ConfigId = "my-config", + /// Project = "my-project-name", + /// Location = "global", + /// Description = "My custom Cloud Security Command Center Finding Notification Configuration", + /// PubsubTopic = sccV2ProjectNotification.Id, + /// StreamingConfig = new Gcp.SecurityCenter.Inputs.V2ProjectNotificationConfigStreamingConfigArgs + /// { + /// Filter = "category = \"OPEN_FIREWALL\" AND state = \"ACTIVE\"", + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// ProjectNotificationConfig can be imported using any of these accepted formats: + /// + /// * `projects/{{project}}/locations/{{location}}/notificationConfigs/{{config_id}}` + /// + /// * `{{project}}/{{location}}/{{config_id}}` + /// + /// * `{{location}}/{{config_id}}` + /// + /// When using the `pulumi import` command, ProjectNotificationConfig can be imported using one of the formats above. For example: + /// + /// ```sh + /// $ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default projects/{{project}}/locations/{{location}}/notificationConfigs/{{config_id}} + /// ``` + /// + /// ```sh + /// $ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default {{project}}/{{location}}/{{config_id}} + /// ``` + /// + /// ```sh + /// $ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default {{location}}/{{config_id}} + /// ``` + /// + [GcpResourceType("gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig")] + public partial class V2ProjectNotificationConfig : global::Pulumi.CustomResource + { + /// + /// This must be unique within the project. + /// + [Output("configId")] + public Output ConfigId { get; private set; } = null!; + + /// + /// The description of the notification config (max of 1024 characters). + /// + [Output("description")] + public Output Description { get; private set; } = null!; + + /// + /// Location ID of the parent organization. Only global is supported at the moment. + /// + [Output("location")] + public Output Location { get; private set; } = null!; + + /// + /// The resource name of this notification config, in the format + /// `projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}`. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + [Output("project")] + public Output Project { get; private set; } = null!; + + /// + /// The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". + /// + [Output("pubsubTopic")] + public Output PubsubTopic { get; private set; } = null!; + + /// + /// The service account that needs "pubsub.topics.publish" permission to + /// publish to the Pub/Sub topic. + /// + [Output("serviceAccount")] + public Output ServiceAccount { get; private set; } = null!; + + /// + /// The config for triggering streaming-based notifications. + /// Structure is documented below. + /// + [Output("streamingConfig")] + public Output StreamingConfig { get; private set; } = null!; + + + /// + /// Create a V2ProjectNotificationConfig resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public V2ProjectNotificationConfig(string name, V2ProjectNotificationConfigArgs args, CustomResourceOptions? options = null) + : base("gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig", name, args ?? new V2ProjectNotificationConfigArgs(), MakeResourceOptions(options, "")) + { + } + + private V2ProjectNotificationConfig(string name, Input id, V2ProjectNotificationConfigState? state = null, CustomResourceOptions? options = null) + : base("gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing V2ProjectNotificationConfig resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static V2ProjectNotificationConfig Get(string name, Input id, V2ProjectNotificationConfigState? state = null, CustomResourceOptions? options = null) + { + return new V2ProjectNotificationConfig(name, id, state, options); + } + } + + public sealed class V2ProjectNotificationConfigArgs : global::Pulumi.ResourceArgs + { + /// + /// This must be unique within the project. + /// + [Input("configId", required: true)] + public Input ConfigId { get; set; } = null!; + + /// + /// The description of the notification config (max of 1024 characters). + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// Location ID of the parent organization. Only global is supported at the moment. + /// + [Input("location")] + public Input? Location { get; set; } + + [Input("project")] + public Input? Project { get; set; } + + /// + /// The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". + /// + [Input("pubsubTopic")] + public Input? PubsubTopic { get; set; } + + /// + /// The config for triggering streaming-based notifications. + /// Structure is documented below. + /// + [Input("streamingConfig", required: true)] + public Input StreamingConfig { get; set; } = null!; + + public V2ProjectNotificationConfigArgs() + { + } + public static new V2ProjectNotificationConfigArgs Empty => new V2ProjectNotificationConfigArgs(); + } + + public sealed class V2ProjectNotificationConfigState : global::Pulumi.ResourceArgs + { + /// + /// This must be unique within the project. + /// + [Input("configId")] + public Input? ConfigId { get; set; } + + /// + /// The description of the notification config (max of 1024 characters). + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// Location ID of the parent organization. Only global is supported at the moment. + /// + [Input("location")] + public Input? Location { get; set; } + + /// + /// The resource name of this notification config, in the format + /// `projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}`. + /// + [Input("name")] + public Input? Name { get; set; } + + [Input("project")] + public Input? Project { get; set; } + + /// + /// The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". + /// + [Input("pubsubTopic")] + public Input? PubsubTopic { get; set; } + + /// + /// The service account that needs "pubsub.topics.publish" permission to + /// publish to the Pub/Sub topic. + /// + [Input("serviceAccount")] + public Input? ServiceAccount { get; set; } + + /// + /// The config for triggering streaming-based notifications. + /// Structure is documented below. + /// + [Input("streamingConfig")] + public Input? StreamingConfig { get; set; } + + public V2ProjectNotificationConfigState() + { + } + public static new V2ProjectNotificationConfigState Empty => new V2ProjectNotificationConfigState(); + } +} diff --git a/sdk/dotnet/Spanner/Instance.cs b/sdk/dotnet/Spanner/Instance.cs index 1131bd3e11..529d5bbfb0 100644 --- a/sdk/dotnet/Spanner/Instance.cs +++ b/sdk/dotnet/Spanner/Instance.cs @@ -211,7 +211,6 @@ public partial class Instance : global::Pulumi.CustomResource /// A unique identifier for the instance, which cannot be changed after /// the instance is created. The name must be between 6 and 30 characters /// in length. - /// /// If not provided, a random string starting with `tf-` will be selected. /// [Output("name")] @@ -352,7 +351,6 @@ public InputMap Labels /// A unique identifier for the instance, which cannot be changed after /// the instance is created. The name must be between 6 and 30 characters /// in length. - /// /// If not provided, a random string starting with `tf-` will be selected. /// [Input("name")] @@ -453,7 +451,6 @@ public InputMap Labels /// A unique identifier for the instance, which cannot be changed after /// the instance is created. The name must be between 6 and 30 characters /// in length. - /// /// If not provided, a random string starting with `tf-` will be selected. /// [Input("name")] diff --git a/sdk/dotnet/Sql/Inputs/DatabaseInstanceSettingsArgs.cs b/sdk/dotnet/Sql/Inputs/DatabaseInstanceSettingsArgs.cs index 1e0d8bce8c..7621759db7 100644 --- a/sdk/dotnet/Sql/Inputs/DatabaseInstanceSettingsArgs.cs +++ b/sdk/dotnet/Sql/Inputs/DatabaseInstanceSettingsArgs.cs @@ -46,7 +46,7 @@ public sealed class DatabaseInstanceSettingsArgs : global::Pulumi.ResourceArgs public Input? Collation { get; set; } /// - /// Specifies if connections must use Cloud SQL connectors. + /// Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. /// [Input("connectorEnforcement")] public Input? ConnectorEnforcement { get; set; } diff --git a/sdk/dotnet/Sql/Inputs/DatabaseInstanceSettingsGetArgs.cs b/sdk/dotnet/Sql/Inputs/DatabaseInstanceSettingsGetArgs.cs index c232c72dfb..e9f844b80b 100644 --- a/sdk/dotnet/Sql/Inputs/DatabaseInstanceSettingsGetArgs.cs +++ b/sdk/dotnet/Sql/Inputs/DatabaseInstanceSettingsGetArgs.cs @@ -46,7 +46,7 @@ public sealed class DatabaseInstanceSettingsGetArgs : global::Pulumi.ResourceArg public Input? Collation { get; set; } /// - /// Specifies if connections must use Cloud SQL connectors. + /// Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. /// [Input("connectorEnforcement")] public Input? ConnectorEnforcement { get; set; } diff --git a/sdk/dotnet/Sql/Outputs/DatabaseInstanceSettings.cs b/sdk/dotnet/Sql/Outputs/DatabaseInstanceSettings.cs index d3ff5c87c4..0a35c39e6c 100644 --- a/sdk/dotnet/Sql/Outputs/DatabaseInstanceSettings.cs +++ b/sdk/dotnet/Sql/Outputs/DatabaseInstanceSettings.cs @@ -35,7 +35,7 @@ public sealed class DatabaseInstanceSettings /// public readonly string? Collation; /// - /// Specifies if connections must use Cloud SQL connectors. + /// Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. /// public readonly string? ConnectorEnforcement; /// diff --git a/sdk/dotnet/Sql/Outputs/GetDatabaseInstanceSettingResult.cs b/sdk/dotnet/Sql/Outputs/GetDatabaseInstanceSettingResult.cs index 18d274d859..37cf45a1a1 100644 --- a/sdk/dotnet/Sql/Outputs/GetDatabaseInstanceSettingResult.cs +++ b/sdk/dotnet/Sql/Outputs/GetDatabaseInstanceSettingResult.cs @@ -34,7 +34,7 @@ public sealed class GetDatabaseInstanceSettingResult /// public readonly string Collation; /// - /// Specifies if connections must use Cloud SQL connectors. + /// Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. /// public readonly string ConnectorEnforcement; /// diff --git a/sdk/dotnet/Sql/Outputs/GetDatabaseInstancesInstanceSettingResult.cs b/sdk/dotnet/Sql/Outputs/GetDatabaseInstancesInstanceSettingResult.cs index fe62bc9a0f..4da2dde018 100644 --- a/sdk/dotnet/Sql/Outputs/GetDatabaseInstancesInstanceSettingResult.cs +++ b/sdk/dotnet/Sql/Outputs/GetDatabaseInstancesInstanceSettingResult.cs @@ -34,7 +34,7 @@ public sealed class GetDatabaseInstancesInstanceSettingResult /// public readonly string Collation; /// - /// Specifies if connections must use Cloud SQL connectors. + /// Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. /// public readonly string ConnectorEnforcement; /// diff --git a/sdk/dotnet/Storage/BucketObject.cs b/sdk/dotnet/Storage/BucketObject.cs index 79da23d51b..e1368ce424 100644 --- a/sdk/dotnet/Storage/BucketObject.cs +++ b/sdk/dotnet/Storage/BucketObject.cs @@ -131,6 +131,12 @@ public partial class BucketObject : global::Pulumi.CustomResource [Output("eventBasedHold")] public Output EventBasedHold { get; private set; } = null!; + /// + /// (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + /// + [Output("generation")] + public Output Generation { get; private set; } = null!; + /// /// The resource name of the Cloud KMS key that will be used to [encrypt](https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys) the object. /// @@ -483,6 +489,12 @@ public Input? CustomerEncryption [Input("eventBasedHold")] public Input? EventBasedHold { get; set; } + /// + /// (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + /// + [Input("generation")] + public Input? Generation { get; set; } + /// /// The resource name of the Cloud KMS key that will be used to [encrypt](https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys) the object. /// diff --git a/sdk/dotnet/Storage/GetBucketObject.cs b/sdk/dotnet/Storage/GetBucketObject.cs index 01b2a4e7c2..20e141440b 100644 --- a/sdk/dotnet/Storage/GetBucketObject.cs +++ b/sdk/dotnet/Storage/GetBucketObject.cs @@ -153,6 +153,10 @@ public sealed class GetBucketObjectResult /// public readonly bool EventBasedHold; /// + /// (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + /// + public readonly int Generation; + /// /// The provider-assigned unique ID for this managed resource. /// public readonly string Id; @@ -209,6 +213,8 @@ private GetBucketObjectResult( bool eventBasedHold, + int generation, + string id, string kmsKeyName, @@ -244,6 +250,7 @@ private GetBucketObjectResult( CustomerEncryptions = customerEncryptions; DetectMd5hash = detectMd5hash; EventBasedHold = eventBasedHold; + Generation = generation; Id = id; KmsKeyName = kmsKeyName; Md5hash = md5hash; diff --git a/sdk/dotnet/Storage/GetBucketObjectContent.cs b/sdk/dotnet/Storage/GetBucketObjectContent.cs index 7bed9c8046..86644fe278 100644 --- a/sdk/dotnet/Storage/GetBucketObjectContent.cs +++ b/sdk/dotnet/Storage/GetBucketObjectContent.cs @@ -155,6 +155,7 @@ public sealed class GetBucketObjectContentResult public readonly ImmutableArray CustomerEncryptions; public readonly string DetectMd5hash; public readonly bool EventBasedHold; + public readonly int Generation; /// /// The provider-assigned unique ID for this managed resource. /// @@ -195,6 +196,8 @@ private GetBucketObjectContentResult( bool eventBasedHold, + int generation, + string id, string kmsKeyName, @@ -230,6 +233,7 @@ private GetBucketObjectContentResult( CustomerEncryptions = customerEncryptions; DetectMd5hash = detectMd5hash; EventBasedHold = eventBasedHold; + Generation = generation; Id = id; KmsKeyName = kmsKeyName; Md5hash = md5hash; diff --git a/sdk/dotnet/Storage/ManagedFolder.cs b/sdk/dotnet/Storage/ManagedFolder.cs index 191215a0ce..e5464b8264 100644 --- a/sdk/dotnet/Storage/ManagedFolder.cs +++ b/sdk/dotnet/Storage/ManagedFolder.cs @@ -51,6 +51,7 @@ namespace Pulumi.Gcp.Storage /// { /// Bucket = bucket.Name, /// Name = "managed/folder/name/", + /// ForceDestroy = true, /// }); /// /// }); @@ -89,6 +90,15 @@ public partial class ManagedFolder : global::Pulumi.CustomResource [Output("createTime")] public Output CreateTime { get; private set; } = null!; + /// + /// Allows the deletion of a managed folder even if contains + /// objects. If a non-empty managed folder is deleted, any objects + /// within the folder will remain in a simulated folder with the + /// same name. + /// + [Output("forceDestroy")] + public Output ForceDestroy { get; private set; } = null!; + /// /// The metadata generation of the managed folder. /// @@ -169,6 +179,15 @@ public sealed class ManagedFolderArgs : global::Pulumi.ResourceArgs [Input("bucket", required: true)] public Input Bucket { get; set; } = null!; + /// + /// Allows the deletion of a managed folder even if contains + /// objects. If a non-empty managed folder is deleted, any objects + /// within the folder will remain in a simulated folder with the + /// same name. + /// + [Input("forceDestroy")] + public Input? ForceDestroy { get; set; } + /// /// The name of the managed folder expressed as a path. Must include /// trailing '/'. For example, `example_dir/example_dir2/`. @@ -199,6 +218,15 @@ public sealed class ManagedFolderState : global::Pulumi.ResourceArgs [Input("createTime")] public Input? CreateTime { get; set; } + /// + /// Allows the deletion of a managed folder even if contains + /// objects. If a non-empty managed folder is deleted, any objects + /// within the folder will remain in a simulated folder with the + /// same name. + /// + [Input("forceDestroy")] + public Input? ForceDestroy { get; set; } + /// /// The metadata generation of the managed folder. /// diff --git a/sdk/dotnet/VMwareEngine/NetworkPolicy.cs b/sdk/dotnet/VMwareEngine/NetworkPolicy.cs index 5479faca42..c0dc07d650 100644 --- a/sdk/dotnet/VMwareEngine/NetworkPolicy.cs +++ b/sdk/dotnet/VMwareEngine/NetworkPolicy.cs @@ -30,7 +30,7 @@ namespace Pulumi.Gcp.VMwareEngine /// { /// var network_policy_nw = new Gcp.VMwareEngine.Network("network-policy-nw", new() /// { - /// Name = "standard-nw", + /// Name = "sample-network", /// Location = "global", /// Type = "STANDARD", /// Description = "VMwareEngine standard network sample", @@ -58,7 +58,7 @@ namespace Pulumi.Gcp.VMwareEngine /// { /// var network_policy_nw = new Gcp.VMwareEngine.Network("network-policy-nw", new() /// { - /// Name = "standard-full-nw", + /// Name = "sample-network", /// Location = "global", /// Type = "STANDARD", /// Description = "VMwareEngine standard network sample", @@ -67,7 +67,7 @@ namespace Pulumi.Gcp.VMwareEngine /// var vmw_engine_network_policy = new Gcp.VMwareEngine.NetworkPolicy("vmw-engine-network-policy", new() /// { /// Location = "us-west1", - /// Name = "sample-network-policy-full", + /// Name = "sample-network-policy", /// EdgeServicesCidr = "192.168.30.0/26", /// VmwareEngineNetwork = network_policy_nw.Id, /// Description = "Sample Network Policy", diff --git a/sdk/go/gcp/accesscontextmanager/init.go b/sdk/go/gcp/accesscontextmanager/init.go index 9c2e986b58..44091a2b64 100644 --- a/sdk/go/gcp/accesscontextmanager/init.go +++ b/sdk/go/gcp/accesscontextmanager/init.go @@ -45,6 +45,10 @@ func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi r = &IngressPolicy{} case "gcp:accesscontextmanager/servicePerimeter:ServicePerimeter": r = &ServicePerimeter{} + case "gcp:accesscontextmanager/servicePerimeterDryRunEgressPolicy:ServicePerimeterDryRunEgressPolicy": + r = &ServicePerimeterDryRunEgressPolicy{} + case "gcp:accesscontextmanager/servicePerimeterDryRunIngressPolicy:ServicePerimeterDryRunIngressPolicy": + r = &ServicePerimeterDryRunIngressPolicy{} case "gcp:accesscontextmanager/servicePerimeterDryRunResource:ServicePerimeterDryRunResource": r = &ServicePerimeterDryRunResource{} case "gcp:accesscontextmanager/servicePerimeterEgressPolicy:ServicePerimeterEgressPolicy": @@ -128,6 +132,16 @@ func init() { "accesscontextmanager/servicePerimeter", &module{version}, ) + pulumi.RegisterResourceModule( + "gcp", + "accesscontextmanager/servicePerimeterDryRunEgressPolicy", + &module{version}, + ) + pulumi.RegisterResourceModule( + "gcp", + "accesscontextmanager/servicePerimeterDryRunIngressPolicy", + &module{version}, + ) pulumi.RegisterResourceModule( "gcp", "accesscontextmanager/servicePerimeterDryRunResource", diff --git a/sdk/go/gcp/accesscontextmanager/pulumiTypes.go b/sdk/go/gcp/accesscontextmanager/pulumiTypes.go index 8662bb2be9..d9eaba5edb 100644 --- a/sdk/go/gcp/accesscontextmanager/pulumiTypes.go +++ b/sdk/go/gcp/accesscontextmanager/pulumiTypes.go @@ -3929,6 +3929,1557 @@ func (o AccessPolicyIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput }).(pulumi.StringPtrOutput) } +type ServicePerimeterDryRunEgressPolicyEgressFrom struct { + // A list of identities that are allowed access through this `EgressPolicy`. + // Should be in the format of email address. The email address should + // represent individual user or service account only. + Identities []string `pulumi:"identities"` + // Specifies the type of identities that are allowed access to outside the + // perimeter. If left unspecified, then members of `identities` field will + // be allowed access. + // Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + IdentityType *string `pulumi:"identityType"` + // Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. + // Possible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`. + SourceRestriction *string `pulumi:"sourceRestriction"` + // Sources that this EgressPolicy authorizes access from. + // Structure is documented below. + Sources []ServicePerimeterDryRunEgressPolicyEgressFromSource `pulumi:"sources"` +} + +// ServicePerimeterDryRunEgressPolicyEgressFromInput is an input type that accepts ServicePerimeterDryRunEgressPolicyEgressFromArgs and ServicePerimeterDryRunEgressPolicyEgressFromOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunEgressPolicyEgressFromInput` via: +// +// ServicePerimeterDryRunEgressPolicyEgressFromArgs{...} +type ServicePerimeterDryRunEgressPolicyEgressFromInput interface { + pulumi.Input + + ToServicePerimeterDryRunEgressPolicyEgressFromOutput() ServicePerimeterDryRunEgressPolicyEgressFromOutput + ToServicePerimeterDryRunEgressPolicyEgressFromOutputWithContext(context.Context) ServicePerimeterDryRunEgressPolicyEgressFromOutput +} + +type ServicePerimeterDryRunEgressPolicyEgressFromArgs struct { + // A list of identities that are allowed access through this `EgressPolicy`. + // Should be in the format of email address. The email address should + // represent individual user or service account only. + Identities pulumi.StringArrayInput `pulumi:"identities"` + // Specifies the type of identities that are allowed access to outside the + // perimeter. If left unspecified, then members of `identities` field will + // be allowed access. + // Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + IdentityType pulumi.StringPtrInput `pulumi:"identityType"` + // Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. + // Possible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`. + SourceRestriction pulumi.StringPtrInput `pulumi:"sourceRestriction"` + // Sources that this EgressPolicy authorizes access from. + // Structure is documented below. + Sources ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayInput `pulumi:"sources"` +} + +func (ServicePerimeterDryRunEgressPolicyEgressFromArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyEgressFrom)(nil)).Elem() +} + +func (i ServicePerimeterDryRunEgressPolicyEgressFromArgs) ToServicePerimeterDryRunEgressPolicyEgressFromOutput() ServicePerimeterDryRunEgressPolicyEgressFromOutput { + return i.ToServicePerimeterDryRunEgressPolicyEgressFromOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunEgressPolicyEgressFromArgs) ToServicePerimeterDryRunEgressPolicyEgressFromOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressFromOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunEgressPolicyEgressFromOutput) +} + +func (i ServicePerimeterDryRunEgressPolicyEgressFromArgs) ToServicePerimeterDryRunEgressPolicyEgressFromPtrOutput() ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput { + return i.ToServicePerimeterDryRunEgressPolicyEgressFromPtrOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunEgressPolicyEgressFromArgs) ToServicePerimeterDryRunEgressPolicyEgressFromPtrOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunEgressPolicyEgressFromOutput).ToServicePerimeterDryRunEgressPolicyEgressFromPtrOutputWithContext(ctx) +} + +// ServicePerimeterDryRunEgressPolicyEgressFromPtrInput is an input type that accepts ServicePerimeterDryRunEgressPolicyEgressFromArgs, ServicePerimeterDryRunEgressPolicyEgressFromPtr and ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunEgressPolicyEgressFromPtrInput` via: +// +// ServicePerimeterDryRunEgressPolicyEgressFromArgs{...} +// +// or: +// +// nil +type ServicePerimeterDryRunEgressPolicyEgressFromPtrInput interface { + pulumi.Input + + ToServicePerimeterDryRunEgressPolicyEgressFromPtrOutput() ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput + ToServicePerimeterDryRunEgressPolicyEgressFromPtrOutputWithContext(context.Context) ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput +} + +type servicePerimeterDryRunEgressPolicyEgressFromPtrType ServicePerimeterDryRunEgressPolicyEgressFromArgs + +func ServicePerimeterDryRunEgressPolicyEgressFromPtr(v *ServicePerimeterDryRunEgressPolicyEgressFromArgs) ServicePerimeterDryRunEgressPolicyEgressFromPtrInput { + return (*servicePerimeterDryRunEgressPolicyEgressFromPtrType)(v) +} + +func (*servicePerimeterDryRunEgressPolicyEgressFromPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ServicePerimeterDryRunEgressPolicyEgressFrom)(nil)).Elem() +} + +func (i *servicePerimeterDryRunEgressPolicyEgressFromPtrType) ToServicePerimeterDryRunEgressPolicyEgressFromPtrOutput() ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput { + return i.ToServicePerimeterDryRunEgressPolicyEgressFromPtrOutputWithContext(context.Background()) +} + +func (i *servicePerimeterDryRunEgressPolicyEgressFromPtrType) ToServicePerimeterDryRunEgressPolicyEgressFromPtrOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput) +} + +type ServicePerimeterDryRunEgressPolicyEgressFromOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunEgressPolicyEgressFromOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyEgressFrom)(nil)).Elem() +} + +func (o ServicePerimeterDryRunEgressPolicyEgressFromOutput) ToServicePerimeterDryRunEgressPolicyEgressFromOutput() ServicePerimeterDryRunEgressPolicyEgressFromOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyEgressFromOutput) ToServicePerimeterDryRunEgressPolicyEgressFromOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressFromOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyEgressFromOutput) ToServicePerimeterDryRunEgressPolicyEgressFromPtrOutput() ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput { + return o.ToServicePerimeterDryRunEgressPolicyEgressFromPtrOutputWithContext(context.Background()) +} + +func (o ServicePerimeterDryRunEgressPolicyEgressFromOutput) ToServicePerimeterDryRunEgressPolicyEgressFromPtrOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ServicePerimeterDryRunEgressPolicyEgressFrom) *ServicePerimeterDryRunEgressPolicyEgressFrom { + return &v + }).(ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput) +} + +// A list of identities that are allowed access through this `EgressPolicy`. +// Should be in the format of email address. The email address should +// represent individual user or service account only. +func (o ServicePerimeterDryRunEgressPolicyEgressFromOutput) Identities() pulumi.StringArrayOutput { + return o.ApplyT(func(v ServicePerimeterDryRunEgressPolicyEgressFrom) []string { return v.Identities }).(pulumi.StringArrayOutput) +} + +// Specifies the type of identities that are allowed access to outside the +// perimeter. If left unspecified, then members of `identities` field will +// be allowed access. +// Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. +func (o ServicePerimeterDryRunEgressPolicyEgressFromOutput) IdentityType() pulumi.StringPtrOutput { + return o.ApplyT(func(v ServicePerimeterDryRunEgressPolicyEgressFrom) *string { return v.IdentityType }).(pulumi.StringPtrOutput) +} + +// Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. +// Possible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`. +func (o ServicePerimeterDryRunEgressPolicyEgressFromOutput) SourceRestriction() pulumi.StringPtrOutput { + return o.ApplyT(func(v ServicePerimeterDryRunEgressPolicyEgressFrom) *string { return v.SourceRestriction }).(pulumi.StringPtrOutput) +} + +// Sources that this EgressPolicy authorizes access from. +// Structure is documented below. +func (o ServicePerimeterDryRunEgressPolicyEgressFromOutput) Sources() ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput { + return o.ApplyT(func(v ServicePerimeterDryRunEgressPolicyEgressFrom) []ServicePerimeterDryRunEgressPolicyEgressFromSource { + return v.Sources + }).(ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput) +} + +type ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ServicePerimeterDryRunEgressPolicyEgressFrom)(nil)).Elem() +} + +func (o ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput) ToServicePerimeterDryRunEgressPolicyEgressFromPtrOutput() ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput) ToServicePerimeterDryRunEgressPolicyEgressFromPtrOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput) Elem() ServicePerimeterDryRunEgressPolicyEgressFromOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunEgressPolicyEgressFrom) ServicePerimeterDryRunEgressPolicyEgressFrom { + if v != nil { + return *v + } + var ret ServicePerimeterDryRunEgressPolicyEgressFrom + return ret + }).(ServicePerimeterDryRunEgressPolicyEgressFromOutput) +} + +// A list of identities that are allowed access through this `EgressPolicy`. +// Should be in the format of email address. The email address should +// represent individual user or service account only. +func (o ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput) Identities() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunEgressPolicyEgressFrom) []string { + if v == nil { + return nil + } + return v.Identities + }).(pulumi.StringArrayOutput) +} + +// Specifies the type of identities that are allowed access to outside the +// perimeter. If left unspecified, then members of `identities` field will +// be allowed access. +// Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. +func (o ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput) IdentityType() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunEgressPolicyEgressFrom) *string { + if v == nil { + return nil + } + return v.IdentityType + }).(pulumi.StringPtrOutput) +} + +// Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. +// Possible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`. +func (o ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput) SourceRestriction() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunEgressPolicyEgressFrom) *string { + if v == nil { + return nil + } + return v.SourceRestriction + }).(pulumi.StringPtrOutput) +} + +// Sources that this EgressPolicy authorizes access from. +// Structure is documented below. +func (o ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput) Sources() ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunEgressPolicyEgressFrom) []ServicePerimeterDryRunEgressPolicyEgressFromSource { + if v == nil { + return nil + } + return v.Sources + }).(ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput) +} + +type ServicePerimeterDryRunEgressPolicyEgressFromSource struct { + // An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside. + AccessLevel *string `pulumi:"accessLevel"` +} + +// ServicePerimeterDryRunEgressPolicyEgressFromSourceInput is an input type that accepts ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs and ServicePerimeterDryRunEgressPolicyEgressFromSourceOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunEgressPolicyEgressFromSourceInput` via: +// +// ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs{...} +type ServicePerimeterDryRunEgressPolicyEgressFromSourceInput interface { + pulumi.Input + + ToServicePerimeterDryRunEgressPolicyEgressFromSourceOutput() ServicePerimeterDryRunEgressPolicyEgressFromSourceOutput + ToServicePerimeterDryRunEgressPolicyEgressFromSourceOutputWithContext(context.Context) ServicePerimeterDryRunEgressPolicyEgressFromSourceOutput +} + +type ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs struct { + // An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside. + AccessLevel pulumi.StringPtrInput `pulumi:"accessLevel"` +} + +func (ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyEgressFromSource)(nil)).Elem() +} + +func (i ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs) ToServicePerimeterDryRunEgressPolicyEgressFromSourceOutput() ServicePerimeterDryRunEgressPolicyEgressFromSourceOutput { + return i.ToServicePerimeterDryRunEgressPolicyEgressFromSourceOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs) ToServicePerimeterDryRunEgressPolicyEgressFromSourceOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressFromSourceOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunEgressPolicyEgressFromSourceOutput) +} + +// ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayInput is an input type that accepts ServicePerimeterDryRunEgressPolicyEgressFromSourceArray and ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayInput` via: +// +// ServicePerimeterDryRunEgressPolicyEgressFromSourceArray{ ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs{...} } +type ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayInput interface { + pulumi.Input + + ToServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput() ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput + ToServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutputWithContext(context.Context) ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput +} + +type ServicePerimeterDryRunEgressPolicyEgressFromSourceArray []ServicePerimeterDryRunEgressPolicyEgressFromSourceInput + +func (ServicePerimeterDryRunEgressPolicyEgressFromSourceArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ServicePerimeterDryRunEgressPolicyEgressFromSource)(nil)).Elem() +} + +func (i ServicePerimeterDryRunEgressPolicyEgressFromSourceArray) ToServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput() ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput { + return i.ToServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunEgressPolicyEgressFromSourceArray) ToServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput) +} + +type ServicePerimeterDryRunEgressPolicyEgressFromSourceOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunEgressPolicyEgressFromSourceOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyEgressFromSource)(nil)).Elem() +} + +func (o ServicePerimeterDryRunEgressPolicyEgressFromSourceOutput) ToServicePerimeterDryRunEgressPolicyEgressFromSourceOutput() ServicePerimeterDryRunEgressPolicyEgressFromSourceOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyEgressFromSourceOutput) ToServicePerimeterDryRunEgressPolicyEgressFromSourceOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressFromSourceOutput { + return o +} + +// An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside. +func (o ServicePerimeterDryRunEgressPolicyEgressFromSourceOutput) AccessLevel() pulumi.StringPtrOutput { + return o.ApplyT(func(v ServicePerimeterDryRunEgressPolicyEgressFromSource) *string { return v.AccessLevel }).(pulumi.StringPtrOutput) +} + +type ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ServicePerimeterDryRunEgressPolicyEgressFromSource)(nil)).Elem() +} + +func (o ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput) ToServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput() ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput) ToServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput) Index(i pulumi.IntInput) ServicePerimeterDryRunEgressPolicyEgressFromSourceOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ServicePerimeterDryRunEgressPolicyEgressFromSource { + return vs[0].([]ServicePerimeterDryRunEgressPolicyEgressFromSource)[vs[1].(int)] + }).(ServicePerimeterDryRunEgressPolicyEgressFromSourceOutput) +} + +type ServicePerimeterDryRunEgressPolicyEgressTo struct { + // A list of external resources that are allowed to be accessed. A request + // matches if it contains an external resource in this list (Example: + // s3://bucket/path). Currently '*' is not allowed. + ExternalResources []string `pulumi:"externalResources"` + // A list of `ApiOperations` that this egress rule applies to. A request matches + // if it contains an operation/service in this list. + // Structure is documented below. + Operations []ServicePerimeterDryRunEgressPolicyEgressToOperation `pulumi:"operations"` + // A list of resources, currently only projects in the form + // `projects/`, that match this to stanza. A request matches + // if it contains a resource in this list. If * is specified for resources, + // then this `EgressTo` rule will authorize access to all resources outside + // the perimeter. + Resources []string `pulumi:"resources"` +} + +// ServicePerimeterDryRunEgressPolicyEgressToInput is an input type that accepts ServicePerimeterDryRunEgressPolicyEgressToArgs and ServicePerimeterDryRunEgressPolicyEgressToOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunEgressPolicyEgressToInput` via: +// +// ServicePerimeterDryRunEgressPolicyEgressToArgs{...} +type ServicePerimeterDryRunEgressPolicyEgressToInput interface { + pulumi.Input + + ToServicePerimeterDryRunEgressPolicyEgressToOutput() ServicePerimeterDryRunEgressPolicyEgressToOutput + ToServicePerimeterDryRunEgressPolicyEgressToOutputWithContext(context.Context) ServicePerimeterDryRunEgressPolicyEgressToOutput +} + +type ServicePerimeterDryRunEgressPolicyEgressToArgs struct { + // A list of external resources that are allowed to be accessed. A request + // matches if it contains an external resource in this list (Example: + // s3://bucket/path). Currently '*' is not allowed. + ExternalResources pulumi.StringArrayInput `pulumi:"externalResources"` + // A list of `ApiOperations` that this egress rule applies to. A request matches + // if it contains an operation/service in this list. + // Structure is documented below. + Operations ServicePerimeterDryRunEgressPolicyEgressToOperationArrayInput `pulumi:"operations"` + // A list of resources, currently only projects in the form + // `projects/`, that match this to stanza. A request matches + // if it contains a resource in this list. If * is specified for resources, + // then this `EgressTo` rule will authorize access to all resources outside + // the perimeter. + Resources pulumi.StringArrayInput `pulumi:"resources"` +} + +func (ServicePerimeterDryRunEgressPolicyEgressToArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyEgressTo)(nil)).Elem() +} + +func (i ServicePerimeterDryRunEgressPolicyEgressToArgs) ToServicePerimeterDryRunEgressPolicyEgressToOutput() ServicePerimeterDryRunEgressPolicyEgressToOutput { + return i.ToServicePerimeterDryRunEgressPolicyEgressToOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunEgressPolicyEgressToArgs) ToServicePerimeterDryRunEgressPolicyEgressToOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressToOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunEgressPolicyEgressToOutput) +} + +func (i ServicePerimeterDryRunEgressPolicyEgressToArgs) ToServicePerimeterDryRunEgressPolicyEgressToPtrOutput() ServicePerimeterDryRunEgressPolicyEgressToPtrOutput { + return i.ToServicePerimeterDryRunEgressPolicyEgressToPtrOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunEgressPolicyEgressToArgs) ToServicePerimeterDryRunEgressPolicyEgressToPtrOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressToPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunEgressPolicyEgressToOutput).ToServicePerimeterDryRunEgressPolicyEgressToPtrOutputWithContext(ctx) +} + +// ServicePerimeterDryRunEgressPolicyEgressToPtrInput is an input type that accepts ServicePerimeterDryRunEgressPolicyEgressToArgs, ServicePerimeterDryRunEgressPolicyEgressToPtr and ServicePerimeterDryRunEgressPolicyEgressToPtrOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunEgressPolicyEgressToPtrInput` via: +// +// ServicePerimeterDryRunEgressPolicyEgressToArgs{...} +// +// or: +// +// nil +type ServicePerimeterDryRunEgressPolicyEgressToPtrInput interface { + pulumi.Input + + ToServicePerimeterDryRunEgressPolicyEgressToPtrOutput() ServicePerimeterDryRunEgressPolicyEgressToPtrOutput + ToServicePerimeterDryRunEgressPolicyEgressToPtrOutputWithContext(context.Context) ServicePerimeterDryRunEgressPolicyEgressToPtrOutput +} + +type servicePerimeterDryRunEgressPolicyEgressToPtrType ServicePerimeterDryRunEgressPolicyEgressToArgs + +func ServicePerimeterDryRunEgressPolicyEgressToPtr(v *ServicePerimeterDryRunEgressPolicyEgressToArgs) ServicePerimeterDryRunEgressPolicyEgressToPtrInput { + return (*servicePerimeterDryRunEgressPolicyEgressToPtrType)(v) +} + +func (*servicePerimeterDryRunEgressPolicyEgressToPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ServicePerimeterDryRunEgressPolicyEgressTo)(nil)).Elem() +} + +func (i *servicePerimeterDryRunEgressPolicyEgressToPtrType) ToServicePerimeterDryRunEgressPolicyEgressToPtrOutput() ServicePerimeterDryRunEgressPolicyEgressToPtrOutput { + return i.ToServicePerimeterDryRunEgressPolicyEgressToPtrOutputWithContext(context.Background()) +} + +func (i *servicePerimeterDryRunEgressPolicyEgressToPtrType) ToServicePerimeterDryRunEgressPolicyEgressToPtrOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressToPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunEgressPolicyEgressToPtrOutput) +} + +type ServicePerimeterDryRunEgressPolicyEgressToOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunEgressPolicyEgressToOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyEgressTo)(nil)).Elem() +} + +func (o ServicePerimeterDryRunEgressPolicyEgressToOutput) ToServicePerimeterDryRunEgressPolicyEgressToOutput() ServicePerimeterDryRunEgressPolicyEgressToOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyEgressToOutput) ToServicePerimeterDryRunEgressPolicyEgressToOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressToOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyEgressToOutput) ToServicePerimeterDryRunEgressPolicyEgressToPtrOutput() ServicePerimeterDryRunEgressPolicyEgressToPtrOutput { + return o.ToServicePerimeterDryRunEgressPolicyEgressToPtrOutputWithContext(context.Background()) +} + +func (o ServicePerimeterDryRunEgressPolicyEgressToOutput) ToServicePerimeterDryRunEgressPolicyEgressToPtrOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressToPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ServicePerimeterDryRunEgressPolicyEgressTo) *ServicePerimeterDryRunEgressPolicyEgressTo { + return &v + }).(ServicePerimeterDryRunEgressPolicyEgressToPtrOutput) +} + +// A list of external resources that are allowed to be accessed. A request +// matches if it contains an external resource in this list (Example: +// s3://bucket/path). Currently '*' is not allowed. +func (o ServicePerimeterDryRunEgressPolicyEgressToOutput) ExternalResources() pulumi.StringArrayOutput { + return o.ApplyT(func(v ServicePerimeterDryRunEgressPolicyEgressTo) []string { return v.ExternalResources }).(pulumi.StringArrayOutput) +} + +// A list of `ApiOperations` that this egress rule applies to. A request matches +// if it contains an operation/service in this list. +// Structure is documented below. +func (o ServicePerimeterDryRunEgressPolicyEgressToOutput) Operations() ServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput { + return o.ApplyT(func(v ServicePerimeterDryRunEgressPolicyEgressTo) []ServicePerimeterDryRunEgressPolicyEgressToOperation { + return v.Operations + }).(ServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput) +} + +// A list of resources, currently only projects in the form +// `projects/`, that match this to stanza. A request matches +// if it contains a resource in this list. If * is specified for resources, +// then this `EgressTo` rule will authorize access to all resources outside +// the perimeter. +func (o ServicePerimeterDryRunEgressPolicyEgressToOutput) Resources() pulumi.StringArrayOutput { + return o.ApplyT(func(v ServicePerimeterDryRunEgressPolicyEgressTo) []string { return v.Resources }).(pulumi.StringArrayOutput) +} + +type ServicePerimeterDryRunEgressPolicyEgressToPtrOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunEgressPolicyEgressToPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ServicePerimeterDryRunEgressPolicyEgressTo)(nil)).Elem() +} + +func (o ServicePerimeterDryRunEgressPolicyEgressToPtrOutput) ToServicePerimeterDryRunEgressPolicyEgressToPtrOutput() ServicePerimeterDryRunEgressPolicyEgressToPtrOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyEgressToPtrOutput) ToServicePerimeterDryRunEgressPolicyEgressToPtrOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressToPtrOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyEgressToPtrOutput) Elem() ServicePerimeterDryRunEgressPolicyEgressToOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunEgressPolicyEgressTo) ServicePerimeterDryRunEgressPolicyEgressTo { + if v != nil { + return *v + } + var ret ServicePerimeterDryRunEgressPolicyEgressTo + return ret + }).(ServicePerimeterDryRunEgressPolicyEgressToOutput) +} + +// A list of external resources that are allowed to be accessed. A request +// matches if it contains an external resource in this list (Example: +// s3://bucket/path). Currently '*' is not allowed. +func (o ServicePerimeterDryRunEgressPolicyEgressToPtrOutput) ExternalResources() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunEgressPolicyEgressTo) []string { + if v == nil { + return nil + } + return v.ExternalResources + }).(pulumi.StringArrayOutput) +} + +// A list of `ApiOperations` that this egress rule applies to. A request matches +// if it contains an operation/service in this list. +// Structure is documented below. +func (o ServicePerimeterDryRunEgressPolicyEgressToPtrOutput) Operations() ServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunEgressPolicyEgressTo) []ServicePerimeterDryRunEgressPolicyEgressToOperation { + if v == nil { + return nil + } + return v.Operations + }).(ServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput) +} + +// A list of resources, currently only projects in the form +// `projects/`, that match this to stanza. A request matches +// if it contains a resource in this list. If * is specified for resources, +// then this `EgressTo` rule will authorize access to all resources outside +// the perimeter. +func (o ServicePerimeterDryRunEgressPolicyEgressToPtrOutput) Resources() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunEgressPolicyEgressTo) []string { + if v == nil { + return nil + } + return v.Resources + }).(pulumi.StringArrayOutput) +} + +type ServicePerimeterDryRunEgressPolicyEgressToOperation struct { + // API methods or permissions to allow. Method or permission must belong + // to the service specified by `serviceName` field. A single MethodSelector + // entry with `*` specified for the `method` field will allow all methods + // AND permissions for the service specified in `serviceName`. + // Structure is documented below. + MethodSelectors []ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector `pulumi:"methodSelectors"` + // The name of the API whose methods or permissions the `IngressPolicy` or + // `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + // field set to `*` will allow all methods AND permissions for all services. + ServiceName *string `pulumi:"serviceName"` +} + +// ServicePerimeterDryRunEgressPolicyEgressToOperationInput is an input type that accepts ServicePerimeterDryRunEgressPolicyEgressToOperationArgs and ServicePerimeterDryRunEgressPolicyEgressToOperationOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunEgressPolicyEgressToOperationInput` via: +// +// ServicePerimeterDryRunEgressPolicyEgressToOperationArgs{...} +type ServicePerimeterDryRunEgressPolicyEgressToOperationInput interface { + pulumi.Input + + ToServicePerimeterDryRunEgressPolicyEgressToOperationOutput() ServicePerimeterDryRunEgressPolicyEgressToOperationOutput + ToServicePerimeterDryRunEgressPolicyEgressToOperationOutputWithContext(context.Context) ServicePerimeterDryRunEgressPolicyEgressToOperationOutput +} + +type ServicePerimeterDryRunEgressPolicyEgressToOperationArgs struct { + // API methods or permissions to allow. Method or permission must belong + // to the service specified by `serviceName` field. A single MethodSelector + // entry with `*` specified for the `method` field will allow all methods + // AND permissions for the service specified in `serviceName`. + // Structure is documented below. + MethodSelectors ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayInput `pulumi:"methodSelectors"` + // The name of the API whose methods or permissions the `IngressPolicy` or + // `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + // field set to `*` will allow all methods AND permissions for all services. + ServiceName pulumi.StringPtrInput `pulumi:"serviceName"` +} + +func (ServicePerimeterDryRunEgressPolicyEgressToOperationArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyEgressToOperation)(nil)).Elem() +} + +func (i ServicePerimeterDryRunEgressPolicyEgressToOperationArgs) ToServicePerimeterDryRunEgressPolicyEgressToOperationOutput() ServicePerimeterDryRunEgressPolicyEgressToOperationOutput { + return i.ToServicePerimeterDryRunEgressPolicyEgressToOperationOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunEgressPolicyEgressToOperationArgs) ToServicePerimeterDryRunEgressPolicyEgressToOperationOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressToOperationOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunEgressPolicyEgressToOperationOutput) +} + +// ServicePerimeterDryRunEgressPolicyEgressToOperationArrayInput is an input type that accepts ServicePerimeterDryRunEgressPolicyEgressToOperationArray and ServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunEgressPolicyEgressToOperationArrayInput` via: +// +// ServicePerimeterDryRunEgressPolicyEgressToOperationArray{ ServicePerimeterDryRunEgressPolicyEgressToOperationArgs{...} } +type ServicePerimeterDryRunEgressPolicyEgressToOperationArrayInput interface { + pulumi.Input + + ToServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput() ServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput + ToServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutputWithContext(context.Context) ServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput +} + +type ServicePerimeterDryRunEgressPolicyEgressToOperationArray []ServicePerimeterDryRunEgressPolicyEgressToOperationInput + +func (ServicePerimeterDryRunEgressPolicyEgressToOperationArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ServicePerimeterDryRunEgressPolicyEgressToOperation)(nil)).Elem() +} + +func (i ServicePerimeterDryRunEgressPolicyEgressToOperationArray) ToServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput() ServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput { + return i.ToServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunEgressPolicyEgressToOperationArray) ToServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput) +} + +type ServicePerimeterDryRunEgressPolicyEgressToOperationOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunEgressPolicyEgressToOperationOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyEgressToOperation)(nil)).Elem() +} + +func (o ServicePerimeterDryRunEgressPolicyEgressToOperationOutput) ToServicePerimeterDryRunEgressPolicyEgressToOperationOutput() ServicePerimeterDryRunEgressPolicyEgressToOperationOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyEgressToOperationOutput) ToServicePerimeterDryRunEgressPolicyEgressToOperationOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressToOperationOutput { + return o +} + +// API methods or permissions to allow. Method or permission must belong +// to the service specified by `serviceName` field. A single MethodSelector +// entry with `*` specified for the `method` field will allow all methods +// AND permissions for the service specified in `serviceName`. +// Structure is documented below. +func (o ServicePerimeterDryRunEgressPolicyEgressToOperationOutput) MethodSelectors() ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutput { + return o.ApplyT(func(v ServicePerimeterDryRunEgressPolicyEgressToOperation) []ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector { + return v.MethodSelectors + }).(ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutput) +} + +// The name of the API whose methods or permissions the `IngressPolicy` or +// `EgressPolicy` want to allow. A single `ApiOperation` with serviceName +// field set to `*` will allow all methods AND permissions for all services. +func (o ServicePerimeterDryRunEgressPolicyEgressToOperationOutput) ServiceName() pulumi.StringPtrOutput { + return o.ApplyT(func(v ServicePerimeterDryRunEgressPolicyEgressToOperation) *string { return v.ServiceName }).(pulumi.StringPtrOutput) +} + +type ServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ServicePerimeterDryRunEgressPolicyEgressToOperation)(nil)).Elem() +} + +func (o ServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput) ToServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput() ServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput) ToServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput) Index(i pulumi.IntInput) ServicePerimeterDryRunEgressPolicyEgressToOperationOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ServicePerimeterDryRunEgressPolicyEgressToOperation { + return vs[0].([]ServicePerimeterDryRunEgressPolicyEgressToOperation)[vs[1].(int)] + }).(ServicePerimeterDryRunEgressPolicyEgressToOperationOutput) +} + +type ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector struct { + // Value for `method` should be a valid method name for the corresponding + // `serviceName` in `ApiOperation`. If `*` used as value for method, + // then ALL methods and permissions are allowed. + Method *string `pulumi:"method"` + // Value for permission should be a valid Cloud IAM permission for the + // corresponding `serviceName` in `ApiOperation`. + Permission *string `pulumi:"permission"` +} + +// ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorInput is an input type that accepts ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs and ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorInput` via: +// +// ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs{...} +type ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorInput interface { + pulumi.Input + + ToServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutput() ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutput + ToServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutputWithContext(context.Context) ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutput +} + +type ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs struct { + // Value for `method` should be a valid method name for the corresponding + // `serviceName` in `ApiOperation`. If `*` used as value for method, + // then ALL methods and permissions are allowed. + Method pulumi.StringPtrInput `pulumi:"method"` + // Value for permission should be a valid Cloud IAM permission for the + // corresponding `serviceName` in `ApiOperation`. + Permission pulumi.StringPtrInput `pulumi:"permission"` +} + +func (ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector)(nil)).Elem() +} + +func (i ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs) ToServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutput() ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutput { + return i.ToServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs) ToServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutput) +} + +// ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayInput is an input type that accepts ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArray and ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayInput` via: +// +// ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArray{ ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs{...} } +type ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayInput interface { + pulumi.Input + + ToServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutput() ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutput + ToServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutputWithContext(context.Context) ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutput +} + +type ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArray []ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorInput + +func (ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector)(nil)).Elem() +} + +func (i ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArray) ToServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutput() ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutput { + return i.ToServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArray) ToServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutput) +} + +type ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector)(nil)).Elem() +} + +func (o ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutput) ToServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutput() ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutput) ToServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutput { + return o +} + +// Value for `method` should be a valid method name for the corresponding +// `serviceName` in `ApiOperation`. If `*` used as value for method, +// then ALL methods and permissions are allowed. +func (o ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutput) Method() pulumi.StringPtrOutput { + return o.ApplyT(func(v ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector) *string { return v.Method }).(pulumi.StringPtrOutput) +} + +// Value for permission should be a valid Cloud IAM permission for the +// corresponding `serviceName` in `ApiOperation`. +func (o ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutput) Permission() pulumi.StringPtrOutput { + return o.ApplyT(func(v ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector) *string { return v.Permission }).(pulumi.StringPtrOutput) +} + +type ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector)(nil)).Elem() +} + +func (o ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutput) ToServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutput() ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutput) ToServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutput) Index(i pulumi.IntInput) ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector { + return vs[0].([]ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector)[vs[1].(int)] + }).(ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutput) +} + +type ServicePerimeterDryRunIngressPolicyIngressFrom struct { + // A list of identities that are allowed access through this ingress policy. + // Should be in the format of email address. The email address should represent + // individual user or service account only. + Identities []string `pulumi:"identities"` + // Specifies the type of identities that are allowed access from outside the + // perimeter. If left unspecified, then members of `identities` field will be + // allowed access. + // Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + IdentityType *string `pulumi:"identityType"` + // Sources that this `IngressPolicy` authorizes access from. + // Structure is documented below. + Sources []ServicePerimeterDryRunIngressPolicyIngressFromSource `pulumi:"sources"` +} + +// ServicePerimeterDryRunIngressPolicyIngressFromInput is an input type that accepts ServicePerimeterDryRunIngressPolicyIngressFromArgs and ServicePerimeterDryRunIngressPolicyIngressFromOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunIngressPolicyIngressFromInput` via: +// +// ServicePerimeterDryRunIngressPolicyIngressFromArgs{...} +type ServicePerimeterDryRunIngressPolicyIngressFromInput interface { + pulumi.Input + + ToServicePerimeterDryRunIngressPolicyIngressFromOutput() ServicePerimeterDryRunIngressPolicyIngressFromOutput + ToServicePerimeterDryRunIngressPolicyIngressFromOutputWithContext(context.Context) ServicePerimeterDryRunIngressPolicyIngressFromOutput +} + +type ServicePerimeterDryRunIngressPolicyIngressFromArgs struct { + // A list of identities that are allowed access through this ingress policy. + // Should be in the format of email address. The email address should represent + // individual user or service account only. + Identities pulumi.StringArrayInput `pulumi:"identities"` + // Specifies the type of identities that are allowed access from outside the + // perimeter. If left unspecified, then members of `identities` field will be + // allowed access. + // Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + IdentityType pulumi.StringPtrInput `pulumi:"identityType"` + // Sources that this `IngressPolicy` authorizes access from. + // Structure is documented below. + Sources ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayInput `pulumi:"sources"` +} + +func (ServicePerimeterDryRunIngressPolicyIngressFromArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyIngressFrom)(nil)).Elem() +} + +func (i ServicePerimeterDryRunIngressPolicyIngressFromArgs) ToServicePerimeterDryRunIngressPolicyIngressFromOutput() ServicePerimeterDryRunIngressPolicyIngressFromOutput { + return i.ToServicePerimeterDryRunIngressPolicyIngressFromOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunIngressPolicyIngressFromArgs) ToServicePerimeterDryRunIngressPolicyIngressFromOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressFromOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunIngressPolicyIngressFromOutput) +} + +func (i ServicePerimeterDryRunIngressPolicyIngressFromArgs) ToServicePerimeterDryRunIngressPolicyIngressFromPtrOutput() ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput { + return i.ToServicePerimeterDryRunIngressPolicyIngressFromPtrOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunIngressPolicyIngressFromArgs) ToServicePerimeterDryRunIngressPolicyIngressFromPtrOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunIngressPolicyIngressFromOutput).ToServicePerimeterDryRunIngressPolicyIngressFromPtrOutputWithContext(ctx) +} + +// ServicePerimeterDryRunIngressPolicyIngressFromPtrInput is an input type that accepts ServicePerimeterDryRunIngressPolicyIngressFromArgs, ServicePerimeterDryRunIngressPolicyIngressFromPtr and ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunIngressPolicyIngressFromPtrInput` via: +// +// ServicePerimeterDryRunIngressPolicyIngressFromArgs{...} +// +// or: +// +// nil +type ServicePerimeterDryRunIngressPolicyIngressFromPtrInput interface { + pulumi.Input + + ToServicePerimeterDryRunIngressPolicyIngressFromPtrOutput() ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput + ToServicePerimeterDryRunIngressPolicyIngressFromPtrOutputWithContext(context.Context) ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput +} + +type servicePerimeterDryRunIngressPolicyIngressFromPtrType ServicePerimeterDryRunIngressPolicyIngressFromArgs + +func ServicePerimeterDryRunIngressPolicyIngressFromPtr(v *ServicePerimeterDryRunIngressPolicyIngressFromArgs) ServicePerimeterDryRunIngressPolicyIngressFromPtrInput { + return (*servicePerimeterDryRunIngressPolicyIngressFromPtrType)(v) +} + +func (*servicePerimeterDryRunIngressPolicyIngressFromPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ServicePerimeterDryRunIngressPolicyIngressFrom)(nil)).Elem() +} + +func (i *servicePerimeterDryRunIngressPolicyIngressFromPtrType) ToServicePerimeterDryRunIngressPolicyIngressFromPtrOutput() ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput { + return i.ToServicePerimeterDryRunIngressPolicyIngressFromPtrOutputWithContext(context.Background()) +} + +func (i *servicePerimeterDryRunIngressPolicyIngressFromPtrType) ToServicePerimeterDryRunIngressPolicyIngressFromPtrOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput) +} + +type ServicePerimeterDryRunIngressPolicyIngressFromOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunIngressPolicyIngressFromOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyIngressFrom)(nil)).Elem() +} + +func (o ServicePerimeterDryRunIngressPolicyIngressFromOutput) ToServicePerimeterDryRunIngressPolicyIngressFromOutput() ServicePerimeterDryRunIngressPolicyIngressFromOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyIngressFromOutput) ToServicePerimeterDryRunIngressPolicyIngressFromOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressFromOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyIngressFromOutput) ToServicePerimeterDryRunIngressPolicyIngressFromPtrOutput() ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput { + return o.ToServicePerimeterDryRunIngressPolicyIngressFromPtrOutputWithContext(context.Background()) +} + +func (o ServicePerimeterDryRunIngressPolicyIngressFromOutput) ToServicePerimeterDryRunIngressPolicyIngressFromPtrOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ServicePerimeterDryRunIngressPolicyIngressFrom) *ServicePerimeterDryRunIngressPolicyIngressFrom { + return &v + }).(ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput) +} + +// A list of identities that are allowed access through this ingress policy. +// Should be in the format of email address. The email address should represent +// individual user or service account only. +func (o ServicePerimeterDryRunIngressPolicyIngressFromOutput) Identities() pulumi.StringArrayOutput { + return o.ApplyT(func(v ServicePerimeterDryRunIngressPolicyIngressFrom) []string { return v.Identities }).(pulumi.StringArrayOutput) +} + +// Specifies the type of identities that are allowed access from outside the +// perimeter. If left unspecified, then members of `identities` field will be +// allowed access. +// Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. +func (o ServicePerimeterDryRunIngressPolicyIngressFromOutput) IdentityType() pulumi.StringPtrOutput { + return o.ApplyT(func(v ServicePerimeterDryRunIngressPolicyIngressFrom) *string { return v.IdentityType }).(pulumi.StringPtrOutput) +} + +// Sources that this `IngressPolicy` authorizes access from. +// Structure is documented below. +func (o ServicePerimeterDryRunIngressPolicyIngressFromOutput) Sources() ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput { + return o.ApplyT(func(v ServicePerimeterDryRunIngressPolicyIngressFrom) []ServicePerimeterDryRunIngressPolicyIngressFromSource { + return v.Sources + }).(ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput) +} + +type ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ServicePerimeterDryRunIngressPolicyIngressFrom)(nil)).Elem() +} + +func (o ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput) ToServicePerimeterDryRunIngressPolicyIngressFromPtrOutput() ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput) ToServicePerimeterDryRunIngressPolicyIngressFromPtrOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput) Elem() ServicePerimeterDryRunIngressPolicyIngressFromOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunIngressPolicyIngressFrom) ServicePerimeterDryRunIngressPolicyIngressFrom { + if v != nil { + return *v + } + var ret ServicePerimeterDryRunIngressPolicyIngressFrom + return ret + }).(ServicePerimeterDryRunIngressPolicyIngressFromOutput) +} + +// A list of identities that are allowed access through this ingress policy. +// Should be in the format of email address. The email address should represent +// individual user or service account only. +func (o ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput) Identities() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunIngressPolicyIngressFrom) []string { + if v == nil { + return nil + } + return v.Identities + }).(pulumi.StringArrayOutput) +} + +// Specifies the type of identities that are allowed access from outside the +// perimeter. If left unspecified, then members of `identities` field will be +// allowed access. +// Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. +func (o ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput) IdentityType() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunIngressPolicyIngressFrom) *string { + if v == nil { + return nil + } + return v.IdentityType + }).(pulumi.StringPtrOutput) +} + +// Sources that this `IngressPolicy` authorizes access from. +// Structure is documented below. +func (o ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput) Sources() ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunIngressPolicyIngressFrom) []ServicePerimeterDryRunIngressPolicyIngressFromSource { + if v == nil { + return nil + } + return v.Sources + }).(ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput) +} + +type ServicePerimeterDryRunIngressPolicyIngressFromSource struct { + // An `AccessLevel` resource name that allow resources within the + // `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + // must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + // `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + // resources within the perimeter can only be accessed via Google Cloud calls + // with request origins within the perimeter. + // Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + // If * is specified, then all IngressSources will be allowed. + AccessLevel *string `pulumi:"accessLevel"` + // A Google Cloud resource that is allowed to ingress the perimeter. + // Requests from these resources will be allowed to access perimeter data. + // Currently only projects are allowed. Format `projects/{project_number}` + // The project may be in any Google Cloud organization, not just the + // organization that the perimeter is defined in. `*` is not allowed, the case + // of allowing all Google Cloud resources only is not supported. + Resource *string `pulumi:"resource"` +} + +// ServicePerimeterDryRunIngressPolicyIngressFromSourceInput is an input type that accepts ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs and ServicePerimeterDryRunIngressPolicyIngressFromSourceOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunIngressPolicyIngressFromSourceInput` via: +// +// ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs{...} +type ServicePerimeterDryRunIngressPolicyIngressFromSourceInput interface { + pulumi.Input + + ToServicePerimeterDryRunIngressPolicyIngressFromSourceOutput() ServicePerimeterDryRunIngressPolicyIngressFromSourceOutput + ToServicePerimeterDryRunIngressPolicyIngressFromSourceOutputWithContext(context.Context) ServicePerimeterDryRunIngressPolicyIngressFromSourceOutput +} + +type ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs struct { + // An `AccessLevel` resource name that allow resources within the + // `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + // must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + // `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + // resources within the perimeter can only be accessed via Google Cloud calls + // with request origins within the perimeter. + // Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + // If * is specified, then all IngressSources will be allowed. + AccessLevel pulumi.StringPtrInput `pulumi:"accessLevel"` + // A Google Cloud resource that is allowed to ingress the perimeter. + // Requests from these resources will be allowed to access perimeter data. + // Currently only projects are allowed. Format `projects/{project_number}` + // The project may be in any Google Cloud organization, not just the + // organization that the perimeter is defined in. `*` is not allowed, the case + // of allowing all Google Cloud resources only is not supported. + Resource pulumi.StringPtrInput `pulumi:"resource"` +} + +func (ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyIngressFromSource)(nil)).Elem() +} + +func (i ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs) ToServicePerimeterDryRunIngressPolicyIngressFromSourceOutput() ServicePerimeterDryRunIngressPolicyIngressFromSourceOutput { + return i.ToServicePerimeterDryRunIngressPolicyIngressFromSourceOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs) ToServicePerimeterDryRunIngressPolicyIngressFromSourceOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressFromSourceOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunIngressPolicyIngressFromSourceOutput) +} + +// ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayInput is an input type that accepts ServicePerimeterDryRunIngressPolicyIngressFromSourceArray and ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayInput` via: +// +// ServicePerimeterDryRunIngressPolicyIngressFromSourceArray{ ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs{...} } +type ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayInput interface { + pulumi.Input + + ToServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput() ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput + ToServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutputWithContext(context.Context) ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput +} + +type ServicePerimeterDryRunIngressPolicyIngressFromSourceArray []ServicePerimeterDryRunIngressPolicyIngressFromSourceInput + +func (ServicePerimeterDryRunIngressPolicyIngressFromSourceArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ServicePerimeterDryRunIngressPolicyIngressFromSource)(nil)).Elem() +} + +func (i ServicePerimeterDryRunIngressPolicyIngressFromSourceArray) ToServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput() ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput { + return i.ToServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunIngressPolicyIngressFromSourceArray) ToServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput) +} + +type ServicePerimeterDryRunIngressPolicyIngressFromSourceOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunIngressPolicyIngressFromSourceOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyIngressFromSource)(nil)).Elem() +} + +func (o ServicePerimeterDryRunIngressPolicyIngressFromSourceOutput) ToServicePerimeterDryRunIngressPolicyIngressFromSourceOutput() ServicePerimeterDryRunIngressPolicyIngressFromSourceOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyIngressFromSourceOutput) ToServicePerimeterDryRunIngressPolicyIngressFromSourceOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressFromSourceOutput { + return o +} + +// An `AccessLevel` resource name that allow resources within the +// `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed +// must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent +// `AccessLevel` will cause an error. If no `AccessLevel` names are listed, +// resources within the perimeter can only be accessed via Google Cloud calls +// with request origins within the perimeter. +// Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` +// If * is specified, then all IngressSources will be allowed. +func (o ServicePerimeterDryRunIngressPolicyIngressFromSourceOutput) AccessLevel() pulumi.StringPtrOutput { + return o.ApplyT(func(v ServicePerimeterDryRunIngressPolicyIngressFromSource) *string { return v.AccessLevel }).(pulumi.StringPtrOutput) +} + +// A Google Cloud resource that is allowed to ingress the perimeter. +// Requests from these resources will be allowed to access perimeter data. +// Currently only projects are allowed. Format `projects/{project_number}` +// The project may be in any Google Cloud organization, not just the +// organization that the perimeter is defined in. `*` is not allowed, the case +// of allowing all Google Cloud resources only is not supported. +func (o ServicePerimeterDryRunIngressPolicyIngressFromSourceOutput) Resource() pulumi.StringPtrOutput { + return o.ApplyT(func(v ServicePerimeterDryRunIngressPolicyIngressFromSource) *string { return v.Resource }).(pulumi.StringPtrOutput) +} + +type ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ServicePerimeterDryRunIngressPolicyIngressFromSource)(nil)).Elem() +} + +func (o ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput) ToServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput() ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput) ToServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput) Index(i pulumi.IntInput) ServicePerimeterDryRunIngressPolicyIngressFromSourceOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ServicePerimeterDryRunIngressPolicyIngressFromSource { + return vs[0].([]ServicePerimeterDryRunIngressPolicyIngressFromSource)[vs[1].(int)] + }).(ServicePerimeterDryRunIngressPolicyIngressFromSourceOutput) +} + +type ServicePerimeterDryRunIngressPolicyIngressTo struct { + // A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + // are allowed to perform in this `ServicePerimeter`. + // Structure is documented below. + Operations []ServicePerimeterDryRunIngressPolicyIngressToOperation `pulumi:"operations"` + // A list of resources, currently only projects in the form + // `projects/`, protected by this `ServicePerimeter` + // that are allowed to be accessed by sources defined in the + // corresponding `IngressFrom`. A request matches if it contains + // a resource in this list. If `*` is specified for resources, + // then this `IngressTo` rule will authorize access to all + // resources inside the perimeter, provided that the request + // also matches the `operations` field. + Resources []string `pulumi:"resources"` +} + +// ServicePerimeterDryRunIngressPolicyIngressToInput is an input type that accepts ServicePerimeterDryRunIngressPolicyIngressToArgs and ServicePerimeterDryRunIngressPolicyIngressToOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunIngressPolicyIngressToInput` via: +// +// ServicePerimeterDryRunIngressPolicyIngressToArgs{...} +type ServicePerimeterDryRunIngressPolicyIngressToInput interface { + pulumi.Input + + ToServicePerimeterDryRunIngressPolicyIngressToOutput() ServicePerimeterDryRunIngressPolicyIngressToOutput + ToServicePerimeterDryRunIngressPolicyIngressToOutputWithContext(context.Context) ServicePerimeterDryRunIngressPolicyIngressToOutput +} + +type ServicePerimeterDryRunIngressPolicyIngressToArgs struct { + // A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + // are allowed to perform in this `ServicePerimeter`. + // Structure is documented below. + Operations ServicePerimeterDryRunIngressPolicyIngressToOperationArrayInput `pulumi:"operations"` + // A list of resources, currently only projects in the form + // `projects/`, protected by this `ServicePerimeter` + // that are allowed to be accessed by sources defined in the + // corresponding `IngressFrom`. A request matches if it contains + // a resource in this list. If `*` is specified for resources, + // then this `IngressTo` rule will authorize access to all + // resources inside the perimeter, provided that the request + // also matches the `operations` field. + Resources pulumi.StringArrayInput `pulumi:"resources"` +} + +func (ServicePerimeterDryRunIngressPolicyIngressToArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyIngressTo)(nil)).Elem() +} + +func (i ServicePerimeterDryRunIngressPolicyIngressToArgs) ToServicePerimeterDryRunIngressPolicyIngressToOutput() ServicePerimeterDryRunIngressPolicyIngressToOutput { + return i.ToServicePerimeterDryRunIngressPolicyIngressToOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunIngressPolicyIngressToArgs) ToServicePerimeterDryRunIngressPolicyIngressToOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressToOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunIngressPolicyIngressToOutput) +} + +func (i ServicePerimeterDryRunIngressPolicyIngressToArgs) ToServicePerimeterDryRunIngressPolicyIngressToPtrOutput() ServicePerimeterDryRunIngressPolicyIngressToPtrOutput { + return i.ToServicePerimeterDryRunIngressPolicyIngressToPtrOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunIngressPolicyIngressToArgs) ToServicePerimeterDryRunIngressPolicyIngressToPtrOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressToPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunIngressPolicyIngressToOutput).ToServicePerimeterDryRunIngressPolicyIngressToPtrOutputWithContext(ctx) +} + +// ServicePerimeterDryRunIngressPolicyIngressToPtrInput is an input type that accepts ServicePerimeterDryRunIngressPolicyIngressToArgs, ServicePerimeterDryRunIngressPolicyIngressToPtr and ServicePerimeterDryRunIngressPolicyIngressToPtrOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunIngressPolicyIngressToPtrInput` via: +// +// ServicePerimeterDryRunIngressPolicyIngressToArgs{...} +// +// or: +// +// nil +type ServicePerimeterDryRunIngressPolicyIngressToPtrInput interface { + pulumi.Input + + ToServicePerimeterDryRunIngressPolicyIngressToPtrOutput() ServicePerimeterDryRunIngressPolicyIngressToPtrOutput + ToServicePerimeterDryRunIngressPolicyIngressToPtrOutputWithContext(context.Context) ServicePerimeterDryRunIngressPolicyIngressToPtrOutput +} + +type servicePerimeterDryRunIngressPolicyIngressToPtrType ServicePerimeterDryRunIngressPolicyIngressToArgs + +func ServicePerimeterDryRunIngressPolicyIngressToPtr(v *ServicePerimeterDryRunIngressPolicyIngressToArgs) ServicePerimeterDryRunIngressPolicyIngressToPtrInput { + return (*servicePerimeterDryRunIngressPolicyIngressToPtrType)(v) +} + +func (*servicePerimeterDryRunIngressPolicyIngressToPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**ServicePerimeterDryRunIngressPolicyIngressTo)(nil)).Elem() +} + +func (i *servicePerimeterDryRunIngressPolicyIngressToPtrType) ToServicePerimeterDryRunIngressPolicyIngressToPtrOutput() ServicePerimeterDryRunIngressPolicyIngressToPtrOutput { + return i.ToServicePerimeterDryRunIngressPolicyIngressToPtrOutputWithContext(context.Background()) +} + +func (i *servicePerimeterDryRunIngressPolicyIngressToPtrType) ToServicePerimeterDryRunIngressPolicyIngressToPtrOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressToPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunIngressPolicyIngressToPtrOutput) +} + +type ServicePerimeterDryRunIngressPolicyIngressToOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunIngressPolicyIngressToOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyIngressTo)(nil)).Elem() +} + +func (o ServicePerimeterDryRunIngressPolicyIngressToOutput) ToServicePerimeterDryRunIngressPolicyIngressToOutput() ServicePerimeterDryRunIngressPolicyIngressToOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyIngressToOutput) ToServicePerimeterDryRunIngressPolicyIngressToOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressToOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyIngressToOutput) ToServicePerimeterDryRunIngressPolicyIngressToPtrOutput() ServicePerimeterDryRunIngressPolicyIngressToPtrOutput { + return o.ToServicePerimeterDryRunIngressPolicyIngressToPtrOutputWithContext(context.Background()) +} + +func (o ServicePerimeterDryRunIngressPolicyIngressToOutput) ToServicePerimeterDryRunIngressPolicyIngressToPtrOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressToPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v ServicePerimeterDryRunIngressPolicyIngressTo) *ServicePerimeterDryRunIngressPolicyIngressTo { + return &v + }).(ServicePerimeterDryRunIngressPolicyIngressToPtrOutput) +} + +// A list of `ApiOperations` the sources specified in corresponding `IngressFrom` +// are allowed to perform in this `ServicePerimeter`. +// Structure is documented below. +func (o ServicePerimeterDryRunIngressPolicyIngressToOutput) Operations() ServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput { + return o.ApplyT(func(v ServicePerimeterDryRunIngressPolicyIngressTo) []ServicePerimeterDryRunIngressPolicyIngressToOperation { + return v.Operations + }).(ServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput) +} + +// A list of resources, currently only projects in the form +// `projects/`, protected by this `ServicePerimeter` +// that are allowed to be accessed by sources defined in the +// corresponding `IngressFrom`. A request matches if it contains +// a resource in this list. If `*` is specified for resources, +// then this `IngressTo` rule will authorize access to all +// resources inside the perimeter, provided that the request +// also matches the `operations` field. +func (o ServicePerimeterDryRunIngressPolicyIngressToOutput) Resources() pulumi.StringArrayOutput { + return o.ApplyT(func(v ServicePerimeterDryRunIngressPolicyIngressTo) []string { return v.Resources }).(pulumi.StringArrayOutput) +} + +type ServicePerimeterDryRunIngressPolicyIngressToPtrOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunIngressPolicyIngressToPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ServicePerimeterDryRunIngressPolicyIngressTo)(nil)).Elem() +} + +func (o ServicePerimeterDryRunIngressPolicyIngressToPtrOutput) ToServicePerimeterDryRunIngressPolicyIngressToPtrOutput() ServicePerimeterDryRunIngressPolicyIngressToPtrOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyIngressToPtrOutput) ToServicePerimeterDryRunIngressPolicyIngressToPtrOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressToPtrOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyIngressToPtrOutput) Elem() ServicePerimeterDryRunIngressPolicyIngressToOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunIngressPolicyIngressTo) ServicePerimeterDryRunIngressPolicyIngressTo { + if v != nil { + return *v + } + var ret ServicePerimeterDryRunIngressPolicyIngressTo + return ret + }).(ServicePerimeterDryRunIngressPolicyIngressToOutput) +} + +// A list of `ApiOperations` the sources specified in corresponding `IngressFrom` +// are allowed to perform in this `ServicePerimeter`. +// Structure is documented below. +func (o ServicePerimeterDryRunIngressPolicyIngressToPtrOutput) Operations() ServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunIngressPolicyIngressTo) []ServicePerimeterDryRunIngressPolicyIngressToOperation { + if v == nil { + return nil + } + return v.Operations + }).(ServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput) +} + +// A list of resources, currently only projects in the form +// `projects/`, protected by this `ServicePerimeter` +// that are allowed to be accessed by sources defined in the +// corresponding `IngressFrom`. A request matches if it contains +// a resource in this list. If `*` is specified for resources, +// then this `IngressTo` rule will authorize access to all +// resources inside the perimeter, provided that the request +// also matches the `operations` field. +func (o ServicePerimeterDryRunIngressPolicyIngressToPtrOutput) Resources() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunIngressPolicyIngressTo) []string { + if v == nil { + return nil + } + return v.Resources + }).(pulumi.StringArrayOutput) +} + +type ServicePerimeterDryRunIngressPolicyIngressToOperation struct { + // API methods or permissions to allow. Method or permission must belong to + // the service specified by serviceName field. A single `MethodSelector` entry + // with `*` specified for the method field will allow all methods AND + // permissions for the service specified in `serviceName`. + // Structure is documented below. + MethodSelectors []ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector `pulumi:"methodSelectors"` + // The name of the API whose methods or permissions the `IngressPolicy` or + // `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + // field set to `*` will allow all methods AND permissions for all services. + ServiceName *string `pulumi:"serviceName"` +} + +// ServicePerimeterDryRunIngressPolicyIngressToOperationInput is an input type that accepts ServicePerimeterDryRunIngressPolicyIngressToOperationArgs and ServicePerimeterDryRunIngressPolicyIngressToOperationOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunIngressPolicyIngressToOperationInput` via: +// +// ServicePerimeterDryRunIngressPolicyIngressToOperationArgs{...} +type ServicePerimeterDryRunIngressPolicyIngressToOperationInput interface { + pulumi.Input + + ToServicePerimeterDryRunIngressPolicyIngressToOperationOutput() ServicePerimeterDryRunIngressPolicyIngressToOperationOutput + ToServicePerimeterDryRunIngressPolicyIngressToOperationOutputWithContext(context.Context) ServicePerimeterDryRunIngressPolicyIngressToOperationOutput +} + +type ServicePerimeterDryRunIngressPolicyIngressToOperationArgs struct { + // API methods or permissions to allow. Method or permission must belong to + // the service specified by serviceName field. A single `MethodSelector` entry + // with `*` specified for the method field will allow all methods AND + // permissions for the service specified in `serviceName`. + // Structure is documented below. + MethodSelectors ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayInput `pulumi:"methodSelectors"` + // The name of the API whose methods or permissions the `IngressPolicy` or + // `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + // field set to `*` will allow all methods AND permissions for all services. + ServiceName pulumi.StringPtrInput `pulumi:"serviceName"` +} + +func (ServicePerimeterDryRunIngressPolicyIngressToOperationArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyIngressToOperation)(nil)).Elem() +} + +func (i ServicePerimeterDryRunIngressPolicyIngressToOperationArgs) ToServicePerimeterDryRunIngressPolicyIngressToOperationOutput() ServicePerimeterDryRunIngressPolicyIngressToOperationOutput { + return i.ToServicePerimeterDryRunIngressPolicyIngressToOperationOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunIngressPolicyIngressToOperationArgs) ToServicePerimeterDryRunIngressPolicyIngressToOperationOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressToOperationOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunIngressPolicyIngressToOperationOutput) +} + +// ServicePerimeterDryRunIngressPolicyIngressToOperationArrayInput is an input type that accepts ServicePerimeterDryRunIngressPolicyIngressToOperationArray and ServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunIngressPolicyIngressToOperationArrayInput` via: +// +// ServicePerimeterDryRunIngressPolicyIngressToOperationArray{ ServicePerimeterDryRunIngressPolicyIngressToOperationArgs{...} } +type ServicePerimeterDryRunIngressPolicyIngressToOperationArrayInput interface { + pulumi.Input + + ToServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput() ServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput + ToServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutputWithContext(context.Context) ServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput +} + +type ServicePerimeterDryRunIngressPolicyIngressToOperationArray []ServicePerimeterDryRunIngressPolicyIngressToOperationInput + +func (ServicePerimeterDryRunIngressPolicyIngressToOperationArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ServicePerimeterDryRunIngressPolicyIngressToOperation)(nil)).Elem() +} + +func (i ServicePerimeterDryRunIngressPolicyIngressToOperationArray) ToServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput() ServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput { + return i.ToServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunIngressPolicyIngressToOperationArray) ToServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput) +} + +type ServicePerimeterDryRunIngressPolicyIngressToOperationOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunIngressPolicyIngressToOperationOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyIngressToOperation)(nil)).Elem() +} + +func (o ServicePerimeterDryRunIngressPolicyIngressToOperationOutput) ToServicePerimeterDryRunIngressPolicyIngressToOperationOutput() ServicePerimeterDryRunIngressPolicyIngressToOperationOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyIngressToOperationOutput) ToServicePerimeterDryRunIngressPolicyIngressToOperationOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressToOperationOutput { + return o +} + +// API methods or permissions to allow. Method or permission must belong to +// the service specified by serviceName field. A single `MethodSelector` entry +// with `*` specified for the method field will allow all methods AND +// permissions for the service specified in `serviceName`. +// Structure is documented below. +func (o ServicePerimeterDryRunIngressPolicyIngressToOperationOutput) MethodSelectors() ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutput { + return o.ApplyT(func(v ServicePerimeterDryRunIngressPolicyIngressToOperation) []ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector { + return v.MethodSelectors + }).(ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutput) +} + +// The name of the API whose methods or permissions the `IngressPolicy` or +// `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` +// field set to `*` will allow all methods AND permissions for all services. +func (o ServicePerimeterDryRunIngressPolicyIngressToOperationOutput) ServiceName() pulumi.StringPtrOutput { + return o.ApplyT(func(v ServicePerimeterDryRunIngressPolicyIngressToOperation) *string { return v.ServiceName }).(pulumi.StringPtrOutput) +} + +type ServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ServicePerimeterDryRunIngressPolicyIngressToOperation)(nil)).Elem() +} + +func (o ServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput) ToServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput() ServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput) ToServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput) Index(i pulumi.IntInput) ServicePerimeterDryRunIngressPolicyIngressToOperationOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ServicePerimeterDryRunIngressPolicyIngressToOperation { + return vs[0].([]ServicePerimeterDryRunIngressPolicyIngressToOperation)[vs[1].(int)] + }).(ServicePerimeterDryRunIngressPolicyIngressToOperationOutput) +} + +type ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector struct { + // Value for method should be a valid method name for the corresponding + // serviceName in `ApiOperation`. If `*` used as value for `method`, then + // ALL methods and permissions are allowed. + Method *string `pulumi:"method"` + // Value for permission should be a valid Cloud IAM permission for the + // corresponding `serviceName` in `ApiOperation`. + Permission *string `pulumi:"permission"` +} + +// ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorInput is an input type that accepts ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs and ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorInput` via: +// +// ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs{...} +type ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorInput interface { + pulumi.Input + + ToServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutput() ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutput + ToServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutputWithContext(context.Context) ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutput +} + +type ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs struct { + // Value for method should be a valid method name for the corresponding + // serviceName in `ApiOperation`. If `*` used as value for `method`, then + // ALL methods and permissions are allowed. + Method pulumi.StringPtrInput `pulumi:"method"` + // Value for permission should be a valid Cloud IAM permission for the + // corresponding `serviceName` in `ApiOperation`. + Permission pulumi.StringPtrInput `pulumi:"permission"` +} + +func (ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector)(nil)).Elem() +} + +func (i ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs) ToServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutput() ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutput { + return i.ToServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs) ToServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutput) +} + +// ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayInput is an input type that accepts ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArray and ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayInput` via: +// +// ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArray{ ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs{...} } +type ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayInput interface { + pulumi.Input + + ToServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutput() ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutput + ToServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutputWithContext(context.Context) ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutput +} + +type ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArray []ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorInput + +func (ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector)(nil)).Elem() +} + +func (i ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArray) ToServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutput() ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutput { + return i.ToServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArray) ToServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutput) +} + +type ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector)(nil)).Elem() +} + +func (o ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutput) ToServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutput() ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutput) ToServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutput { + return o +} + +// Value for method should be a valid method name for the corresponding +// serviceName in `ApiOperation`. If `*` used as value for `method`, then +// ALL methods and permissions are allowed. +func (o ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutput) Method() pulumi.StringPtrOutput { + return o.ApplyT(func(v ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector) *string { return v.Method }).(pulumi.StringPtrOutput) +} + +// Value for permission should be a valid Cloud IAM permission for the +// corresponding `serviceName` in `ApiOperation`. +func (o ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutput) Permission() pulumi.StringPtrOutput { + return o.ApplyT(func(v ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector) *string { + return v.Permission + }).(pulumi.StringPtrOutput) +} + +type ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector)(nil)).Elem() +} + +func (o ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutput) ToServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutput() ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutput) ToServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutput) Index(i pulumi.IntInput) ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector { + return vs[0].([]ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector)[vs[1].(int)] + }).(ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutput) +} + type ServicePerimeterEgressPolicyEgressFrom struct { // A list of identities that are allowed access through this `EgressPolicy`. // Should be in the format of email address. The email address should @@ -14910,6 +16461,26 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*AccessPolicyIamBindingConditionPtrInput)(nil)).Elem(), AccessPolicyIamBindingConditionArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*AccessPolicyIamMemberConditionInput)(nil)).Elem(), AccessPolicyIamMemberConditionArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*AccessPolicyIamMemberConditionPtrInput)(nil)).Elem(), AccessPolicyIamMemberConditionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyEgressFromInput)(nil)).Elem(), ServicePerimeterDryRunEgressPolicyEgressFromArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyEgressFromPtrInput)(nil)).Elem(), ServicePerimeterDryRunEgressPolicyEgressFromArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyEgressFromSourceInput)(nil)).Elem(), ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayInput)(nil)).Elem(), ServicePerimeterDryRunEgressPolicyEgressFromSourceArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyEgressToInput)(nil)).Elem(), ServicePerimeterDryRunEgressPolicyEgressToArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyEgressToPtrInput)(nil)).Elem(), ServicePerimeterDryRunEgressPolicyEgressToArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyEgressToOperationInput)(nil)).Elem(), ServicePerimeterDryRunEgressPolicyEgressToOperationArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyEgressToOperationArrayInput)(nil)).Elem(), ServicePerimeterDryRunEgressPolicyEgressToOperationArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorInput)(nil)).Elem(), ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayInput)(nil)).Elem(), ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyIngressFromInput)(nil)).Elem(), ServicePerimeterDryRunIngressPolicyIngressFromArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyIngressFromPtrInput)(nil)).Elem(), ServicePerimeterDryRunIngressPolicyIngressFromArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyIngressFromSourceInput)(nil)).Elem(), ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayInput)(nil)).Elem(), ServicePerimeterDryRunIngressPolicyIngressFromSourceArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyIngressToInput)(nil)).Elem(), ServicePerimeterDryRunIngressPolicyIngressToArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyIngressToPtrInput)(nil)).Elem(), ServicePerimeterDryRunIngressPolicyIngressToArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyIngressToOperationInput)(nil)).Elem(), ServicePerimeterDryRunIngressPolicyIngressToOperationArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyIngressToOperationArrayInput)(nil)).Elem(), ServicePerimeterDryRunIngressPolicyIngressToOperationArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorInput)(nil)).Elem(), ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayInput)(nil)).Elem(), ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArray{}) pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterEgressPolicyEgressFromInput)(nil)).Elem(), ServicePerimeterEgressPolicyEgressFromArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterEgressPolicyEgressFromPtrInput)(nil)).Elem(), ServicePerimeterEgressPolicyEgressFromArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterEgressPolicyEgressFromSourceInput)(nil)).Elem(), ServicePerimeterEgressPolicyEgressFromSourceArgs{}) @@ -15090,6 +16661,26 @@ func init() { pulumi.RegisterOutputType(AccessPolicyIamBindingConditionPtrOutput{}) pulumi.RegisterOutputType(AccessPolicyIamMemberConditionOutput{}) pulumi.RegisterOutputType(AccessPolicyIamMemberConditionPtrOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunEgressPolicyEgressFromOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunEgressPolicyEgressFromSourceOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunEgressPolicyEgressFromSourceArrayOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunEgressPolicyEgressToOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunEgressPolicyEgressToPtrOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunEgressPolicyEgressToOperationOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunEgressPolicyEgressToOperationArrayOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArrayOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunIngressPolicyIngressFromOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunIngressPolicyIngressFromSourceOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunIngressPolicyIngressFromSourceArrayOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunIngressPolicyIngressToOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunIngressPolicyIngressToPtrOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunIngressPolicyIngressToOperationOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunIngressPolicyIngressToOperationArrayOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArrayOutput{}) pulumi.RegisterOutputType(ServicePerimeterEgressPolicyEgressFromOutput{}) pulumi.RegisterOutputType(ServicePerimeterEgressPolicyEgressFromPtrOutput{}) pulumi.RegisterOutputType(ServicePerimeterEgressPolicyEgressFromSourceOutput{}) diff --git a/sdk/go/gcp/accesscontextmanager/servicePerimeterDryRunEgressPolicy.go b/sdk/go/gcp/accesscontextmanager/servicePerimeterDryRunEgressPolicy.go new file mode 100644 index 0000000000..8ad03c5adc --- /dev/null +++ b/sdk/go/gcp/accesscontextmanager/servicePerimeterDryRunEgressPolicy.go @@ -0,0 +1,300 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package accesscontextmanager + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Manage a single EgressPolicy in the spec (dry-run) configuration for a service perimeter. +// EgressPolicies match requests based on egressFrom and egressTo stanzas. +// For an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched. +// If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter +// boundary. For example, an EgressPolicy can be used to allow VMs on networks +// within the ServicePerimeter to access a defined set of projects outside the +// perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket +// or query against a BigQuery dataset). +// +// > **Note:** By default, updates to this resource will remove the EgressPolicy from the +// from the perimeter and add it back in a non-atomic manner. To ensure that the new EgressPolicy +// is added before the old one is removed, add a `lifecycle` block with `createBeforeDestroy = true` to this resource. +// +// To get more information about ServicePerimeterDryRunEgressPolicy, see: +// +// * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#egresspolicy) +// +// ## Example Usage +type ServicePerimeterDryRunEgressPolicy struct { + pulumi.CustomResourceState + + // Defines conditions on the source of a request causing this `EgressPolicy` to apply. + // Structure is documented below. + EgressFrom ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput `pulumi:"egressFrom"` + // Defines the conditions on the `ApiOperation` and destination resources that + // cause this `EgressPolicy` to apply. + // Structure is documented below. + EgressTo ServicePerimeterDryRunEgressPolicyEgressToPtrOutput `pulumi:"egressTo"` + // The name of the Service Perimeter to add this resource to. + // + // *** + Perimeter pulumi.StringOutput `pulumi:"perimeter"` +} + +// NewServicePerimeterDryRunEgressPolicy registers a new resource with the given unique name, arguments, and options. +func NewServicePerimeterDryRunEgressPolicy(ctx *pulumi.Context, + name string, args *ServicePerimeterDryRunEgressPolicyArgs, opts ...pulumi.ResourceOption) (*ServicePerimeterDryRunEgressPolicy, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.Perimeter == nil { + return nil, errors.New("invalid value for required argument 'Perimeter'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource ServicePerimeterDryRunEgressPolicy + err := ctx.RegisterResource("gcp:accesscontextmanager/servicePerimeterDryRunEgressPolicy:ServicePerimeterDryRunEgressPolicy", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetServicePerimeterDryRunEgressPolicy gets an existing ServicePerimeterDryRunEgressPolicy resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetServicePerimeterDryRunEgressPolicy(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *ServicePerimeterDryRunEgressPolicyState, opts ...pulumi.ResourceOption) (*ServicePerimeterDryRunEgressPolicy, error) { + var resource ServicePerimeterDryRunEgressPolicy + err := ctx.ReadResource("gcp:accesscontextmanager/servicePerimeterDryRunEgressPolicy:ServicePerimeterDryRunEgressPolicy", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering ServicePerimeterDryRunEgressPolicy resources. +type servicePerimeterDryRunEgressPolicyState struct { + // Defines conditions on the source of a request causing this `EgressPolicy` to apply. + // Structure is documented below. + EgressFrom *ServicePerimeterDryRunEgressPolicyEgressFrom `pulumi:"egressFrom"` + // Defines the conditions on the `ApiOperation` and destination resources that + // cause this `EgressPolicy` to apply. + // Structure is documented below. + EgressTo *ServicePerimeterDryRunEgressPolicyEgressTo `pulumi:"egressTo"` + // The name of the Service Perimeter to add this resource to. + // + // *** + Perimeter *string `pulumi:"perimeter"` +} + +type ServicePerimeterDryRunEgressPolicyState struct { + // Defines conditions on the source of a request causing this `EgressPolicy` to apply. + // Structure is documented below. + EgressFrom ServicePerimeterDryRunEgressPolicyEgressFromPtrInput + // Defines the conditions on the `ApiOperation` and destination resources that + // cause this `EgressPolicy` to apply. + // Structure is documented below. + EgressTo ServicePerimeterDryRunEgressPolicyEgressToPtrInput + // The name of the Service Perimeter to add this resource to. + // + // *** + Perimeter pulumi.StringPtrInput +} + +func (ServicePerimeterDryRunEgressPolicyState) ElementType() reflect.Type { + return reflect.TypeOf((*servicePerimeterDryRunEgressPolicyState)(nil)).Elem() +} + +type servicePerimeterDryRunEgressPolicyArgs struct { + // Defines conditions on the source of a request causing this `EgressPolicy` to apply. + // Structure is documented below. + EgressFrom *ServicePerimeterDryRunEgressPolicyEgressFrom `pulumi:"egressFrom"` + // Defines the conditions on the `ApiOperation` and destination resources that + // cause this `EgressPolicy` to apply. + // Structure is documented below. + EgressTo *ServicePerimeterDryRunEgressPolicyEgressTo `pulumi:"egressTo"` + // The name of the Service Perimeter to add this resource to. + // + // *** + Perimeter string `pulumi:"perimeter"` +} + +// The set of arguments for constructing a ServicePerimeterDryRunEgressPolicy resource. +type ServicePerimeterDryRunEgressPolicyArgs struct { + // Defines conditions on the source of a request causing this `EgressPolicy` to apply. + // Structure is documented below. + EgressFrom ServicePerimeterDryRunEgressPolicyEgressFromPtrInput + // Defines the conditions on the `ApiOperation` and destination resources that + // cause this `EgressPolicy` to apply. + // Structure is documented below. + EgressTo ServicePerimeterDryRunEgressPolicyEgressToPtrInput + // The name of the Service Perimeter to add this resource to. + // + // *** + Perimeter pulumi.StringInput +} + +func (ServicePerimeterDryRunEgressPolicyArgs) ElementType() reflect.Type { + return reflect.TypeOf((*servicePerimeterDryRunEgressPolicyArgs)(nil)).Elem() +} + +type ServicePerimeterDryRunEgressPolicyInput interface { + pulumi.Input + + ToServicePerimeterDryRunEgressPolicyOutput() ServicePerimeterDryRunEgressPolicyOutput + ToServicePerimeterDryRunEgressPolicyOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyOutput +} + +func (*ServicePerimeterDryRunEgressPolicy) ElementType() reflect.Type { + return reflect.TypeOf((**ServicePerimeterDryRunEgressPolicy)(nil)).Elem() +} + +func (i *ServicePerimeterDryRunEgressPolicy) ToServicePerimeterDryRunEgressPolicyOutput() ServicePerimeterDryRunEgressPolicyOutput { + return i.ToServicePerimeterDryRunEgressPolicyOutputWithContext(context.Background()) +} + +func (i *ServicePerimeterDryRunEgressPolicy) ToServicePerimeterDryRunEgressPolicyOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunEgressPolicyOutput) +} + +// ServicePerimeterDryRunEgressPolicyArrayInput is an input type that accepts ServicePerimeterDryRunEgressPolicyArray and ServicePerimeterDryRunEgressPolicyArrayOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunEgressPolicyArrayInput` via: +// +// ServicePerimeterDryRunEgressPolicyArray{ ServicePerimeterDryRunEgressPolicyArgs{...} } +type ServicePerimeterDryRunEgressPolicyArrayInput interface { + pulumi.Input + + ToServicePerimeterDryRunEgressPolicyArrayOutput() ServicePerimeterDryRunEgressPolicyArrayOutput + ToServicePerimeterDryRunEgressPolicyArrayOutputWithContext(context.Context) ServicePerimeterDryRunEgressPolicyArrayOutput +} + +type ServicePerimeterDryRunEgressPolicyArray []ServicePerimeterDryRunEgressPolicyInput + +func (ServicePerimeterDryRunEgressPolicyArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*ServicePerimeterDryRunEgressPolicy)(nil)).Elem() +} + +func (i ServicePerimeterDryRunEgressPolicyArray) ToServicePerimeterDryRunEgressPolicyArrayOutput() ServicePerimeterDryRunEgressPolicyArrayOutput { + return i.ToServicePerimeterDryRunEgressPolicyArrayOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunEgressPolicyArray) ToServicePerimeterDryRunEgressPolicyArrayOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunEgressPolicyArrayOutput) +} + +// ServicePerimeterDryRunEgressPolicyMapInput is an input type that accepts ServicePerimeterDryRunEgressPolicyMap and ServicePerimeterDryRunEgressPolicyMapOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunEgressPolicyMapInput` via: +// +// ServicePerimeterDryRunEgressPolicyMap{ "key": ServicePerimeterDryRunEgressPolicyArgs{...} } +type ServicePerimeterDryRunEgressPolicyMapInput interface { + pulumi.Input + + ToServicePerimeterDryRunEgressPolicyMapOutput() ServicePerimeterDryRunEgressPolicyMapOutput + ToServicePerimeterDryRunEgressPolicyMapOutputWithContext(context.Context) ServicePerimeterDryRunEgressPolicyMapOutput +} + +type ServicePerimeterDryRunEgressPolicyMap map[string]ServicePerimeterDryRunEgressPolicyInput + +func (ServicePerimeterDryRunEgressPolicyMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*ServicePerimeterDryRunEgressPolicy)(nil)).Elem() +} + +func (i ServicePerimeterDryRunEgressPolicyMap) ToServicePerimeterDryRunEgressPolicyMapOutput() ServicePerimeterDryRunEgressPolicyMapOutput { + return i.ToServicePerimeterDryRunEgressPolicyMapOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunEgressPolicyMap) ToServicePerimeterDryRunEgressPolicyMapOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunEgressPolicyMapOutput) +} + +type ServicePerimeterDryRunEgressPolicyOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunEgressPolicyOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ServicePerimeterDryRunEgressPolicy)(nil)).Elem() +} + +func (o ServicePerimeterDryRunEgressPolicyOutput) ToServicePerimeterDryRunEgressPolicyOutput() ServicePerimeterDryRunEgressPolicyOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyOutput) ToServicePerimeterDryRunEgressPolicyOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyOutput { + return o +} + +// Defines conditions on the source of a request causing this `EgressPolicy` to apply. +// Structure is documented below. +func (o ServicePerimeterDryRunEgressPolicyOutput) EgressFrom() ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunEgressPolicy) ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput { + return v.EgressFrom + }).(ServicePerimeterDryRunEgressPolicyEgressFromPtrOutput) +} + +// Defines the conditions on the `ApiOperation` and destination resources that +// cause this `EgressPolicy` to apply. +// Structure is documented below. +func (o ServicePerimeterDryRunEgressPolicyOutput) EgressTo() ServicePerimeterDryRunEgressPolicyEgressToPtrOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunEgressPolicy) ServicePerimeterDryRunEgressPolicyEgressToPtrOutput { + return v.EgressTo + }).(ServicePerimeterDryRunEgressPolicyEgressToPtrOutput) +} + +// The name of the Service Perimeter to add this resource to. +// +// *** +func (o ServicePerimeterDryRunEgressPolicyOutput) Perimeter() pulumi.StringOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunEgressPolicy) pulumi.StringOutput { return v.Perimeter }).(pulumi.StringOutput) +} + +type ServicePerimeterDryRunEgressPolicyArrayOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunEgressPolicyArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*ServicePerimeterDryRunEgressPolicy)(nil)).Elem() +} + +func (o ServicePerimeterDryRunEgressPolicyArrayOutput) ToServicePerimeterDryRunEgressPolicyArrayOutput() ServicePerimeterDryRunEgressPolicyArrayOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyArrayOutput) ToServicePerimeterDryRunEgressPolicyArrayOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyArrayOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyArrayOutput) Index(i pulumi.IntInput) ServicePerimeterDryRunEgressPolicyOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *ServicePerimeterDryRunEgressPolicy { + return vs[0].([]*ServicePerimeterDryRunEgressPolicy)[vs[1].(int)] + }).(ServicePerimeterDryRunEgressPolicyOutput) +} + +type ServicePerimeterDryRunEgressPolicyMapOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunEgressPolicyMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*ServicePerimeterDryRunEgressPolicy)(nil)).Elem() +} + +func (o ServicePerimeterDryRunEgressPolicyMapOutput) ToServicePerimeterDryRunEgressPolicyMapOutput() ServicePerimeterDryRunEgressPolicyMapOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyMapOutput) ToServicePerimeterDryRunEgressPolicyMapOutputWithContext(ctx context.Context) ServicePerimeterDryRunEgressPolicyMapOutput { + return o +} + +func (o ServicePerimeterDryRunEgressPolicyMapOutput) MapIndex(k pulumi.StringInput) ServicePerimeterDryRunEgressPolicyOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *ServicePerimeterDryRunEgressPolicy { + return vs[0].(map[string]*ServicePerimeterDryRunEgressPolicy)[vs[1].(string)] + }).(ServicePerimeterDryRunEgressPolicyOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyInput)(nil)).Elem(), &ServicePerimeterDryRunEgressPolicy{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyArrayInput)(nil)).Elem(), ServicePerimeterDryRunEgressPolicyArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunEgressPolicyMapInput)(nil)).Elem(), ServicePerimeterDryRunEgressPolicyMap{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunEgressPolicyOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunEgressPolicyArrayOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunEgressPolicyMapOutput{}) +} diff --git a/sdk/go/gcp/accesscontextmanager/servicePerimeterDryRunIngressPolicy.go b/sdk/go/gcp/accesscontextmanager/servicePerimeterDryRunIngressPolicy.go new file mode 100644 index 0000000000..afd9854237 --- /dev/null +++ b/sdk/go/gcp/accesscontextmanager/servicePerimeterDryRunIngressPolicy.go @@ -0,0 +1,307 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package accesscontextmanager + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Manage a single IngressPolicy in the spec (dry-run) configuration for a service perimeter. +// IngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match, +// both the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request, +// the request is allowed through the perimeter boundary from outside the perimeter. +// For example, access from the internet can be allowed either based on an AccessLevel or, +// for traffic hosted on Google Cloud, the project of the source network. +// For access from private networks, using the project of the hosting network is required. +// Individual ingress policies can be limited by restricting which services and/ +// or actions they match using the ingressTo field. +// +// > **Note:** By default, updates to this resource will remove the IngressPolicy from the +// from the perimeter and add it back in a non-atomic manner. To ensure that the new IngressPolicy +// is added before the old one is removed, add a `lifecycle` block with `createBeforeDestroy = true` to this resource. +// +// To get more information about ServicePerimeterDryRunIngressPolicy, see: +// +// * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#ingresspolicy) +// +// ## Example Usage +type ServicePerimeterDryRunIngressPolicy struct { + pulumi.CustomResourceState + + // Defines the conditions on the source of a request causing this `IngressPolicy` + // to apply. + // Structure is documented below. + IngressFrom ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput `pulumi:"ingressFrom"` + // Defines the conditions on the `ApiOperation` and request destination that cause + // this `IngressPolicy` to apply. + // Structure is documented below. + IngressTo ServicePerimeterDryRunIngressPolicyIngressToPtrOutput `pulumi:"ingressTo"` + // The name of the Service Perimeter to add this resource to. + // + // *** + Perimeter pulumi.StringOutput `pulumi:"perimeter"` +} + +// NewServicePerimeterDryRunIngressPolicy registers a new resource with the given unique name, arguments, and options. +func NewServicePerimeterDryRunIngressPolicy(ctx *pulumi.Context, + name string, args *ServicePerimeterDryRunIngressPolicyArgs, opts ...pulumi.ResourceOption) (*ServicePerimeterDryRunIngressPolicy, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.Perimeter == nil { + return nil, errors.New("invalid value for required argument 'Perimeter'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource ServicePerimeterDryRunIngressPolicy + err := ctx.RegisterResource("gcp:accesscontextmanager/servicePerimeterDryRunIngressPolicy:ServicePerimeterDryRunIngressPolicy", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetServicePerimeterDryRunIngressPolicy gets an existing ServicePerimeterDryRunIngressPolicy resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetServicePerimeterDryRunIngressPolicy(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *ServicePerimeterDryRunIngressPolicyState, opts ...pulumi.ResourceOption) (*ServicePerimeterDryRunIngressPolicy, error) { + var resource ServicePerimeterDryRunIngressPolicy + err := ctx.ReadResource("gcp:accesscontextmanager/servicePerimeterDryRunIngressPolicy:ServicePerimeterDryRunIngressPolicy", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering ServicePerimeterDryRunIngressPolicy resources. +type servicePerimeterDryRunIngressPolicyState struct { + // Defines the conditions on the source of a request causing this `IngressPolicy` + // to apply. + // Structure is documented below. + IngressFrom *ServicePerimeterDryRunIngressPolicyIngressFrom `pulumi:"ingressFrom"` + // Defines the conditions on the `ApiOperation` and request destination that cause + // this `IngressPolicy` to apply. + // Structure is documented below. + IngressTo *ServicePerimeterDryRunIngressPolicyIngressTo `pulumi:"ingressTo"` + // The name of the Service Perimeter to add this resource to. + // + // *** + Perimeter *string `pulumi:"perimeter"` +} + +type ServicePerimeterDryRunIngressPolicyState struct { + // Defines the conditions on the source of a request causing this `IngressPolicy` + // to apply. + // Structure is documented below. + IngressFrom ServicePerimeterDryRunIngressPolicyIngressFromPtrInput + // Defines the conditions on the `ApiOperation` and request destination that cause + // this `IngressPolicy` to apply. + // Structure is documented below. + IngressTo ServicePerimeterDryRunIngressPolicyIngressToPtrInput + // The name of the Service Perimeter to add this resource to. + // + // *** + Perimeter pulumi.StringPtrInput +} + +func (ServicePerimeterDryRunIngressPolicyState) ElementType() reflect.Type { + return reflect.TypeOf((*servicePerimeterDryRunIngressPolicyState)(nil)).Elem() +} + +type servicePerimeterDryRunIngressPolicyArgs struct { + // Defines the conditions on the source of a request causing this `IngressPolicy` + // to apply. + // Structure is documented below. + IngressFrom *ServicePerimeterDryRunIngressPolicyIngressFrom `pulumi:"ingressFrom"` + // Defines the conditions on the `ApiOperation` and request destination that cause + // this `IngressPolicy` to apply. + // Structure is documented below. + IngressTo *ServicePerimeterDryRunIngressPolicyIngressTo `pulumi:"ingressTo"` + // The name of the Service Perimeter to add this resource to. + // + // *** + Perimeter string `pulumi:"perimeter"` +} + +// The set of arguments for constructing a ServicePerimeterDryRunIngressPolicy resource. +type ServicePerimeterDryRunIngressPolicyArgs struct { + // Defines the conditions on the source of a request causing this `IngressPolicy` + // to apply. + // Structure is documented below. + IngressFrom ServicePerimeterDryRunIngressPolicyIngressFromPtrInput + // Defines the conditions on the `ApiOperation` and request destination that cause + // this `IngressPolicy` to apply. + // Structure is documented below. + IngressTo ServicePerimeterDryRunIngressPolicyIngressToPtrInput + // The name of the Service Perimeter to add this resource to. + // + // *** + Perimeter pulumi.StringInput +} + +func (ServicePerimeterDryRunIngressPolicyArgs) ElementType() reflect.Type { + return reflect.TypeOf((*servicePerimeterDryRunIngressPolicyArgs)(nil)).Elem() +} + +type ServicePerimeterDryRunIngressPolicyInput interface { + pulumi.Input + + ToServicePerimeterDryRunIngressPolicyOutput() ServicePerimeterDryRunIngressPolicyOutput + ToServicePerimeterDryRunIngressPolicyOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyOutput +} + +func (*ServicePerimeterDryRunIngressPolicy) ElementType() reflect.Type { + return reflect.TypeOf((**ServicePerimeterDryRunIngressPolicy)(nil)).Elem() +} + +func (i *ServicePerimeterDryRunIngressPolicy) ToServicePerimeterDryRunIngressPolicyOutput() ServicePerimeterDryRunIngressPolicyOutput { + return i.ToServicePerimeterDryRunIngressPolicyOutputWithContext(context.Background()) +} + +func (i *ServicePerimeterDryRunIngressPolicy) ToServicePerimeterDryRunIngressPolicyOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunIngressPolicyOutput) +} + +// ServicePerimeterDryRunIngressPolicyArrayInput is an input type that accepts ServicePerimeterDryRunIngressPolicyArray and ServicePerimeterDryRunIngressPolicyArrayOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunIngressPolicyArrayInput` via: +// +// ServicePerimeterDryRunIngressPolicyArray{ ServicePerimeterDryRunIngressPolicyArgs{...} } +type ServicePerimeterDryRunIngressPolicyArrayInput interface { + pulumi.Input + + ToServicePerimeterDryRunIngressPolicyArrayOutput() ServicePerimeterDryRunIngressPolicyArrayOutput + ToServicePerimeterDryRunIngressPolicyArrayOutputWithContext(context.Context) ServicePerimeterDryRunIngressPolicyArrayOutput +} + +type ServicePerimeterDryRunIngressPolicyArray []ServicePerimeterDryRunIngressPolicyInput + +func (ServicePerimeterDryRunIngressPolicyArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*ServicePerimeterDryRunIngressPolicy)(nil)).Elem() +} + +func (i ServicePerimeterDryRunIngressPolicyArray) ToServicePerimeterDryRunIngressPolicyArrayOutput() ServicePerimeterDryRunIngressPolicyArrayOutput { + return i.ToServicePerimeterDryRunIngressPolicyArrayOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunIngressPolicyArray) ToServicePerimeterDryRunIngressPolicyArrayOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunIngressPolicyArrayOutput) +} + +// ServicePerimeterDryRunIngressPolicyMapInput is an input type that accepts ServicePerimeterDryRunIngressPolicyMap and ServicePerimeterDryRunIngressPolicyMapOutput values. +// You can construct a concrete instance of `ServicePerimeterDryRunIngressPolicyMapInput` via: +// +// ServicePerimeterDryRunIngressPolicyMap{ "key": ServicePerimeterDryRunIngressPolicyArgs{...} } +type ServicePerimeterDryRunIngressPolicyMapInput interface { + pulumi.Input + + ToServicePerimeterDryRunIngressPolicyMapOutput() ServicePerimeterDryRunIngressPolicyMapOutput + ToServicePerimeterDryRunIngressPolicyMapOutputWithContext(context.Context) ServicePerimeterDryRunIngressPolicyMapOutput +} + +type ServicePerimeterDryRunIngressPolicyMap map[string]ServicePerimeterDryRunIngressPolicyInput + +func (ServicePerimeterDryRunIngressPolicyMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*ServicePerimeterDryRunIngressPolicy)(nil)).Elem() +} + +func (i ServicePerimeterDryRunIngressPolicyMap) ToServicePerimeterDryRunIngressPolicyMapOutput() ServicePerimeterDryRunIngressPolicyMapOutput { + return i.ToServicePerimeterDryRunIngressPolicyMapOutputWithContext(context.Background()) +} + +func (i ServicePerimeterDryRunIngressPolicyMap) ToServicePerimeterDryRunIngressPolicyMapOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterDryRunIngressPolicyMapOutput) +} + +type ServicePerimeterDryRunIngressPolicyOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunIngressPolicyOutput) ElementType() reflect.Type { + return reflect.TypeOf((**ServicePerimeterDryRunIngressPolicy)(nil)).Elem() +} + +func (o ServicePerimeterDryRunIngressPolicyOutput) ToServicePerimeterDryRunIngressPolicyOutput() ServicePerimeterDryRunIngressPolicyOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyOutput) ToServicePerimeterDryRunIngressPolicyOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyOutput { + return o +} + +// Defines the conditions on the source of a request causing this `IngressPolicy` +// to apply. +// Structure is documented below. +func (o ServicePerimeterDryRunIngressPolicyOutput) IngressFrom() ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunIngressPolicy) ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput { + return v.IngressFrom + }).(ServicePerimeterDryRunIngressPolicyIngressFromPtrOutput) +} + +// Defines the conditions on the `ApiOperation` and request destination that cause +// this `IngressPolicy` to apply. +// Structure is documented below. +func (o ServicePerimeterDryRunIngressPolicyOutput) IngressTo() ServicePerimeterDryRunIngressPolicyIngressToPtrOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunIngressPolicy) ServicePerimeterDryRunIngressPolicyIngressToPtrOutput { + return v.IngressTo + }).(ServicePerimeterDryRunIngressPolicyIngressToPtrOutput) +} + +// The name of the Service Perimeter to add this resource to. +// +// *** +func (o ServicePerimeterDryRunIngressPolicyOutput) Perimeter() pulumi.StringOutput { + return o.ApplyT(func(v *ServicePerimeterDryRunIngressPolicy) pulumi.StringOutput { return v.Perimeter }).(pulumi.StringOutput) +} + +type ServicePerimeterDryRunIngressPolicyArrayOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunIngressPolicyArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*ServicePerimeterDryRunIngressPolicy)(nil)).Elem() +} + +func (o ServicePerimeterDryRunIngressPolicyArrayOutput) ToServicePerimeterDryRunIngressPolicyArrayOutput() ServicePerimeterDryRunIngressPolicyArrayOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyArrayOutput) ToServicePerimeterDryRunIngressPolicyArrayOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyArrayOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyArrayOutput) Index(i pulumi.IntInput) ServicePerimeterDryRunIngressPolicyOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *ServicePerimeterDryRunIngressPolicy { + return vs[0].([]*ServicePerimeterDryRunIngressPolicy)[vs[1].(int)] + }).(ServicePerimeterDryRunIngressPolicyOutput) +} + +type ServicePerimeterDryRunIngressPolicyMapOutput struct{ *pulumi.OutputState } + +func (ServicePerimeterDryRunIngressPolicyMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*ServicePerimeterDryRunIngressPolicy)(nil)).Elem() +} + +func (o ServicePerimeterDryRunIngressPolicyMapOutput) ToServicePerimeterDryRunIngressPolicyMapOutput() ServicePerimeterDryRunIngressPolicyMapOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyMapOutput) ToServicePerimeterDryRunIngressPolicyMapOutputWithContext(ctx context.Context) ServicePerimeterDryRunIngressPolicyMapOutput { + return o +} + +func (o ServicePerimeterDryRunIngressPolicyMapOutput) MapIndex(k pulumi.StringInput) ServicePerimeterDryRunIngressPolicyOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *ServicePerimeterDryRunIngressPolicy { + return vs[0].(map[string]*ServicePerimeterDryRunIngressPolicy)[vs[1].(string)] + }).(ServicePerimeterDryRunIngressPolicyOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyInput)(nil)).Elem(), &ServicePerimeterDryRunIngressPolicy{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyArrayInput)(nil)).Elem(), ServicePerimeterDryRunIngressPolicyArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterDryRunIngressPolicyMapInput)(nil)).Elem(), ServicePerimeterDryRunIngressPolicyMap{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunIngressPolicyOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunIngressPolicyArrayOutput{}) + pulumi.RegisterOutputType(ServicePerimeterDryRunIngressPolicyMapOutput{}) +} diff --git a/sdk/go/gcp/accesscontextmanager/servicePerimeterEgressPolicy.go b/sdk/go/gcp/accesscontextmanager/servicePerimeterEgressPolicy.go index 15eab60e84..fa7c94612c 100644 --- a/sdk/go/gcp/accesscontextmanager/servicePerimeterEgressPolicy.go +++ b/sdk/go/gcp/accesscontextmanager/servicePerimeterEgressPolicy.go @@ -12,6 +12,7 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// Manage a single EgressPolicy in the status (enforced) configuration for a service perimeter. // EgressPolicies match requests based on egressFrom and egressTo stanzas. // For an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched. // If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter @@ -29,18 +30,6 @@ import ( // * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#egresspolicy) // // ## Example Usage -// -// ## Import -// -// ServicePerimeterEgressPolicy can be imported using any of these accepted formats: -// -// * `{{perimeter}}` -// -// When using the `pulumi import` command, ServicePerimeterEgressPolicy can be imported using one of the formats above. For example: -// -// ```sh -// $ pulumi import gcp:accesscontextmanager/servicePerimeterEgressPolicy:ServicePerimeterEgressPolicy default {{perimeter}} -// ``` type ServicePerimeterEgressPolicy struct { pulumi.CustomResourceState diff --git a/sdk/go/gcp/accesscontextmanager/servicePerimeterIngressPolicy.go b/sdk/go/gcp/accesscontextmanager/servicePerimeterIngressPolicy.go index 38e313fbab..e862678166 100644 --- a/sdk/go/gcp/accesscontextmanager/servicePerimeterIngressPolicy.go +++ b/sdk/go/gcp/accesscontextmanager/servicePerimeterIngressPolicy.go @@ -12,6 +12,7 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// Manage a single IngressPolicy in the status (enforced) configuration for a service perimeter. // IngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match, // both the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request, // the request is allowed through the perimeter boundary from outside the perimeter. @@ -30,18 +31,6 @@ import ( // * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#ingresspolicy) // // ## Example Usage -// -// ## Import -// -// ServicePerimeterIngressPolicy can be imported using any of these accepted formats: -// -// * `{{perimeter}}` -// -// When using the `pulumi import` command, ServicePerimeterIngressPolicy can be imported using one of the formats above. For example: -// -// ```sh -// $ pulumi import gcp:accesscontextmanager/servicePerimeterIngressPolicy:ServicePerimeterIngressPolicy default {{perimeter}} -// ``` type ServicePerimeterIngressPolicy struct { pulumi.CustomResourceState diff --git a/sdk/go/gcp/applicationintegration/client.go b/sdk/go/gcp/applicationintegration/client.go index 94559e29dd..c226eece00 100644 --- a/sdk/go/gcp/applicationintegration/client.go +++ b/sdk/go/gcp/applicationintegration/client.go @@ -91,7 +91,7 @@ import ( // return err // } // serviceAccount, err := serviceaccount.NewAccount(ctx, "service_account", &serviceaccount.AccountArgs{ -// AccountId: pulumi.String("service-account-id"), +// AccountId: pulumi.String("my-service-acc"), // DisplayName: pulumi.String("Service Account"), // }) // if err != nil { diff --git a/sdk/go/gcp/clouddeploy/pulumiTypes.go b/sdk/go/gcp/clouddeploy/pulumiTypes.go index 0a2a30768d..9e9451b89c 100644 --- a/sdk/go/gcp/clouddeploy/pulumiTypes.go +++ b/sdk/go/gcp/clouddeploy/pulumiTypes.go @@ -6244,6 +6244,8 @@ type TargetGke struct { Cluster *string `pulumi:"cluster"` // Optional. If true, `cluster` is accessed using the private IP address of the control plane endpoint. Otherwise, the default IP address of the control plane endpoint is used. The default IP address is the private IP address for clusters with private control-plane endpoints and the public IP address otherwise. Only specify this option when `cluster` is a [private GKE cluster](https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept). InternalIp *bool `pulumi:"internalIp"` + // Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server. + ProxyUrl *string `pulumi:"proxyUrl"` } // TargetGkeInput is an input type that accepts TargetGkeArgs and TargetGkeOutput values. @@ -6262,6 +6264,8 @@ type TargetGkeArgs struct { Cluster pulumi.StringPtrInput `pulumi:"cluster"` // Optional. If true, `cluster` is accessed using the private IP address of the control plane endpoint. Otherwise, the default IP address of the control plane endpoint is used. The default IP address is the private IP address for clusters with private control-plane endpoints and the public IP address otherwise. Only specify this option when `cluster` is a [private GKE cluster](https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept). InternalIp pulumi.BoolPtrInput `pulumi:"internalIp"` + // Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server. + ProxyUrl pulumi.StringPtrInput `pulumi:"proxyUrl"` } func (TargetGkeArgs) ElementType() reflect.Type { @@ -6351,6 +6355,11 @@ func (o TargetGkeOutput) InternalIp() pulumi.BoolPtrOutput { return o.ApplyT(func(v TargetGke) *bool { return v.InternalIp }).(pulumi.BoolPtrOutput) } +// Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server. +func (o TargetGkeOutput) ProxyUrl() pulumi.StringPtrOutput { + return o.ApplyT(func(v TargetGke) *string { return v.ProxyUrl }).(pulumi.StringPtrOutput) +} + type TargetGkePtrOutput struct{ *pulumi.OutputState } func (TargetGkePtrOutput) ElementType() reflect.Type { @@ -6395,6 +6404,16 @@ func (o TargetGkePtrOutput) InternalIp() pulumi.BoolPtrOutput { }).(pulumi.BoolPtrOutput) } +// Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server. +func (o TargetGkePtrOutput) ProxyUrl() pulumi.StringPtrOutput { + return o.ApplyT(func(v *TargetGke) *string { + if v == nil { + return nil + } + return v.ProxyUrl + }).(pulumi.StringPtrOutput) +} + type TargetIamBindingCondition struct { Description *string `pulumi:"description"` Expression string `pulumi:"expression"` diff --git a/sdk/go/gcp/cloudrunv2/pulumiTypes.go b/sdk/go/gcp/cloudrunv2/pulumiTypes.go index d7e199cfa9..d40f9834d9 100644 --- a/sdk/go/gcp/cloudrunv2/pulumiTypes.go +++ b/sdk/go/gcp/cloudrunv2/pulumiTypes.go @@ -16,6 +16,8 @@ var _ = internal.GetEnvOrDefault type JobBinaryAuthorization struct { // If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass BreakglassJustification *string `pulumi:"breakglassJustification"` + // The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + Policy *string `pulumi:"policy"` // If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. UseDefault *bool `pulumi:"useDefault"` } @@ -34,6 +36,8 @@ type JobBinaryAuthorizationInput interface { type JobBinaryAuthorizationArgs struct { // If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass BreakglassJustification pulumi.StringPtrInput `pulumi:"breakglassJustification"` + // The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + Policy pulumi.StringPtrInput `pulumi:"policy"` // If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. UseDefault pulumi.BoolPtrInput `pulumi:"useDefault"` } @@ -120,6 +124,11 @@ func (o JobBinaryAuthorizationOutput) BreakglassJustification() pulumi.StringPtr return o.ApplyT(func(v JobBinaryAuthorization) *string { return v.BreakglassJustification }).(pulumi.StringPtrOutput) } +// The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} +func (o JobBinaryAuthorizationOutput) Policy() pulumi.StringPtrOutput { + return o.ApplyT(func(v JobBinaryAuthorization) *string { return v.Policy }).(pulumi.StringPtrOutput) +} + // If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. func (o JobBinaryAuthorizationOutput) UseDefault() pulumi.BoolPtrOutput { return o.ApplyT(func(v JobBinaryAuthorization) *bool { return v.UseDefault }).(pulumi.BoolPtrOutput) @@ -159,6 +168,16 @@ func (o JobBinaryAuthorizationPtrOutput) BreakglassJustification() pulumi.String }).(pulumi.StringPtrOutput) } +// The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} +func (o JobBinaryAuthorizationPtrOutput) Policy() pulumi.StringPtrOutput { + return o.ApplyT(func(v *JobBinaryAuthorization) *string { + if v == nil { + return nil + } + return v.Policy + }).(pulumi.StringPtrOutput) +} + // If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. func (o JobBinaryAuthorizationPtrOutput) UseDefault() pulumi.BoolPtrOutput { return o.ApplyT(func(v *JobBinaryAuthorization) *bool { @@ -3889,6 +3908,8 @@ func (o JobTerminalConditionArrayOutput) Index(i pulumi.IntInput) JobTerminalCon type ServiceBinaryAuthorization struct { // If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass BreakglassJustification *string `pulumi:"breakglassJustification"` + // The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + Policy *string `pulumi:"policy"` // If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. UseDefault *bool `pulumi:"useDefault"` } @@ -3907,6 +3928,8 @@ type ServiceBinaryAuthorizationInput interface { type ServiceBinaryAuthorizationArgs struct { // If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass BreakglassJustification pulumi.StringPtrInput `pulumi:"breakglassJustification"` + // The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + Policy pulumi.StringPtrInput `pulumi:"policy"` // If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. UseDefault pulumi.BoolPtrInput `pulumi:"useDefault"` } @@ -3993,6 +4016,11 @@ func (o ServiceBinaryAuthorizationOutput) BreakglassJustification() pulumi.Strin return o.ApplyT(func(v ServiceBinaryAuthorization) *string { return v.BreakglassJustification }).(pulumi.StringPtrOutput) } +// The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} +func (o ServiceBinaryAuthorizationOutput) Policy() pulumi.StringPtrOutput { + return o.ApplyT(func(v ServiceBinaryAuthorization) *string { return v.Policy }).(pulumi.StringPtrOutput) +} + // If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. func (o ServiceBinaryAuthorizationOutput) UseDefault() pulumi.BoolPtrOutput { return o.ApplyT(func(v ServiceBinaryAuthorization) *bool { return v.UseDefault }).(pulumi.BoolPtrOutput) @@ -4032,6 +4060,16 @@ func (o ServiceBinaryAuthorizationPtrOutput) BreakglassJustification() pulumi.St }).(pulumi.StringPtrOutput) } +// The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} +func (o ServiceBinaryAuthorizationPtrOutput) Policy() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ServiceBinaryAuthorization) *string { + if v == nil { + return nil + } + return v.Policy + }).(pulumi.StringPtrOutput) +} + // If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. func (o ServiceBinaryAuthorizationPtrOutput) UseDefault() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ServiceBinaryAuthorization) *bool { @@ -9894,6 +9932,8 @@ func (o ServiceTrafficStatusArrayOutput) Index(i pulumi.IntInput) ServiceTraffic type GetJobBinaryAuthorization struct { // If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass BreakglassJustification string `pulumi:"breakglassJustification"` + // The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + Policy string `pulumi:"policy"` // If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. UseDefault bool `pulumi:"useDefault"` } @@ -9912,6 +9952,8 @@ type GetJobBinaryAuthorizationInput interface { type GetJobBinaryAuthorizationArgs struct { // If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass BreakglassJustification pulumi.StringInput `pulumi:"breakglassJustification"` + // The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + Policy pulumi.StringInput `pulumi:"policy"` // If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. UseDefault pulumi.BoolInput `pulumi:"useDefault"` } @@ -9972,6 +10014,11 @@ func (o GetJobBinaryAuthorizationOutput) BreakglassJustification() pulumi.String return o.ApplyT(func(v GetJobBinaryAuthorization) string { return v.BreakglassJustification }).(pulumi.StringOutput) } +// The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} +func (o GetJobBinaryAuthorizationOutput) Policy() pulumi.StringOutput { + return o.ApplyT(func(v GetJobBinaryAuthorization) string { return v.Policy }).(pulumi.StringOutput) +} + // If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. func (o GetJobBinaryAuthorizationOutput) UseDefault() pulumi.BoolOutput { return o.ApplyT(func(v GetJobBinaryAuthorization) bool { return v.UseDefault }).(pulumi.BoolOutput) @@ -12638,6 +12685,8 @@ func (o GetJobTerminalConditionArrayOutput) Index(i pulumi.IntInput) GetJobTermi type GetServiceBinaryAuthorization struct { // If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass BreakglassJustification string `pulumi:"breakglassJustification"` + // The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + Policy string `pulumi:"policy"` // If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. UseDefault bool `pulumi:"useDefault"` } @@ -12656,6 +12705,8 @@ type GetServiceBinaryAuthorizationInput interface { type GetServiceBinaryAuthorizationArgs struct { // If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass BreakglassJustification pulumi.StringInput `pulumi:"breakglassJustification"` + // The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + Policy pulumi.StringInput `pulumi:"policy"` // If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. UseDefault pulumi.BoolInput `pulumi:"useDefault"` } @@ -12716,6 +12767,11 @@ func (o GetServiceBinaryAuthorizationOutput) BreakglassJustification() pulumi.St return o.ApplyT(func(v GetServiceBinaryAuthorization) string { return v.BreakglassJustification }).(pulumi.StringOutput) } +// The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} +func (o GetServiceBinaryAuthorizationOutput) Policy() pulumi.StringOutput { + return o.ApplyT(func(v GetServiceBinaryAuthorization) string { return v.Policy }).(pulumi.StringOutput) +} + // If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. func (o GetServiceBinaryAuthorizationOutput) UseDefault() pulumi.BoolOutput { return o.ApplyT(func(v GetServiceBinaryAuthorization) bool { return v.UseDefault }).(pulumi.BoolOutput) diff --git a/sdk/go/gcp/compute/regionTargetHttpsProxy.go b/sdk/go/gcp/compute/regionTargetHttpsProxy.go index 806943835d..6b32f0b296 100644 --- a/sdk/go/gcp/compute/regionTargetHttpsProxy.go +++ b/sdk/go/gcp/compute/regionTargetHttpsProxy.go @@ -440,6 +440,10 @@ type RegionTargetHttpsProxy struct { // INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED // loadBalancingScheme consult ServerTlsPolicy documentation. // If left blank, communications are not encrypted. + // If you remove this field from your configuration at the same time as + // deleting or recreating a referenced ServerTlsPolicy resource, you will + // receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + // within the ServerTlsPolicy resource to avoid this. ServerTlsPolicy pulumi.StringPtrOutput `pulumi:"serverTlsPolicy"` // URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. // At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. @@ -524,6 +528,10 @@ type regionTargetHttpsProxyState struct { // INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED // loadBalancingScheme consult ServerTlsPolicy documentation. // If left blank, communications are not encrypted. + // If you remove this field from your configuration at the same time as + // deleting or recreating a referenced ServerTlsPolicy resource, you will + // receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + // within the ServerTlsPolicy resource to avoid this. ServerTlsPolicy *string `pulumi:"serverTlsPolicy"` // URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. // At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. @@ -576,6 +584,10 @@ type RegionTargetHttpsProxyState struct { // INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED // loadBalancingScheme consult ServerTlsPolicy documentation. // If left blank, communications are not encrypted. + // If you remove this field from your configuration at the same time as + // deleting or recreating a referenced ServerTlsPolicy resource, you will + // receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + // within the ServerTlsPolicy resource to avoid this. ServerTlsPolicy pulumi.StringPtrInput // URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. // At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. @@ -626,6 +638,10 @@ type regionTargetHttpsProxyArgs struct { // INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED // loadBalancingScheme consult ServerTlsPolicy documentation. // If left blank, communications are not encrypted. + // If you remove this field from your configuration at the same time as + // deleting or recreating a referenced ServerTlsPolicy resource, you will + // receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + // within the ServerTlsPolicy resource to avoid this. ServerTlsPolicy *string `pulumi:"serverTlsPolicy"` // URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. // At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. @@ -673,6 +689,10 @@ type RegionTargetHttpsProxyArgs struct { // INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED // loadBalancingScheme consult ServerTlsPolicy documentation. // If left blank, communications are not encrypted. + // If you remove this field from your configuration at the same time as + // deleting or recreating a referenced ServerTlsPolicy resource, you will + // receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + // within the ServerTlsPolicy resource to avoid this. ServerTlsPolicy pulumi.StringPtrInput // URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. // At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. @@ -835,6 +855,10 @@ func (o RegionTargetHttpsProxyOutput) SelfLink() pulumi.StringOutput { // INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED // loadBalancingScheme consult ServerTlsPolicy documentation. // If left blank, communications are not encrypted. +// If you remove this field from your configuration at the same time as +// deleting or recreating a referenced ServerTlsPolicy resource, you will +// receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy +// within the ServerTlsPolicy resource to avoid this. func (o RegionTargetHttpsProxyOutput) ServerTlsPolicy() pulumi.StringPtrOutput { return o.ApplyT(func(v *RegionTargetHttpsProxy) pulumi.StringPtrOutput { return v.ServerTlsPolicy }).(pulumi.StringPtrOutput) } diff --git a/sdk/go/gcp/container/pulumiTypes.go b/sdk/go/gcp/container/pulumiTypes.go index ff7a74f662..d414b47221 100644 --- a/sdk/go/gcp/container/pulumiTypes.go +++ b/sdk/go/gcp/container/pulumiTypes.go @@ -13509,6 +13509,10 @@ type ClusterClusterAutoscaling struct { // GKE Autopilot clusters. // Structure is documented below. AutoProvisioningDefaults *ClusterClusterAutoscalingAutoProvisioningDefaults `pulumi:"autoProvisioningDefaults"` + // The list of Google Compute Engine + // [zones](https://cloud.google.com/compute/docs/zones#available) in which the + // NodePool's nodes can be created by NAP. + AutoProvisioningLocations []string `pulumi:"autoProvisioningLocations"` // Configuration // options for the [Autoscaling profile](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler#autoscaling_profiles) // feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability @@ -13540,6 +13544,10 @@ type ClusterClusterAutoscalingArgs struct { // GKE Autopilot clusters. // Structure is documented below. AutoProvisioningDefaults ClusterClusterAutoscalingAutoProvisioningDefaultsPtrInput `pulumi:"autoProvisioningDefaults"` + // The list of Google Compute Engine + // [zones](https://cloud.google.com/compute/docs/zones#available) in which the + // NodePool's nodes can be created by NAP. + AutoProvisioningLocations pulumi.StringArrayInput `pulumi:"autoProvisioningLocations"` // Configuration // options for the [Autoscaling profile](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler#autoscaling_profiles) // feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability @@ -13641,6 +13649,13 @@ func (o ClusterClusterAutoscalingOutput) AutoProvisioningDefaults() ClusterClust }).(ClusterClusterAutoscalingAutoProvisioningDefaultsPtrOutput) } +// The list of Google Compute Engine +// [zones](https://cloud.google.com/compute/docs/zones#available) in which the +// NodePool's nodes can be created by NAP. +func (o ClusterClusterAutoscalingOutput) AutoProvisioningLocations() pulumi.StringArrayOutput { + return o.ApplyT(func(v ClusterClusterAutoscaling) []string { return v.AutoProvisioningLocations }).(pulumi.StringArrayOutput) +} + // Configuration // options for the [Autoscaling profile](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler#autoscaling_profiles) // feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability @@ -13699,6 +13714,18 @@ func (o ClusterClusterAutoscalingPtrOutput) AutoProvisioningDefaults() ClusterCl }).(ClusterClusterAutoscalingAutoProvisioningDefaultsPtrOutput) } +// The list of Google Compute Engine +// [zones](https://cloud.google.com/compute/docs/zones#available) in which the +// NodePool's nodes can be created by NAP. +func (o ClusterClusterAutoscalingPtrOutput) AutoProvisioningLocations() pulumi.StringArrayOutput { + return o.ApplyT(func(v *ClusterClusterAutoscaling) []string { + if v == nil { + return nil + } + return v.AutoProvisioningLocations + }).(pulumi.StringArrayOutput) +} + // Configuration // options for the [Autoscaling profile](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler#autoscaling_profiles) // feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability @@ -44661,6 +44688,8 @@ func (o GetClusterBinaryAuthorizationArrayOutput) Index(i pulumi.IntInput) GetCl type GetClusterClusterAutoscaling struct { // Contains defaults for a node pool created by NAP. AutoProvisioningDefaults []GetClusterClusterAutoscalingAutoProvisioningDefault `pulumi:"autoProvisioningDefaults"` + // The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP. + AutoProvisioningLocations []string `pulumi:"autoProvisioningLocations"` // Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED. AutoscalingProfile string `pulumi:"autoscalingProfile"` // Whether node auto-provisioning is enabled. Resource limits for cpu and memory must be defined to enable node auto-provisioning. @@ -44683,6 +44712,8 @@ type GetClusterClusterAutoscalingInput interface { type GetClusterClusterAutoscalingArgs struct { // Contains defaults for a node pool created by NAP. AutoProvisioningDefaults GetClusterClusterAutoscalingAutoProvisioningDefaultArrayInput `pulumi:"autoProvisioningDefaults"` + // The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP. + AutoProvisioningLocations pulumi.StringArrayInput `pulumi:"autoProvisioningLocations"` // Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED. AutoscalingProfile pulumi.StringInput `pulumi:"autoscalingProfile"` // Whether node auto-provisioning is enabled. Resource limits for cpu and memory must be defined to enable node auto-provisioning. @@ -44749,6 +44780,11 @@ func (o GetClusterClusterAutoscalingOutput) AutoProvisioningDefaults() GetCluste }).(GetClusterClusterAutoscalingAutoProvisioningDefaultArrayOutput) } +// The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP. +func (o GetClusterClusterAutoscalingOutput) AutoProvisioningLocations() pulumi.StringArrayOutput { + return o.ApplyT(func(v GetClusterClusterAutoscaling) []string { return v.AutoProvisioningLocations }).(pulumi.StringArrayOutput) +} + // Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED. func (o GetClusterClusterAutoscalingOutput) AutoscalingProfile() pulumi.StringOutput { return o.ApplyT(func(v GetClusterClusterAutoscaling) string { return v.AutoscalingProfile }).(pulumi.StringOutput) diff --git a/sdk/go/gcp/dataform/repository.go b/sdk/go/gcp/dataform/repository.go index 9d7e0b6a70..33ecd066e8 100644 --- a/sdk/go/gcp/dataform/repository.go +++ b/sdk/go/gcp/dataform/repository.go @@ -20,7 +20,10 @@ import ( // // import ( // +// "fmt" +// // "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataform" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms" // "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager" // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" // @@ -44,10 +47,35 @@ import ( // if err != nil { // return err // } +// keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{ +// Name: pulumi.String("example-key-ring"), +// Location: pulumi.String("us-central1"), +// }) +// if err != nil { +// return err +// } +// exampleKey, err := kms.NewCryptoKey(ctx, "example_key", &kms.CryptoKeyArgs{ +// Name: pulumi.String("example-crypto-key-name"), +// KeyRing: keyring.ID(), +// }) +// if err != nil { +// return err +// } +// cryptoKeyBinding, err := kms.NewCryptoKeyIAMBinding(ctx, "crypto_key_binding", &kms.CryptoKeyIAMBindingArgs{ +// CryptoKeyId: exampleKey.ID(), +// Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypterDecrypter"), +// Members: pulumi.StringArray{ +// pulumi.Sprintf("serviceAccount:service-%v@gcp-sa-dataform.iam.gserviceaccount.com", project.Number), +// }, +// }) +// if err != nil { +// return err +// } // _, err = dataform.NewRepository(ctx, "dataform_repository", &dataform.RepositoryArgs{ // Name: pulumi.String("dataform_repository"), // DisplayName: pulumi.String("dataform_repository"), // NpmrcEnvironmentVariablesSecretVersion: secretVersion.ID(), +// KmsKeyName: exampleKey.ID(), // Labels: pulumi.StringMap{ // "label_foo1": pulumi.String("label-bar1"), // }, @@ -61,7 +89,9 @@ import ( // SchemaSuffix: pulumi.String("_suffix"), // TablePrefix: pulumi.String("prefix_"), // }, -// }) +// }, pulumi.DependsOn([]pulumi.Resource{ +// cryptoKeyBinding, +// })) // if err != nil { // return err // } @@ -110,6 +140,9 @@ type Repository struct { // Optional. If set, configures this repository to be linked to a Git remote. // Structure is documented below. GitRemoteSettings RepositoryGitRemoteSettingsPtrOutput `pulumi:"gitRemoteSettings"` + // Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + // It is not possible to add or update the encryption key after the repository is created. Example projects/[kmsProjectId]/locations/[region]/keyRings/[keyRegion]/cryptoKeys/[key] + KmsKeyName pulumi.StringPtrOutput `pulumi:"kmsKeyName"` // Optional. Repository user labels. // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. // @@ -179,6 +212,9 @@ type repositoryState struct { // Optional. If set, configures this repository to be linked to a Git remote. // Structure is documented below. GitRemoteSettings *RepositoryGitRemoteSettings `pulumi:"gitRemoteSettings"` + // Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + // It is not possible to add or update the encryption key after the repository is created. Example projects/[kmsProjectId]/locations/[region]/keyRings/[keyRegion]/cryptoKeys/[key] + KmsKeyName *string `pulumi:"kmsKeyName"` // Optional. Repository user labels. // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. // @@ -214,6 +250,9 @@ type RepositoryState struct { // Optional. If set, configures this repository to be linked to a Git remote. // Structure is documented below. GitRemoteSettings RepositoryGitRemoteSettingsPtrInput + // Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + // It is not possible to add or update the encryption key after the repository is created. Example projects/[kmsProjectId]/locations/[region]/keyRings/[keyRegion]/cryptoKeys/[key] + KmsKeyName pulumi.StringPtrInput // Optional. Repository user labels. // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. // @@ -251,6 +290,9 @@ type repositoryArgs struct { // Optional. If set, configures this repository to be linked to a Git remote. // Structure is documented below. GitRemoteSettings *RepositoryGitRemoteSettings `pulumi:"gitRemoteSettings"` + // Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + // It is not possible to add or update the encryption key after the repository is created. Example projects/[kmsProjectId]/locations/[region]/keyRings/[keyRegion]/cryptoKeys/[key] + KmsKeyName *string `pulumi:"kmsKeyName"` // Optional. Repository user labels. // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. // @@ -282,6 +324,9 @@ type RepositoryArgs struct { // Optional. If set, configures this repository to be linked to a Git remote. // Structure is documented below. GitRemoteSettings RepositoryGitRemoteSettingsPtrInput + // Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + // It is not possible to add or update the encryption key after the repository is created. Example projects/[kmsProjectId]/locations/[region]/keyRings/[keyRegion]/cryptoKeys/[key] + KmsKeyName pulumi.StringPtrInput // Optional. Repository user labels. // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. // @@ -409,6 +454,12 @@ func (o RepositoryOutput) GitRemoteSettings() RepositoryGitRemoteSettingsPtrOutp return o.ApplyT(func(v *Repository) RepositoryGitRemoteSettingsPtrOutput { return v.GitRemoteSettings }).(RepositoryGitRemoteSettingsPtrOutput) } +// Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. +// It is not possible to add or update the encryption key after the repository is created. Example projects/[kmsProjectId]/locations/[region]/keyRings/[keyRegion]/cryptoKeys/[key] +func (o RepositoryOutput) KmsKeyName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Repository) pulumi.StringPtrOutput { return v.KmsKeyName }).(pulumi.StringPtrOutput) +} + // Optional. Repository user labels. // An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. // diff --git a/sdk/go/gcp/discoveryengine/dataStore.go b/sdk/go/gcp/discoveryengine/dataStore.go index 731854c548..d5349e31a5 100644 --- a/sdk/go/gcp/discoveryengine/dataStore.go +++ b/sdk/go/gcp/discoveryengine/dataStore.go @@ -47,7 +47,8 @@ import ( // SolutionTypes: pulumi.StringArray{ // pulumi.String("SOLUTION_TYPE_SEARCH"), // }, -// CreateAdvancedSiteSearch: pulumi.Bool(false), +// CreateAdvancedSiteSearch: pulumi.Bool(false), +// SkipDefaultSchemaCreation: pulumi.Bool(false), // }) // if err != nil { // return err @@ -165,6 +166,14 @@ type DataStore struct { // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` + // A boolean flag indicating whether to skip the default schema creation for + // the data store. Only enable this flag if you are certain that the default + // schema is incompatible with your use case. + // If set to true, you must manually create a schema for the data store + // before any documents can be ingested. + // This flag cannot be specified if `data_store.starting_schema` is + // specified. + SkipDefaultSchemaCreation pulumi.BoolPtrOutput `pulumi:"skipDefaultSchemaCreation"` // The solutions that the data store enrolls. // Each value may be one of: `SOLUTION_TYPE_RECOMMENDATION`, `SOLUTION_TYPE_SEARCH`, `SOLUTION_TYPE_CHAT`. SolutionTypes pulumi.StringArrayOutput `pulumi:"solutionTypes"` @@ -250,6 +259,14 @@ type dataStoreState struct { // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `pulumi:"project"` + // A boolean flag indicating whether to skip the default schema creation for + // the data store. Only enable this flag if you are certain that the default + // schema is incompatible with your use case. + // If set to true, you must manually create a schema for the data store + // before any documents can be ingested. + // This flag cannot be specified if `data_store.starting_schema` is + // specified. + SkipDefaultSchemaCreation *bool `pulumi:"skipDefaultSchemaCreation"` // The solutions that the data store enrolls. // Each value may be one of: `SOLUTION_TYPE_RECOMMENDATION`, `SOLUTION_TYPE_SEARCH`, `SOLUTION_TYPE_CHAT`. SolutionTypes []string `pulumi:"solutionTypes"` @@ -291,6 +308,14 @@ type DataStoreState struct { // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringPtrInput + // A boolean flag indicating whether to skip the default schema creation for + // the data store. Only enable this flag if you are certain that the default + // schema is incompatible with your use case. + // If set to true, you must manually create a schema for the data store + // before any documents can be ingested. + // This flag cannot be specified if `data_store.starting_schema` is + // specified. + SkipDefaultSchemaCreation pulumi.BoolPtrInput // The solutions that the data store enrolls. // Each value may be one of: `SOLUTION_TYPE_RECOMMENDATION`, `SOLUTION_TYPE_SEARCH`, `SOLUTION_TYPE_CHAT`. SolutionTypes pulumi.StringArrayInput @@ -327,6 +352,14 @@ type dataStoreArgs struct { // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `pulumi:"project"` + // A boolean flag indicating whether to skip the default schema creation for + // the data store. Only enable this flag if you are certain that the default + // schema is incompatible with your use case. + // If set to true, you must manually create a schema for the data store + // before any documents can be ingested. + // This flag cannot be specified if `data_store.starting_schema` is + // specified. + SkipDefaultSchemaCreation *bool `pulumi:"skipDefaultSchemaCreation"` // The solutions that the data store enrolls. // Each value may be one of: `SOLUTION_TYPE_RECOMMENDATION`, `SOLUTION_TYPE_SEARCH`, `SOLUTION_TYPE_CHAT`. SolutionTypes []string `pulumi:"solutionTypes"` @@ -360,6 +393,14 @@ type DataStoreArgs struct { // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringPtrInput + // A boolean flag indicating whether to skip the default schema creation for + // the data store. Only enable this flag if you are certain that the default + // schema is incompatible with your use case. + // If set to true, you must manually create a schema for the data store + // before any documents can be ingested. + // This flag cannot be specified if `data_store.starting_schema` is + // specified. + SkipDefaultSchemaCreation pulumi.BoolPtrInput // The solutions that the data store enrolls. // Each value may be one of: `SOLUTION_TYPE_RECOMMENDATION`, `SOLUTION_TYPE_SEARCH`, `SOLUTION_TYPE_CHAT`. SolutionTypes pulumi.StringArrayInput @@ -520,6 +561,17 @@ func (o DataStoreOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *DataStore) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } +// A boolean flag indicating whether to skip the default schema creation for +// the data store. Only enable this flag if you are certain that the default +// schema is incompatible with your use case. +// If set to true, you must manually create a schema for the data store +// before any documents can be ingested. +// This flag cannot be specified if `data_store.starting_schema` is +// specified. +func (o DataStoreOutput) SkipDefaultSchemaCreation() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *DataStore) pulumi.BoolPtrOutput { return v.SkipDefaultSchemaCreation }).(pulumi.BoolPtrOutput) +} + // The solutions that the data store enrolls. // Each value may be one of: `SOLUTION_TYPE_RECOMMENDATION`, `SOLUTION_TYPE_SEARCH`, `SOLUTION_TYPE_CHAT`. func (o DataStoreOutput) SolutionTypes() pulumi.StringArrayOutput { diff --git a/sdk/go/gcp/gkehub/pulumiTypes.go b/sdk/go/gcp/gkehub/pulumiTypes.go index f4aabba0bf..53bc45233c 100644 --- a/sdk/go/gcp/gkehub/pulumiTypes.go +++ b/sdk/go/gcp/gkehub/pulumiTypes.go @@ -208,6 +208,9 @@ type FeatureFleetDefaultMemberConfigConfigmanagement struct { // ConfigSync configuration for the cluster // Structure is documented below. ConfigSync *FeatureFleetDefaultMemberConfigConfigmanagementConfigSync `pulumi:"configSync"` + // Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + // Possible values are: `MANAGEMENT_UNSPECIFIED`, `MANAGEMENT_AUTOMATIC`, `MANAGEMENT_MANUAL`. + Management *string `pulumi:"management"` // Version of ACM installed Version *string `pulumi:"version"` } @@ -227,6 +230,9 @@ type FeatureFleetDefaultMemberConfigConfigmanagementArgs struct { // ConfigSync configuration for the cluster // Structure is documented below. ConfigSync FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncPtrInput `pulumi:"configSync"` + // Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + // Possible values are: `MANAGEMENT_UNSPECIFIED`, `MANAGEMENT_AUTOMATIC`, `MANAGEMENT_MANUAL`. + Management pulumi.StringPtrInput `pulumi:"management"` // Version of ACM installed Version pulumi.StringPtrInput `pulumi:"version"` } @@ -316,6 +322,12 @@ func (o FeatureFleetDefaultMemberConfigConfigmanagementOutput) ConfigSync() Feat }).(FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncPtrOutput) } +// Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. +// Possible values are: `MANAGEMENT_UNSPECIFIED`, `MANAGEMENT_AUTOMATIC`, `MANAGEMENT_MANUAL`. +func (o FeatureFleetDefaultMemberConfigConfigmanagementOutput) Management() pulumi.StringPtrOutput { + return o.ApplyT(func(v FeatureFleetDefaultMemberConfigConfigmanagement) *string { return v.Management }).(pulumi.StringPtrOutput) +} + // Version of ACM installed func (o FeatureFleetDefaultMemberConfigConfigmanagementOutput) Version() pulumi.StringPtrOutput { return o.ApplyT(func(v FeatureFleetDefaultMemberConfigConfigmanagement) *string { return v.Version }).(pulumi.StringPtrOutput) @@ -356,6 +368,17 @@ func (o FeatureFleetDefaultMemberConfigConfigmanagementPtrOutput) ConfigSync() F }).(FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncPtrOutput) } +// Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. +// Possible values are: `MANAGEMENT_UNSPECIFIED`, `MANAGEMENT_AUTOMATIC`, `MANAGEMENT_MANUAL`. +func (o FeatureFleetDefaultMemberConfigConfigmanagementPtrOutput) Management() pulumi.StringPtrOutput { + return o.ApplyT(func(v *FeatureFleetDefaultMemberConfigConfigmanagement) *string { + if v == nil { + return nil + } + return v.Management + }).(pulumi.StringPtrOutput) +} + // Version of ACM installed func (o FeatureFleetDefaultMemberConfigConfigmanagementPtrOutput) Version() pulumi.StringPtrOutput { return o.ApplyT(func(v *FeatureFleetDefaultMemberConfigConfigmanagement) *string { @@ -3433,6 +3456,8 @@ type FeatureMembershipConfigmanagement struct { ConfigSync *FeatureMembershipConfigmanagementConfigSync `pulumi:"configSync"` // Hierarchy Controller configuration for the cluster. Structure is documented below. HierarchyController *FeatureMembershipConfigmanagementHierarchyController `pulumi:"hierarchyController"` + // Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + Management *string `pulumi:"management"` // Policy Controller configuration for the cluster. Structure is documented below. PolicyController *FeatureMembershipConfigmanagementPolicyController `pulumi:"policyController"` // Version of ACM installed. @@ -3457,6 +3482,8 @@ type FeatureMembershipConfigmanagementArgs struct { ConfigSync FeatureMembershipConfigmanagementConfigSyncPtrInput `pulumi:"configSync"` // Hierarchy Controller configuration for the cluster. Structure is documented below. HierarchyController FeatureMembershipConfigmanagementHierarchyControllerPtrInput `pulumi:"hierarchyController"` + // Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + Management pulumi.StringPtrInput `pulumi:"management"` // Policy Controller configuration for the cluster. Structure is documented below. PolicyController FeatureMembershipConfigmanagementPolicyControllerPtrInput `pulumi:"policyController"` // Version of ACM installed. @@ -3561,6 +3588,11 @@ func (o FeatureMembershipConfigmanagementOutput) HierarchyController() FeatureMe }).(FeatureMembershipConfigmanagementHierarchyControllerPtrOutput) } +// Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. +func (o FeatureMembershipConfigmanagementOutput) Management() pulumi.StringPtrOutput { + return o.ApplyT(func(v FeatureMembershipConfigmanagement) *string { return v.Management }).(pulumi.StringPtrOutput) +} + // Policy Controller configuration for the cluster. Structure is documented below. func (o FeatureMembershipConfigmanagementOutput) PolicyController() FeatureMembershipConfigmanagementPolicyControllerPtrOutput { return o.ApplyT(func(v FeatureMembershipConfigmanagement) *FeatureMembershipConfigmanagementPolicyController { @@ -3627,6 +3659,16 @@ func (o FeatureMembershipConfigmanagementPtrOutput) HierarchyController() Featur }).(FeatureMembershipConfigmanagementHierarchyControllerPtrOutput) } +// Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. +func (o FeatureMembershipConfigmanagementPtrOutput) Management() pulumi.StringPtrOutput { + return o.ApplyT(func(v *FeatureMembershipConfigmanagement) *string { + if v == nil { + return nil + } + return v.Management + }).(pulumi.StringPtrOutput) +} + // Policy Controller configuration for the cluster. Structure is documented below. func (o FeatureMembershipConfigmanagementPtrOutput) PolicyController() FeatureMembershipConfigmanagementPolicyControllerPtrOutput { return o.ApplyT(func(v *FeatureMembershipConfigmanagement) *FeatureMembershipConfigmanagementPolicyController { @@ -3785,6 +3827,8 @@ func (o FeatureMembershipConfigmanagementBinauthzPtrOutput) Enabled() pulumi.Boo } type FeatureMembershipConfigmanagementConfigSync struct { + // Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. + Enabled *bool `pulumi:"enabled"` // (Optional) Structure is documented below. Git *FeatureMembershipConfigmanagementConfigSyncGit `pulumi:"git"` // The Email of the Google Cloud Service Account (GSA) used for exporting Config Sync metrics to Cloud Monitoring. The GSA should have the Monitoring Metric Writer(roles/monitoring.metricWriter) IAM role. The Kubernetes ServiceAccount `default` in the namespace `config-management-monitoring` should be bound to the GSA. @@ -3811,6 +3855,8 @@ type FeatureMembershipConfigmanagementConfigSyncInput interface { } type FeatureMembershipConfigmanagementConfigSyncArgs struct { + // Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` // (Optional) Structure is documented below. Git FeatureMembershipConfigmanagementConfigSyncGitPtrInput `pulumi:"git"` // The Email of the Google Cloud Service Account (GSA) used for exporting Config Sync metrics to Cloud Monitoring. The GSA should have the Monitoring Metric Writer(roles/monitoring.metricWriter) IAM role. The Kubernetes ServiceAccount `default` in the namespace `config-management-monitoring` should be bound to the GSA. @@ -3902,6 +3948,11 @@ func (o FeatureMembershipConfigmanagementConfigSyncOutput) ToFeatureMembershipCo }).(FeatureMembershipConfigmanagementConfigSyncPtrOutput) } +// Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. +func (o FeatureMembershipConfigmanagementConfigSyncOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v FeatureMembershipConfigmanagementConfigSync) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + // (Optional) Structure is documented below. func (o FeatureMembershipConfigmanagementConfigSyncOutput) Git() FeatureMembershipConfigmanagementConfigSyncGitPtrOutput { return o.ApplyT(func(v FeatureMembershipConfigmanagementConfigSync) *FeatureMembershipConfigmanagementConfigSyncGit { @@ -3957,6 +4008,16 @@ func (o FeatureMembershipConfigmanagementConfigSyncPtrOutput) Elem() FeatureMemb }).(FeatureMembershipConfigmanagementConfigSyncOutput) } +// Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. +func (o FeatureMembershipConfigmanagementConfigSyncPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *FeatureMembershipConfigmanagementConfigSync) *bool { + if v == nil { + return nil + } + return v.Enabled + }).(pulumi.BoolPtrOutput) +} + // (Optional) Structure is documented below. func (o FeatureMembershipConfigmanagementConfigSyncPtrOutput) Git() FeatureMembershipConfigmanagementConfigSyncGitPtrOutput { return o.ApplyT(func(v *FeatureMembershipConfigmanagementConfigSync) *FeatureMembershipConfigmanagementConfigSyncGit { diff --git a/sdk/go/gcp/logging/getLogViewIamPolicy.go b/sdk/go/gcp/logging/getLogViewIamPolicy.go index 1fd8564a0b..080cea1c30 100644 --- a/sdk/go/gcp/logging/getLogViewIamPolicy.go +++ b/sdk/go/gcp/logging/getLogViewIamPolicy.go @@ -11,6 +11,36 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// Retrieves the current IAM policy data for logview +// +// ## example +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.LookupLogViewIamPolicy(ctx, &logging.LookupLogViewIamPolicyArgs{ +// Parent: loggingLogView.Parent, +// Location: pulumi.StringRef(loggingLogView.Location), +// Bucket: loggingLogView.Bucket, +// Name: loggingLogView.Name, +// }, nil) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` func LookupLogViewIamPolicy(ctx *pulumi.Context, args *LookupLogViewIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupLogViewIamPolicyResult, error) { opts = internal.PkgInvokeDefaultOpts(opts) var rv LookupLogViewIamPolicyResult diff --git a/sdk/go/gcp/logging/logViewIamBinding.go b/sdk/go/gcp/logging/logViewIamBinding.go index 6c9973c78d..f6baffef4d 100644 --- a/sdk/go/gcp/logging/logViewIamBinding.go +++ b/sdk/go/gcp/logging/logViewIamBinding.go @@ -12,6 +12,502 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: +// +// * `logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. +// * `logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. +// * `logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. +// +// # A data source can be used to retrieve policy data in advent you do not need creation +// +// * `logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview +// +// > **Note:** `logging.LogViewIamPolicy` **cannot** be used in conjunction with `logging.LogViewIamBinding` and `logging.LogViewIamMember` or they will fight over what your policy should be. +// +// > **Note:** `logging.LogViewIamBinding` resources **can be** used in conjunction with `logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. +// +// > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. +// +// ## logging.LogViewIamPolicy +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/logging.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = logging.NewLogViewIamPolicy(ctx, "policy", &logging.LogViewIamPolicyArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// With IAM Conditions: +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/logging.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = logging.NewLogViewIamPolicy(ctx, "policy", &logging.LogViewIamPolicyArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// ## logging.LogViewIamBinding +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamBinding(ctx, "binding", &logging.LogViewIamBindingArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// With IAM Conditions: +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamBinding(ctx, "binding", &logging.LogViewIamBindingArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &logging.LogViewIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// ## logging.LogViewIamMember +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamMember(ctx, "member", &logging.LogViewIamMemberArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// With IAM Conditions: +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamMember(ctx, "member", &logging.LogViewIamMemberArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &logging.LogViewIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the +// +// full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. +// --- +// +// # IAM policy for Cloud (Stackdriver) Logging LogView +// Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: +// +// * `logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. +// * `logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. +// * `logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. +// +// # A data source can be used to retrieve policy data in advent you do not need creation +// +// * `logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview +// +// > **Note:** `logging.LogViewIamPolicy` **cannot** be used in conjunction with `logging.LogViewIamBinding` and `logging.LogViewIamMember` or they will fight over what your policy should be. +// +// > **Note:** `logging.LogViewIamBinding` resources **can be** used in conjunction with `logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. +// +// > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. +// +// ## logging.LogViewIamPolicy +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/logging.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = logging.NewLogViewIamPolicy(ctx, "policy", &logging.LogViewIamPolicyArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// With IAM Conditions: +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/logging.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = logging.NewLogViewIamPolicy(ctx, "policy", &logging.LogViewIamPolicyArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// ## logging.LogViewIamBinding +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamBinding(ctx, "binding", &logging.LogViewIamBindingArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// With IAM Conditions: +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamBinding(ctx, "binding", &logging.LogViewIamBindingArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &logging.LogViewIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// ## logging.LogViewIamMember +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamMember(ctx, "member", &logging.LogViewIamMemberArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// With IAM Conditions: +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamMember(ctx, "member", &logging.LogViewIamMemberArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &logging.LogViewIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: diff --git a/sdk/go/gcp/logging/logViewIamMember.go b/sdk/go/gcp/logging/logViewIamMember.go index be2d22cd80..7cc24e8d0d 100644 --- a/sdk/go/gcp/logging/logViewIamMember.go +++ b/sdk/go/gcp/logging/logViewIamMember.go @@ -12,6 +12,502 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: +// +// * `logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. +// * `logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. +// * `logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. +// +// # A data source can be used to retrieve policy data in advent you do not need creation +// +// * `logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview +// +// > **Note:** `logging.LogViewIamPolicy` **cannot** be used in conjunction with `logging.LogViewIamBinding` and `logging.LogViewIamMember` or they will fight over what your policy should be. +// +// > **Note:** `logging.LogViewIamBinding` resources **can be** used in conjunction with `logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. +// +// > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. +// +// ## logging.LogViewIamPolicy +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/logging.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = logging.NewLogViewIamPolicy(ctx, "policy", &logging.LogViewIamPolicyArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// With IAM Conditions: +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/logging.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = logging.NewLogViewIamPolicy(ctx, "policy", &logging.LogViewIamPolicyArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// ## logging.LogViewIamBinding +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamBinding(ctx, "binding", &logging.LogViewIamBindingArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// With IAM Conditions: +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamBinding(ctx, "binding", &logging.LogViewIamBindingArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &logging.LogViewIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// ## logging.LogViewIamMember +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamMember(ctx, "member", &logging.LogViewIamMemberArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// With IAM Conditions: +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamMember(ctx, "member", &logging.LogViewIamMemberArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &logging.LogViewIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the +// +// full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. +// --- +// +// # IAM policy for Cloud (Stackdriver) Logging LogView +// Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: +// +// * `logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. +// * `logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. +// * `logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. +// +// # A data source can be used to retrieve policy data in advent you do not need creation +// +// * `logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview +// +// > **Note:** `logging.LogViewIamPolicy` **cannot** be used in conjunction with `logging.LogViewIamBinding` and `logging.LogViewIamMember` or they will fight over what your policy should be. +// +// > **Note:** `logging.LogViewIamBinding` resources **can be** used in conjunction with `logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. +// +// > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. +// +// ## logging.LogViewIamPolicy +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/logging.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = logging.NewLogViewIamPolicy(ctx, "policy", &logging.LogViewIamPolicyArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// With IAM Conditions: +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/logging.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = logging.NewLogViewIamPolicy(ctx, "policy", &logging.LogViewIamPolicyArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// ## logging.LogViewIamBinding +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamBinding(ctx, "binding", &logging.LogViewIamBindingArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// With IAM Conditions: +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamBinding(ctx, "binding", &logging.LogViewIamBindingArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &logging.LogViewIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// ## logging.LogViewIamMember +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamMember(ctx, "member", &logging.LogViewIamMemberArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// With IAM Conditions: +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamMember(ctx, "member", &logging.LogViewIamMemberArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &logging.LogViewIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: diff --git a/sdk/go/gcp/logging/logViewIamPolicy.go b/sdk/go/gcp/logging/logViewIamPolicy.go index ada367443b..84ae4c9daa 100644 --- a/sdk/go/gcp/logging/logViewIamPolicy.go +++ b/sdk/go/gcp/logging/logViewIamPolicy.go @@ -12,6 +12,502 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) +// Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: +// +// * `logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. +// * `logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. +// * `logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. +// +// # A data source can be used to retrieve policy data in advent you do not need creation +// +// * `logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview +// +// > **Note:** `logging.LogViewIamPolicy` **cannot** be used in conjunction with `logging.LogViewIamBinding` and `logging.LogViewIamMember` or they will fight over what your policy should be. +// +// > **Note:** `logging.LogViewIamBinding` resources **can be** used in conjunction with `logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. +// +// > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. +// +// ## logging.LogViewIamPolicy +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/logging.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = logging.NewLogViewIamPolicy(ctx, "policy", &logging.LogViewIamPolicyArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// With IAM Conditions: +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/logging.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = logging.NewLogViewIamPolicy(ctx, "policy", &logging.LogViewIamPolicyArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// ## logging.LogViewIamBinding +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamBinding(ctx, "binding", &logging.LogViewIamBindingArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// With IAM Conditions: +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamBinding(ctx, "binding", &logging.LogViewIamBindingArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &logging.LogViewIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// ## logging.LogViewIamMember +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamMember(ctx, "member", &logging.LogViewIamMemberArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// With IAM Conditions: +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamMember(ctx, "member", &logging.LogViewIamMemberArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &logging.LogViewIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the +// +// full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. +// --- +// +// # IAM policy for Cloud (Stackdriver) Logging LogView +// Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: +// +// * `logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. +// * `logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. +// * `logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. +// +// # A data source can be used to retrieve policy data in advent you do not need creation +// +// * `logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview +// +// > **Note:** `logging.LogViewIamPolicy` **cannot** be used in conjunction with `logging.LogViewIamBinding` and `logging.LogViewIamMember` or they will fight over what your policy should be. +// +// > **Note:** `logging.LogViewIamBinding` resources **can be** used in conjunction with `logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. +// +// > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. +// +// ## logging.LogViewIamPolicy +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/logging.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = logging.NewLogViewIamPolicy(ctx, "policy", &logging.LogViewIamPolicyArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// With IAM Conditions: +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/logging.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = logging.NewLogViewIamPolicy(ctx, "policy", &logging.LogViewIamPolicyArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// ## logging.LogViewIamBinding +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamBinding(ctx, "binding", &logging.LogViewIamBindingArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// With IAM Conditions: +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamBinding(ctx, "binding", &logging.LogViewIamBindingArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &logging.LogViewIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// ## logging.LogViewIamMember +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamMember(ctx, "member", &logging.LogViewIamMemberArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// With IAM Conditions: +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := logging.NewLogViewIamMember(ctx, "member", &logging.LogViewIamMemberArgs{ +// Parent: pulumi.Any(loggingLogView.Parent), +// Location: pulumi.Any(loggingLogView.Location), +// Bucket: pulumi.Any(loggingLogView.Bucket), +// Name: pulumi.Any(loggingLogView.Name), +// Role: pulumi.String("roles/logging.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &logging.LogViewIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: diff --git a/sdk/go/gcp/netapp/pulumiTypes.go b/sdk/go/gcp/netapp/pulumiTypes.go index 6d32fd1eb8..40b173ab94 100644 --- a/sdk/go/gcp/netapp/pulumiTypes.go +++ b/sdk/go/gcp/netapp/pulumiTypes.go @@ -878,10 +878,10 @@ type VolumeReplicationTransferStat struct { // A message describing the cause of the last transfer failure. LastTransferError *string `pulumi:"lastTransferError"` // (Output) - // Total time taken so far during current transfer. + // Cumulative time taken across all transfers for the replication relationship. TotalTransferDuration *string `pulumi:"totalTransferDuration"` // (Output) - // Number of bytes transferred so far in current transfer. + // Cumulative bytes transferred so far for the replication relationship. TransferBytes *string `pulumi:"transferBytes"` // (Output) // Time when progress was updated last. A timestamp in RFC3339 UTC "Zulu" format. Examples: "2023-06-22T09:13:01.617Z". @@ -918,10 +918,10 @@ type VolumeReplicationTransferStatArgs struct { // A message describing the cause of the last transfer failure. LastTransferError pulumi.StringPtrInput `pulumi:"lastTransferError"` // (Output) - // Total time taken so far during current transfer. + // Cumulative time taken across all transfers for the replication relationship. TotalTransferDuration pulumi.StringPtrInput `pulumi:"totalTransferDuration"` // (Output) - // Number of bytes transferred so far in current transfer. + // Cumulative bytes transferred so far for the replication relationship. TransferBytes pulumi.StringPtrInput `pulumi:"transferBytes"` // (Output) // Time when progress was updated last. A timestamp in RFC3339 UTC "Zulu" format. Examples: "2023-06-22T09:13:01.617Z". @@ -1012,13 +1012,13 @@ func (o VolumeReplicationTransferStatOutput) LastTransferError() pulumi.StringPt } // (Output) -// Total time taken so far during current transfer. +// Cumulative time taken across all transfers for the replication relationship. func (o VolumeReplicationTransferStatOutput) TotalTransferDuration() pulumi.StringPtrOutput { return o.ApplyT(func(v VolumeReplicationTransferStat) *string { return v.TotalTransferDuration }).(pulumi.StringPtrOutput) } // (Output) -// Number of bytes transferred so far in current transfer. +// Cumulative bytes transferred so far for the replication relationship. func (o VolumeReplicationTransferStatOutput) TransferBytes() pulumi.StringPtrOutput { return o.ApplyT(func(v VolumeReplicationTransferStat) *string { return v.TransferBytes }).(pulumi.StringPtrOutput) } diff --git a/sdk/go/gcp/networkconnectivity/regionalEndpoint.go b/sdk/go/gcp/networkconnectivity/regionalEndpoint.go index 6560ff73c7..8660a4fcc5 100644 --- a/sdk/go/gcp/networkconnectivity/regionalEndpoint.go +++ b/sdk/go/gcp/networkconnectivity/regionalEndpoint.go @@ -56,12 +56,12 @@ import ( // _, err = networkconnectivity.NewRegionalEndpoint(ctx, "default", &networkconnectivity.RegionalEndpointArgs{ // Name: pulumi.String("my-rep"), // Location: pulumi.String("us-central1"), -// TargetGoogleApi: pulumi.String("boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com"), +// TargetGoogleApi: pulumi.String("storage.us-central1.p.rep.googleapis.com"), // AccessType: pulumi.String("REGIONAL"), // Address: pulumi.String("192.168.0.5"), // Network: myNetwork.ID(), // Subnetwork: mySubnetwork.ID(), -// Description: pulumi.String("My RegionalEndpoint targeting Google API boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com"), +// Description: pulumi.String("My RegionalEndpoint targeting Google API storage.us-central1.p.rep.googleapis.com"), // Labels: pulumi.StringMap{ // "env": pulumi.String("default"), // }, @@ -108,7 +108,7 @@ import ( // _, err = networkconnectivity.NewRegionalEndpoint(ctx, "default", &networkconnectivity.RegionalEndpointArgs{ // Name: pulumi.String("my-rep"), // Location: pulumi.String("us-central1"), -// TargetGoogleApi: pulumi.String("boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com"), +// TargetGoogleApi: pulumi.String("storage.us-central1.p.rep.googleapis.com"), // AccessType: pulumi.String("GLOBAL"), // Address: pulumi.String("192.168.0.4"), // Network: myNetwork.ID(), diff --git a/sdk/go/gcp/organizations/getProject.go b/sdk/go/gcp/organizations/getProject.go index a1a0763663..3af531de1c 100644 --- a/sdk/go/gcp/organizations/getProject.go +++ b/sdk/go/gcp/organizations/getProject.go @@ -59,6 +59,7 @@ type LookupProjectArgs struct { type LookupProjectResult struct { AutoCreateNetwork bool `pulumi:"autoCreateNetwork"` BillingAccount string `pulumi:"billingAccount"` + DeletionPolicy string `pulumi:"deletionPolicy"` EffectiveLabels map[string]string `pulumi:"effectiveLabels"` FolderId string `pulumi:"folderId"` // The provider-assigned unique ID for this managed resource. @@ -119,6 +120,10 @@ func (o LookupProjectResultOutput) BillingAccount() pulumi.StringOutput { return o.ApplyT(func(v LookupProjectResult) string { return v.BillingAccount }).(pulumi.StringOutput) } +func (o LookupProjectResultOutput) DeletionPolicy() pulumi.StringOutput { + return o.ApplyT(func(v LookupProjectResult) string { return v.DeletionPolicy }).(pulumi.StringOutput) +} + func (o LookupProjectResultOutput) EffectiveLabels() pulumi.StringMapOutput { return o.ApplyT(func(v LookupProjectResult) map[string]string { return v.EffectiveLabels }).(pulumi.StringMapOutput) } diff --git a/sdk/go/gcp/organizations/project.go b/sdk/go/gcp/organizations/project.go index 48bd5725f1..8f371e746b 100644 --- a/sdk/go/gcp/organizations/project.go +++ b/sdk/go/gcp/organizations/project.go @@ -116,6 +116,7 @@ type Project struct { // See [Google Cloud Billing API Access Control](https://cloud.google.com/billing/docs/how-to/billing-access) // for more details. BillingAccount pulumi.StringPtrOutput `pulumi:"billingAccount"` + DeletionPolicy pulumi.StringPtrOutput `pulumi:"deletionPolicy"` // All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. EffectiveLabels pulumi.StringMapOutput `pulumi:"effectiveLabels"` // The numeric ID of the folder this project should be @@ -143,10 +144,13 @@ type Project struct { ProjectId pulumi.StringOutput `pulumi:"projectId"` // The combination of labels configured directly on the resource and default labels configured on the provider. PulumiLabels pulumi.StringMapOutput `pulumi:"pulumiLabels"` - // If true, the resource can be deleted - // without deleting the Project via the Google API. `skipDelete` is deprecated and will be removed in a future major release. The new release adds support for `deletionPolicy` instead. + // If true, the resource can be deleted without + // deleting the Project via the Google API. `skipDelete` is deprecated and will be + // removed in 6.0.0. Please use deletionPolicy instead. A `skipDelete` value of `false` + // can be changed to a `deletionPolicy` value of `DELETE` and a `skipDelete` value of `true` + // to a `deletionPolicy` value of `ABANDON` for equivalent behavior. // - // Deprecated: skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletionPolicy instead. + // Deprecated: skip_delete is deprecated and will be removed in 6.0.0. Please use deletionPolicy instead. A skipDelete value of false can be changed to a deletionPolicy value of DELETE and a skipDelete value of true to a deletionPolicy value of ABANDON for equivalent behavior. SkipDelete pulumi.BoolOutput `pulumi:"skipDelete"` } @@ -195,6 +199,7 @@ type projectState struct { // See [Google Cloud Billing API Access Control](https://cloud.google.com/billing/docs/how-to/billing-access) // for more details. BillingAccount *string `pulumi:"billingAccount"` + DeletionPolicy *string `pulumi:"deletionPolicy"` // All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. EffectiveLabels map[string]string `pulumi:"effectiveLabels"` // The numeric ID of the folder this project should be @@ -222,10 +227,13 @@ type projectState struct { ProjectId *string `pulumi:"projectId"` // The combination of labels configured directly on the resource and default labels configured on the provider. PulumiLabels map[string]string `pulumi:"pulumiLabels"` - // If true, the resource can be deleted - // without deleting the Project via the Google API. `skipDelete` is deprecated and will be removed in a future major release. The new release adds support for `deletionPolicy` instead. + // If true, the resource can be deleted without + // deleting the Project via the Google API. `skipDelete` is deprecated and will be + // removed in 6.0.0. Please use deletionPolicy instead. A `skipDelete` value of `false` + // can be changed to a `deletionPolicy` value of `DELETE` and a `skipDelete` value of `true` + // to a `deletionPolicy` value of `ABANDON` for equivalent behavior. // - // Deprecated: skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletionPolicy instead. + // Deprecated: skip_delete is deprecated and will be removed in 6.0.0. Please use deletionPolicy instead. A skipDelete value of false can be changed to a deletionPolicy value of DELETE and a skipDelete value of true to a deletionPolicy value of ABANDON for equivalent behavior. SkipDelete *bool `pulumi:"skipDelete"` } @@ -240,6 +248,7 @@ type ProjectState struct { // See [Google Cloud Billing API Access Control](https://cloud.google.com/billing/docs/how-to/billing-access) // for more details. BillingAccount pulumi.StringPtrInput + DeletionPolicy pulumi.StringPtrInput // All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. EffectiveLabels pulumi.StringMapInput // The numeric ID of the folder this project should be @@ -267,10 +276,13 @@ type ProjectState struct { ProjectId pulumi.StringPtrInput // The combination of labels configured directly on the resource and default labels configured on the provider. PulumiLabels pulumi.StringMapInput - // If true, the resource can be deleted - // without deleting the Project via the Google API. `skipDelete` is deprecated and will be removed in a future major release. The new release adds support for `deletionPolicy` instead. + // If true, the resource can be deleted without + // deleting the Project via the Google API. `skipDelete` is deprecated and will be + // removed in 6.0.0. Please use deletionPolicy instead. A `skipDelete` value of `false` + // can be changed to a `deletionPolicy` value of `DELETE` and a `skipDelete` value of `true` + // to a `deletionPolicy` value of `ABANDON` for equivalent behavior. // - // Deprecated: skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletionPolicy instead. + // Deprecated: skip_delete is deprecated and will be removed in 6.0.0. Please use deletionPolicy instead. A skipDelete value of false can be changed to a deletionPolicy value of DELETE and a skipDelete value of true to a deletionPolicy value of ABANDON for equivalent behavior. SkipDelete pulumi.BoolPtrInput } @@ -289,6 +301,7 @@ type projectArgs struct { // See [Google Cloud Billing API Access Control](https://cloud.google.com/billing/docs/how-to/billing-access) // for more details. BillingAccount *string `pulumi:"billingAccount"` + DeletionPolicy *string `pulumi:"deletionPolicy"` // The numeric ID of the folder this project should be // created under. Only one of `orgId` or `folderId` may be // specified. If the `folderId` is specified, then the project is @@ -310,10 +323,13 @@ type projectArgs struct { OrgId *string `pulumi:"orgId"` // The project ID. Changing this forces a new project to be created. ProjectId *string `pulumi:"projectId"` - // If true, the resource can be deleted - // without deleting the Project via the Google API. `skipDelete` is deprecated and will be removed in a future major release. The new release adds support for `deletionPolicy` instead. + // If true, the resource can be deleted without + // deleting the Project via the Google API. `skipDelete` is deprecated and will be + // removed in 6.0.0. Please use deletionPolicy instead. A `skipDelete` value of `false` + // can be changed to a `deletionPolicy` value of `DELETE` and a `skipDelete` value of `true` + // to a `deletionPolicy` value of `ABANDON` for equivalent behavior. // - // Deprecated: skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletionPolicy instead. + // Deprecated: skip_delete is deprecated and will be removed in 6.0.0. Please use deletionPolicy instead. A skipDelete value of false can be changed to a deletionPolicy value of DELETE and a skipDelete value of true to a deletionPolicy value of ABANDON for equivalent behavior. SkipDelete *bool `pulumi:"skipDelete"` } @@ -329,6 +345,7 @@ type ProjectArgs struct { // See [Google Cloud Billing API Access Control](https://cloud.google.com/billing/docs/how-to/billing-access) // for more details. BillingAccount pulumi.StringPtrInput + DeletionPolicy pulumi.StringPtrInput // The numeric ID of the folder this project should be // created under. Only one of `orgId` or `folderId` may be // specified. If the `folderId` is specified, then the project is @@ -350,10 +367,13 @@ type ProjectArgs struct { OrgId pulumi.StringPtrInput // The project ID. Changing this forces a new project to be created. ProjectId pulumi.StringPtrInput - // If true, the resource can be deleted - // without deleting the Project via the Google API. `skipDelete` is deprecated and will be removed in a future major release. The new release adds support for `deletionPolicy` instead. + // If true, the resource can be deleted without + // deleting the Project via the Google API. `skipDelete` is deprecated and will be + // removed in 6.0.0. Please use deletionPolicy instead. A `skipDelete` value of `false` + // can be changed to a `deletionPolicy` value of `DELETE` and a `skipDelete` value of `true` + // to a `deletionPolicy` value of `ABANDON` for equivalent behavior. // - // Deprecated: skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletionPolicy instead. + // Deprecated: skip_delete is deprecated and will be removed in 6.0.0. Please use deletionPolicy instead. A skipDelete value of false can be changed to a deletionPolicy value of DELETE and a skipDelete value of true to a deletionPolicy value of ABANDON for equivalent behavior. SkipDelete pulumi.BoolPtrInput } @@ -460,6 +480,10 @@ func (o ProjectOutput) BillingAccount() pulumi.StringPtrOutput { return o.ApplyT(func(v *Project) pulumi.StringPtrOutput { return v.BillingAccount }).(pulumi.StringPtrOutput) } +func (o ProjectOutput) DeletionPolicy() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Project) pulumi.StringPtrOutput { return v.DeletionPolicy }).(pulumi.StringPtrOutput) +} + // All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. func (o ProjectOutput) EffectiveLabels() pulumi.StringMapOutput { return o.ApplyT(func(v *Project) pulumi.StringMapOutput { return v.EffectiveLabels }).(pulumi.StringMapOutput) @@ -511,10 +535,13 @@ func (o ProjectOutput) PulumiLabels() pulumi.StringMapOutput { return o.ApplyT(func(v *Project) pulumi.StringMapOutput { return v.PulumiLabels }).(pulumi.StringMapOutput) } -// If true, the resource can be deleted -// without deleting the Project via the Google API. `skipDelete` is deprecated and will be removed in a future major release. The new release adds support for `deletionPolicy` instead. +// If true, the resource can be deleted without +// deleting the Project via the Google API. `skipDelete` is deprecated and will be +// removed in 6.0.0. Please use deletionPolicy instead. A `skipDelete` value of `false` +// can be changed to a `deletionPolicy` value of `DELETE` and a `skipDelete` value of `true` +// to a `deletionPolicy` value of `ABANDON` for equivalent behavior. // -// Deprecated: skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletionPolicy instead. +// Deprecated: skip_delete is deprecated and will be removed in 6.0.0. Please use deletionPolicy instead. A skipDelete value of false can be changed to a deletionPolicy value of DELETE and a skipDelete value of true to a deletionPolicy value of ABANDON for equivalent behavior. func (o ProjectOutput) SkipDelete() pulumi.BoolOutput { return o.ApplyT(func(v *Project) pulumi.BoolOutput { return v.SkipDelete }).(pulumi.BoolOutput) } diff --git a/sdk/go/gcp/securitycenter/getV2OrganizationSourceIamPolicy.go b/sdk/go/gcp/securitycenter/getV2OrganizationSourceIamPolicy.go new file mode 100644 index 0000000000..964a3da9ce --- /dev/null +++ b/sdk/go/gcp/securitycenter/getV2OrganizationSourceIamPolicy.go @@ -0,0 +1,136 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package securitycenter + +import ( + "context" + "reflect" + + "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Retrieves the current IAM policy data for organizationsource +// +// ## example +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := securitycenter.LookupV2OrganizationSourceIamPolicy(ctx, &securitycenter.LookupV2OrganizationSourceIamPolicyArgs{ +// Source: customSource.Name, +// }, nil) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +func LookupV2OrganizationSourceIamPolicy(ctx *pulumi.Context, args *LookupV2OrganizationSourceIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupV2OrganizationSourceIamPolicyResult, error) { + opts = internal.PkgInvokeDefaultOpts(opts) + var rv LookupV2OrganizationSourceIamPolicyResult + err := ctx.Invoke("gcp:securitycenter/getV2OrganizationSourceIamPolicy:getV2OrganizationSourceIamPolicy", args, &rv, opts...) + if err != nil { + return nil, err + } + return &rv, nil +} + +// A collection of arguments for invoking getV2OrganizationSourceIamPolicy. +type LookupV2OrganizationSourceIamPolicyArgs struct { + Organization string `pulumi:"organization"` + // Used to find the parent resource to bind the IAM policy to + Source string `pulumi:"source"` +} + +// A collection of values returned by getV2OrganizationSourceIamPolicy. +type LookupV2OrganizationSourceIamPolicyResult struct { + // (Computed) The etag of the IAM policy. + Etag string `pulumi:"etag"` + // The provider-assigned unique ID for this managed resource. + Id string `pulumi:"id"` + Organization string `pulumi:"organization"` + // (Required only by `securitycenter.V2OrganizationSourceIamPolicy`) The policy data generated by + // a `organizations.getIAMPolicy` data source. + PolicyData string `pulumi:"policyData"` + Source string `pulumi:"source"` +} + +func LookupV2OrganizationSourceIamPolicyOutput(ctx *pulumi.Context, args LookupV2OrganizationSourceIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupV2OrganizationSourceIamPolicyResultOutput { + return pulumi.ToOutputWithContext(context.Background(), args). + ApplyT(func(v interface{}) (LookupV2OrganizationSourceIamPolicyResult, error) { + args := v.(LookupV2OrganizationSourceIamPolicyArgs) + r, err := LookupV2OrganizationSourceIamPolicy(ctx, &args, opts...) + var s LookupV2OrganizationSourceIamPolicyResult + if r != nil { + s = *r + } + return s, err + }).(LookupV2OrganizationSourceIamPolicyResultOutput) +} + +// A collection of arguments for invoking getV2OrganizationSourceIamPolicy. +type LookupV2OrganizationSourceIamPolicyOutputArgs struct { + Organization pulumi.StringInput `pulumi:"organization"` + // Used to find the parent resource to bind the IAM policy to + Source pulumi.StringInput `pulumi:"source"` +} + +func (LookupV2OrganizationSourceIamPolicyOutputArgs) ElementType() reflect.Type { + return reflect.TypeOf((*LookupV2OrganizationSourceIamPolicyArgs)(nil)).Elem() +} + +// A collection of values returned by getV2OrganizationSourceIamPolicy. +type LookupV2OrganizationSourceIamPolicyResultOutput struct{ *pulumi.OutputState } + +func (LookupV2OrganizationSourceIamPolicyResultOutput) ElementType() reflect.Type { + return reflect.TypeOf((*LookupV2OrganizationSourceIamPolicyResult)(nil)).Elem() +} + +func (o LookupV2OrganizationSourceIamPolicyResultOutput) ToLookupV2OrganizationSourceIamPolicyResultOutput() LookupV2OrganizationSourceIamPolicyResultOutput { + return o +} + +func (o LookupV2OrganizationSourceIamPolicyResultOutput) ToLookupV2OrganizationSourceIamPolicyResultOutputWithContext(ctx context.Context) LookupV2OrganizationSourceIamPolicyResultOutput { + return o +} + +// (Computed) The etag of the IAM policy. +func (o LookupV2OrganizationSourceIamPolicyResultOutput) Etag() pulumi.StringOutput { + return o.ApplyT(func(v LookupV2OrganizationSourceIamPolicyResult) string { return v.Etag }).(pulumi.StringOutput) +} + +// The provider-assigned unique ID for this managed resource. +func (o LookupV2OrganizationSourceIamPolicyResultOutput) Id() pulumi.StringOutput { + return o.ApplyT(func(v LookupV2OrganizationSourceIamPolicyResult) string { return v.Id }).(pulumi.StringOutput) +} + +func (o LookupV2OrganizationSourceIamPolicyResultOutput) Organization() pulumi.StringOutput { + return o.ApplyT(func(v LookupV2OrganizationSourceIamPolicyResult) string { return v.Organization }).(pulumi.StringOutput) +} + +// (Required only by `securitycenter.V2OrganizationSourceIamPolicy`) The policy data generated by +// a `organizations.getIAMPolicy` data source. +func (o LookupV2OrganizationSourceIamPolicyResultOutput) PolicyData() pulumi.StringOutput { + return o.ApplyT(func(v LookupV2OrganizationSourceIamPolicyResult) string { return v.PolicyData }).(pulumi.StringOutput) +} + +func (o LookupV2OrganizationSourceIamPolicyResultOutput) Source() pulumi.StringOutput { + return o.ApplyT(func(v LookupV2OrganizationSourceIamPolicyResult) string { return v.Source }).(pulumi.StringOutput) +} + +func init() { + pulumi.RegisterOutputType(LookupV2OrganizationSourceIamPolicyResultOutput{}) +} diff --git a/sdk/go/gcp/securitycenter/init.go b/sdk/go/gcp/securitycenter/init.go index b1b36d03ff..e443f3809a 100644 --- a/sdk/go/gcp/securitycenter/init.go +++ b/sdk/go/gcp/securitycenter/init.go @@ -57,10 +57,24 @@ func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi r = &SourceIamMember{} case "gcp:securitycenter/sourceIamPolicy:SourceIamPolicy": r = &SourceIamPolicy{} + case "gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig": + r = &V2FolderMuteConfig{} case "gcp:securitycenter/v2OrganizationMuteConfig:V2OrganizationMuteConfig": r = &V2OrganizationMuteConfig{} case "gcp:securitycenter/v2OrganizationNotificationConfig:V2OrganizationNotificationConfig": r = &V2OrganizationNotificationConfig{} + case "gcp:securitycenter/v2OrganizationSource:V2OrganizationSource": + r = &V2OrganizationSource{} + case "gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding": + r = &V2OrganizationSourceIamBinding{} + case "gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember": + r = &V2OrganizationSourceIamMember{} + case "gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy": + r = &V2OrganizationSourceIamPolicy{} + case "gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig": + r = &V2ProjectMuteConfig{} + case "gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig": + r = &V2ProjectNotificationConfig{} default: return nil, fmt.Errorf("unknown resource type: %s", typ) } @@ -164,6 +178,11 @@ func init() { "securitycenter/sourceIamPolicy", &module{version}, ) + pulumi.RegisterResourceModule( + "gcp", + "securitycenter/v2FolderMuteConfig", + &module{version}, + ) pulumi.RegisterResourceModule( "gcp", "securitycenter/v2OrganizationMuteConfig", @@ -174,4 +193,34 @@ func init() { "securitycenter/v2OrganizationNotificationConfig", &module{version}, ) + pulumi.RegisterResourceModule( + "gcp", + "securitycenter/v2OrganizationSource", + &module{version}, + ) + pulumi.RegisterResourceModule( + "gcp", + "securitycenter/v2OrganizationSourceIamBinding", + &module{version}, + ) + pulumi.RegisterResourceModule( + "gcp", + "securitycenter/v2OrganizationSourceIamMember", + &module{version}, + ) + pulumi.RegisterResourceModule( + "gcp", + "securitycenter/v2OrganizationSourceIamPolicy", + &module{version}, + ) + pulumi.RegisterResourceModule( + "gcp", + "securitycenter/v2ProjectMuteConfig", + &module{version}, + ) + pulumi.RegisterResourceModule( + "gcp", + "securitycenter/v2ProjectNotificationConfig", + &module{version}, + ) } diff --git a/sdk/go/gcp/securitycenter/pulumiTypes.go b/sdk/go/gcp/securitycenter/pulumiTypes.go index c37c4c15f6..d3a783498a 100644 --- a/sdk/go/gcp/securitycenter/pulumiTypes.go +++ b/sdk/go/gcp/securitycenter/pulumiTypes.go @@ -7938,6 +7938,549 @@ func (o V2OrganizationNotificationConfigStreamingConfigPtrOutput) Filter() pulum }).(pulumi.StringPtrOutput) } +type V2OrganizationSourceIamBindingCondition struct { + Description *string `pulumi:"description"` + Expression string `pulumi:"expression"` + Title string `pulumi:"title"` +} + +// V2OrganizationSourceIamBindingConditionInput is an input type that accepts V2OrganizationSourceIamBindingConditionArgs and V2OrganizationSourceIamBindingConditionOutput values. +// You can construct a concrete instance of `V2OrganizationSourceIamBindingConditionInput` via: +// +// V2OrganizationSourceIamBindingConditionArgs{...} +type V2OrganizationSourceIamBindingConditionInput interface { + pulumi.Input + + ToV2OrganizationSourceIamBindingConditionOutput() V2OrganizationSourceIamBindingConditionOutput + ToV2OrganizationSourceIamBindingConditionOutputWithContext(context.Context) V2OrganizationSourceIamBindingConditionOutput +} + +type V2OrganizationSourceIamBindingConditionArgs struct { + Description pulumi.StringPtrInput `pulumi:"description"` + Expression pulumi.StringInput `pulumi:"expression"` + Title pulumi.StringInput `pulumi:"title"` +} + +func (V2OrganizationSourceIamBindingConditionArgs) ElementType() reflect.Type { + return reflect.TypeOf((*V2OrganizationSourceIamBindingCondition)(nil)).Elem() +} + +func (i V2OrganizationSourceIamBindingConditionArgs) ToV2OrganizationSourceIamBindingConditionOutput() V2OrganizationSourceIamBindingConditionOutput { + return i.ToV2OrganizationSourceIamBindingConditionOutputWithContext(context.Background()) +} + +func (i V2OrganizationSourceIamBindingConditionArgs) ToV2OrganizationSourceIamBindingConditionOutputWithContext(ctx context.Context) V2OrganizationSourceIamBindingConditionOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2OrganizationSourceIamBindingConditionOutput) +} + +func (i V2OrganizationSourceIamBindingConditionArgs) ToV2OrganizationSourceIamBindingConditionPtrOutput() V2OrganizationSourceIamBindingConditionPtrOutput { + return i.ToV2OrganizationSourceIamBindingConditionPtrOutputWithContext(context.Background()) +} + +func (i V2OrganizationSourceIamBindingConditionArgs) ToV2OrganizationSourceIamBindingConditionPtrOutputWithContext(ctx context.Context) V2OrganizationSourceIamBindingConditionPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2OrganizationSourceIamBindingConditionOutput).ToV2OrganizationSourceIamBindingConditionPtrOutputWithContext(ctx) +} + +// V2OrganizationSourceIamBindingConditionPtrInput is an input type that accepts V2OrganizationSourceIamBindingConditionArgs, V2OrganizationSourceIamBindingConditionPtr and V2OrganizationSourceIamBindingConditionPtrOutput values. +// You can construct a concrete instance of `V2OrganizationSourceIamBindingConditionPtrInput` via: +// +// V2OrganizationSourceIamBindingConditionArgs{...} +// +// or: +// +// nil +type V2OrganizationSourceIamBindingConditionPtrInput interface { + pulumi.Input + + ToV2OrganizationSourceIamBindingConditionPtrOutput() V2OrganizationSourceIamBindingConditionPtrOutput + ToV2OrganizationSourceIamBindingConditionPtrOutputWithContext(context.Context) V2OrganizationSourceIamBindingConditionPtrOutput +} + +type v2organizationSourceIamBindingConditionPtrType V2OrganizationSourceIamBindingConditionArgs + +func V2OrganizationSourceIamBindingConditionPtr(v *V2OrganizationSourceIamBindingConditionArgs) V2OrganizationSourceIamBindingConditionPtrInput { + return (*v2organizationSourceIamBindingConditionPtrType)(v) +} + +func (*v2organizationSourceIamBindingConditionPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**V2OrganizationSourceIamBindingCondition)(nil)).Elem() +} + +func (i *v2organizationSourceIamBindingConditionPtrType) ToV2OrganizationSourceIamBindingConditionPtrOutput() V2OrganizationSourceIamBindingConditionPtrOutput { + return i.ToV2OrganizationSourceIamBindingConditionPtrOutputWithContext(context.Background()) +} + +func (i *v2organizationSourceIamBindingConditionPtrType) ToV2OrganizationSourceIamBindingConditionPtrOutputWithContext(ctx context.Context) V2OrganizationSourceIamBindingConditionPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2OrganizationSourceIamBindingConditionPtrOutput) +} + +type V2OrganizationSourceIamBindingConditionOutput struct{ *pulumi.OutputState } + +func (V2OrganizationSourceIamBindingConditionOutput) ElementType() reflect.Type { + return reflect.TypeOf((*V2OrganizationSourceIamBindingCondition)(nil)).Elem() +} + +func (o V2OrganizationSourceIamBindingConditionOutput) ToV2OrganizationSourceIamBindingConditionOutput() V2OrganizationSourceIamBindingConditionOutput { + return o +} + +func (o V2OrganizationSourceIamBindingConditionOutput) ToV2OrganizationSourceIamBindingConditionOutputWithContext(ctx context.Context) V2OrganizationSourceIamBindingConditionOutput { + return o +} + +func (o V2OrganizationSourceIamBindingConditionOutput) ToV2OrganizationSourceIamBindingConditionPtrOutput() V2OrganizationSourceIamBindingConditionPtrOutput { + return o.ToV2OrganizationSourceIamBindingConditionPtrOutputWithContext(context.Background()) +} + +func (o V2OrganizationSourceIamBindingConditionOutput) ToV2OrganizationSourceIamBindingConditionPtrOutputWithContext(ctx context.Context) V2OrganizationSourceIamBindingConditionPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v V2OrganizationSourceIamBindingCondition) *V2OrganizationSourceIamBindingCondition { + return &v + }).(V2OrganizationSourceIamBindingConditionPtrOutput) +} + +func (o V2OrganizationSourceIamBindingConditionOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v V2OrganizationSourceIamBindingCondition) *string { return v.Description }).(pulumi.StringPtrOutput) +} + +func (o V2OrganizationSourceIamBindingConditionOutput) Expression() pulumi.StringOutput { + return o.ApplyT(func(v V2OrganizationSourceIamBindingCondition) string { return v.Expression }).(pulumi.StringOutput) +} + +func (o V2OrganizationSourceIamBindingConditionOutput) Title() pulumi.StringOutput { + return o.ApplyT(func(v V2OrganizationSourceIamBindingCondition) string { return v.Title }).(pulumi.StringOutput) +} + +type V2OrganizationSourceIamBindingConditionPtrOutput struct{ *pulumi.OutputState } + +func (V2OrganizationSourceIamBindingConditionPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**V2OrganizationSourceIamBindingCondition)(nil)).Elem() +} + +func (o V2OrganizationSourceIamBindingConditionPtrOutput) ToV2OrganizationSourceIamBindingConditionPtrOutput() V2OrganizationSourceIamBindingConditionPtrOutput { + return o +} + +func (o V2OrganizationSourceIamBindingConditionPtrOutput) ToV2OrganizationSourceIamBindingConditionPtrOutputWithContext(ctx context.Context) V2OrganizationSourceIamBindingConditionPtrOutput { + return o +} + +func (o V2OrganizationSourceIamBindingConditionPtrOutput) Elem() V2OrganizationSourceIamBindingConditionOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamBindingCondition) V2OrganizationSourceIamBindingCondition { + if v != nil { + return *v + } + var ret V2OrganizationSourceIamBindingCondition + return ret + }).(V2OrganizationSourceIamBindingConditionOutput) +} + +func (o V2OrganizationSourceIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamBindingCondition) *string { + if v == nil { + return nil + } + return v.Description + }).(pulumi.StringPtrOutput) +} + +func (o V2OrganizationSourceIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamBindingCondition) *string { + if v == nil { + return nil + } + return &v.Expression + }).(pulumi.StringPtrOutput) +} + +func (o V2OrganizationSourceIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamBindingCondition) *string { + if v == nil { + return nil + } + return &v.Title + }).(pulumi.StringPtrOutput) +} + +type V2OrganizationSourceIamMemberCondition struct { + Description *string `pulumi:"description"` + Expression string `pulumi:"expression"` + Title string `pulumi:"title"` +} + +// V2OrganizationSourceIamMemberConditionInput is an input type that accepts V2OrganizationSourceIamMemberConditionArgs and V2OrganizationSourceIamMemberConditionOutput values. +// You can construct a concrete instance of `V2OrganizationSourceIamMemberConditionInput` via: +// +// V2OrganizationSourceIamMemberConditionArgs{...} +type V2OrganizationSourceIamMemberConditionInput interface { + pulumi.Input + + ToV2OrganizationSourceIamMemberConditionOutput() V2OrganizationSourceIamMemberConditionOutput + ToV2OrganizationSourceIamMemberConditionOutputWithContext(context.Context) V2OrganizationSourceIamMemberConditionOutput +} + +type V2OrganizationSourceIamMemberConditionArgs struct { + Description pulumi.StringPtrInput `pulumi:"description"` + Expression pulumi.StringInput `pulumi:"expression"` + Title pulumi.StringInput `pulumi:"title"` +} + +func (V2OrganizationSourceIamMemberConditionArgs) ElementType() reflect.Type { + return reflect.TypeOf((*V2OrganizationSourceIamMemberCondition)(nil)).Elem() +} + +func (i V2OrganizationSourceIamMemberConditionArgs) ToV2OrganizationSourceIamMemberConditionOutput() V2OrganizationSourceIamMemberConditionOutput { + return i.ToV2OrganizationSourceIamMemberConditionOutputWithContext(context.Background()) +} + +func (i V2OrganizationSourceIamMemberConditionArgs) ToV2OrganizationSourceIamMemberConditionOutputWithContext(ctx context.Context) V2OrganizationSourceIamMemberConditionOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2OrganizationSourceIamMemberConditionOutput) +} + +func (i V2OrganizationSourceIamMemberConditionArgs) ToV2OrganizationSourceIamMemberConditionPtrOutput() V2OrganizationSourceIamMemberConditionPtrOutput { + return i.ToV2OrganizationSourceIamMemberConditionPtrOutputWithContext(context.Background()) +} + +func (i V2OrganizationSourceIamMemberConditionArgs) ToV2OrganizationSourceIamMemberConditionPtrOutputWithContext(ctx context.Context) V2OrganizationSourceIamMemberConditionPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2OrganizationSourceIamMemberConditionOutput).ToV2OrganizationSourceIamMemberConditionPtrOutputWithContext(ctx) +} + +// V2OrganizationSourceIamMemberConditionPtrInput is an input type that accepts V2OrganizationSourceIamMemberConditionArgs, V2OrganizationSourceIamMemberConditionPtr and V2OrganizationSourceIamMemberConditionPtrOutput values. +// You can construct a concrete instance of `V2OrganizationSourceIamMemberConditionPtrInput` via: +// +// V2OrganizationSourceIamMemberConditionArgs{...} +// +// or: +// +// nil +type V2OrganizationSourceIamMemberConditionPtrInput interface { + pulumi.Input + + ToV2OrganizationSourceIamMemberConditionPtrOutput() V2OrganizationSourceIamMemberConditionPtrOutput + ToV2OrganizationSourceIamMemberConditionPtrOutputWithContext(context.Context) V2OrganizationSourceIamMemberConditionPtrOutput +} + +type v2organizationSourceIamMemberConditionPtrType V2OrganizationSourceIamMemberConditionArgs + +func V2OrganizationSourceIamMemberConditionPtr(v *V2OrganizationSourceIamMemberConditionArgs) V2OrganizationSourceIamMemberConditionPtrInput { + return (*v2organizationSourceIamMemberConditionPtrType)(v) +} + +func (*v2organizationSourceIamMemberConditionPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**V2OrganizationSourceIamMemberCondition)(nil)).Elem() +} + +func (i *v2organizationSourceIamMemberConditionPtrType) ToV2OrganizationSourceIamMemberConditionPtrOutput() V2OrganizationSourceIamMemberConditionPtrOutput { + return i.ToV2OrganizationSourceIamMemberConditionPtrOutputWithContext(context.Background()) +} + +func (i *v2organizationSourceIamMemberConditionPtrType) ToV2OrganizationSourceIamMemberConditionPtrOutputWithContext(ctx context.Context) V2OrganizationSourceIamMemberConditionPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2OrganizationSourceIamMemberConditionPtrOutput) +} + +type V2OrganizationSourceIamMemberConditionOutput struct{ *pulumi.OutputState } + +func (V2OrganizationSourceIamMemberConditionOutput) ElementType() reflect.Type { + return reflect.TypeOf((*V2OrganizationSourceIamMemberCondition)(nil)).Elem() +} + +func (o V2OrganizationSourceIamMemberConditionOutput) ToV2OrganizationSourceIamMemberConditionOutput() V2OrganizationSourceIamMemberConditionOutput { + return o +} + +func (o V2OrganizationSourceIamMemberConditionOutput) ToV2OrganizationSourceIamMemberConditionOutputWithContext(ctx context.Context) V2OrganizationSourceIamMemberConditionOutput { + return o +} + +func (o V2OrganizationSourceIamMemberConditionOutput) ToV2OrganizationSourceIamMemberConditionPtrOutput() V2OrganizationSourceIamMemberConditionPtrOutput { + return o.ToV2OrganizationSourceIamMemberConditionPtrOutputWithContext(context.Background()) +} + +func (o V2OrganizationSourceIamMemberConditionOutput) ToV2OrganizationSourceIamMemberConditionPtrOutputWithContext(ctx context.Context) V2OrganizationSourceIamMemberConditionPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v V2OrganizationSourceIamMemberCondition) *V2OrganizationSourceIamMemberCondition { + return &v + }).(V2OrganizationSourceIamMemberConditionPtrOutput) +} + +func (o V2OrganizationSourceIamMemberConditionOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v V2OrganizationSourceIamMemberCondition) *string { return v.Description }).(pulumi.StringPtrOutput) +} + +func (o V2OrganizationSourceIamMemberConditionOutput) Expression() pulumi.StringOutput { + return o.ApplyT(func(v V2OrganizationSourceIamMemberCondition) string { return v.Expression }).(pulumi.StringOutput) +} + +func (o V2OrganizationSourceIamMemberConditionOutput) Title() pulumi.StringOutput { + return o.ApplyT(func(v V2OrganizationSourceIamMemberCondition) string { return v.Title }).(pulumi.StringOutput) +} + +type V2OrganizationSourceIamMemberConditionPtrOutput struct{ *pulumi.OutputState } + +func (V2OrganizationSourceIamMemberConditionPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**V2OrganizationSourceIamMemberCondition)(nil)).Elem() +} + +func (o V2OrganizationSourceIamMemberConditionPtrOutput) ToV2OrganizationSourceIamMemberConditionPtrOutput() V2OrganizationSourceIamMemberConditionPtrOutput { + return o +} + +func (o V2OrganizationSourceIamMemberConditionPtrOutput) ToV2OrganizationSourceIamMemberConditionPtrOutputWithContext(ctx context.Context) V2OrganizationSourceIamMemberConditionPtrOutput { + return o +} + +func (o V2OrganizationSourceIamMemberConditionPtrOutput) Elem() V2OrganizationSourceIamMemberConditionOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamMemberCondition) V2OrganizationSourceIamMemberCondition { + if v != nil { + return *v + } + var ret V2OrganizationSourceIamMemberCondition + return ret + }).(V2OrganizationSourceIamMemberConditionOutput) +} + +func (o V2OrganizationSourceIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamMemberCondition) *string { + if v == nil { + return nil + } + return v.Description + }).(pulumi.StringPtrOutput) +} + +func (o V2OrganizationSourceIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamMemberCondition) *string { + if v == nil { + return nil + } + return &v.Expression + }).(pulumi.StringPtrOutput) +} + +func (o V2OrganizationSourceIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamMemberCondition) *string { + if v == nil { + return nil + } + return &v.Title + }).(pulumi.StringPtrOutput) +} + +type V2ProjectNotificationConfigStreamingConfig struct { + // Expression that defines the filter to apply across create/update + // events of assets or findings as specified by the event type. The + // expression is a list of zero or more restrictions combined via + // logical operators AND and OR. Parentheses are supported, and OR + // has higher precedence than AND. + // Restrictions have the form and may have + // a - character in front of them to indicate negation. The fields + // map to those defined in the corresponding resource. + // The supported operators are: + // * = for all value types. + // * > , <, >=, <= for integer values. + // * :, meaning substring matching, for strings. + // The supported value types are: + // * string literals in quotes. + // * integer literals without quotes. + // * boolean literals true and false without quotes. + // See + // [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + // for information on how to write a filter. + // + // *** + Filter string `pulumi:"filter"` +} + +// V2ProjectNotificationConfigStreamingConfigInput is an input type that accepts V2ProjectNotificationConfigStreamingConfigArgs and V2ProjectNotificationConfigStreamingConfigOutput values. +// You can construct a concrete instance of `V2ProjectNotificationConfigStreamingConfigInput` via: +// +// V2ProjectNotificationConfigStreamingConfigArgs{...} +type V2ProjectNotificationConfigStreamingConfigInput interface { + pulumi.Input + + ToV2ProjectNotificationConfigStreamingConfigOutput() V2ProjectNotificationConfigStreamingConfigOutput + ToV2ProjectNotificationConfigStreamingConfigOutputWithContext(context.Context) V2ProjectNotificationConfigStreamingConfigOutput +} + +type V2ProjectNotificationConfigStreamingConfigArgs struct { + // Expression that defines the filter to apply across create/update + // events of assets or findings as specified by the event type. The + // expression is a list of zero or more restrictions combined via + // logical operators AND and OR. Parentheses are supported, and OR + // has higher precedence than AND. + // Restrictions have the form and may have + // a - character in front of them to indicate negation. The fields + // map to those defined in the corresponding resource. + // The supported operators are: + // * = for all value types. + // * > , <, >=, <= for integer values. + // * :, meaning substring matching, for strings. + // The supported value types are: + // * string literals in quotes. + // * integer literals without quotes. + // * boolean literals true and false without quotes. + // See + // [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + // for information on how to write a filter. + // + // *** + Filter pulumi.StringInput `pulumi:"filter"` +} + +func (V2ProjectNotificationConfigStreamingConfigArgs) ElementType() reflect.Type { + return reflect.TypeOf((*V2ProjectNotificationConfigStreamingConfig)(nil)).Elem() +} + +func (i V2ProjectNotificationConfigStreamingConfigArgs) ToV2ProjectNotificationConfigStreamingConfigOutput() V2ProjectNotificationConfigStreamingConfigOutput { + return i.ToV2ProjectNotificationConfigStreamingConfigOutputWithContext(context.Background()) +} + +func (i V2ProjectNotificationConfigStreamingConfigArgs) ToV2ProjectNotificationConfigStreamingConfigOutputWithContext(ctx context.Context) V2ProjectNotificationConfigStreamingConfigOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2ProjectNotificationConfigStreamingConfigOutput) +} + +func (i V2ProjectNotificationConfigStreamingConfigArgs) ToV2ProjectNotificationConfigStreamingConfigPtrOutput() V2ProjectNotificationConfigStreamingConfigPtrOutput { + return i.ToV2ProjectNotificationConfigStreamingConfigPtrOutputWithContext(context.Background()) +} + +func (i V2ProjectNotificationConfigStreamingConfigArgs) ToV2ProjectNotificationConfigStreamingConfigPtrOutputWithContext(ctx context.Context) V2ProjectNotificationConfigStreamingConfigPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2ProjectNotificationConfigStreamingConfigOutput).ToV2ProjectNotificationConfigStreamingConfigPtrOutputWithContext(ctx) +} + +// V2ProjectNotificationConfigStreamingConfigPtrInput is an input type that accepts V2ProjectNotificationConfigStreamingConfigArgs, V2ProjectNotificationConfigStreamingConfigPtr and V2ProjectNotificationConfigStreamingConfigPtrOutput values. +// You can construct a concrete instance of `V2ProjectNotificationConfigStreamingConfigPtrInput` via: +// +// V2ProjectNotificationConfigStreamingConfigArgs{...} +// +// or: +// +// nil +type V2ProjectNotificationConfigStreamingConfigPtrInput interface { + pulumi.Input + + ToV2ProjectNotificationConfigStreamingConfigPtrOutput() V2ProjectNotificationConfigStreamingConfigPtrOutput + ToV2ProjectNotificationConfigStreamingConfigPtrOutputWithContext(context.Context) V2ProjectNotificationConfigStreamingConfigPtrOutput +} + +type v2projectNotificationConfigStreamingConfigPtrType V2ProjectNotificationConfigStreamingConfigArgs + +func V2ProjectNotificationConfigStreamingConfigPtr(v *V2ProjectNotificationConfigStreamingConfigArgs) V2ProjectNotificationConfigStreamingConfigPtrInput { + return (*v2projectNotificationConfigStreamingConfigPtrType)(v) +} + +func (*v2projectNotificationConfigStreamingConfigPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**V2ProjectNotificationConfigStreamingConfig)(nil)).Elem() +} + +func (i *v2projectNotificationConfigStreamingConfigPtrType) ToV2ProjectNotificationConfigStreamingConfigPtrOutput() V2ProjectNotificationConfigStreamingConfigPtrOutput { + return i.ToV2ProjectNotificationConfigStreamingConfigPtrOutputWithContext(context.Background()) +} + +func (i *v2projectNotificationConfigStreamingConfigPtrType) ToV2ProjectNotificationConfigStreamingConfigPtrOutputWithContext(ctx context.Context) V2ProjectNotificationConfigStreamingConfigPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2ProjectNotificationConfigStreamingConfigPtrOutput) +} + +type V2ProjectNotificationConfigStreamingConfigOutput struct{ *pulumi.OutputState } + +func (V2ProjectNotificationConfigStreamingConfigOutput) ElementType() reflect.Type { + return reflect.TypeOf((*V2ProjectNotificationConfigStreamingConfig)(nil)).Elem() +} + +func (o V2ProjectNotificationConfigStreamingConfigOutput) ToV2ProjectNotificationConfigStreamingConfigOutput() V2ProjectNotificationConfigStreamingConfigOutput { + return o +} + +func (o V2ProjectNotificationConfigStreamingConfigOutput) ToV2ProjectNotificationConfigStreamingConfigOutputWithContext(ctx context.Context) V2ProjectNotificationConfigStreamingConfigOutput { + return o +} + +func (o V2ProjectNotificationConfigStreamingConfigOutput) ToV2ProjectNotificationConfigStreamingConfigPtrOutput() V2ProjectNotificationConfigStreamingConfigPtrOutput { + return o.ToV2ProjectNotificationConfigStreamingConfigPtrOutputWithContext(context.Background()) +} + +func (o V2ProjectNotificationConfigStreamingConfigOutput) ToV2ProjectNotificationConfigStreamingConfigPtrOutputWithContext(ctx context.Context) V2ProjectNotificationConfigStreamingConfigPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v V2ProjectNotificationConfigStreamingConfig) *V2ProjectNotificationConfigStreamingConfig { + return &v + }).(V2ProjectNotificationConfigStreamingConfigPtrOutput) +} + +// Expression that defines the filter to apply across create/update +// events of assets or findings as specified by the event type. The +// expression is a list of zero or more restrictions combined via +// logical operators AND and OR. Parentheses are supported, and OR +// has higher precedence than AND. +// Restrictions have the form and may have +// a - character in front of them to indicate negation. The fields +// map to those defined in the corresponding resource. +// The supported operators are: +// - = for all value types. +// - > , <, >=, <= for integer values. +// - :, meaning substring matching, for strings. +// The supported value types are: +// - string literals in quotes. +// - integer literals without quotes. +// - boolean literals true and false without quotes. +// See +// [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) +// for information on how to write a filter. +// +// *** +func (o V2ProjectNotificationConfigStreamingConfigOutput) Filter() pulumi.StringOutput { + return o.ApplyT(func(v V2ProjectNotificationConfigStreamingConfig) string { return v.Filter }).(pulumi.StringOutput) +} + +type V2ProjectNotificationConfigStreamingConfigPtrOutput struct{ *pulumi.OutputState } + +func (V2ProjectNotificationConfigStreamingConfigPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**V2ProjectNotificationConfigStreamingConfig)(nil)).Elem() +} + +func (o V2ProjectNotificationConfigStreamingConfigPtrOutput) ToV2ProjectNotificationConfigStreamingConfigPtrOutput() V2ProjectNotificationConfigStreamingConfigPtrOutput { + return o +} + +func (o V2ProjectNotificationConfigStreamingConfigPtrOutput) ToV2ProjectNotificationConfigStreamingConfigPtrOutputWithContext(ctx context.Context) V2ProjectNotificationConfigStreamingConfigPtrOutput { + return o +} + +func (o V2ProjectNotificationConfigStreamingConfigPtrOutput) Elem() V2ProjectNotificationConfigStreamingConfigOutput { + return o.ApplyT(func(v *V2ProjectNotificationConfigStreamingConfig) V2ProjectNotificationConfigStreamingConfig { + if v != nil { + return *v + } + var ret V2ProjectNotificationConfigStreamingConfig + return ret + }).(V2ProjectNotificationConfigStreamingConfigOutput) +} + +// Expression that defines the filter to apply across create/update +// events of assets or findings as specified by the event type. The +// expression is a list of zero or more restrictions combined via +// logical operators AND and OR. Parentheses are supported, and OR +// has higher precedence than AND. +// Restrictions have the form and may have +// a - character in front of them to indicate negation. The fields +// map to those defined in the corresponding resource. +// The supported operators are: +// - = for all value types. +// - > , <, >=, <= for integer values. +// - :, meaning substring matching, for strings. +// The supported value types are: +// - string literals in quotes. +// - integer literals without quotes. +// - boolean literals true and false without quotes. +// See +// [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) +// for information on how to write a filter. +// +// *** +func (o V2ProjectNotificationConfigStreamingConfigPtrOutput) Filter() pulumi.StringPtrOutput { + return o.ApplyT(func(v *V2ProjectNotificationConfigStreamingConfig) *string { + if v == nil { + return nil + } + return &v.Filter + }).(pulumi.StringPtrOutput) +} + func init() { pulumi.RegisterInputType(reflect.TypeOf((*FolderCustomModuleCustomConfigInput)(nil)).Elem(), FolderCustomModuleCustomConfigArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*FolderCustomModuleCustomConfigPtrInput)(nil)).Elem(), FolderCustomModuleCustomConfigArgs{}) @@ -8025,6 +8568,12 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*SourceIamMemberConditionPtrInput)(nil)).Elem(), SourceIamMemberConditionArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*V2OrganizationNotificationConfigStreamingConfigInput)(nil)).Elem(), V2OrganizationNotificationConfigStreamingConfigArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*V2OrganizationNotificationConfigStreamingConfigPtrInput)(nil)).Elem(), V2OrganizationNotificationConfigStreamingConfigArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2OrganizationSourceIamBindingConditionInput)(nil)).Elem(), V2OrganizationSourceIamBindingConditionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2OrganizationSourceIamBindingConditionPtrInput)(nil)).Elem(), V2OrganizationSourceIamBindingConditionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2OrganizationSourceIamMemberConditionInput)(nil)).Elem(), V2OrganizationSourceIamMemberConditionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2OrganizationSourceIamMemberConditionPtrInput)(nil)).Elem(), V2OrganizationSourceIamMemberConditionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2ProjectNotificationConfigStreamingConfigInput)(nil)).Elem(), V2ProjectNotificationConfigStreamingConfigArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2ProjectNotificationConfigStreamingConfigPtrInput)(nil)).Elem(), V2ProjectNotificationConfigStreamingConfigArgs{}) pulumi.RegisterOutputType(FolderCustomModuleCustomConfigOutput{}) pulumi.RegisterOutputType(FolderCustomModuleCustomConfigPtrOutput{}) pulumi.RegisterOutputType(FolderCustomModuleCustomConfigCustomOutputOutput{}) @@ -8111,4 +8660,10 @@ func init() { pulumi.RegisterOutputType(SourceIamMemberConditionPtrOutput{}) pulumi.RegisterOutputType(V2OrganizationNotificationConfigStreamingConfigOutput{}) pulumi.RegisterOutputType(V2OrganizationNotificationConfigStreamingConfigPtrOutput{}) + pulumi.RegisterOutputType(V2OrganizationSourceIamBindingConditionOutput{}) + pulumi.RegisterOutputType(V2OrganizationSourceIamBindingConditionPtrOutput{}) + pulumi.RegisterOutputType(V2OrganizationSourceIamMemberConditionOutput{}) + pulumi.RegisterOutputType(V2OrganizationSourceIamMemberConditionPtrOutput{}) + pulumi.RegisterOutputType(V2ProjectNotificationConfigStreamingConfigOutput{}) + pulumi.RegisterOutputType(V2ProjectNotificationConfigStreamingConfigPtrOutput{}) } diff --git a/sdk/go/gcp/securitycenter/v2folderMuteConfig.go b/sdk/go/gcp/securitycenter/v2folderMuteConfig.go new file mode 100644 index 0000000000..88db481880 --- /dev/null +++ b/sdk/go/gcp/securitycenter/v2folderMuteConfig.go @@ -0,0 +1,487 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package securitycenter + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Mute Findings is a volume management feature in Security Command Center +// that lets you manually or programmatically hide irrelevant findings, +// and create filters to automatically silence existing and future +// findings based on criteria you specify. +// +// To get more information about FolderMuteConfig, see: +// +// * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/folders.muteConfigs) +// +// ## Example Usage +// +// ### Scc V2 Folder Mute Config Basic +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// folder, err := organizations.NewFolder(ctx, "folder", &organizations.FolderArgs{ +// Parent: pulumi.String("organizations/123456789"), +// DisplayName: pulumi.String("folder-name"), +// }) +// if err != nil { +// return err +// } +// _, err = securitycenter.NewV2FolderMuteConfig(ctx, "default", &securitycenter.V2FolderMuteConfigArgs{ +// MuteConfigId: pulumi.String("my-config"), +// Folder: folder.FolderId, +// Location: pulumi.String("global"), +// Description: pulumi.String("My custom Cloud Security Command Center Finding Folder mute Configuration"), +// Filter: pulumi.String("severity = \"HIGH\""), +// Type: pulumi.String("STATIC"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// FolderMuteConfig can be imported using any of these accepted formats: +// +// * `folders/{{folder}}/locations/{{location}}/muteConfigs/{{mute_config_id}}` +// +// * `{{folder}}/{{location}}/{{mute_config_id}}` +// +// When using the `pulumi import` command, FolderMuteConfig can be imported using one of the formats above. For example: +// +// ```sh +// $ pulumi import gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig default folders/{{folder}}/locations/{{location}}/muteConfigs/{{mute_config_id}} +// ``` +// +// ```sh +// $ pulumi import gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig default {{folder}}/{{location}}/{{mute_config_id}} +// ``` +type V2FolderMuteConfig struct { + pulumi.CustomResourceState + + // The time at which the mute config was created. This field is set by + // the server and will be ignored if provided on config creation. + CreateTime pulumi.StringOutput `pulumi:"createTime"` + // A description of the mute config. + Description pulumi.StringPtrOutput `pulumi:"description"` + // An expression that defines the filter to apply across create/update + // events of findings. While creating a filter string, be mindful of + // the scope in which the mute configuration is being created. E.g., + // If a filter contains project = X but is created under the + // project = Y scope, it might not match any findings. + Filter pulumi.StringOutput `pulumi:"filter"` + // The folder whose Cloud Security Command Center the Mute + // Config lives in. + Folder pulumi.StringOutput `pulumi:"folder"` + // location Id is provided by folder. If not provided, Use global as default. + Location pulumi.StringPtrOutput `pulumi:"location"` + // Email address of the user who last edited the mute config. This + // field is set by the server and will be ignored if provided on + // config creation or update. + MostRecentEditor pulumi.StringOutput `pulumi:"mostRecentEditor"` + // Unique identifier provided by the client within the parent scope. + // + // *** + MuteConfigId pulumi.StringOutput `pulumi:"muteConfigId"` + // Name of the mute config. Its format is + // organizations/{organization}/locations/global/muteConfigs/{configId}, + // folders/{folder}/locations/global/muteConfigs/{configId}, + // or projects/{project}/locations/global/muteConfigs/{configId} + Name pulumi.StringOutput `pulumi:"name"` + // The type of the mute config. + Type pulumi.StringOutput `pulumi:"type"` + // Output only. The most recent time at which the mute config was + // updated. This field is set by the server and will be ignored if + // provided on config creation or update. + UpdateTime pulumi.StringOutput `pulumi:"updateTime"` +} + +// NewV2FolderMuteConfig registers a new resource with the given unique name, arguments, and options. +func NewV2FolderMuteConfig(ctx *pulumi.Context, + name string, args *V2FolderMuteConfigArgs, opts ...pulumi.ResourceOption) (*V2FolderMuteConfig, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.Filter == nil { + return nil, errors.New("invalid value for required argument 'Filter'") + } + if args.Folder == nil { + return nil, errors.New("invalid value for required argument 'Folder'") + } + if args.MuteConfigId == nil { + return nil, errors.New("invalid value for required argument 'MuteConfigId'") + } + if args.Type == nil { + return nil, errors.New("invalid value for required argument 'Type'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource V2FolderMuteConfig + err := ctx.RegisterResource("gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetV2FolderMuteConfig gets an existing V2FolderMuteConfig resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetV2FolderMuteConfig(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *V2FolderMuteConfigState, opts ...pulumi.ResourceOption) (*V2FolderMuteConfig, error) { + var resource V2FolderMuteConfig + err := ctx.ReadResource("gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering V2FolderMuteConfig resources. +type v2folderMuteConfigState struct { + // The time at which the mute config was created. This field is set by + // the server and will be ignored if provided on config creation. + CreateTime *string `pulumi:"createTime"` + // A description of the mute config. + Description *string `pulumi:"description"` + // An expression that defines the filter to apply across create/update + // events of findings. While creating a filter string, be mindful of + // the scope in which the mute configuration is being created. E.g., + // If a filter contains project = X but is created under the + // project = Y scope, it might not match any findings. + Filter *string `pulumi:"filter"` + // The folder whose Cloud Security Command Center the Mute + // Config lives in. + Folder *string `pulumi:"folder"` + // location Id is provided by folder. If not provided, Use global as default. + Location *string `pulumi:"location"` + // Email address of the user who last edited the mute config. This + // field is set by the server and will be ignored if provided on + // config creation or update. + MostRecentEditor *string `pulumi:"mostRecentEditor"` + // Unique identifier provided by the client within the parent scope. + // + // *** + MuteConfigId *string `pulumi:"muteConfigId"` + // Name of the mute config. Its format is + // organizations/{organization}/locations/global/muteConfigs/{configId}, + // folders/{folder}/locations/global/muteConfigs/{configId}, + // or projects/{project}/locations/global/muteConfigs/{configId} + Name *string `pulumi:"name"` + // The type of the mute config. + Type *string `pulumi:"type"` + // Output only. The most recent time at which the mute config was + // updated. This field is set by the server and will be ignored if + // provided on config creation or update. + UpdateTime *string `pulumi:"updateTime"` +} + +type V2FolderMuteConfigState struct { + // The time at which the mute config was created. This field is set by + // the server and will be ignored if provided on config creation. + CreateTime pulumi.StringPtrInput + // A description of the mute config. + Description pulumi.StringPtrInput + // An expression that defines the filter to apply across create/update + // events of findings. While creating a filter string, be mindful of + // the scope in which the mute configuration is being created. E.g., + // If a filter contains project = X but is created under the + // project = Y scope, it might not match any findings. + Filter pulumi.StringPtrInput + // The folder whose Cloud Security Command Center the Mute + // Config lives in. + Folder pulumi.StringPtrInput + // location Id is provided by folder. If not provided, Use global as default. + Location pulumi.StringPtrInput + // Email address of the user who last edited the mute config. This + // field is set by the server and will be ignored if provided on + // config creation or update. + MostRecentEditor pulumi.StringPtrInput + // Unique identifier provided by the client within the parent scope. + // + // *** + MuteConfigId pulumi.StringPtrInput + // Name of the mute config. Its format is + // organizations/{organization}/locations/global/muteConfigs/{configId}, + // folders/{folder}/locations/global/muteConfigs/{configId}, + // or projects/{project}/locations/global/muteConfigs/{configId} + Name pulumi.StringPtrInput + // The type of the mute config. + Type pulumi.StringPtrInput + // Output only. The most recent time at which the mute config was + // updated. This field is set by the server and will be ignored if + // provided on config creation or update. + UpdateTime pulumi.StringPtrInput +} + +func (V2FolderMuteConfigState) ElementType() reflect.Type { + return reflect.TypeOf((*v2folderMuteConfigState)(nil)).Elem() +} + +type v2folderMuteConfigArgs struct { + // A description of the mute config. + Description *string `pulumi:"description"` + // An expression that defines the filter to apply across create/update + // events of findings. While creating a filter string, be mindful of + // the scope in which the mute configuration is being created. E.g., + // If a filter contains project = X but is created under the + // project = Y scope, it might not match any findings. + Filter string `pulumi:"filter"` + // The folder whose Cloud Security Command Center the Mute + // Config lives in. + Folder string `pulumi:"folder"` + // location Id is provided by folder. If not provided, Use global as default. + Location *string `pulumi:"location"` + // Unique identifier provided by the client within the parent scope. + // + // *** + MuteConfigId string `pulumi:"muteConfigId"` + // The type of the mute config. + Type string `pulumi:"type"` +} + +// The set of arguments for constructing a V2FolderMuteConfig resource. +type V2FolderMuteConfigArgs struct { + // A description of the mute config. + Description pulumi.StringPtrInput + // An expression that defines the filter to apply across create/update + // events of findings. While creating a filter string, be mindful of + // the scope in which the mute configuration is being created. E.g., + // If a filter contains project = X but is created under the + // project = Y scope, it might not match any findings. + Filter pulumi.StringInput + // The folder whose Cloud Security Command Center the Mute + // Config lives in. + Folder pulumi.StringInput + // location Id is provided by folder. If not provided, Use global as default. + Location pulumi.StringPtrInput + // Unique identifier provided by the client within the parent scope. + // + // *** + MuteConfigId pulumi.StringInput + // The type of the mute config. + Type pulumi.StringInput +} + +func (V2FolderMuteConfigArgs) ElementType() reflect.Type { + return reflect.TypeOf((*v2folderMuteConfigArgs)(nil)).Elem() +} + +type V2FolderMuteConfigInput interface { + pulumi.Input + + ToV2FolderMuteConfigOutput() V2FolderMuteConfigOutput + ToV2FolderMuteConfigOutputWithContext(ctx context.Context) V2FolderMuteConfigOutput +} + +func (*V2FolderMuteConfig) ElementType() reflect.Type { + return reflect.TypeOf((**V2FolderMuteConfig)(nil)).Elem() +} + +func (i *V2FolderMuteConfig) ToV2FolderMuteConfigOutput() V2FolderMuteConfigOutput { + return i.ToV2FolderMuteConfigOutputWithContext(context.Background()) +} + +func (i *V2FolderMuteConfig) ToV2FolderMuteConfigOutputWithContext(ctx context.Context) V2FolderMuteConfigOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2FolderMuteConfigOutput) +} + +// V2FolderMuteConfigArrayInput is an input type that accepts V2FolderMuteConfigArray and V2FolderMuteConfigArrayOutput values. +// You can construct a concrete instance of `V2FolderMuteConfigArrayInput` via: +// +// V2FolderMuteConfigArray{ V2FolderMuteConfigArgs{...} } +type V2FolderMuteConfigArrayInput interface { + pulumi.Input + + ToV2FolderMuteConfigArrayOutput() V2FolderMuteConfigArrayOutput + ToV2FolderMuteConfigArrayOutputWithContext(context.Context) V2FolderMuteConfigArrayOutput +} + +type V2FolderMuteConfigArray []V2FolderMuteConfigInput + +func (V2FolderMuteConfigArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*V2FolderMuteConfig)(nil)).Elem() +} + +func (i V2FolderMuteConfigArray) ToV2FolderMuteConfigArrayOutput() V2FolderMuteConfigArrayOutput { + return i.ToV2FolderMuteConfigArrayOutputWithContext(context.Background()) +} + +func (i V2FolderMuteConfigArray) ToV2FolderMuteConfigArrayOutputWithContext(ctx context.Context) V2FolderMuteConfigArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2FolderMuteConfigArrayOutput) +} + +// V2FolderMuteConfigMapInput is an input type that accepts V2FolderMuteConfigMap and V2FolderMuteConfigMapOutput values. +// You can construct a concrete instance of `V2FolderMuteConfigMapInput` via: +// +// V2FolderMuteConfigMap{ "key": V2FolderMuteConfigArgs{...} } +type V2FolderMuteConfigMapInput interface { + pulumi.Input + + ToV2FolderMuteConfigMapOutput() V2FolderMuteConfigMapOutput + ToV2FolderMuteConfigMapOutputWithContext(context.Context) V2FolderMuteConfigMapOutput +} + +type V2FolderMuteConfigMap map[string]V2FolderMuteConfigInput + +func (V2FolderMuteConfigMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*V2FolderMuteConfig)(nil)).Elem() +} + +func (i V2FolderMuteConfigMap) ToV2FolderMuteConfigMapOutput() V2FolderMuteConfigMapOutput { + return i.ToV2FolderMuteConfigMapOutputWithContext(context.Background()) +} + +func (i V2FolderMuteConfigMap) ToV2FolderMuteConfigMapOutputWithContext(ctx context.Context) V2FolderMuteConfigMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2FolderMuteConfigMapOutput) +} + +type V2FolderMuteConfigOutput struct{ *pulumi.OutputState } + +func (V2FolderMuteConfigOutput) ElementType() reflect.Type { + return reflect.TypeOf((**V2FolderMuteConfig)(nil)).Elem() +} + +func (o V2FolderMuteConfigOutput) ToV2FolderMuteConfigOutput() V2FolderMuteConfigOutput { + return o +} + +func (o V2FolderMuteConfigOutput) ToV2FolderMuteConfigOutputWithContext(ctx context.Context) V2FolderMuteConfigOutput { + return o +} + +// The time at which the mute config was created. This field is set by +// the server and will be ignored if provided on config creation. +func (o V2FolderMuteConfigOutput) CreateTime() pulumi.StringOutput { + return o.ApplyT(func(v *V2FolderMuteConfig) pulumi.StringOutput { return v.CreateTime }).(pulumi.StringOutput) +} + +// A description of the mute config. +func (o V2FolderMuteConfigOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v *V2FolderMuteConfig) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) +} + +// An expression that defines the filter to apply across create/update +// events of findings. While creating a filter string, be mindful of +// the scope in which the mute configuration is being created. E.g., +// If a filter contains project = X but is created under the +// project = Y scope, it might not match any findings. +func (o V2FolderMuteConfigOutput) Filter() pulumi.StringOutput { + return o.ApplyT(func(v *V2FolderMuteConfig) pulumi.StringOutput { return v.Filter }).(pulumi.StringOutput) +} + +// The folder whose Cloud Security Command Center the Mute +// Config lives in. +func (o V2FolderMuteConfigOutput) Folder() pulumi.StringOutput { + return o.ApplyT(func(v *V2FolderMuteConfig) pulumi.StringOutput { return v.Folder }).(pulumi.StringOutput) +} + +// location Id is provided by folder. If not provided, Use global as default. +func (o V2FolderMuteConfigOutput) Location() pulumi.StringPtrOutput { + return o.ApplyT(func(v *V2FolderMuteConfig) pulumi.StringPtrOutput { return v.Location }).(pulumi.StringPtrOutput) +} + +// Email address of the user who last edited the mute config. This +// field is set by the server and will be ignored if provided on +// config creation or update. +func (o V2FolderMuteConfigOutput) MostRecentEditor() pulumi.StringOutput { + return o.ApplyT(func(v *V2FolderMuteConfig) pulumi.StringOutput { return v.MostRecentEditor }).(pulumi.StringOutput) +} + +// Unique identifier provided by the client within the parent scope. +// +// *** +func (o V2FolderMuteConfigOutput) MuteConfigId() pulumi.StringOutput { + return o.ApplyT(func(v *V2FolderMuteConfig) pulumi.StringOutput { return v.MuteConfigId }).(pulumi.StringOutput) +} + +// Name of the mute config. Its format is +// organizations/{organization}/locations/global/muteConfigs/{configId}, +// folders/{folder}/locations/global/muteConfigs/{configId}, +// or projects/{project}/locations/global/muteConfigs/{configId} +func (o V2FolderMuteConfigOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v *V2FolderMuteConfig) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) +} + +// The type of the mute config. +func (o V2FolderMuteConfigOutput) Type() pulumi.StringOutput { + return o.ApplyT(func(v *V2FolderMuteConfig) pulumi.StringOutput { return v.Type }).(pulumi.StringOutput) +} + +// Output only. The most recent time at which the mute config was +// updated. This field is set by the server and will be ignored if +// provided on config creation or update. +func (o V2FolderMuteConfigOutput) UpdateTime() pulumi.StringOutput { + return o.ApplyT(func(v *V2FolderMuteConfig) pulumi.StringOutput { return v.UpdateTime }).(pulumi.StringOutput) +} + +type V2FolderMuteConfigArrayOutput struct{ *pulumi.OutputState } + +func (V2FolderMuteConfigArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*V2FolderMuteConfig)(nil)).Elem() +} + +func (o V2FolderMuteConfigArrayOutput) ToV2FolderMuteConfigArrayOutput() V2FolderMuteConfigArrayOutput { + return o +} + +func (o V2FolderMuteConfigArrayOutput) ToV2FolderMuteConfigArrayOutputWithContext(ctx context.Context) V2FolderMuteConfigArrayOutput { + return o +} + +func (o V2FolderMuteConfigArrayOutput) Index(i pulumi.IntInput) V2FolderMuteConfigOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *V2FolderMuteConfig { + return vs[0].([]*V2FolderMuteConfig)[vs[1].(int)] + }).(V2FolderMuteConfigOutput) +} + +type V2FolderMuteConfigMapOutput struct{ *pulumi.OutputState } + +func (V2FolderMuteConfigMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*V2FolderMuteConfig)(nil)).Elem() +} + +func (o V2FolderMuteConfigMapOutput) ToV2FolderMuteConfigMapOutput() V2FolderMuteConfigMapOutput { + return o +} + +func (o V2FolderMuteConfigMapOutput) ToV2FolderMuteConfigMapOutputWithContext(ctx context.Context) V2FolderMuteConfigMapOutput { + return o +} + +func (o V2FolderMuteConfigMapOutput) MapIndex(k pulumi.StringInput) V2FolderMuteConfigOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *V2FolderMuteConfig { + return vs[0].(map[string]*V2FolderMuteConfig)[vs[1].(string)] + }).(V2FolderMuteConfigOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*V2FolderMuteConfigInput)(nil)).Elem(), &V2FolderMuteConfig{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2FolderMuteConfigArrayInput)(nil)).Elem(), V2FolderMuteConfigArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2FolderMuteConfigMapInput)(nil)).Elem(), V2FolderMuteConfigMap{}) + pulumi.RegisterOutputType(V2FolderMuteConfigOutput{}) + pulumi.RegisterOutputType(V2FolderMuteConfigArrayOutput{}) + pulumi.RegisterOutputType(V2FolderMuteConfigMapOutput{}) +} diff --git a/sdk/go/gcp/securitycenter/v2organizationSource.go b/sdk/go/gcp/securitycenter/v2organizationSource.go new file mode 100644 index 0000000000..cef75b4500 --- /dev/null +++ b/sdk/go/gcp/securitycenter/v2organizationSource.go @@ -0,0 +1,366 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package securitycenter + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// A Cloud Security Command Center's (Cloud SCC) finding source. A finding +// source is an entity or a mechanism that can produce a finding. A source is +// like a container of findings that come from the same scanner, logger, +// monitor, etc. +// +// To get more information about OrganizationSource, see: +// +// * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/organizations.sources) +// * How-to Guides +// - [Official Documentation](https://cloud.google.com/security-command-center/docs) +// +// ## Example Usage +// +// ### Scc Source Basic +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := securitycenter.NewSource(ctx, "custom_source", &securitycenter.SourceArgs{ +// DisplayName: pulumi.String("My Source"), +// Organization: pulumi.String("123456789"), +// Description: pulumi.String("My custom Cloud Security Command Center Finding Source"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// OrganizationSource can be imported using any of these accepted formats: +// +// * `organizations/{{organization}}/sources/{{name}}` +// +// * `{{organization}}/{{name}}` +// +// When using the `pulumi import` command, OrganizationSource can be imported using one of the formats above. For example: +// +// ```sh +// $ pulumi import gcp:securitycenter/v2OrganizationSource:V2OrganizationSource default organizations/{{organization}}/sources/{{name}} +// ``` +// +// ```sh +// $ pulumi import gcp:securitycenter/v2OrganizationSource:V2OrganizationSource default {{organization}}/{{name}} +// ``` +type V2OrganizationSource struct { + pulumi.CustomResourceState + + // The description of the source (max of 1024 characters). + Description pulumi.StringPtrOutput `pulumi:"description"` + // The source’s display name. A source’s display name must be unique + // amongst its siblings, for example, two sources with the same parent + // can't share the same display name. The display name must start and end + // with a letter or digit, may contain letters, digits, spaces, hyphens, + // and underscores, and can be no longer than 32 characters. + DisplayName pulumi.StringOutput `pulumi:"displayName"` + // The resource name of this source, in the format + // `organizations/{{organization}}/sources/{{source}}`. + Name pulumi.StringOutput `pulumi:"name"` + // The organization whose Cloud Security Command Center the Source + // lives in. + // + // *** + Organization pulumi.StringOutput `pulumi:"organization"` +} + +// NewV2OrganizationSource registers a new resource with the given unique name, arguments, and options. +func NewV2OrganizationSource(ctx *pulumi.Context, + name string, args *V2OrganizationSourceArgs, opts ...pulumi.ResourceOption) (*V2OrganizationSource, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.DisplayName == nil { + return nil, errors.New("invalid value for required argument 'DisplayName'") + } + if args.Organization == nil { + return nil, errors.New("invalid value for required argument 'Organization'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource V2OrganizationSource + err := ctx.RegisterResource("gcp:securitycenter/v2OrganizationSource:V2OrganizationSource", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetV2OrganizationSource gets an existing V2OrganizationSource resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetV2OrganizationSource(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *V2OrganizationSourceState, opts ...pulumi.ResourceOption) (*V2OrganizationSource, error) { + var resource V2OrganizationSource + err := ctx.ReadResource("gcp:securitycenter/v2OrganizationSource:V2OrganizationSource", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering V2OrganizationSource resources. +type v2organizationSourceState struct { + // The description of the source (max of 1024 characters). + Description *string `pulumi:"description"` + // The source’s display name. A source’s display name must be unique + // amongst its siblings, for example, two sources with the same parent + // can't share the same display name. The display name must start and end + // with a letter or digit, may contain letters, digits, spaces, hyphens, + // and underscores, and can be no longer than 32 characters. + DisplayName *string `pulumi:"displayName"` + // The resource name of this source, in the format + // `organizations/{{organization}}/sources/{{source}}`. + Name *string `pulumi:"name"` + // The organization whose Cloud Security Command Center the Source + // lives in. + // + // *** + Organization *string `pulumi:"organization"` +} + +type V2OrganizationSourceState struct { + // The description of the source (max of 1024 characters). + Description pulumi.StringPtrInput + // The source’s display name. A source’s display name must be unique + // amongst its siblings, for example, two sources with the same parent + // can't share the same display name. The display name must start and end + // with a letter or digit, may contain letters, digits, spaces, hyphens, + // and underscores, and can be no longer than 32 characters. + DisplayName pulumi.StringPtrInput + // The resource name of this source, in the format + // `organizations/{{organization}}/sources/{{source}}`. + Name pulumi.StringPtrInput + // The organization whose Cloud Security Command Center the Source + // lives in. + // + // *** + Organization pulumi.StringPtrInput +} + +func (V2OrganizationSourceState) ElementType() reflect.Type { + return reflect.TypeOf((*v2organizationSourceState)(nil)).Elem() +} + +type v2organizationSourceArgs struct { + // The description of the source (max of 1024 characters). + Description *string `pulumi:"description"` + // The source’s display name. A source’s display name must be unique + // amongst its siblings, for example, two sources with the same parent + // can't share the same display name. The display name must start and end + // with a letter or digit, may contain letters, digits, spaces, hyphens, + // and underscores, and can be no longer than 32 characters. + DisplayName string `pulumi:"displayName"` + // The organization whose Cloud Security Command Center the Source + // lives in. + // + // *** + Organization string `pulumi:"organization"` +} + +// The set of arguments for constructing a V2OrganizationSource resource. +type V2OrganizationSourceArgs struct { + // The description of the source (max of 1024 characters). + Description pulumi.StringPtrInput + // The source’s display name. A source’s display name must be unique + // amongst its siblings, for example, two sources with the same parent + // can't share the same display name. The display name must start and end + // with a letter or digit, may contain letters, digits, spaces, hyphens, + // and underscores, and can be no longer than 32 characters. + DisplayName pulumi.StringInput + // The organization whose Cloud Security Command Center the Source + // lives in. + // + // *** + Organization pulumi.StringInput +} + +func (V2OrganizationSourceArgs) ElementType() reflect.Type { + return reflect.TypeOf((*v2organizationSourceArgs)(nil)).Elem() +} + +type V2OrganizationSourceInput interface { + pulumi.Input + + ToV2OrganizationSourceOutput() V2OrganizationSourceOutput + ToV2OrganizationSourceOutputWithContext(ctx context.Context) V2OrganizationSourceOutput +} + +func (*V2OrganizationSource) ElementType() reflect.Type { + return reflect.TypeOf((**V2OrganizationSource)(nil)).Elem() +} + +func (i *V2OrganizationSource) ToV2OrganizationSourceOutput() V2OrganizationSourceOutput { + return i.ToV2OrganizationSourceOutputWithContext(context.Background()) +} + +func (i *V2OrganizationSource) ToV2OrganizationSourceOutputWithContext(ctx context.Context) V2OrganizationSourceOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2OrganizationSourceOutput) +} + +// V2OrganizationSourceArrayInput is an input type that accepts V2OrganizationSourceArray and V2OrganizationSourceArrayOutput values. +// You can construct a concrete instance of `V2OrganizationSourceArrayInput` via: +// +// V2OrganizationSourceArray{ V2OrganizationSourceArgs{...} } +type V2OrganizationSourceArrayInput interface { + pulumi.Input + + ToV2OrganizationSourceArrayOutput() V2OrganizationSourceArrayOutput + ToV2OrganizationSourceArrayOutputWithContext(context.Context) V2OrganizationSourceArrayOutput +} + +type V2OrganizationSourceArray []V2OrganizationSourceInput + +func (V2OrganizationSourceArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*V2OrganizationSource)(nil)).Elem() +} + +func (i V2OrganizationSourceArray) ToV2OrganizationSourceArrayOutput() V2OrganizationSourceArrayOutput { + return i.ToV2OrganizationSourceArrayOutputWithContext(context.Background()) +} + +func (i V2OrganizationSourceArray) ToV2OrganizationSourceArrayOutputWithContext(ctx context.Context) V2OrganizationSourceArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2OrganizationSourceArrayOutput) +} + +// V2OrganizationSourceMapInput is an input type that accepts V2OrganizationSourceMap and V2OrganizationSourceMapOutput values. +// You can construct a concrete instance of `V2OrganizationSourceMapInput` via: +// +// V2OrganizationSourceMap{ "key": V2OrganizationSourceArgs{...} } +type V2OrganizationSourceMapInput interface { + pulumi.Input + + ToV2OrganizationSourceMapOutput() V2OrganizationSourceMapOutput + ToV2OrganizationSourceMapOutputWithContext(context.Context) V2OrganizationSourceMapOutput +} + +type V2OrganizationSourceMap map[string]V2OrganizationSourceInput + +func (V2OrganizationSourceMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*V2OrganizationSource)(nil)).Elem() +} + +func (i V2OrganizationSourceMap) ToV2OrganizationSourceMapOutput() V2OrganizationSourceMapOutput { + return i.ToV2OrganizationSourceMapOutputWithContext(context.Background()) +} + +func (i V2OrganizationSourceMap) ToV2OrganizationSourceMapOutputWithContext(ctx context.Context) V2OrganizationSourceMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2OrganizationSourceMapOutput) +} + +type V2OrganizationSourceOutput struct{ *pulumi.OutputState } + +func (V2OrganizationSourceOutput) ElementType() reflect.Type { + return reflect.TypeOf((**V2OrganizationSource)(nil)).Elem() +} + +func (o V2OrganizationSourceOutput) ToV2OrganizationSourceOutput() V2OrganizationSourceOutput { + return o +} + +func (o V2OrganizationSourceOutput) ToV2OrganizationSourceOutputWithContext(ctx context.Context) V2OrganizationSourceOutput { + return o +} + +// The description of the source (max of 1024 characters). +func (o V2OrganizationSourceOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v *V2OrganizationSource) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) +} + +// The source’s display name. A source’s display name must be unique +// amongst its siblings, for example, two sources with the same parent +// can't share the same display name. The display name must start and end +// with a letter or digit, may contain letters, digits, spaces, hyphens, +// and underscores, and can be no longer than 32 characters. +func (o V2OrganizationSourceOutput) DisplayName() pulumi.StringOutput { + return o.ApplyT(func(v *V2OrganizationSource) pulumi.StringOutput { return v.DisplayName }).(pulumi.StringOutput) +} + +// The resource name of this source, in the format +// `organizations/{{organization}}/sources/{{source}}`. +func (o V2OrganizationSourceOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v *V2OrganizationSource) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) +} + +// The organization whose Cloud Security Command Center the Source +// lives in. +// +// *** +func (o V2OrganizationSourceOutput) Organization() pulumi.StringOutput { + return o.ApplyT(func(v *V2OrganizationSource) pulumi.StringOutput { return v.Organization }).(pulumi.StringOutput) +} + +type V2OrganizationSourceArrayOutput struct{ *pulumi.OutputState } + +func (V2OrganizationSourceArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*V2OrganizationSource)(nil)).Elem() +} + +func (o V2OrganizationSourceArrayOutput) ToV2OrganizationSourceArrayOutput() V2OrganizationSourceArrayOutput { + return o +} + +func (o V2OrganizationSourceArrayOutput) ToV2OrganizationSourceArrayOutputWithContext(ctx context.Context) V2OrganizationSourceArrayOutput { + return o +} + +func (o V2OrganizationSourceArrayOutput) Index(i pulumi.IntInput) V2OrganizationSourceOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *V2OrganizationSource { + return vs[0].([]*V2OrganizationSource)[vs[1].(int)] + }).(V2OrganizationSourceOutput) +} + +type V2OrganizationSourceMapOutput struct{ *pulumi.OutputState } + +func (V2OrganizationSourceMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*V2OrganizationSource)(nil)).Elem() +} + +func (o V2OrganizationSourceMapOutput) ToV2OrganizationSourceMapOutput() V2OrganizationSourceMapOutput { + return o +} + +func (o V2OrganizationSourceMapOutput) ToV2OrganizationSourceMapOutputWithContext(ctx context.Context) V2OrganizationSourceMapOutput { + return o +} + +func (o V2OrganizationSourceMapOutput) MapIndex(k pulumi.StringInput) V2OrganizationSourceOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *V2OrganizationSource { + return vs[0].(map[string]*V2OrganizationSource)[vs[1].(string)] + }).(V2OrganizationSourceOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*V2OrganizationSourceInput)(nil)).Elem(), &V2OrganizationSource{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2OrganizationSourceArrayInput)(nil)).Elem(), V2OrganizationSourceArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2OrganizationSourceMapInput)(nil)).Elem(), V2OrganizationSourceMap{}) + pulumi.RegisterOutputType(V2OrganizationSourceOutput{}) + pulumi.RegisterOutputType(V2OrganizationSourceArrayOutput{}) + pulumi.RegisterOutputType(V2OrganizationSourceMapOutput{}) +} diff --git a/sdk/go/gcp/securitycenter/v2organizationSourceIamBinding.go b/sdk/go/gcp/securitycenter/v2organizationSourceIamBinding.go new file mode 100644 index 0000000000..7b8190eccc --- /dev/null +++ b/sdk/go/gcp/securitycenter/v2organizationSourceIamBinding.go @@ -0,0 +1,627 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package securitycenter + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: +// +// * `securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. +// * `securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. +// * `securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. +// +// # A data source can be used to retrieve policy data in advent you do not need creation +// +// * `securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource +// +// > **Note:** `securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `securitycenter.V2OrganizationSourceIamBinding` and `securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. +// +// > **Note:** `securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. +// +// ## securitycenter.V2OrganizationSourceIamPolicy +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, "policy", &securitycenter.V2OrganizationSourceIamPolicyArgs{ +// Source: pulumi.Any(customSource.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## securitycenter.V2OrganizationSourceIamBinding +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, "binding", &securitycenter.V2OrganizationSourceIamBindingArgs{ +// Source: pulumi.Any(customSource.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## securitycenter.V2OrganizationSourceIamMember +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, "member", &securitycenter.V2OrganizationSourceIamMemberArgs{ +// Source: pulumi.Any(customSource.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the +// +// full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. +// --- +// +// # IAM policy for Security Command Center (SCC)v2 API OrganizationSource +// Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: +// +// * `securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. +// * `securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. +// * `securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. +// +// # A data source can be used to retrieve policy data in advent you do not need creation +// +// * `securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource +// +// > **Note:** `securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `securitycenter.V2OrganizationSourceIamBinding` and `securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. +// +// > **Note:** `securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. +// +// ## securitycenter.V2OrganizationSourceIamPolicy +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, "policy", &securitycenter.V2OrganizationSourceIamPolicyArgs{ +// Source: pulumi.Any(customSource.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## securitycenter.V2OrganizationSourceIamBinding +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, "binding", &securitycenter.V2OrganizationSourceIamBindingArgs{ +// Source: pulumi.Any(customSource.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## securitycenter.V2OrganizationSourceIamMember +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, "member", &securitycenter.V2OrganizationSourceIamMemberArgs{ +// Source: pulumi.Any(customSource.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// For all import syntaxes, the "resource in question" can take any of the following forms: +// +// * organizations/{{organization}}/sources/{{source}} +// +// * {{organization}}/{{source}} +// +// * {{source}} +// +// Any variables not passed in the import command will be taken from the provider configuration. +// +// Security Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member. +// +// IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. +// +// ```sh +// $ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor "organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com" +// ``` +// +// IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. +// +// ```sh +// $ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor "organizations/{{organization}}/sources/{{source}} roles/viewer" +// ``` +// +// IAM policy imports use the identifier of the resource in question, e.g. +// +// ```sh +// $ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor organizations/{{organization}}/sources/{{source}} +// ``` +// +// -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the +// +// full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. +type V2OrganizationSourceIamBinding struct { + pulumi.CustomResourceState + + Condition V2OrganizationSourceIamBindingConditionPtrOutput `pulumi:"condition"` + // (Computed) The etag of the IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + Organization pulumi.StringOutput `pulumi:"organization"` + // The role that should be applied. Only one + // `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringOutput `pulumi:"role"` + // Used to find the parent resource to bind the IAM policy to + Source pulumi.StringOutput `pulumi:"source"` +} + +// NewV2OrganizationSourceIamBinding registers a new resource with the given unique name, arguments, and options. +func NewV2OrganizationSourceIamBinding(ctx *pulumi.Context, + name string, args *V2OrganizationSourceIamBindingArgs, opts ...pulumi.ResourceOption) (*V2OrganizationSourceIamBinding, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.Members == nil { + return nil, errors.New("invalid value for required argument 'Members'") + } + if args.Organization == nil { + return nil, errors.New("invalid value for required argument 'Organization'") + } + if args.Role == nil { + return nil, errors.New("invalid value for required argument 'Role'") + } + if args.Source == nil { + return nil, errors.New("invalid value for required argument 'Source'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource V2OrganizationSourceIamBinding + err := ctx.RegisterResource("gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetV2OrganizationSourceIamBinding gets an existing V2OrganizationSourceIamBinding resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetV2OrganizationSourceIamBinding(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *V2OrganizationSourceIamBindingState, opts ...pulumi.ResourceOption) (*V2OrganizationSourceIamBinding, error) { + var resource V2OrganizationSourceIamBinding + err := ctx.ReadResource("gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering V2OrganizationSourceIamBinding resources. +type v2organizationSourceIamBindingState struct { + Condition *V2OrganizationSourceIamBindingCondition `pulumi:"condition"` + // (Computed) The etag of the IAM policy. + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + Organization *string `pulumi:"organization"` + // The role that should be applied. Only one + // `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role *string `pulumi:"role"` + // Used to find the parent resource to bind the IAM policy to + Source *string `pulumi:"source"` +} + +type V2OrganizationSourceIamBindingState struct { + Condition V2OrganizationSourceIamBindingConditionPtrInput + // (Computed) The etag of the IAM policy. + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + Organization pulumi.StringPtrInput + // The role that should be applied. Only one + // `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to + Source pulumi.StringPtrInput +} + +func (V2OrganizationSourceIamBindingState) ElementType() reflect.Type { + return reflect.TypeOf((*v2organizationSourceIamBindingState)(nil)).Elem() +} + +type v2organizationSourceIamBindingArgs struct { + Condition *V2OrganizationSourceIamBindingCondition `pulumi:"condition"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + Organization string `pulumi:"organization"` + // The role that should be applied. Only one + // `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role string `pulumi:"role"` + // Used to find the parent resource to bind the IAM policy to + Source string `pulumi:"source"` +} + +// The set of arguments for constructing a V2OrganizationSourceIamBinding resource. +type V2OrganizationSourceIamBindingArgs struct { + Condition V2OrganizationSourceIamBindingConditionPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + Organization pulumi.StringInput + // The role that should be applied. Only one + // `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to + Source pulumi.StringInput +} + +func (V2OrganizationSourceIamBindingArgs) ElementType() reflect.Type { + return reflect.TypeOf((*v2organizationSourceIamBindingArgs)(nil)).Elem() +} + +type V2OrganizationSourceIamBindingInput interface { + pulumi.Input + + ToV2OrganizationSourceIamBindingOutput() V2OrganizationSourceIamBindingOutput + ToV2OrganizationSourceIamBindingOutputWithContext(ctx context.Context) V2OrganizationSourceIamBindingOutput +} + +func (*V2OrganizationSourceIamBinding) ElementType() reflect.Type { + return reflect.TypeOf((**V2OrganizationSourceIamBinding)(nil)).Elem() +} + +func (i *V2OrganizationSourceIamBinding) ToV2OrganizationSourceIamBindingOutput() V2OrganizationSourceIamBindingOutput { + return i.ToV2OrganizationSourceIamBindingOutputWithContext(context.Background()) +} + +func (i *V2OrganizationSourceIamBinding) ToV2OrganizationSourceIamBindingOutputWithContext(ctx context.Context) V2OrganizationSourceIamBindingOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2OrganizationSourceIamBindingOutput) +} + +// V2OrganizationSourceIamBindingArrayInput is an input type that accepts V2OrganizationSourceIamBindingArray and V2OrganizationSourceIamBindingArrayOutput values. +// You can construct a concrete instance of `V2OrganizationSourceIamBindingArrayInput` via: +// +// V2OrganizationSourceIamBindingArray{ V2OrganizationSourceIamBindingArgs{...} } +type V2OrganizationSourceIamBindingArrayInput interface { + pulumi.Input + + ToV2OrganizationSourceIamBindingArrayOutput() V2OrganizationSourceIamBindingArrayOutput + ToV2OrganizationSourceIamBindingArrayOutputWithContext(context.Context) V2OrganizationSourceIamBindingArrayOutput +} + +type V2OrganizationSourceIamBindingArray []V2OrganizationSourceIamBindingInput + +func (V2OrganizationSourceIamBindingArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*V2OrganizationSourceIamBinding)(nil)).Elem() +} + +func (i V2OrganizationSourceIamBindingArray) ToV2OrganizationSourceIamBindingArrayOutput() V2OrganizationSourceIamBindingArrayOutput { + return i.ToV2OrganizationSourceIamBindingArrayOutputWithContext(context.Background()) +} + +func (i V2OrganizationSourceIamBindingArray) ToV2OrganizationSourceIamBindingArrayOutputWithContext(ctx context.Context) V2OrganizationSourceIamBindingArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2OrganizationSourceIamBindingArrayOutput) +} + +// V2OrganizationSourceIamBindingMapInput is an input type that accepts V2OrganizationSourceIamBindingMap and V2OrganizationSourceIamBindingMapOutput values. +// You can construct a concrete instance of `V2OrganizationSourceIamBindingMapInput` via: +// +// V2OrganizationSourceIamBindingMap{ "key": V2OrganizationSourceIamBindingArgs{...} } +type V2OrganizationSourceIamBindingMapInput interface { + pulumi.Input + + ToV2OrganizationSourceIamBindingMapOutput() V2OrganizationSourceIamBindingMapOutput + ToV2OrganizationSourceIamBindingMapOutputWithContext(context.Context) V2OrganizationSourceIamBindingMapOutput +} + +type V2OrganizationSourceIamBindingMap map[string]V2OrganizationSourceIamBindingInput + +func (V2OrganizationSourceIamBindingMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*V2OrganizationSourceIamBinding)(nil)).Elem() +} + +func (i V2OrganizationSourceIamBindingMap) ToV2OrganizationSourceIamBindingMapOutput() V2OrganizationSourceIamBindingMapOutput { + return i.ToV2OrganizationSourceIamBindingMapOutputWithContext(context.Background()) +} + +func (i V2OrganizationSourceIamBindingMap) ToV2OrganizationSourceIamBindingMapOutputWithContext(ctx context.Context) V2OrganizationSourceIamBindingMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2OrganizationSourceIamBindingMapOutput) +} + +type V2OrganizationSourceIamBindingOutput struct{ *pulumi.OutputState } + +func (V2OrganizationSourceIamBindingOutput) ElementType() reflect.Type { + return reflect.TypeOf((**V2OrganizationSourceIamBinding)(nil)).Elem() +} + +func (o V2OrganizationSourceIamBindingOutput) ToV2OrganizationSourceIamBindingOutput() V2OrganizationSourceIamBindingOutput { + return o +} + +func (o V2OrganizationSourceIamBindingOutput) ToV2OrganizationSourceIamBindingOutputWithContext(ctx context.Context) V2OrganizationSourceIamBindingOutput { + return o +} + +func (o V2OrganizationSourceIamBindingOutput) Condition() V2OrganizationSourceIamBindingConditionPtrOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamBinding) V2OrganizationSourceIamBindingConditionPtrOutput { + return v.Condition + }).(V2OrganizationSourceIamBindingConditionPtrOutput) +} + +// (Computed) The etag of the IAM policy. +func (o V2OrganizationSourceIamBindingOutput) Etag() pulumi.StringOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) +} + +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" +func (o V2OrganizationSourceIamBindingOutput) Members() pulumi.StringArrayOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) +} + +func (o V2OrganizationSourceIamBindingOutput) Organization() pulumi.StringOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamBinding) pulumi.StringOutput { return v.Organization }).(pulumi.StringOutput) +} + +// The role that should be applied. Only one +// `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format +// `[projects|organizations]/{parent-name}/roles/{role-name}`. +func (o V2OrganizationSourceIamBindingOutput) Role() pulumi.StringOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamBinding) pulumi.StringOutput { return v.Role }).(pulumi.StringOutput) +} + +// Used to find the parent resource to bind the IAM policy to +func (o V2OrganizationSourceIamBindingOutput) Source() pulumi.StringOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamBinding) pulumi.StringOutput { return v.Source }).(pulumi.StringOutput) +} + +type V2OrganizationSourceIamBindingArrayOutput struct{ *pulumi.OutputState } + +func (V2OrganizationSourceIamBindingArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*V2OrganizationSourceIamBinding)(nil)).Elem() +} + +func (o V2OrganizationSourceIamBindingArrayOutput) ToV2OrganizationSourceIamBindingArrayOutput() V2OrganizationSourceIamBindingArrayOutput { + return o +} + +func (o V2OrganizationSourceIamBindingArrayOutput) ToV2OrganizationSourceIamBindingArrayOutputWithContext(ctx context.Context) V2OrganizationSourceIamBindingArrayOutput { + return o +} + +func (o V2OrganizationSourceIamBindingArrayOutput) Index(i pulumi.IntInput) V2OrganizationSourceIamBindingOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *V2OrganizationSourceIamBinding { + return vs[0].([]*V2OrganizationSourceIamBinding)[vs[1].(int)] + }).(V2OrganizationSourceIamBindingOutput) +} + +type V2OrganizationSourceIamBindingMapOutput struct{ *pulumi.OutputState } + +func (V2OrganizationSourceIamBindingMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*V2OrganizationSourceIamBinding)(nil)).Elem() +} + +func (o V2OrganizationSourceIamBindingMapOutput) ToV2OrganizationSourceIamBindingMapOutput() V2OrganizationSourceIamBindingMapOutput { + return o +} + +func (o V2OrganizationSourceIamBindingMapOutput) ToV2OrganizationSourceIamBindingMapOutputWithContext(ctx context.Context) V2OrganizationSourceIamBindingMapOutput { + return o +} + +func (o V2OrganizationSourceIamBindingMapOutput) MapIndex(k pulumi.StringInput) V2OrganizationSourceIamBindingOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *V2OrganizationSourceIamBinding { + return vs[0].(map[string]*V2OrganizationSourceIamBinding)[vs[1].(string)] + }).(V2OrganizationSourceIamBindingOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*V2OrganizationSourceIamBindingInput)(nil)).Elem(), &V2OrganizationSourceIamBinding{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2OrganizationSourceIamBindingArrayInput)(nil)).Elem(), V2OrganizationSourceIamBindingArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2OrganizationSourceIamBindingMapInput)(nil)).Elem(), V2OrganizationSourceIamBindingMap{}) + pulumi.RegisterOutputType(V2OrganizationSourceIamBindingOutput{}) + pulumi.RegisterOutputType(V2OrganizationSourceIamBindingArrayOutput{}) + pulumi.RegisterOutputType(V2OrganizationSourceIamBindingMapOutput{}) +} diff --git a/sdk/go/gcp/securitycenter/v2organizationSourceIamMember.go b/sdk/go/gcp/securitycenter/v2organizationSourceIamMember.go new file mode 100644 index 0000000000..2e026c177e --- /dev/null +++ b/sdk/go/gcp/securitycenter/v2organizationSourceIamMember.go @@ -0,0 +1,627 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package securitycenter + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: +// +// * `securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. +// * `securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. +// * `securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. +// +// # A data source can be used to retrieve policy data in advent you do not need creation +// +// * `securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource +// +// > **Note:** `securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `securitycenter.V2OrganizationSourceIamBinding` and `securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. +// +// > **Note:** `securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. +// +// ## securitycenter.V2OrganizationSourceIamPolicy +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, "policy", &securitycenter.V2OrganizationSourceIamPolicyArgs{ +// Source: pulumi.Any(customSource.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## securitycenter.V2OrganizationSourceIamBinding +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, "binding", &securitycenter.V2OrganizationSourceIamBindingArgs{ +// Source: pulumi.Any(customSource.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## securitycenter.V2OrganizationSourceIamMember +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, "member", &securitycenter.V2OrganizationSourceIamMemberArgs{ +// Source: pulumi.Any(customSource.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the +// +// full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. +// --- +// +// # IAM policy for Security Command Center (SCC)v2 API OrganizationSource +// Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: +// +// * `securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. +// * `securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. +// * `securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. +// +// # A data source can be used to retrieve policy data in advent you do not need creation +// +// * `securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource +// +// > **Note:** `securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `securitycenter.V2OrganizationSourceIamBinding` and `securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. +// +// > **Note:** `securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. +// +// ## securitycenter.V2OrganizationSourceIamPolicy +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, "policy", &securitycenter.V2OrganizationSourceIamPolicyArgs{ +// Source: pulumi.Any(customSource.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## securitycenter.V2OrganizationSourceIamBinding +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, "binding", &securitycenter.V2OrganizationSourceIamBindingArgs{ +// Source: pulumi.Any(customSource.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## securitycenter.V2OrganizationSourceIamMember +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, "member", &securitycenter.V2OrganizationSourceIamMemberArgs{ +// Source: pulumi.Any(customSource.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// For all import syntaxes, the "resource in question" can take any of the following forms: +// +// * organizations/{{organization}}/sources/{{source}} +// +// * {{organization}}/{{source}} +// +// * {{source}} +// +// Any variables not passed in the import command will be taken from the provider configuration. +// +// Security Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member. +// +// IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. +// +// ```sh +// $ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor "organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com" +// ``` +// +// IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. +// +// ```sh +// $ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor "organizations/{{organization}}/sources/{{source}} roles/viewer" +// ``` +// +// IAM policy imports use the identifier of the resource in question, e.g. +// +// ```sh +// $ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor organizations/{{organization}}/sources/{{source}} +// ``` +// +// -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the +// +// full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. +type V2OrganizationSourceIamMember struct { + pulumi.CustomResourceState + + Condition V2OrganizationSourceIamMemberConditionPtrOutput `pulumi:"condition"` + // (Computed) The etag of the IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + Organization pulumi.StringOutput `pulumi:"organization"` + // The role that should be applied. Only one + // `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringOutput `pulumi:"role"` + // Used to find the parent resource to bind the IAM policy to + Source pulumi.StringOutput `pulumi:"source"` +} + +// NewV2OrganizationSourceIamMember registers a new resource with the given unique name, arguments, and options. +func NewV2OrganizationSourceIamMember(ctx *pulumi.Context, + name string, args *V2OrganizationSourceIamMemberArgs, opts ...pulumi.ResourceOption) (*V2OrganizationSourceIamMember, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.Member == nil { + return nil, errors.New("invalid value for required argument 'Member'") + } + if args.Organization == nil { + return nil, errors.New("invalid value for required argument 'Organization'") + } + if args.Role == nil { + return nil, errors.New("invalid value for required argument 'Role'") + } + if args.Source == nil { + return nil, errors.New("invalid value for required argument 'Source'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource V2OrganizationSourceIamMember + err := ctx.RegisterResource("gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetV2OrganizationSourceIamMember gets an existing V2OrganizationSourceIamMember resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetV2OrganizationSourceIamMember(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *V2OrganizationSourceIamMemberState, opts ...pulumi.ResourceOption) (*V2OrganizationSourceIamMember, error) { + var resource V2OrganizationSourceIamMember + err := ctx.ReadResource("gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering V2OrganizationSourceIamMember resources. +type v2organizationSourceIamMemberState struct { + Condition *V2OrganizationSourceIamMemberCondition `pulumi:"condition"` + // (Computed) The etag of the IAM policy. + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + Organization *string `pulumi:"organization"` + // The role that should be applied. Only one + // `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role *string `pulumi:"role"` + // Used to find the parent resource to bind the IAM policy to + Source *string `pulumi:"source"` +} + +type V2OrganizationSourceIamMemberState struct { + Condition V2OrganizationSourceIamMemberConditionPtrInput + // (Computed) The etag of the IAM policy. + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + Organization pulumi.StringPtrInput + // The role that should be applied. Only one + // `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to + Source pulumi.StringPtrInput +} + +func (V2OrganizationSourceIamMemberState) ElementType() reflect.Type { + return reflect.TypeOf((*v2organizationSourceIamMemberState)(nil)).Elem() +} + +type v2organizationSourceIamMemberArgs struct { + Condition *V2OrganizationSourceIamMemberCondition `pulumi:"condition"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + Organization string `pulumi:"organization"` + // The role that should be applied. Only one + // `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role string `pulumi:"role"` + // Used to find the parent resource to bind the IAM policy to + Source string `pulumi:"source"` +} + +// The set of arguments for constructing a V2OrganizationSourceIamMember resource. +type V2OrganizationSourceIamMemberArgs struct { + Condition V2OrganizationSourceIamMemberConditionPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + Organization pulumi.StringInput + // The role that should be applied. Only one + // `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to + Source pulumi.StringInput +} + +func (V2OrganizationSourceIamMemberArgs) ElementType() reflect.Type { + return reflect.TypeOf((*v2organizationSourceIamMemberArgs)(nil)).Elem() +} + +type V2OrganizationSourceIamMemberInput interface { + pulumi.Input + + ToV2OrganizationSourceIamMemberOutput() V2OrganizationSourceIamMemberOutput + ToV2OrganizationSourceIamMemberOutputWithContext(ctx context.Context) V2OrganizationSourceIamMemberOutput +} + +func (*V2OrganizationSourceIamMember) ElementType() reflect.Type { + return reflect.TypeOf((**V2OrganizationSourceIamMember)(nil)).Elem() +} + +func (i *V2OrganizationSourceIamMember) ToV2OrganizationSourceIamMemberOutput() V2OrganizationSourceIamMemberOutput { + return i.ToV2OrganizationSourceIamMemberOutputWithContext(context.Background()) +} + +func (i *V2OrganizationSourceIamMember) ToV2OrganizationSourceIamMemberOutputWithContext(ctx context.Context) V2OrganizationSourceIamMemberOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2OrganizationSourceIamMemberOutput) +} + +// V2OrganizationSourceIamMemberArrayInput is an input type that accepts V2OrganizationSourceIamMemberArray and V2OrganizationSourceIamMemberArrayOutput values. +// You can construct a concrete instance of `V2OrganizationSourceIamMemberArrayInput` via: +// +// V2OrganizationSourceIamMemberArray{ V2OrganizationSourceIamMemberArgs{...} } +type V2OrganizationSourceIamMemberArrayInput interface { + pulumi.Input + + ToV2OrganizationSourceIamMemberArrayOutput() V2OrganizationSourceIamMemberArrayOutput + ToV2OrganizationSourceIamMemberArrayOutputWithContext(context.Context) V2OrganizationSourceIamMemberArrayOutput +} + +type V2OrganizationSourceIamMemberArray []V2OrganizationSourceIamMemberInput + +func (V2OrganizationSourceIamMemberArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*V2OrganizationSourceIamMember)(nil)).Elem() +} + +func (i V2OrganizationSourceIamMemberArray) ToV2OrganizationSourceIamMemberArrayOutput() V2OrganizationSourceIamMemberArrayOutput { + return i.ToV2OrganizationSourceIamMemberArrayOutputWithContext(context.Background()) +} + +func (i V2OrganizationSourceIamMemberArray) ToV2OrganizationSourceIamMemberArrayOutputWithContext(ctx context.Context) V2OrganizationSourceIamMemberArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2OrganizationSourceIamMemberArrayOutput) +} + +// V2OrganizationSourceIamMemberMapInput is an input type that accepts V2OrganizationSourceIamMemberMap and V2OrganizationSourceIamMemberMapOutput values. +// You can construct a concrete instance of `V2OrganizationSourceIamMemberMapInput` via: +// +// V2OrganizationSourceIamMemberMap{ "key": V2OrganizationSourceIamMemberArgs{...} } +type V2OrganizationSourceIamMemberMapInput interface { + pulumi.Input + + ToV2OrganizationSourceIamMemberMapOutput() V2OrganizationSourceIamMemberMapOutput + ToV2OrganizationSourceIamMemberMapOutputWithContext(context.Context) V2OrganizationSourceIamMemberMapOutput +} + +type V2OrganizationSourceIamMemberMap map[string]V2OrganizationSourceIamMemberInput + +func (V2OrganizationSourceIamMemberMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*V2OrganizationSourceIamMember)(nil)).Elem() +} + +func (i V2OrganizationSourceIamMemberMap) ToV2OrganizationSourceIamMemberMapOutput() V2OrganizationSourceIamMemberMapOutput { + return i.ToV2OrganizationSourceIamMemberMapOutputWithContext(context.Background()) +} + +func (i V2OrganizationSourceIamMemberMap) ToV2OrganizationSourceIamMemberMapOutputWithContext(ctx context.Context) V2OrganizationSourceIamMemberMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2OrganizationSourceIamMemberMapOutput) +} + +type V2OrganizationSourceIamMemberOutput struct{ *pulumi.OutputState } + +func (V2OrganizationSourceIamMemberOutput) ElementType() reflect.Type { + return reflect.TypeOf((**V2OrganizationSourceIamMember)(nil)).Elem() +} + +func (o V2OrganizationSourceIamMemberOutput) ToV2OrganizationSourceIamMemberOutput() V2OrganizationSourceIamMemberOutput { + return o +} + +func (o V2OrganizationSourceIamMemberOutput) ToV2OrganizationSourceIamMemberOutputWithContext(ctx context.Context) V2OrganizationSourceIamMemberOutput { + return o +} + +func (o V2OrganizationSourceIamMemberOutput) Condition() V2OrganizationSourceIamMemberConditionPtrOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamMember) V2OrganizationSourceIamMemberConditionPtrOutput { + return v.Condition + }).(V2OrganizationSourceIamMemberConditionPtrOutput) +} + +// (Computed) The etag of the IAM policy. +func (o V2OrganizationSourceIamMemberOutput) Etag() pulumi.StringOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) +} + +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" +func (o V2OrganizationSourceIamMemberOutput) Member() pulumi.StringOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) +} + +func (o V2OrganizationSourceIamMemberOutput) Organization() pulumi.StringOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamMember) pulumi.StringOutput { return v.Organization }).(pulumi.StringOutput) +} + +// The role that should be applied. Only one +// `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format +// `[projects|organizations]/{parent-name}/roles/{role-name}`. +func (o V2OrganizationSourceIamMemberOutput) Role() pulumi.StringOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamMember) pulumi.StringOutput { return v.Role }).(pulumi.StringOutput) +} + +// Used to find the parent resource to bind the IAM policy to +func (o V2OrganizationSourceIamMemberOutput) Source() pulumi.StringOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamMember) pulumi.StringOutput { return v.Source }).(pulumi.StringOutput) +} + +type V2OrganizationSourceIamMemberArrayOutput struct{ *pulumi.OutputState } + +func (V2OrganizationSourceIamMemberArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*V2OrganizationSourceIamMember)(nil)).Elem() +} + +func (o V2OrganizationSourceIamMemberArrayOutput) ToV2OrganizationSourceIamMemberArrayOutput() V2OrganizationSourceIamMemberArrayOutput { + return o +} + +func (o V2OrganizationSourceIamMemberArrayOutput) ToV2OrganizationSourceIamMemberArrayOutputWithContext(ctx context.Context) V2OrganizationSourceIamMemberArrayOutput { + return o +} + +func (o V2OrganizationSourceIamMemberArrayOutput) Index(i pulumi.IntInput) V2OrganizationSourceIamMemberOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *V2OrganizationSourceIamMember { + return vs[0].([]*V2OrganizationSourceIamMember)[vs[1].(int)] + }).(V2OrganizationSourceIamMemberOutput) +} + +type V2OrganizationSourceIamMemberMapOutput struct{ *pulumi.OutputState } + +func (V2OrganizationSourceIamMemberMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*V2OrganizationSourceIamMember)(nil)).Elem() +} + +func (o V2OrganizationSourceIamMemberMapOutput) ToV2OrganizationSourceIamMemberMapOutput() V2OrganizationSourceIamMemberMapOutput { + return o +} + +func (o V2OrganizationSourceIamMemberMapOutput) ToV2OrganizationSourceIamMemberMapOutputWithContext(ctx context.Context) V2OrganizationSourceIamMemberMapOutput { + return o +} + +func (o V2OrganizationSourceIamMemberMapOutput) MapIndex(k pulumi.StringInput) V2OrganizationSourceIamMemberOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *V2OrganizationSourceIamMember { + return vs[0].(map[string]*V2OrganizationSourceIamMember)[vs[1].(string)] + }).(V2OrganizationSourceIamMemberOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*V2OrganizationSourceIamMemberInput)(nil)).Elem(), &V2OrganizationSourceIamMember{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2OrganizationSourceIamMemberArrayInput)(nil)).Elem(), V2OrganizationSourceIamMemberArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2OrganizationSourceIamMemberMapInput)(nil)).Elem(), V2OrganizationSourceIamMemberMap{}) + pulumi.RegisterOutputType(V2OrganizationSourceIamMemberOutput{}) + pulumi.RegisterOutputType(V2OrganizationSourceIamMemberArrayOutput{}) + pulumi.RegisterOutputType(V2OrganizationSourceIamMemberMapOutput{}) +} diff --git a/sdk/go/gcp/securitycenter/v2organizationSourceIamPolicy.go b/sdk/go/gcp/securitycenter/v2organizationSourceIamPolicy.go new file mode 100644 index 0000000000..a70df1a979 --- /dev/null +++ b/sdk/go/gcp/securitycenter/v2organizationSourceIamPolicy.go @@ -0,0 +1,532 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package securitycenter + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: +// +// * `securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. +// * `securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. +// * `securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. +// +// # A data source can be used to retrieve policy data in advent you do not need creation +// +// * `securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource +// +// > **Note:** `securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `securitycenter.V2OrganizationSourceIamBinding` and `securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. +// +// > **Note:** `securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. +// +// ## securitycenter.V2OrganizationSourceIamPolicy +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, "policy", &securitycenter.V2OrganizationSourceIamPolicyArgs{ +// Source: pulumi.Any(customSource.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## securitycenter.V2OrganizationSourceIamBinding +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, "binding", &securitycenter.V2OrganizationSourceIamBindingArgs{ +// Source: pulumi.Any(customSource.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## securitycenter.V2OrganizationSourceIamMember +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, "member", &securitycenter.V2OrganizationSourceIamMemberArgs{ +// Source: pulumi.Any(customSource.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the +// +// full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. +// --- +// +// # IAM policy for Security Command Center (SCC)v2 API OrganizationSource +// Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: +// +// * `securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. +// * `securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. +// * `securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. +// +// # A data source can be used to retrieve policy data in advent you do not need creation +// +// * `securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource +// +// > **Note:** `securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `securitycenter.V2OrganizationSourceIamBinding` and `securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. +// +// > **Note:** `securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. +// +// ## securitycenter.V2OrganizationSourceIamPolicy +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = securitycenter.NewV2OrganizationSourceIamPolicy(ctx, "policy", &securitycenter.V2OrganizationSourceIamPolicyArgs{ +// Source: pulumi.Any(customSource.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## securitycenter.V2OrganizationSourceIamBinding +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := securitycenter.NewV2OrganizationSourceIamBinding(ctx, "binding", &securitycenter.V2OrganizationSourceIamBindingArgs{ +// Source: pulumi.Any(customSource.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## securitycenter.V2OrganizationSourceIamMember +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := securitycenter.NewV2OrganizationSourceIamMember(ctx, "member", &securitycenter.V2OrganizationSourceIamMemberArgs{ +// Source: pulumi.Any(customSource.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// For all import syntaxes, the "resource in question" can take any of the following forms: +// +// * organizations/{{organization}}/sources/{{source}} +// +// * {{organization}}/{{source}} +// +// * {{source}} +// +// Any variables not passed in the import command will be taken from the provider configuration. +// +// Security Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member. +// +// IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. +// +// ```sh +// $ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor "organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com" +// ``` +// +// IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. +// +// ```sh +// $ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor "organizations/{{organization}}/sources/{{source}} roles/viewer" +// ``` +// +// IAM policy imports use the identifier of the resource in question, e.g. +// +// ```sh +// $ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor organizations/{{organization}}/sources/{{source}} +// ``` +// +// -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the +// +// full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. +type V2OrganizationSourceIamPolicy struct { + pulumi.CustomResourceState + + // (Computed) The etag of the IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + Organization pulumi.StringOutput `pulumi:"organization"` + // The policy data generated by + // a `organizations.getIAMPolicy` data source. + PolicyData pulumi.StringOutput `pulumi:"policyData"` + // Used to find the parent resource to bind the IAM policy to + Source pulumi.StringOutput `pulumi:"source"` +} + +// NewV2OrganizationSourceIamPolicy registers a new resource with the given unique name, arguments, and options. +func NewV2OrganizationSourceIamPolicy(ctx *pulumi.Context, + name string, args *V2OrganizationSourceIamPolicyArgs, opts ...pulumi.ResourceOption) (*V2OrganizationSourceIamPolicy, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.Organization == nil { + return nil, errors.New("invalid value for required argument 'Organization'") + } + if args.PolicyData == nil { + return nil, errors.New("invalid value for required argument 'PolicyData'") + } + if args.Source == nil { + return nil, errors.New("invalid value for required argument 'Source'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource V2OrganizationSourceIamPolicy + err := ctx.RegisterResource("gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetV2OrganizationSourceIamPolicy gets an existing V2OrganizationSourceIamPolicy resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetV2OrganizationSourceIamPolicy(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *V2OrganizationSourceIamPolicyState, opts ...pulumi.ResourceOption) (*V2OrganizationSourceIamPolicy, error) { + var resource V2OrganizationSourceIamPolicy + err := ctx.ReadResource("gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering V2OrganizationSourceIamPolicy resources. +type v2organizationSourceIamPolicyState struct { + // (Computed) The etag of the IAM policy. + Etag *string `pulumi:"etag"` + Organization *string `pulumi:"organization"` + // The policy data generated by + // a `organizations.getIAMPolicy` data source. + PolicyData *string `pulumi:"policyData"` + // Used to find the parent resource to bind the IAM policy to + Source *string `pulumi:"source"` +} + +type V2OrganizationSourceIamPolicyState struct { + // (Computed) The etag of the IAM policy. + Etag pulumi.StringPtrInput + Organization pulumi.StringPtrInput + // The policy data generated by + // a `organizations.getIAMPolicy` data source. + PolicyData pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to + Source pulumi.StringPtrInput +} + +func (V2OrganizationSourceIamPolicyState) ElementType() reflect.Type { + return reflect.TypeOf((*v2organizationSourceIamPolicyState)(nil)).Elem() +} + +type v2organizationSourceIamPolicyArgs struct { + Organization string `pulumi:"organization"` + // The policy data generated by + // a `organizations.getIAMPolicy` data source. + PolicyData string `pulumi:"policyData"` + // Used to find the parent resource to bind the IAM policy to + Source string `pulumi:"source"` +} + +// The set of arguments for constructing a V2OrganizationSourceIamPolicy resource. +type V2OrganizationSourceIamPolicyArgs struct { + Organization pulumi.StringInput + // The policy data generated by + // a `organizations.getIAMPolicy` data source. + PolicyData pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to + Source pulumi.StringInput +} + +func (V2OrganizationSourceIamPolicyArgs) ElementType() reflect.Type { + return reflect.TypeOf((*v2organizationSourceIamPolicyArgs)(nil)).Elem() +} + +type V2OrganizationSourceIamPolicyInput interface { + pulumi.Input + + ToV2OrganizationSourceIamPolicyOutput() V2OrganizationSourceIamPolicyOutput + ToV2OrganizationSourceIamPolicyOutputWithContext(ctx context.Context) V2OrganizationSourceIamPolicyOutput +} + +func (*V2OrganizationSourceIamPolicy) ElementType() reflect.Type { + return reflect.TypeOf((**V2OrganizationSourceIamPolicy)(nil)).Elem() +} + +func (i *V2OrganizationSourceIamPolicy) ToV2OrganizationSourceIamPolicyOutput() V2OrganizationSourceIamPolicyOutput { + return i.ToV2OrganizationSourceIamPolicyOutputWithContext(context.Background()) +} + +func (i *V2OrganizationSourceIamPolicy) ToV2OrganizationSourceIamPolicyOutputWithContext(ctx context.Context) V2OrganizationSourceIamPolicyOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2OrganizationSourceIamPolicyOutput) +} + +// V2OrganizationSourceIamPolicyArrayInput is an input type that accepts V2OrganizationSourceIamPolicyArray and V2OrganizationSourceIamPolicyArrayOutput values. +// You can construct a concrete instance of `V2OrganizationSourceIamPolicyArrayInput` via: +// +// V2OrganizationSourceIamPolicyArray{ V2OrganizationSourceIamPolicyArgs{...} } +type V2OrganizationSourceIamPolicyArrayInput interface { + pulumi.Input + + ToV2OrganizationSourceIamPolicyArrayOutput() V2OrganizationSourceIamPolicyArrayOutput + ToV2OrganizationSourceIamPolicyArrayOutputWithContext(context.Context) V2OrganizationSourceIamPolicyArrayOutput +} + +type V2OrganizationSourceIamPolicyArray []V2OrganizationSourceIamPolicyInput + +func (V2OrganizationSourceIamPolicyArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*V2OrganizationSourceIamPolicy)(nil)).Elem() +} + +func (i V2OrganizationSourceIamPolicyArray) ToV2OrganizationSourceIamPolicyArrayOutput() V2OrganizationSourceIamPolicyArrayOutput { + return i.ToV2OrganizationSourceIamPolicyArrayOutputWithContext(context.Background()) +} + +func (i V2OrganizationSourceIamPolicyArray) ToV2OrganizationSourceIamPolicyArrayOutputWithContext(ctx context.Context) V2OrganizationSourceIamPolicyArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2OrganizationSourceIamPolicyArrayOutput) +} + +// V2OrganizationSourceIamPolicyMapInput is an input type that accepts V2OrganizationSourceIamPolicyMap and V2OrganizationSourceIamPolicyMapOutput values. +// You can construct a concrete instance of `V2OrganizationSourceIamPolicyMapInput` via: +// +// V2OrganizationSourceIamPolicyMap{ "key": V2OrganizationSourceIamPolicyArgs{...} } +type V2OrganizationSourceIamPolicyMapInput interface { + pulumi.Input + + ToV2OrganizationSourceIamPolicyMapOutput() V2OrganizationSourceIamPolicyMapOutput + ToV2OrganizationSourceIamPolicyMapOutputWithContext(context.Context) V2OrganizationSourceIamPolicyMapOutput +} + +type V2OrganizationSourceIamPolicyMap map[string]V2OrganizationSourceIamPolicyInput + +func (V2OrganizationSourceIamPolicyMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*V2OrganizationSourceIamPolicy)(nil)).Elem() +} + +func (i V2OrganizationSourceIamPolicyMap) ToV2OrganizationSourceIamPolicyMapOutput() V2OrganizationSourceIamPolicyMapOutput { + return i.ToV2OrganizationSourceIamPolicyMapOutputWithContext(context.Background()) +} + +func (i V2OrganizationSourceIamPolicyMap) ToV2OrganizationSourceIamPolicyMapOutputWithContext(ctx context.Context) V2OrganizationSourceIamPolicyMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2OrganizationSourceIamPolicyMapOutput) +} + +type V2OrganizationSourceIamPolicyOutput struct{ *pulumi.OutputState } + +func (V2OrganizationSourceIamPolicyOutput) ElementType() reflect.Type { + return reflect.TypeOf((**V2OrganizationSourceIamPolicy)(nil)).Elem() +} + +func (o V2OrganizationSourceIamPolicyOutput) ToV2OrganizationSourceIamPolicyOutput() V2OrganizationSourceIamPolicyOutput { + return o +} + +func (o V2OrganizationSourceIamPolicyOutput) ToV2OrganizationSourceIamPolicyOutputWithContext(ctx context.Context) V2OrganizationSourceIamPolicyOutput { + return o +} + +// (Computed) The etag of the IAM policy. +func (o V2OrganizationSourceIamPolicyOutput) Etag() pulumi.StringOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamPolicy) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) +} + +func (o V2OrganizationSourceIamPolicyOutput) Organization() pulumi.StringOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamPolicy) pulumi.StringOutput { return v.Organization }).(pulumi.StringOutput) +} + +// The policy data generated by +// a `organizations.getIAMPolicy` data source. +func (o V2OrganizationSourceIamPolicyOutput) PolicyData() pulumi.StringOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamPolicy) pulumi.StringOutput { return v.PolicyData }).(pulumi.StringOutput) +} + +// Used to find the parent resource to bind the IAM policy to +func (o V2OrganizationSourceIamPolicyOutput) Source() pulumi.StringOutput { + return o.ApplyT(func(v *V2OrganizationSourceIamPolicy) pulumi.StringOutput { return v.Source }).(pulumi.StringOutput) +} + +type V2OrganizationSourceIamPolicyArrayOutput struct{ *pulumi.OutputState } + +func (V2OrganizationSourceIamPolicyArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*V2OrganizationSourceIamPolicy)(nil)).Elem() +} + +func (o V2OrganizationSourceIamPolicyArrayOutput) ToV2OrganizationSourceIamPolicyArrayOutput() V2OrganizationSourceIamPolicyArrayOutput { + return o +} + +func (o V2OrganizationSourceIamPolicyArrayOutput) ToV2OrganizationSourceIamPolicyArrayOutputWithContext(ctx context.Context) V2OrganizationSourceIamPolicyArrayOutput { + return o +} + +func (o V2OrganizationSourceIamPolicyArrayOutput) Index(i pulumi.IntInput) V2OrganizationSourceIamPolicyOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *V2OrganizationSourceIamPolicy { + return vs[0].([]*V2OrganizationSourceIamPolicy)[vs[1].(int)] + }).(V2OrganizationSourceIamPolicyOutput) +} + +type V2OrganizationSourceIamPolicyMapOutput struct{ *pulumi.OutputState } + +func (V2OrganizationSourceIamPolicyMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*V2OrganizationSourceIamPolicy)(nil)).Elem() +} + +func (o V2OrganizationSourceIamPolicyMapOutput) ToV2OrganizationSourceIamPolicyMapOutput() V2OrganizationSourceIamPolicyMapOutput { + return o +} + +func (o V2OrganizationSourceIamPolicyMapOutput) ToV2OrganizationSourceIamPolicyMapOutputWithContext(ctx context.Context) V2OrganizationSourceIamPolicyMapOutput { + return o +} + +func (o V2OrganizationSourceIamPolicyMapOutput) MapIndex(k pulumi.StringInput) V2OrganizationSourceIamPolicyOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *V2OrganizationSourceIamPolicy { + return vs[0].(map[string]*V2OrganizationSourceIamPolicy)[vs[1].(string)] + }).(V2OrganizationSourceIamPolicyOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*V2OrganizationSourceIamPolicyInput)(nil)).Elem(), &V2OrganizationSourceIamPolicy{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2OrganizationSourceIamPolicyArrayInput)(nil)).Elem(), V2OrganizationSourceIamPolicyArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2OrganizationSourceIamPolicyMapInput)(nil)).Elem(), V2OrganizationSourceIamPolicyMap{}) + pulumi.RegisterOutputType(V2OrganizationSourceIamPolicyOutput{}) + pulumi.RegisterOutputType(V2OrganizationSourceIamPolicyArrayOutput{}) + pulumi.RegisterOutputType(V2OrganizationSourceIamPolicyMapOutput{}) +} diff --git a/sdk/go/gcp/securitycenter/v2projectMuteConfig.go b/sdk/go/gcp/securitycenter/v2projectMuteConfig.go new file mode 100644 index 0000000000..c3f0121bc2 --- /dev/null +++ b/sdk/go/gcp/securitycenter/v2projectMuteConfig.go @@ -0,0 +1,482 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package securitycenter + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Mute Findings is a volume management feature in Security Command Center +// that lets you manually or programmatically hide irrelevant findings, +// and create filters to automatically silence existing and future +// findings based on criteria you specify. +// +// To get more information about ProjectMuteConfig, see: +// +// * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/projects.muteConfigs) +// +// ## Example Usage +// +// ### Scc V2 Project Mute Config Basic +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := securitycenter.NewV2ProjectMuteConfig(ctx, "default", &securitycenter.V2ProjectMuteConfigArgs{ +// MuteConfigId: pulumi.String("my-config"), +// Project: pulumi.String(""), +// Location: pulumi.String("global"), +// Description: pulumi.String("My custom Cloud Security Command Center Finding Project mute Configuration"), +// Filter: pulumi.String("severity = \"HIGH\""), +// Type: pulumi.String("STATIC"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// ProjectMuteConfig can be imported using any of these accepted formats: +// +// * `projects/{{project}}/locations/{{location}}/muteConfigs/{{mute_config_id}}` +// +// * `{{project}}/{{location}}/{{mute_config_id}}` +// +// * `{{location}}/{{mute_config_id}}` +// +// When using the `pulumi import` command, ProjectMuteConfig can be imported using one of the formats above. For example: +// +// ```sh +// $ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default projects/{{project}}/locations/{{location}}/muteConfigs/{{mute_config_id}} +// ``` +// +// ```sh +// $ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default {{project}}/{{location}}/{{mute_config_id}} +// ``` +// +// ```sh +// $ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default {{location}}/{{mute_config_id}} +// ``` +type V2ProjectMuteConfig struct { + pulumi.CustomResourceState + + // The time at which the mute config was created. This field is set by + // the server and will be ignored if provided on config creation. + CreateTime pulumi.StringOutput `pulumi:"createTime"` + // A description of the mute config. + Description pulumi.StringPtrOutput `pulumi:"description"` + // An expression that defines the filter to apply across create/update + // events of findings. While creating a filter string, be mindful of + // the scope in which the mute configuration is being created. E.g., + // If a filter contains project = X but is created under the + // project = Y scope, it might not match any findings. + Filter pulumi.StringOutput `pulumi:"filter"` + // location Id is provided by project. If not provided, Use global as default. + Location pulumi.StringPtrOutput `pulumi:"location"` + // Email address of the user who last edited the mute config. This + // field is set by the server and will be ignored if provided on + // config creation or update. + MostRecentEditor pulumi.StringOutput `pulumi:"mostRecentEditor"` + // Unique identifier provided by the client within the parent scope. + // + // *** + MuteConfigId pulumi.StringOutput `pulumi:"muteConfigId"` + // Name of the mute config. Its format is + // projects/{project}/locations/global/muteConfigs/{configId}, + // folders/{folder}/locations/global/muteConfigs/{configId}, + // or organizations/{organization}/locations/global/muteConfigs/{configId} + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project pulumi.StringOutput `pulumi:"project"` + // The type of the mute config. + Type pulumi.StringOutput `pulumi:"type"` + // Output only. The most recent time at which the mute config was + // updated. This field is set by the server and will be ignored if + // provided on config creation or update. + UpdateTime pulumi.StringOutput `pulumi:"updateTime"` +} + +// NewV2ProjectMuteConfig registers a new resource with the given unique name, arguments, and options. +func NewV2ProjectMuteConfig(ctx *pulumi.Context, + name string, args *V2ProjectMuteConfigArgs, opts ...pulumi.ResourceOption) (*V2ProjectMuteConfig, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.Filter == nil { + return nil, errors.New("invalid value for required argument 'Filter'") + } + if args.MuteConfigId == nil { + return nil, errors.New("invalid value for required argument 'MuteConfigId'") + } + if args.Type == nil { + return nil, errors.New("invalid value for required argument 'Type'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource V2ProjectMuteConfig + err := ctx.RegisterResource("gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetV2ProjectMuteConfig gets an existing V2ProjectMuteConfig resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetV2ProjectMuteConfig(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *V2ProjectMuteConfigState, opts ...pulumi.ResourceOption) (*V2ProjectMuteConfig, error) { + var resource V2ProjectMuteConfig + err := ctx.ReadResource("gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering V2ProjectMuteConfig resources. +type v2projectMuteConfigState struct { + // The time at which the mute config was created. This field is set by + // the server and will be ignored if provided on config creation. + CreateTime *string `pulumi:"createTime"` + // A description of the mute config. + Description *string `pulumi:"description"` + // An expression that defines the filter to apply across create/update + // events of findings. While creating a filter string, be mindful of + // the scope in which the mute configuration is being created. E.g., + // If a filter contains project = X but is created under the + // project = Y scope, it might not match any findings. + Filter *string `pulumi:"filter"` + // location Id is provided by project. If not provided, Use global as default. + Location *string `pulumi:"location"` + // Email address of the user who last edited the mute config. This + // field is set by the server and will be ignored if provided on + // config creation or update. + MostRecentEditor *string `pulumi:"mostRecentEditor"` + // Unique identifier provided by the client within the parent scope. + // + // *** + MuteConfigId *string `pulumi:"muteConfigId"` + // Name of the mute config. Its format is + // projects/{project}/locations/global/muteConfigs/{configId}, + // folders/{folder}/locations/global/muteConfigs/{configId}, + // or organizations/{organization}/locations/global/muteConfigs/{configId} + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project *string `pulumi:"project"` + // The type of the mute config. + Type *string `pulumi:"type"` + // Output only. The most recent time at which the mute config was + // updated. This field is set by the server and will be ignored if + // provided on config creation or update. + UpdateTime *string `pulumi:"updateTime"` +} + +type V2ProjectMuteConfigState struct { + // The time at which the mute config was created. This field is set by + // the server and will be ignored if provided on config creation. + CreateTime pulumi.StringPtrInput + // A description of the mute config. + Description pulumi.StringPtrInput + // An expression that defines the filter to apply across create/update + // events of findings. While creating a filter string, be mindful of + // the scope in which the mute configuration is being created. E.g., + // If a filter contains project = X but is created under the + // project = Y scope, it might not match any findings. + Filter pulumi.StringPtrInput + // location Id is provided by project. If not provided, Use global as default. + Location pulumi.StringPtrInput + // Email address of the user who last edited the mute config. This + // field is set by the server and will be ignored if provided on + // config creation or update. + MostRecentEditor pulumi.StringPtrInput + // Unique identifier provided by the client within the parent scope. + // + // *** + MuteConfigId pulumi.StringPtrInput + // Name of the mute config. Its format is + // projects/{project}/locations/global/muteConfigs/{configId}, + // folders/{folder}/locations/global/muteConfigs/{configId}, + // or organizations/{organization}/locations/global/muteConfigs/{configId} + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project pulumi.StringPtrInput + // The type of the mute config. + Type pulumi.StringPtrInput + // Output only. The most recent time at which the mute config was + // updated. This field is set by the server and will be ignored if + // provided on config creation or update. + UpdateTime pulumi.StringPtrInput +} + +func (V2ProjectMuteConfigState) ElementType() reflect.Type { + return reflect.TypeOf((*v2projectMuteConfigState)(nil)).Elem() +} + +type v2projectMuteConfigArgs struct { + // A description of the mute config. + Description *string `pulumi:"description"` + // An expression that defines the filter to apply across create/update + // events of findings. While creating a filter string, be mindful of + // the scope in which the mute configuration is being created. E.g., + // If a filter contains project = X but is created under the + // project = Y scope, it might not match any findings. + Filter string `pulumi:"filter"` + // location Id is provided by project. If not provided, Use global as default. + Location *string `pulumi:"location"` + // Unique identifier provided by the client within the parent scope. + // + // *** + MuteConfigId string `pulumi:"muteConfigId"` + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project *string `pulumi:"project"` + // The type of the mute config. + Type string `pulumi:"type"` +} + +// The set of arguments for constructing a V2ProjectMuteConfig resource. +type V2ProjectMuteConfigArgs struct { + // A description of the mute config. + Description pulumi.StringPtrInput + // An expression that defines the filter to apply across create/update + // events of findings. While creating a filter string, be mindful of + // the scope in which the mute configuration is being created. E.g., + // If a filter contains project = X but is created under the + // project = Y scope, it might not match any findings. + Filter pulumi.StringInput + // location Id is provided by project. If not provided, Use global as default. + Location pulumi.StringPtrInput + // Unique identifier provided by the client within the parent scope. + // + // *** + MuteConfigId pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project pulumi.StringPtrInput + // The type of the mute config. + Type pulumi.StringInput +} + +func (V2ProjectMuteConfigArgs) ElementType() reflect.Type { + return reflect.TypeOf((*v2projectMuteConfigArgs)(nil)).Elem() +} + +type V2ProjectMuteConfigInput interface { + pulumi.Input + + ToV2ProjectMuteConfigOutput() V2ProjectMuteConfigOutput + ToV2ProjectMuteConfigOutputWithContext(ctx context.Context) V2ProjectMuteConfigOutput +} + +func (*V2ProjectMuteConfig) ElementType() reflect.Type { + return reflect.TypeOf((**V2ProjectMuteConfig)(nil)).Elem() +} + +func (i *V2ProjectMuteConfig) ToV2ProjectMuteConfigOutput() V2ProjectMuteConfigOutput { + return i.ToV2ProjectMuteConfigOutputWithContext(context.Background()) +} + +func (i *V2ProjectMuteConfig) ToV2ProjectMuteConfigOutputWithContext(ctx context.Context) V2ProjectMuteConfigOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2ProjectMuteConfigOutput) +} + +// V2ProjectMuteConfigArrayInput is an input type that accepts V2ProjectMuteConfigArray and V2ProjectMuteConfigArrayOutput values. +// You can construct a concrete instance of `V2ProjectMuteConfigArrayInput` via: +// +// V2ProjectMuteConfigArray{ V2ProjectMuteConfigArgs{...} } +type V2ProjectMuteConfigArrayInput interface { + pulumi.Input + + ToV2ProjectMuteConfigArrayOutput() V2ProjectMuteConfigArrayOutput + ToV2ProjectMuteConfigArrayOutputWithContext(context.Context) V2ProjectMuteConfigArrayOutput +} + +type V2ProjectMuteConfigArray []V2ProjectMuteConfigInput + +func (V2ProjectMuteConfigArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*V2ProjectMuteConfig)(nil)).Elem() +} + +func (i V2ProjectMuteConfigArray) ToV2ProjectMuteConfigArrayOutput() V2ProjectMuteConfigArrayOutput { + return i.ToV2ProjectMuteConfigArrayOutputWithContext(context.Background()) +} + +func (i V2ProjectMuteConfigArray) ToV2ProjectMuteConfigArrayOutputWithContext(ctx context.Context) V2ProjectMuteConfigArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2ProjectMuteConfigArrayOutput) +} + +// V2ProjectMuteConfigMapInput is an input type that accepts V2ProjectMuteConfigMap and V2ProjectMuteConfigMapOutput values. +// You can construct a concrete instance of `V2ProjectMuteConfigMapInput` via: +// +// V2ProjectMuteConfigMap{ "key": V2ProjectMuteConfigArgs{...} } +type V2ProjectMuteConfigMapInput interface { + pulumi.Input + + ToV2ProjectMuteConfigMapOutput() V2ProjectMuteConfigMapOutput + ToV2ProjectMuteConfigMapOutputWithContext(context.Context) V2ProjectMuteConfigMapOutput +} + +type V2ProjectMuteConfigMap map[string]V2ProjectMuteConfigInput + +func (V2ProjectMuteConfigMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*V2ProjectMuteConfig)(nil)).Elem() +} + +func (i V2ProjectMuteConfigMap) ToV2ProjectMuteConfigMapOutput() V2ProjectMuteConfigMapOutput { + return i.ToV2ProjectMuteConfigMapOutputWithContext(context.Background()) +} + +func (i V2ProjectMuteConfigMap) ToV2ProjectMuteConfigMapOutputWithContext(ctx context.Context) V2ProjectMuteConfigMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2ProjectMuteConfigMapOutput) +} + +type V2ProjectMuteConfigOutput struct{ *pulumi.OutputState } + +func (V2ProjectMuteConfigOutput) ElementType() reflect.Type { + return reflect.TypeOf((**V2ProjectMuteConfig)(nil)).Elem() +} + +func (o V2ProjectMuteConfigOutput) ToV2ProjectMuteConfigOutput() V2ProjectMuteConfigOutput { + return o +} + +func (o V2ProjectMuteConfigOutput) ToV2ProjectMuteConfigOutputWithContext(ctx context.Context) V2ProjectMuteConfigOutput { + return o +} + +// The time at which the mute config was created. This field is set by +// the server and will be ignored if provided on config creation. +func (o V2ProjectMuteConfigOutput) CreateTime() pulumi.StringOutput { + return o.ApplyT(func(v *V2ProjectMuteConfig) pulumi.StringOutput { return v.CreateTime }).(pulumi.StringOutput) +} + +// A description of the mute config. +func (o V2ProjectMuteConfigOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v *V2ProjectMuteConfig) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) +} + +// An expression that defines the filter to apply across create/update +// events of findings. While creating a filter string, be mindful of +// the scope in which the mute configuration is being created. E.g., +// If a filter contains project = X but is created under the +// project = Y scope, it might not match any findings. +func (o V2ProjectMuteConfigOutput) Filter() pulumi.StringOutput { + return o.ApplyT(func(v *V2ProjectMuteConfig) pulumi.StringOutput { return v.Filter }).(pulumi.StringOutput) +} + +// location Id is provided by project. If not provided, Use global as default. +func (o V2ProjectMuteConfigOutput) Location() pulumi.StringPtrOutput { + return o.ApplyT(func(v *V2ProjectMuteConfig) pulumi.StringPtrOutput { return v.Location }).(pulumi.StringPtrOutput) +} + +// Email address of the user who last edited the mute config. This +// field is set by the server and will be ignored if provided on +// config creation or update. +func (o V2ProjectMuteConfigOutput) MostRecentEditor() pulumi.StringOutput { + return o.ApplyT(func(v *V2ProjectMuteConfig) pulumi.StringOutput { return v.MostRecentEditor }).(pulumi.StringOutput) +} + +// Unique identifier provided by the client within the parent scope. +// +// *** +func (o V2ProjectMuteConfigOutput) MuteConfigId() pulumi.StringOutput { + return o.ApplyT(func(v *V2ProjectMuteConfig) pulumi.StringOutput { return v.MuteConfigId }).(pulumi.StringOutput) +} + +// Name of the mute config. Its format is +// projects/{project}/locations/global/muteConfigs/{configId}, +// folders/{folder}/locations/global/muteConfigs/{configId}, +// or organizations/{organization}/locations/global/muteConfigs/{configId} +func (o V2ProjectMuteConfigOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v *V2ProjectMuteConfig) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) +} + +// The ID of the project in which the resource belongs. +// If it is not provided, the provider project is used. +func (o V2ProjectMuteConfigOutput) Project() pulumi.StringOutput { + return o.ApplyT(func(v *V2ProjectMuteConfig) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) +} + +// The type of the mute config. +func (o V2ProjectMuteConfigOutput) Type() pulumi.StringOutput { + return o.ApplyT(func(v *V2ProjectMuteConfig) pulumi.StringOutput { return v.Type }).(pulumi.StringOutput) +} + +// Output only. The most recent time at which the mute config was +// updated. This field is set by the server and will be ignored if +// provided on config creation or update. +func (o V2ProjectMuteConfigOutput) UpdateTime() pulumi.StringOutput { + return o.ApplyT(func(v *V2ProjectMuteConfig) pulumi.StringOutput { return v.UpdateTime }).(pulumi.StringOutput) +} + +type V2ProjectMuteConfigArrayOutput struct{ *pulumi.OutputState } + +func (V2ProjectMuteConfigArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*V2ProjectMuteConfig)(nil)).Elem() +} + +func (o V2ProjectMuteConfigArrayOutput) ToV2ProjectMuteConfigArrayOutput() V2ProjectMuteConfigArrayOutput { + return o +} + +func (o V2ProjectMuteConfigArrayOutput) ToV2ProjectMuteConfigArrayOutputWithContext(ctx context.Context) V2ProjectMuteConfigArrayOutput { + return o +} + +func (o V2ProjectMuteConfigArrayOutput) Index(i pulumi.IntInput) V2ProjectMuteConfigOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *V2ProjectMuteConfig { + return vs[0].([]*V2ProjectMuteConfig)[vs[1].(int)] + }).(V2ProjectMuteConfigOutput) +} + +type V2ProjectMuteConfigMapOutput struct{ *pulumi.OutputState } + +func (V2ProjectMuteConfigMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*V2ProjectMuteConfig)(nil)).Elem() +} + +func (o V2ProjectMuteConfigMapOutput) ToV2ProjectMuteConfigMapOutput() V2ProjectMuteConfigMapOutput { + return o +} + +func (o V2ProjectMuteConfigMapOutput) ToV2ProjectMuteConfigMapOutputWithContext(ctx context.Context) V2ProjectMuteConfigMapOutput { + return o +} + +func (o V2ProjectMuteConfigMapOutput) MapIndex(k pulumi.StringInput) V2ProjectMuteConfigOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *V2ProjectMuteConfig { + return vs[0].(map[string]*V2ProjectMuteConfig)[vs[1].(string)] + }).(V2ProjectMuteConfigOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*V2ProjectMuteConfigInput)(nil)).Elem(), &V2ProjectMuteConfig{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2ProjectMuteConfigArrayInput)(nil)).Elem(), V2ProjectMuteConfigArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2ProjectMuteConfigMapInput)(nil)).Elem(), V2ProjectMuteConfigMap{}) + pulumi.RegisterOutputType(V2ProjectMuteConfigOutput{}) + pulumi.RegisterOutputType(V2ProjectMuteConfigArrayOutput{}) + pulumi.RegisterOutputType(V2ProjectMuteConfigMapOutput{}) +} diff --git a/sdk/go/gcp/securitycenter/v2projectNotificationConfig.go b/sdk/go/gcp/securitycenter/v2projectNotificationConfig.go new file mode 100644 index 0000000000..75668920bc --- /dev/null +++ b/sdk/go/gcp/securitycenter/v2projectNotificationConfig.go @@ -0,0 +1,407 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package securitycenter + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// A Cloud Security Command Center (Cloud SCC) notification configs. A +// notification config is a Cloud SCC resource that contains the +// configuration to send notifications for create/update events of +// findings, assets and etc. +// > **Note:** In order to use Cloud SCC resources, your organization must be enrolled +// in [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center). +// Without doing so, you may run into errors during resource creation. +// +// To get more information about ProjectNotificationConfig, see: +// +// * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/projects.locations.notificationConfigs) +// * How-to Guides +// - [Official Documentation](https://cloud.google.com/security-command-center/docs) +// +// ## Example Usage +// +// ### Scc V2 Project Notification Config Basic +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securitycenter" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// sccV2ProjectNotification, err := pubsub.NewTopic(ctx, "scc_v2_project_notification", &pubsub.TopicArgs{ +// Name: pulumi.String("my-topic"), +// }) +// if err != nil { +// return err +// } +// _, err = securitycenter.NewV2ProjectNotificationConfig(ctx, "custom_notification_config", &securitycenter.V2ProjectNotificationConfigArgs{ +// ConfigId: pulumi.String("my-config"), +// Project: pulumi.String("my-project-name"), +// Location: pulumi.String("global"), +// Description: pulumi.String("My custom Cloud Security Command Center Finding Notification Configuration"), +// PubsubTopic: sccV2ProjectNotification.ID(), +// StreamingConfig: &securitycenter.V2ProjectNotificationConfigStreamingConfigArgs{ +// Filter: pulumi.String("category = \"OPEN_FIREWALL\" AND state = \"ACTIVE\""), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// ProjectNotificationConfig can be imported using any of these accepted formats: +// +// * `projects/{{project}}/locations/{{location}}/notificationConfigs/{{config_id}}` +// +// * `{{project}}/{{location}}/{{config_id}}` +// +// * `{{location}}/{{config_id}}` +// +// When using the `pulumi import` command, ProjectNotificationConfig can be imported using one of the formats above. For example: +// +// ```sh +// $ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default projects/{{project}}/locations/{{location}}/notificationConfigs/{{config_id}} +// ``` +// +// ```sh +// $ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default {{project}}/{{location}}/{{config_id}} +// ``` +// +// ```sh +// $ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default {{location}}/{{config_id}} +// ``` +type V2ProjectNotificationConfig struct { + pulumi.CustomResourceState + + // This must be unique within the project. + ConfigId pulumi.StringOutput `pulumi:"configId"` + // The description of the notification config (max of 1024 characters). + Description pulumi.StringPtrOutput `pulumi:"description"` + // Location ID of the parent organization. Only global is supported at the moment. + Location pulumi.StringPtrOutput `pulumi:"location"` + // The resource name of this notification config, in the format + // `projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}`. + Name pulumi.StringOutput `pulumi:"name"` + Project pulumi.StringOutput `pulumi:"project"` + // The Pub/Sub topic to send notifications to. Its format is "projects/[projectId]/topics/[topic]". + PubsubTopic pulumi.StringPtrOutput `pulumi:"pubsubTopic"` + // The service account that needs "pubsub.topics.publish" permission to + // publish to the Pub/Sub topic. + ServiceAccount pulumi.StringOutput `pulumi:"serviceAccount"` + // The config for triggering streaming-based notifications. + // Structure is documented below. + StreamingConfig V2ProjectNotificationConfigStreamingConfigOutput `pulumi:"streamingConfig"` +} + +// NewV2ProjectNotificationConfig registers a new resource with the given unique name, arguments, and options. +func NewV2ProjectNotificationConfig(ctx *pulumi.Context, + name string, args *V2ProjectNotificationConfigArgs, opts ...pulumi.ResourceOption) (*V2ProjectNotificationConfig, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.ConfigId == nil { + return nil, errors.New("invalid value for required argument 'ConfigId'") + } + if args.StreamingConfig == nil { + return nil, errors.New("invalid value for required argument 'StreamingConfig'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource V2ProjectNotificationConfig + err := ctx.RegisterResource("gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetV2ProjectNotificationConfig gets an existing V2ProjectNotificationConfig resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetV2ProjectNotificationConfig(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *V2ProjectNotificationConfigState, opts ...pulumi.ResourceOption) (*V2ProjectNotificationConfig, error) { + var resource V2ProjectNotificationConfig + err := ctx.ReadResource("gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering V2ProjectNotificationConfig resources. +type v2projectNotificationConfigState struct { + // This must be unique within the project. + ConfigId *string `pulumi:"configId"` + // The description of the notification config (max of 1024 characters). + Description *string `pulumi:"description"` + // Location ID of the parent organization. Only global is supported at the moment. + Location *string `pulumi:"location"` + // The resource name of this notification config, in the format + // `projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}`. + Name *string `pulumi:"name"` + Project *string `pulumi:"project"` + // The Pub/Sub topic to send notifications to. Its format is "projects/[projectId]/topics/[topic]". + PubsubTopic *string `pulumi:"pubsubTopic"` + // The service account that needs "pubsub.topics.publish" permission to + // publish to the Pub/Sub topic. + ServiceAccount *string `pulumi:"serviceAccount"` + // The config for triggering streaming-based notifications. + // Structure is documented below. + StreamingConfig *V2ProjectNotificationConfigStreamingConfig `pulumi:"streamingConfig"` +} + +type V2ProjectNotificationConfigState struct { + // This must be unique within the project. + ConfigId pulumi.StringPtrInput + // The description of the notification config (max of 1024 characters). + Description pulumi.StringPtrInput + // Location ID of the parent organization. Only global is supported at the moment. + Location pulumi.StringPtrInput + // The resource name of this notification config, in the format + // `projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}`. + Name pulumi.StringPtrInput + Project pulumi.StringPtrInput + // The Pub/Sub topic to send notifications to. Its format is "projects/[projectId]/topics/[topic]". + PubsubTopic pulumi.StringPtrInput + // The service account that needs "pubsub.topics.publish" permission to + // publish to the Pub/Sub topic. + ServiceAccount pulumi.StringPtrInput + // The config for triggering streaming-based notifications. + // Structure is documented below. + StreamingConfig V2ProjectNotificationConfigStreamingConfigPtrInput +} + +func (V2ProjectNotificationConfigState) ElementType() reflect.Type { + return reflect.TypeOf((*v2projectNotificationConfigState)(nil)).Elem() +} + +type v2projectNotificationConfigArgs struct { + // This must be unique within the project. + ConfigId string `pulumi:"configId"` + // The description of the notification config (max of 1024 characters). + Description *string `pulumi:"description"` + // Location ID of the parent organization. Only global is supported at the moment. + Location *string `pulumi:"location"` + Project *string `pulumi:"project"` + // The Pub/Sub topic to send notifications to. Its format is "projects/[projectId]/topics/[topic]". + PubsubTopic *string `pulumi:"pubsubTopic"` + // The config for triggering streaming-based notifications. + // Structure is documented below. + StreamingConfig V2ProjectNotificationConfigStreamingConfig `pulumi:"streamingConfig"` +} + +// The set of arguments for constructing a V2ProjectNotificationConfig resource. +type V2ProjectNotificationConfigArgs struct { + // This must be unique within the project. + ConfigId pulumi.StringInput + // The description of the notification config (max of 1024 characters). + Description pulumi.StringPtrInput + // Location ID of the parent organization. Only global is supported at the moment. + Location pulumi.StringPtrInput + Project pulumi.StringPtrInput + // The Pub/Sub topic to send notifications to. Its format is "projects/[projectId]/topics/[topic]". + PubsubTopic pulumi.StringPtrInput + // The config for triggering streaming-based notifications. + // Structure is documented below. + StreamingConfig V2ProjectNotificationConfigStreamingConfigInput +} + +func (V2ProjectNotificationConfigArgs) ElementType() reflect.Type { + return reflect.TypeOf((*v2projectNotificationConfigArgs)(nil)).Elem() +} + +type V2ProjectNotificationConfigInput interface { + pulumi.Input + + ToV2ProjectNotificationConfigOutput() V2ProjectNotificationConfigOutput + ToV2ProjectNotificationConfigOutputWithContext(ctx context.Context) V2ProjectNotificationConfigOutput +} + +func (*V2ProjectNotificationConfig) ElementType() reflect.Type { + return reflect.TypeOf((**V2ProjectNotificationConfig)(nil)).Elem() +} + +func (i *V2ProjectNotificationConfig) ToV2ProjectNotificationConfigOutput() V2ProjectNotificationConfigOutput { + return i.ToV2ProjectNotificationConfigOutputWithContext(context.Background()) +} + +func (i *V2ProjectNotificationConfig) ToV2ProjectNotificationConfigOutputWithContext(ctx context.Context) V2ProjectNotificationConfigOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2ProjectNotificationConfigOutput) +} + +// V2ProjectNotificationConfigArrayInput is an input type that accepts V2ProjectNotificationConfigArray and V2ProjectNotificationConfigArrayOutput values. +// You can construct a concrete instance of `V2ProjectNotificationConfigArrayInput` via: +// +// V2ProjectNotificationConfigArray{ V2ProjectNotificationConfigArgs{...} } +type V2ProjectNotificationConfigArrayInput interface { + pulumi.Input + + ToV2ProjectNotificationConfigArrayOutput() V2ProjectNotificationConfigArrayOutput + ToV2ProjectNotificationConfigArrayOutputWithContext(context.Context) V2ProjectNotificationConfigArrayOutput +} + +type V2ProjectNotificationConfigArray []V2ProjectNotificationConfigInput + +func (V2ProjectNotificationConfigArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*V2ProjectNotificationConfig)(nil)).Elem() +} + +func (i V2ProjectNotificationConfigArray) ToV2ProjectNotificationConfigArrayOutput() V2ProjectNotificationConfigArrayOutput { + return i.ToV2ProjectNotificationConfigArrayOutputWithContext(context.Background()) +} + +func (i V2ProjectNotificationConfigArray) ToV2ProjectNotificationConfigArrayOutputWithContext(ctx context.Context) V2ProjectNotificationConfigArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2ProjectNotificationConfigArrayOutput) +} + +// V2ProjectNotificationConfigMapInput is an input type that accepts V2ProjectNotificationConfigMap and V2ProjectNotificationConfigMapOutput values. +// You can construct a concrete instance of `V2ProjectNotificationConfigMapInput` via: +// +// V2ProjectNotificationConfigMap{ "key": V2ProjectNotificationConfigArgs{...} } +type V2ProjectNotificationConfigMapInput interface { + pulumi.Input + + ToV2ProjectNotificationConfigMapOutput() V2ProjectNotificationConfigMapOutput + ToV2ProjectNotificationConfigMapOutputWithContext(context.Context) V2ProjectNotificationConfigMapOutput +} + +type V2ProjectNotificationConfigMap map[string]V2ProjectNotificationConfigInput + +func (V2ProjectNotificationConfigMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*V2ProjectNotificationConfig)(nil)).Elem() +} + +func (i V2ProjectNotificationConfigMap) ToV2ProjectNotificationConfigMapOutput() V2ProjectNotificationConfigMapOutput { + return i.ToV2ProjectNotificationConfigMapOutputWithContext(context.Background()) +} + +func (i V2ProjectNotificationConfigMap) ToV2ProjectNotificationConfigMapOutputWithContext(ctx context.Context) V2ProjectNotificationConfigMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2ProjectNotificationConfigMapOutput) +} + +type V2ProjectNotificationConfigOutput struct{ *pulumi.OutputState } + +func (V2ProjectNotificationConfigOutput) ElementType() reflect.Type { + return reflect.TypeOf((**V2ProjectNotificationConfig)(nil)).Elem() +} + +func (o V2ProjectNotificationConfigOutput) ToV2ProjectNotificationConfigOutput() V2ProjectNotificationConfigOutput { + return o +} + +func (o V2ProjectNotificationConfigOutput) ToV2ProjectNotificationConfigOutputWithContext(ctx context.Context) V2ProjectNotificationConfigOutput { + return o +} + +// This must be unique within the project. +func (o V2ProjectNotificationConfigOutput) ConfigId() pulumi.StringOutput { + return o.ApplyT(func(v *V2ProjectNotificationConfig) pulumi.StringOutput { return v.ConfigId }).(pulumi.StringOutput) +} + +// The description of the notification config (max of 1024 characters). +func (o V2ProjectNotificationConfigOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v *V2ProjectNotificationConfig) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) +} + +// Location ID of the parent organization. Only global is supported at the moment. +func (o V2ProjectNotificationConfigOutput) Location() pulumi.StringPtrOutput { + return o.ApplyT(func(v *V2ProjectNotificationConfig) pulumi.StringPtrOutput { return v.Location }).(pulumi.StringPtrOutput) +} + +// The resource name of this notification config, in the format +// `projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}`. +func (o V2ProjectNotificationConfigOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v *V2ProjectNotificationConfig) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) +} + +func (o V2ProjectNotificationConfigOutput) Project() pulumi.StringOutput { + return o.ApplyT(func(v *V2ProjectNotificationConfig) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) +} + +// The Pub/Sub topic to send notifications to. Its format is "projects/[projectId]/topics/[topic]". +func (o V2ProjectNotificationConfigOutput) PubsubTopic() pulumi.StringPtrOutput { + return o.ApplyT(func(v *V2ProjectNotificationConfig) pulumi.StringPtrOutput { return v.PubsubTopic }).(pulumi.StringPtrOutput) +} + +// The service account that needs "pubsub.topics.publish" permission to +// publish to the Pub/Sub topic. +func (o V2ProjectNotificationConfigOutput) ServiceAccount() pulumi.StringOutput { + return o.ApplyT(func(v *V2ProjectNotificationConfig) pulumi.StringOutput { return v.ServiceAccount }).(pulumi.StringOutput) +} + +// The config for triggering streaming-based notifications. +// Structure is documented below. +func (o V2ProjectNotificationConfigOutput) StreamingConfig() V2ProjectNotificationConfigStreamingConfigOutput { + return o.ApplyT(func(v *V2ProjectNotificationConfig) V2ProjectNotificationConfigStreamingConfigOutput { + return v.StreamingConfig + }).(V2ProjectNotificationConfigStreamingConfigOutput) +} + +type V2ProjectNotificationConfigArrayOutput struct{ *pulumi.OutputState } + +func (V2ProjectNotificationConfigArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*V2ProjectNotificationConfig)(nil)).Elem() +} + +func (o V2ProjectNotificationConfigArrayOutput) ToV2ProjectNotificationConfigArrayOutput() V2ProjectNotificationConfigArrayOutput { + return o +} + +func (o V2ProjectNotificationConfigArrayOutput) ToV2ProjectNotificationConfigArrayOutputWithContext(ctx context.Context) V2ProjectNotificationConfigArrayOutput { + return o +} + +func (o V2ProjectNotificationConfigArrayOutput) Index(i pulumi.IntInput) V2ProjectNotificationConfigOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *V2ProjectNotificationConfig { + return vs[0].([]*V2ProjectNotificationConfig)[vs[1].(int)] + }).(V2ProjectNotificationConfigOutput) +} + +type V2ProjectNotificationConfigMapOutput struct{ *pulumi.OutputState } + +func (V2ProjectNotificationConfigMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*V2ProjectNotificationConfig)(nil)).Elem() +} + +func (o V2ProjectNotificationConfigMapOutput) ToV2ProjectNotificationConfigMapOutput() V2ProjectNotificationConfigMapOutput { + return o +} + +func (o V2ProjectNotificationConfigMapOutput) ToV2ProjectNotificationConfigMapOutputWithContext(ctx context.Context) V2ProjectNotificationConfigMapOutput { + return o +} + +func (o V2ProjectNotificationConfigMapOutput) MapIndex(k pulumi.StringInput) V2ProjectNotificationConfigOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *V2ProjectNotificationConfig { + return vs[0].(map[string]*V2ProjectNotificationConfig)[vs[1].(string)] + }).(V2ProjectNotificationConfigOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*V2ProjectNotificationConfigInput)(nil)).Elem(), &V2ProjectNotificationConfig{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2ProjectNotificationConfigArrayInput)(nil)).Elem(), V2ProjectNotificationConfigArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2ProjectNotificationConfigMapInput)(nil)).Elem(), V2ProjectNotificationConfigMap{}) + pulumi.RegisterOutputType(V2ProjectNotificationConfigOutput{}) + pulumi.RegisterOutputType(V2ProjectNotificationConfigArrayOutput{}) + pulumi.RegisterOutputType(V2ProjectNotificationConfigMapOutput{}) +} diff --git a/sdk/go/gcp/spanner/instance.go b/sdk/go/gcp/spanner/instance.go index a9f3e89008..87f83f19c7 100644 --- a/sdk/go/gcp/spanner/instance.go +++ b/sdk/go/gcp/spanner/instance.go @@ -211,7 +211,6 @@ type Instance struct { // A unique identifier for the instance, which cannot be changed after // the instance is created. The name must be between 6 and 30 characters // in length. - // // If not provided, a random string starting with `tf-` will be selected. Name pulumi.StringOutput `pulumi:"name"` NumNodes pulumi.IntOutput `pulumi:"numNodes"` @@ -299,7 +298,6 @@ type instanceState struct { // A unique identifier for the instance, which cannot be changed after // the instance is created. The name must be between 6 and 30 characters // in length. - // // If not provided, a random string starting with `tf-` will be selected. Name *string `pulumi:"name"` NumNodes *int `pulumi:"numNodes"` @@ -347,7 +345,6 @@ type InstanceState struct { // A unique identifier for the instance, which cannot be changed after // the instance is created. The name must be between 6 and 30 characters // in length. - // // If not provided, a random string starting with `tf-` will be selected. Name pulumi.StringPtrInput NumNodes pulumi.IntPtrInput @@ -397,7 +394,6 @@ type instanceArgs struct { // A unique identifier for the instance, which cannot be changed after // the instance is created. The name must be between 6 and 30 characters // in length. - // // If not provided, a random string starting with `tf-` will be selected. Name *string `pulumi:"name"` NumNodes *int `pulumi:"numNodes"` @@ -439,7 +435,6 @@ type InstanceArgs struct { // A unique identifier for the instance, which cannot be changed after // the instance is created. The name must be between 6 and 30 characters // in length. - // // If not provided, a random string starting with `tf-` will be selected. Name pulumi.StringPtrInput NumNodes pulumi.IntPtrInput @@ -586,7 +581,6 @@ func (o InstanceOutput) Labels() pulumi.StringMapOutput { // A unique identifier for the instance, which cannot be changed after // the instance is created. The name must be between 6 and 30 characters // in length. -// // If not provided, a random string starting with `tf-` will be selected. func (o InstanceOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *Instance) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) diff --git a/sdk/go/gcp/sql/pulumiTypes.go b/sdk/go/gcp/sql/pulumiTypes.go index 18aa7ae901..cd8799e858 100644 --- a/sdk/go/gcp/sql/pulumiTypes.go +++ b/sdk/go/gcp/sql/pulumiTypes.go @@ -1051,7 +1051,7 @@ type DatabaseInstanceSettings struct { BackupConfiguration *DatabaseInstanceSettingsBackupConfiguration `pulumi:"backupConfiguration"` // The name of server instance collation. Collation *string `pulumi:"collation"` - // Specifies if connections must use Cloud SQL connectors. + // Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. ConnectorEnforcement *string `pulumi:"connectorEnforcement"` // Data cache configurations. DataCacheConfig *DatabaseInstanceSettingsDataCacheConfig `pulumi:"dataCacheConfig"` @@ -1123,7 +1123,7 @@ type DatabaseInstanceSettingsArgs struct { BackupConfiguration DatabaseInstanceSettingsBackupConfigurationPtrInput `pulumi:"backupConfiguration"` // The name of server instance collation. Collation pulumi.StringPtrInput `pulumi:"collation"` - // Specifies if connections must use Cloud SQL connectors. + // Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. ConnectorEnforcement pulumi.StringPtrInput `pulumi:"connectorEnforcement"` // Data cache configurations. DataCacheConfig DatabaseInstanceSettingsDataCacheConfigPtrInput `pulumi:"dataCacheConfig"` @@ -1284,7 +1284,7 @@ func (o DatabaseInstanceSettingsOutput) Collation() pulumi.StringPtrOutput { return o.ApplyT(func(v DatabaseInstanceSettings) *string { return v.Collation }).(pulumi.StringPtrOutput) } -// Specifies if connections must use Cloud SQL connectors. +// Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. func (o DatabaseInstanceSettingsOutput) ConnectorEnforcement() pulumi.StringPtrOutput { return o.ApplyT(func(v DatabaseInstanceSettings) *string { return v.ConnectorEnforcement }).(pulumi.StringPtrOutput) } @@ -1493,7 +1493,7 @@ func (o DatabaseInstanceSettingsPtrOutput) Collation() pulumi.StringPtrOutput { }).(pulumi.StringPtrOutput) } -// Specifies if connections must use Cloud SQL connectors. +// Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. func (o DatabaseInstanceSettingsPtrOutput) ConnectorEnforcement() pulumi.StringPtrOutput { return o.ApplyT(func(v *DatabaseInstanceSettings) *string { if v == nil { @@ -5608,7 +5608,7 @@ type GetDatabaseInstanceSetting struct { BackupConfigurations []GetDatabaseInstanceSettingBackupConfiguration `pulumi:"backupConfigurations"` // The name of server instance collation. Collation string `pulumi:"collation"` - // Specifies if connections must use Cloud SQL connectors. + // Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. ConnectorEnforcement string `pulumi:"connectorEnforcement"` // Data cache configurations. DataCacheConfigs []GetDatabaseInstanceSettingDataCacheConfig `pulumi:"dataCacheConfigs"` @@ -5676,7 +5676,7 @@ type GetDatabaseInstanceSettingArgs struct { BackupConfigurations GetDatabaseInstanceSettingBackupConfigurationArrayInput `pulumi:"backupConfigurations"` // The name of server instance collation. Collation pulumi.StringInput `pulumi:"collation"` - // Specifies if connections must use Cloud SQL connectors. + // Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. ConnectorEnforcement pulumi.StringInput `pulumi:"connectorEnforcement"` // Data cache configurations. DataCacheConfigs GetDatabaseInstanceSettingDataCacheConfigArrayInput `pulumi:"dataCacheConfigs"` @@ -5807,7 +5807,7 @@ func (o GetDatabaseInstanceSettingOutput) Collation() pulumi.StringOutput { return o.ApplyT(func(v GetDatabaseInstanceSetting) string { return v.Collation }).(pulumi.StringOutput) } -// Specifies if connections must use Cloud SQL connectors. +// Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. func (o GetDatabaseInstanceSettingOutput) ConnectorEnforcement() pulumi.StringOutput { return o.ApplyT(func(v GetDatabaseInstanceSetting) string { return v.ConnectorEnforcement }).(pulumi.StringOutput) } @@ -8703,7 +8703,7 @@ type GetDatabaseInstancesInstanceSetting struct { BackupConfigurations []GetDatabaseInstancesInstanceSettingBackupConfiguration `pulumi:"backupConfigurations"` // The name of server instance collation. Collation string `pulumi:"collation"` - // Specifies if connections must use Cloud SQL connectors. + // Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. ConnectorEnforcement string `pulumi:"connectorEnforcement"` // Data cache configurations. DataCacheConfigs []GetDatabaseInstancesInstanceSettingDataCacheConfig `pulumi:"dataCacheConfigs"` @@ -8771,7 +8771,7 @@ type GetDatabaseInstancesInstanceSettingArgs struct { BackupConfigurations GetDatabaseInstancesInstanceSettingBackupConfigurationArrayInput `pulumi:"backupConfigurations"` // The name of server instance collation. Collation pulumi.StringInput `pulumi:"collation"` - // Specifies if connections must use Cloud SQL connectors. + // Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. ConnectorEnforcement pulumi.StringInput `pulumi:"connectorEnforcement"` // Data cache configurations. DataCacheConfigs GetDatabaseInstancesInstanceSettingDataCacheConfigArrayInput `pulumi:"dataCacheConfigs"` @@ -8902,7 +8902,7 @@ func (o GetDatabaseInstancesInstanceSettingOutput) Collation() pulumi.StringOutp return o.ApplyT(func(v GetDatabaseInstancesInstanceSetting) string { return v.Collation }).(pulumi.StringOutput) } -// Specifies if connections must use Cloud SQL connectors. +// Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. func (o GetDatabaseInstancesInstanceSettingOutput) ConnectorEnforcement() pulumi.StringOutput { return o.ApplyT(func(v GetDatabaseInstancesInstanceSetting) string { return v.ConnectorEnforcement }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/storage/bucketObject.go b/sdk/go/gcp/storage/bucketObject.go index ffe9f6bb3b..ec1a24b0e1 100644 --- a/sdk/go/gcp/storage/bucketObject.go +++ b/sdk/go/gcp/storage/bucketObject.go @@ -108,6 +108,8 @@ type BucketObject struct { DetectMd5hash pulumi.StringPtrOutput `pulumi:"detectMd5hash"` // Whether an object is under [event-based hold](https://cloud.google.com/storage/docs/object-holds#hold-types). Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). EventBasedHold pulumi.BoolPtrOutput `pulumi:"eventBasedHold"` + // (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + Generation pulumi.IntOutput `pulumi:"generation"` // The resource name of the Cloud KMS key that will be used to [encrypt](https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys) the object. KmsKeyName pulumi.StringOutput `pulumi:"kmsKeyName"` // (Computed) Base 64 MD5 hash of the uploaded data. @@ -207,6 +209,8 @@ type bucketObjectState struct { DetectMd5hash *string `pulumi:"detectMd5hash"` // Whether an object is under [event-based hold](https://cloud.google.com/storage/docs/object-holds#hold-types). Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). EventBasedHold *bool `pulumi:"eventBasedHold"` + // (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + Generation *int `pulumi:"generation"` // The resource name of the Cloud KMS key that will be used to [encrypt](https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys) the object. KmsKeyName *string `pulumi:"kmsKeyName"` // (Computed) Base 64 MD5 hash of the uploaded data. @@ -263,6 +267,8 @@ type BucketObjectState struct { DetectMd5hash pulumi.StringPtrInput // Whether an object is under [event-based hold](https://cloud.google.com/storage/docs/object-holds#hold-types). Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). EventBasedHold pulumi.BoolPtrInput + // (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + Generation pulumi.IntPtrInput // The resource name of the Cloud KMS key that will be used to [encrypt](https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys) the object. KmsKeyName pulumi.StringPtrInput // (Computed) Base 64 MD5 hash of the uploaded data. @@ -533,6 +539,11 @@ func (o BucketObjectOutput) EventBasedHold() pulumi.BoolPtrOutput { return o.ApplyT(func(v *BucketObject) pulumi.BoolPtrOutput { return v.EventBasedHold }).(pulumi.BoolPtrOutput) } +// (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). +func (o BucketObjectOutput) Generation() pulumi.IntOutput { + return o.ApplyT(func(v *BucketObject) pulumi.IntOutput { return v.Generation }).(pulumi.IntOutput) +} + // The resource name of the Cloud KMS key that will be used to [encrypt](https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys) the object. func (o BucketObjectOutput) KmsKeyName() pulumi.StringOutput { return o.ApplyT(func(v *BucketObject) pulumi.StringOutput { return v.KmsKeyName }).(pulumi.StringOutput) diff --git a/sdk/go/gcp/storage/getBucketObject.go b/sdk/go/gcp/storage/getBucketObject.go index 4b92e21158..b04e969729 100644 --- a/sdk/go/gcp/storage/getBucketObject.go +++ b/sdk/go/gcp/storage/getBucketObject.go @@ -83,6 +83,8 @@ type LookupBucketObjectResult struct { DetectMd5hash string `pulumi:"detectMd5hash"` // (Computed) Whether an object is under [event-based hold](https://cloud.google.com/storage/docs/object-holds#hold-types). Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). EventBasedHold bool `pulumi:"eventBasedHold"` + // (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + Generation int `pulumi:"generation"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` KmsKeyName string `pulumi:"kmsKeyName"` @@ -197,6 +199,11 @@ func (o LookupBucketObjectResultOutput) EventBasedHold() pulumi.BoolOutput { return o.ApplyT(func(v LookupBucketObjectResult) bool { return v.EventBasedHold }).(pulumi.BoolOutput) } +// (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). +func (o LookupBucketObjectResultOutput) Generation() pulumi.IntOutput { + return o.ApplyT(func(v LookupBucketObjectResult) int { return v.Generation }).(pulumi.IntOutput) +} + // The provider-assigned unique ID for this managed resource. func (o LookupBucketObjectResultOutput) Id() pulumi.StringOutput { return o.ApplyT(func(v LookupBucketObjectResult) string { return v.Id }).(pulumi.StringOutput) diff --git a/sdk/go/gcp/storage/getBucketObjectContent.go b/sdk/go/gcp/storage/getBucketObjectContent.go index 6a87e1bd45..acc5af57b6 100644 --- a/sdk/go/gcp/storage/getBucketObjectContent.go +++ b/sdk/go/gcp/storage/getBucketObjectContent.go @@ -81,6 +81,7 @@ type GetBucketObjectContentResult struct { CustomerEncryptions []GetBucketObjectContentCustomerEncryption `pulumi:"customerEncryptions"` DetectMd5hash string `pulumi:"detectMd5hash"` EventBasedHold bool `pulumi:"eventBasedHold"` + Generation int `pulumi:"generation"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` KmsKeyName string `pulumi:"kmsKeyName"` @@ -185,6 +186,10 @@ func (o GetBucketObjectContentResultOutput) EventBasedHold() pulumi.BoolOutput { return o.ApplyT(func(v GetBucketObjectContentResult) bool { return v.EventBasedHold }).(pulumi.BoolOutput) } +func (o GetBucketObjectContentResultOutput) Generation() pulumi.IntOutput { + return o.ApplyT(func(v GetBucketObjectContentResult) int { return v.Generation }).(pulumi.IntOutput) +} + // The provider-assigned unique ID for this managed resource. func (o GetBucketObjectContentResultOutput) Id() pulumi.StringOutput { return o.ApplyT(func(v GetBucketObjectContentResult) string { return v.Id }).(pulumi.StringOutput) diff --git a/sdk/go/gcp/storage/managedFolder.go b/sdk/go/gcp/storage/managedFolder.go index fbad4a8834..5becfb920c 100644 --- a/sdk/go/gcp/storage/managedFolder.go +++ b/sdk/go/gcp/storage/managedFolder.go @@ -55,8 +55,9 @@ import ( // return err // } // _, err = storage.NewManagedFolder(ctx, "folder", &storage.ManagedFolderArgs{ -// Bucket: bucket.Name, -// Name: pulumi.String("managed/folder/name/"), +// Bucket: bucket.Name, +// Name: pulumi.String("managed/folder/name/"), +// ForceDestroy: pulumi.Bool(true), // }) // if err != nil { // return err @@ -91,6 +92,11 @@ type ManagedFolder struct { Bucket pulumi.StringOutput `pulumi:"bucket"` // The timestamp at which this managed folder was created. CreateTime pulumi.StringOutput `pulumi:"createTime"` + // Allows the deletion of a managed folder even if contains + // objects. If a non-empty managed folder is deleted, any objects + // within the folder will remain in a simulated folder with the + // same name. + ForceDestroy pulumi.BoolPtrOutput `pulumi:"forceDestroy"` // The metadata generation of the managed folder. Metageneration pulumi.StringOutput `pulumi:"metageneration"` // The name of the managed folder expressed as a path. Must include @@ -141,6 +147,11 @@ type managedFolderState struct { Bucket *string `pulumi:"bucket"` // The timestamp at which this managed folder was created. CreateTime *string `pulumi:"createTime"` + // Allows the deletion of a managed folder even if contains + // objects. If a non-empty managed folder is deleted, any objects + // within the folder will remain in a simulated folder with the + // same name. + ForceDestroy *bool `pulumi:"forceDestroy"` // The metadata generation of the managed folder. Metageneration *string `pulumi:"metageneration"` // The name of the managed folder expressed as a path. Must include @@ -159,6 +170,11 @@ type ManagedFolderState struct { Bucket pulumi.StringPtrInput // The timestamp at which this managed folder was created. CreateTime pulumi.StringPtrInput + // Allows the deletion of a managed folder even if contains + // objects. If a non-empty managed folder is deleted, any objects + // within the folder will remain in a simulated folder with the + // same name. + ForceDestroy pulumi.BoolPtrInput // The metadata generation of the managed folder. Metageneration pulumi.StringPtrInput // The name of the managed folder expressed as a path. Must include @@ -179,6 +195,11 @@ func (ManagedFolderState) ElementType() reflect.Type { type managedFolderArgs struct { // The name of the bucket that contains the managed folder. Bucket string `pulumi:"bucket"` + // Allows the deletion of a managed folder even if contains + // objects. If a non-empty managed folder is deleted, any objects + // within the folder will remain in a simulated folder with the + // same name. + ForceDestroy *bool `pulumi:"forceDestroy"` // The name of the managed folder expressed as a path. Must include // trailing '/'. For example, `example_dir/example_dir2/`. // @@ -190,6 +211,11 @@ type managedFolderArgs struct { type ManagedFolderArgs struct { // The name of the bucket that contains the managed folder. Bucket pulumi.StringInput + // Allows the deletion of a managed folder even if contains + // objects. If a non-empty managed folder is deleted, any objects + // within the folder will remain in a simulated folder with the + // same name. + ForceDestroy pulumi.BoolPtrInput // The name of the managed folder expressed as a path. Must include // trailing '/'. For example, `example_dir/example_dir2/`. // @@ -294,6 +320,14 @@ func (o ManagedFolderOutput) CreateTime() pulumi.StringOutput { return o.ApplyT(func(v *ManagedFolder) pulumi.StringOutput { return v.CreateTime }).(pulumi.StringOutput) } +// Allows the deletion of a managed folder even if contains +// objects. If a non-empty managed folder is deleted, any objects +// within the folder will remain in a simulated folder with the +// same name. +func (o ManagedFolderOutput) ForceDestroy() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ManagedFolder) pulumi.BoolPtrOutput { return v.ForceDestroy }).(pulumi.BoolPtrOutput) +} + // The metadata generation of the managed folder. func (o ManagedFolderOutput) Metageneration() pulumi.StringOutput { return o.ApplyT(func(v *ManagedFolder) pulumi.StringOutput { return v.Metageneration }).(pulumi.StringOutput) diff --git a/sdk/go/gcp/vmwareengine/networkPolicy.go b/sdk/go/gcp/vmwareengine/networkPolicy.go index 4781169218..efbdf45c29 100644 --- a/sdk/go/gcp/vmwareengine/networkPolicy.go +++ b/sdk/go/gcp/vmwareengine/networkPolicy.go @@ -35,7 +35,7 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // _, err := vmwareengine.NewNetwork(ctx, "network-policy-nw", &vmwareengine.NetworkArgs{ -// Name: pulumi.String("standard-nw"), +// Name: pulumi.String("sample-network"), // Location: pulumi.String("global"), // Type: pulumi.String("STANDARD"), // Description: pulumi.String("VMwareEngine standard network sample"), @@ -72,7 +72,7 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // _, err := vmwareengine.NewNetwork(ctx, "network-policy-nw", &vmwareengine.NetworkArgs{ -// Name: pulumi.String("standard-full-nw"), +// Name: pulumi.String("sample-network"), // Location: pulumi.String("global"), // Type: pulumi.String("STANDARD"), // Description: pulumi.String("VMwareEngine standard network sample"), @@ -82,7 +82,7 @@ import ( // } // _, err = vmwareengine.NewNetworkPolicy(ctx, "vmw-engine-network-policy", &vmwareengine.NetworkPolicyArgs{ // Location: pulumi.String("us-west1"), -// Name: pulumi.String("sample-network-policy-full"), +// Name: pulumi.String("sample-network-policy"), // EdgeServicesCidr: pulumi.String("192.168.30.0/26"), // VmwareEngineNetwork: network_policy_nw.ID(), // Description: pulumi.String("Sample Network Policy"), diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeterDryRunEgressPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeterDryRunEgressPolicy.java new file mode 100644 index 0000000000..895631bf64 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeterDryRunEgressPolicy.java @@ -0,0 +1,150 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.gcp.Utilities; +import com.pulumi.gcp.accesscontextmanager.ServicePerimeterDryRunEgressPolicyArgs; +import com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterDryRunEgressPolicyState; +import com.pulumi.gcp.accesscontextmanager.outputs.ServicePerimeterDryRunEgressPolicyEgressFrom; +import com.pulumi.gcp.accesscontextmanager.outputs.ServicePerimeterDryRunEgressPolicyEgressTo; +import java.lang.String; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * Manage a single EgressPolicy in the spec (dry-run) configuration for a service perimeter. + * EgressPolicies match requests based on egressFrom and egressTo stanzas. + * For an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched. + * If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter + * boundary. For example, an EgressPolicy can be used to allow VMs on networks + * within the ServicePerimeter to access a defined set of projects outside the + * perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket + * or query against a BigQuery dataset). + * + * > **Note:** By default, updates to this resource will remove the EgressPolicy from the + * from the perimeter and add it back in a non-atomic manner. To ensure that the new EgressPolicy + * is added before the old one is removed, add a `lifecycle` block with `create_before_destroy = true` to this resource. + * + * To get more information about ServicePerimeterDryRunEgressPolicy, see: + * + * * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#egresspolicy) + * + * ## Example Usage + * + */ +@ResourceType(type="gcp:accesscontextmanager/servicePerimeterDryRunEgressPolicy:ServicePerimeterDryRunEgressPolicy") +public class ServicePerimeterDryRunEgressPolicy extends com.pulumi.resources.CustomResource { + /** + * Defines conditions on the source of a request causing this `EgressPolicy` to apply. + * Structure is documented below. + * + */ + @Export(name="egressFrom", refs={ServicePerimeterDryRunEgressPolicyEgressFrom.class}, tree="[0]") + private Output egressFrom; + + /** + * @return Defines conditions on the source of a request causing this `EgressPolicy` to apply. + * Structure is documented below. + * + */ + public Output> egressFrom() { + return Codegen.optional(this.egressFrom); + } + /** + * Defines the conditions on the `ApiOperation` and destination resources that + * cause this `EgressPolicy` to apply. + * Structure is documented below. + * + */ + @Export(name="egressTo", refs={ServicePerimeterDryRunEgressPolicyEgressTo.class}, tree="[0]") + private Output egressTo; + + /** + * @return Defines the conditions on the `ApiOperation` and destination resources that + * cause this `EgressPolicy` to apply. + * Structure is documented below. + * + */ + public Output> egressTo() { + return Codegen.optional(this.egressTo); + } + /** + * The name of the Service Perimeter to add this resource to. + * + * *** + * + */ + @Export(name="perimeter", refs={String.class}, tree="[0]") + private Output perimeter; + + /** + * @return The name of the Service Perimeter to add this resource to. + * + * *** + * + */ + public Output perimeter() { + return this.perimeter; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public ServicePerimeterDryRunEgressPolicy(java.lang.String name) { + this(name, ServicePerimeterDryRunEgressPolicyArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public ServicePerimeterDryRunEgressPolicy(java.lang.String name, ServicePerimeterDryRunEgressPolicyArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public ServicePerimeterDryRunEgressPolicy(java.lang.String name, ServicePerimeterDryRunEgressPolicyArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:accesscontextmanager/servicePerimeterDryRunEgressPolicy:ServicePerimeterDryRunEgressPolicy", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false); + } + + private ServicePerimeterDryRunEgressPolicy(java.lang.String name, Output id, @Nullable ServicePerimeterDryRunEgressPolicyState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:accesscontextmanager/servicePerimeterDryRunEgressPolicy:ServicePerimeterDryRunEgressPolicy", name, state, makeResourceOptions(options, id), false); + } + + private static ServicePerimeterDryRunEgressPolicyArgs makeArgs(ServicePerimeterDryRunEgressPolicyArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + if (options != null && options.getUrn().isPresent()) { + return null; + } + return args == null ? ServicePerimeterDryRunEgressPolicyArgs.Empty : args; + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static ServicePerimeterDryRunEgressPolicy get(java.lang.String name, Output id, @Nullable ServicePerimeterDryRunEgressPolicyState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new ServicePerimeterDryRunEgressPolicy(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeterDryRunEgressPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeterDryRunEgressPolicyArgs.java new file mode 100644 index 0000000000..1618024e52 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeterDryRunEgressPolicyArgs.java @@ -0,0 +1,183 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterDryRunEgressPolicyEgressFromArgs; +import com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterDryRunEgressPolicyEgressToArgs; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class ServicePerimeterDryRunEgressPolicyArgs extends com.pulumi.resources.ResourceArgs { + + public static final ServicePerimeterDryRunEgressPolicyArgs Empty = new ServicePerimeterDryRunEgressPolicyArgs(); + + /** + * Defines conditions on the source of a request causing this `EgressPolicy` to apply. + * Structure is documented below. + * + */ + @Import(name="egressFrom") + private @Nullable Output egressFrom; + + /** + * @return Defines conditions on the source of a request causing this `EgressPolicy` to apply. + * Structure is documented below. + * + */ + public Optional> egressFrom() { + return Optional.ofNullable(this.egressFrom); + } + + /** + * Defines the conditions on the `ApiOperation` and destination resources that + * cause this `EgressPolicy` to apply. + * Structure is documented below. + * + */ + @Import(name="egressTo") + private @Nullable Output egressTo; + + /** + * @return Defines the conditions on the `ApiOperation` and destination resources that + * cause this `EgressPolicy` to apply. + * Structure is documented below. + * + */ + public Optional> egressTo() { + return Optional.ofNullable(this.egressTo); + } + + /** + * The name of the Service Perimeter to add this resource to. + * + * *** + * + */ + @Import(name="perimeter", required=true) + private Output perimeter; + + /** + * @return The name of the Service Perimeter to add this resource to. + * + * *** + * + */ + public Output perimeter() { + return this.perimeter; + } + + private ServicePerimeterDryRunEgressPolicyArgs() {} + + private ServicePerimeterDryRunEgressPolicyArgs(ServicePerimeterDryRunEgressPolicyArgs $) { + this.egressFrom = $.egressFrom; + this.egressTo = $.egressTo; + this.perimeter = $.perimeter; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(ServicePerimeterDryRunEgressPolicyArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private ServicePerimeterDryRunEgressPolicyArgs $; + + public Builder() { + $ = new ServicePerimeterDryRunEgressPolicyArgs(); + } + + public Builder(ServicePerimeterDryRunEgressPolicyArgs defaults) { + $ = new ServicePerimeterDryRunEgressPolicyArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param egressFrom Defines conditions on the source of a request causing this `EgressPolicy` to apply. + * Structure is documented below. + * + * @return builder + * + */ + public Builder egressFrom(@Nullable Output egressFrom) { + $.egressFrom = egressFrom; + return this; + } + + /** + * @param egressFrom Defines conditions on the source of a request causing this `EgressPolicy` to apply. + * Structure is documented below. + * + * @return builder + * + */ + public Builder egressFrom(ServicePerimeterDryRunEgressPolicyEgressFromArgs egressFrom) { + return egressFrom(Output.of(egressFrom)); + } + + /** + * @param egressTo Defines the conditions on the `ApiOperation` and destination resources that + * cause this `EgressPolicy` to apply. + * Structure is documented below. + * + * @return builder + * + */ + public Builder egressTo(@Nullable Output egressTo) { + $.egressTo = egressTo; + return this; + } + + /** + * @param egressTo Defines the conditions on the `ApiOperation` and destination resources that + * cause this `EgressPolicy` to apply. + * Structure is documented below. + * + * @return builder + * + */ + public Builder egressTo(ServicePerimeterDryRunEgressPolicyEgressToArgs egressTo) { + return egressTo(Output.of(egressTo)); + } + + /** + * @param perimeter The name of the Service Perimeter to add this resource to. + * + * *** + * + * @return builder + * + */ + public Builder perimeter(Output perimeter) { + $.perimeter = perimeter; + return this; + } + + /** + * @param perimeter The name of the Service Perimeter to add this resource to. + * + * *** + * + * @return builder + * + */ + public Builder perimeter(String perimeter) { + return perimeter(Output.of(perimeter)); + } + + public ServicePerimeterDryRunEgressPolicyArgs build() { + if ($.perimeter == null) { + throw new MissingRequiredPropertyException("ServicePerimeterDryRunEgressPolicyArgs", "perimeter"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeterDryRunIngressPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeterDryRunIngressPolicy.java new file mode 100644 index 0000000000..f9dc1dc773 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeterDryRunIngressPolicy.java @@ -0,0 +1,153 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.gcp.Utilities; +import com.pulumi.gcp.accesscontextmanager.ServicePerimeterDryRunIngressPolicyArgs; +import com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterDryRunIngressPolicyState; +import com.pulumi.gcp.accesscontextmanager.outputs.ServicePerimeterDryRunIngressPolicyIngressFrom; +import com.pulumi.gcp.accesscontextmanager.outputs.ServicePerimeterDryRunIngressPolicyIngressTo; +import java.lang.String; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * Manage a single IngressPolicy in the spec (dry-run) configuration for a service perimeter. + * IngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match, + * both the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request, + * the request is allowed through the perimeter boundary from outside the perimeter. + * For example, access from the internet can be allowed either based on an AccessLevel or, + * for traffic hosted on Google Cloud, the project of the source network. + * For access from private networks, using the project of the hosting network is required. + * Individual ingress policies can be limited by restricting which services and/ + * or actions they match using the ingressTo field. + * + * > **Note:** By default, updates to this resource will remove the IngressPolicy from the + * from the perimeter and add it back in a non-atomic manner. To ensure that the new IngressPolicy + * is added before the old one is removed, add a `lifecycle` block with `create_before_destroy = true` to this resource. + * + * To get more information about ServicePerimeterDryRunIngressPolicy, see: + * + * * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#ingresspolicy) + * + * ## Example Usage + * + */ +@ResourceType(type="gcp:accesscontextmanager/servicePerimeterDryRunIngressPolicy:ServicePerimeterDryRunIngressPolicy") +public class ServicePerimeterDryRunIngressPolicy extends com.pulumi.resources.CustomResource { + /** + * Defines the conditions on the source of a request causing this `IngressPolicy` + * to apply. + * Structure is documented below. + * + */ + @Export(name="ingressFrom", refs={ServicePerimeterDryRunIngressPolicyIngressFrom.class}, tree="[0]") + private Output ingressFrom; + + /** + * @return Defines the conditions on the source of a request causing this `IngressPolicy` + * to apply. + * Structure is documented below. + * + */ + public Output> ingressFrom() { + return Codegen.optional(this.ingressFrom); + } + /** + * Defines the conditions on the `ApiOperation` and request destination that cause + * this `IngressPolicy` to apply. + * Structure is documented below. + * + */ + @Export(name="ingressTo", refs={ServicePerimeterDryRunIngressPolicyIngressTo.class}, tree="[0]") + private Output ingressTo; + + /** + * @return Defines the conditions on the `ApiOperation` and request destination that cause + * this `IngressPolicy` to apply. + * Structure is documented below. + * + */ + public Output> ingressTo() { + return Codegen.optional(this.ingressTo); + } + /** + * The name of the Service Perimeter to add this resource to. + * + * *** + * + */ + @Export(name="perimeter", refs={String.class}, tree="[0]") + private Output perimeter; + + /** + * @return The name of the Service Perimeter to add this resource to. + * + * *** + * + */ + public Output perimeter() { + return this.perimeter; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public ServicePerimeterDryRunIngressPolicy(java.lang.String name) { + this(name, ServicePerimeterDryRunIngressPolicyArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public ServicePerimeterDryRunIngressPolicy(java.lang.String name, ServicePerimeterDryRunIngressPolicyArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public ServicePerimeterDryRunIngressPolicy(java.lang.String name, ServicePerimeterDryRunIngressPolicyArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:accesscontextmanager/servicePerimeterDryRunIngressPolicy:ServicePerimeterDryRunIngressPolicy", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false); + } + + private ServicePerimeterDryRunIngressPolicy(java.lang.String name, Output id, @Nullable ServicePerimeterDryRunIngressPolicyState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:accesscontextmanager/servicePerimeterDryRunIngressPolicy:ServicePerimeterDryRunIngressPolicy", name, state, makeResourceOptions(options, id), false); + } + + private static ServicePerimeterDryRunIngressPolicyArgs makeArgs(ServicePerimeterDryRunIngressPolicyArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + if (options != null && options.getUrn().isPresent()) { + return null; + } + return args == null ? ServicePerimeterDryRunIngressPolicyArgs.Empty : args; + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static ServicePerimeterDryRunIngressPolicy get(java.lang.String name, Output id, @Nullable ServicePerimeterDryRunIngressPolicyState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new ServicePerimeterDryRunIngressPolicy(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeterDryRunIngressPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeterDryRunIngressPolicyArgs.java new file mode 100644 index 0000000000..4b5e96061b --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeterDryRunIngressPolicyArgs.java @@ -0,0 +1,187 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterDryRunIngressPolicyIngressFromArgs; +import com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterDryRunIngressPolicyIngressToArgs; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class ServicePerimeterDryRunIngressPolicyArgs extends com.pulumi.resources.ResourceArgs { + + public static final ServicePerimeterDryRunIngressPolicyArgs Empty = new ServicePerimeterDryRunIngressPolicyArgs(); + + /** + * Defines the conditions on the source of a request causing this `IngressPolicy` + * to apply. + * Structure is documented below. + * + */ + @Import(name="ingressFrom") + private @Nullable Output ingressFrom; + + /** + * @return Defines the conditions on the source of a request causing this `IngressPolicy` + * to apply. + * Structure is documented below. + * + */ + public Optional> ingressFrom() { + return Optional.ofNullable(this.ingressFrom); + } + + /** + * Defines the conditions on the `ApiOperation` and request destination that cause + * this `IngressPolicy` to apply. + * Structure is documented below. + * + */ + @Import(name="ingressTo") + private @Nullable Output ingressTo; + + /** + * @return Defines the conditions on the `ApiOperation` and request destination that cause + * this `IngressPolicy` to apply. + * Structure is documented below. + * + */ + public Optional> ingressTo() { + return Optional.ofNullable(this.ingressTo); + } + + /** + * The name of the Service Perimeter to add this resource to. + * + * *** + * + */ + @Import(name="perimeter", required=true) + private Output perimeter; + + /** + * @return The name of the Service Perimeter to add this resource to. + * + * *** + * + */ + public Output perimeter() { + return this.perimeter; + } + + private ServicePerimeterDryRunIngressPolicyArgs() {} + + private ServicePerimeterDryRunIngressPolicyArgs(ServicePerimeterDryRunIngressPolicyArgs $) { + this.ingressFrom = $.ingressFrom; + this.ingressTo = $.ingressTo; + this.perimeter = $.perimeter; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(ServicePerimeterDryRunIngressPolicyArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private ServicePerimeterDryRunIngressPolicyArgs $; + + public Builder() { + $ = new ServicePerimeterDryRunIngressPolicyArgs(); + } + + public Builder(ServicePerimeterDryRunIngressPolicyArgs defaults) { + $ = new ServicePerimeterDryRunIngressPolicyArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param ingressFrom Defines the conditions on the source of a request causing this `IngressPolicy` + * to apply. + * Structure is documented below. + * + * @return builder + * + */ + public Builder ingressFrom(@Nullable Output ingressFrom) { + $.ingressFrom = ingressFrom; + return this; + } + + /** + * @param ingressFrom Defines the conditions on the source of a request causing this `IngressPolicy` + * to apply. + * Structure is documented below. + * + * @return builder + * + */ + public Builder ingressFrom(ServicePerimeterDryRunIngressPolicyIngressFromArgs ingressFrom) { + return ingressFrom(Output.of(ingressFrom)); + } + + /** + * @param ingressTo Defines the conditions on the `ApiOperation` and request destination that cause + * this `IngressPolicy` to apply. + * Structure is documented below. + * + * @return builder + * + */ + public Builder ingressTo(@Nullable Output ingressTo) { + $.ingressTo = ingressTo; + return this; + } + + /** + * @param ingressTo Defines the conditions on the `ApiOperation` and request destination that cause + * this `IngressPolicy` to apply. + * Structure is documented below. + * + * @return builder + * + */ + public Builder ingressTo(ServicePerimeterDryRunIngressPolicyIngressToArgs ingressTo) { + return ingressTo(Output.of(ingressTo)); + } + + /** + * @param perimeter The name of the Service Perimeter to add this resource to. + * + * *** + * + * @return builder + * + */ + public Builder perimeter(Output perimeter) { + $.perimeter = perimeter; + return this; + } + + /** + * @param perimeter The name of the Service Perimeter to add this resource to. + * + * *** + * + * @return builder + * + */ + public Builder perimeter(String perimeter) { + return perimeter(Output.of(perimeter)); + } + + public ServicePerimeterDryRunIngressPolicyArgs build() { + if ($.perimeter == null) { + throw new MissingRequiredPropertyException("ServicePerimeterDryRunIngressPolicyArgs", "perimeter"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeterEgressPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeterEgressPolicy.java index 774a6a3079..988817e559 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeterEgressPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeterEgressPolicy.java @@ -17,6 +17,7 @@ import javax.annotation.Nullable; /** + * Manage a single EgressPolicy in the status (enforced) configuration for a service perimeter. * EgressPolicies match requests based on egressFrom and egressTo stanzas. * For an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched. * If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter @@ -35,18 +36,6 @@ * * ## Example Usage * - * ## Import - * - * ServicePerimeterEgressPolicy can be imported using any of these accepted formats: - * - * * `{{perimeter}}` - * - * When using the `pulumi import` command, ServicePerimeterEgressPolicy can be imported using one of the formats above. For example: - * - * ```sh - * $ pulumi import gcp:accesscontextmanager/servicePerimeterEgressPolicy:ServicePerimeterEgressPolicy default {{perimeter}} - * ``` - * */ @ResourceType(type="gcp:accesscontextmanager/servicePerimeterEgressPolicy:ServicePerimeterEgressPolicy") public class ServicePerimeterEgressPolicy extends com.pulumi.resources.CustomResource { diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeterIngressPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeterIngressPolicy.java index 559ca20f85..d0bebf0813 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeterIngressPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeterIngressPolicy.java @@ -17,6 +17,7 @@ import javax.annotation.Nullable; /** + * Manage a single IngressPolicy in the status (enforced) configuration for a service perimeter. * IngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match, * both the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request, * the request is allowed through the perimeter boundary from outside the perimeter. @@ -36,18 +37,6 @@ * * ## Example Usage * - * ## Import - * - * ServicePerimeterIngressPolicy can be imported using any of these accepted formats: - * - * * `{{perimeter}}` - * - * When using the `pulumi import` command, ServicePerimeterIngressPolicy can be imported using one of the formats above. For example: - * - * ```sh - * $ pulumi import gcp:accesscontextmanager/servicePerimeterIngressPolicy:ServicePerimeterIngressPolicy default {{perimeter}} - * ``` - * */ @ResourceType(type="gcp:accesscontextmanager/servicePerimeterIngressPolicy:ServicePerimeterIngressPolicy") public class ServicePerimeterIngressPolicy extends com.pulumi.resources.CustomResource { diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunEgressPolicyEgressFromArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunEgressPolicyEgressFromArgs.java new file mode 100644 index 0000000000..63a298098f --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunEgressPolicyEgressFromArgs.java @@ -0,0 +1,247 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class ServicePerimeterDryRunEgressPolicyEgressFromArgs extends com.pulumi.resources.ResourceArgs { + + public static final ServicePerimeterDryRunEgressPolicyEgressFromArgs Empty = new ServicePerimeterDryRunEgressPolicyEgressFromArgs(); + + /** + * A list of identities that are allowed access through this `EgressPolicy`. + * Should be in the format of email address. The email address should + * represent individual user or service account only. + * + */ + @Import(name="identities") + private @Nullable Output> identities; + + /** + * @return A list of identities that are allowed access through this `EgressPolicy`. + * Should be in the format of email address. The email address should + * represent individual user or service account only. + * + */ + public Optional>> identities() { + return Optional.ofNullable(this.identities); + } + + /** + * Specifies the type of identities that are allowed access to outside the + * perimeter. If left unspecified, then members of `identities` field will + * be allowed access. + * Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + * + */ + @Import(name="identityType") + private @Nullable Output identityType; + + /** + * @return Specifies the type of identities that are allowed access to outside the + * perimeter. If left unspecified, then members of `identities` field will + * be allowed access. + * Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + * + */ + public Optional> identityType() { + return Optional.ofNullable(this.identityType); + } + + /** + * Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. + * Possible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`. + * + */ + @Import(name="sourceRestriction") + private @Nullable Output sourceRestriction; + + /** + * @return Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. + * Possible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`. + * + */ + public Optional> sourceRestriction() { + return Optional.ofNullable(this.sourceRestriction); + } + + /** + * Sources that this EgressPolicy authorizes access from. + * Structure is documented below. + * + */ + @Import(name="sources") + private @Nullable Output> sources; + + /** + * @return Sources that this EgressPolicy authorizes access from. + * Structure is documented below. + * + */ + public Optional>> sources() { + return Optional.ofNullable(this.sources); + } + + private ServicePerimeterDryRunEgressPolicyEgressFromArgs() {} + + private ServicePerimeterDryRunEgressPolicyEgressFromArgs(ServicePerimeterDryRunEgressPolicyEgressFromArgs $) { + this.identities = $.identities; + this.identityType = $.identityType; + this.sourceRestriction = $.sourceRestriction; + this.sources = $.sources; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(ServicePerimeterDryRunEgressPolicyEgressFromArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private ServicePerimeterDryRunEgressPolicyEgressFromArgs $; + + public Builder() { + $ = new ServicePerimeterDryRunEgressPolicyEgressFromArgs(); + } + + public Builder(ServicePerimeterDryRunEgressPolicyEgressFromArgs defaults) { + $ = new ServicePerimeterDryRunEgressPolicyEgressFromArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param identities A list of identities that are allowed access through this `EgressPolicy`. + * Should be in the format of email address. The email address should + * represent individual user or service account only. + * + * @return builder + * + */ + public Builder identities(@Nullable Output> identities) { + $.identities = identities; + return this; + } + + /** + * @param identities A list of identities that are allowed access through this `EgressPolicy`. + * Should be in the format of email address. The email address should + * represent individual user or service account only. + * + * @return builder + * + */ + public Builder identities(List identities) { + return identities(Output.of(identities)); + } + + /** + * @param identities A list of identities that are allowed access through this `EgressPolicy`. + * Should be in the format of email address. The email address should + * represent individual user or service account only. + * + * @return builder + * + */ + public Builder identities(String... identities) { + return identities(List.of(identities)); + } + + /** + * @param identityType Specifies the type of identities that are allowed access to outside the + * perimeter. If left unspecified, then members of `identities` field will + * be allowed access. + * Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + * + * @return builder + * + */ + public Builder identityType(@Nullable Output identityType) { + $.identityType = identityType; + return this; + } + + /** + * @param identityType Specifies the type of identities that are allowed access to outside the + * perimeter. If left unspecified, then members of `identities` field will + * be allowed access. + * Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + * + * @return builder + * + */ + public Builder identityType(String identityType) { + return identityType(Output.of(identityType)); + } + + /** + * @param sourceRestriction Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. + * Possible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`. + * + * @return builder + * + */ + public Builder sourceRestriction(@Nullable Output sourceRestriction) { + $.sourceRestriction = sourceRestriction; + return this; + } + + /** + * @param sourceRestriction Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. + * Possible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`. + * + * @return builder + * + */ + public Builder sourceRestriction(String sourceRestriction) { + return sourceRestriction(Output.of(sourceRestriction)); + } + + /** + * @param sources Sources that this EgressPolicy authorizes access from. + * Structure is documented below. + * + * @return builder + * + */ + public Builder sources(@Nullable Output> sources) { + $.sources = sources; + return this; + } + + /** + * @param sources Sources that this EgressPolicy authorizes access from. + * Structure is documented below. + * + * @return builder + * + */ + public Builder sources(List sources) { + return sources(Output.of(sources)); + } + + /** + * @param sources Sources that this EgressPolicy authorizes access from. + * Structure is documented below. + * + * @return builder + * + */ + public Builder sources(ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs... sources) { + return sources(List.of(sources)); + } + + public ServicePerimeterDryRunEgressPolicyEgressFromArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs.java new file mode 100644 index 0000000000..af4f8cdc97 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs.java @@ -0,0 +1,83 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs extends com.pulumi.resources.ResourceArgs { + + public static final ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs Empty = new ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs(); + + /** + * An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside. + * + */ + @Import(name="accessLevel") + private @Nullable Output accessLevel; + + /** + * @return An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside. + * + */ + public Optional> accessLevel() { + return Optional.ofNullable(this.accessLevel); + } + + private ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs() {} + + private ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs(ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs $) { + this.accessLevel = $.accessLevel; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs $; + + public Builder() { + $ = new ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs(); + } + + public Builder(ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs defaults) { + $ = new ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param accessLevel An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside. + * + * @return builder + * + */ + public Builder accessLevel(@Nullable Output accessLevel) { + $.accessLevel = accessLevel; + return this; + } + + /** + * @param accessLevel An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside. + * + * @return builder + * + */ + public Builder accessLevel(String accessLevel) { + return accessLevel(Output.of(accessLevel)); + } + + public ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunEgressPolicyEgressToArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunEgressPolicyEgressToArgs.java new file mode 100644 index 0000000000..c6551434b1 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunEgressPolicyEgressToArgs.java @@ -0,0 +1,229 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterDryRunEgressPolicyEgressToOperationArgs; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class ServicePerimeterDryRunEgressPolicyEgressToArgs extends com.pulumi.resources.ResourceArgs { + + public static final ServicePerimeterDryRunEgressPolicyEgressToArgs Empty = new ServicePerimeterDryRunEgressPolicyEgressToArgs(); + + /** + * A list of external resources that are allowed to be accessed. A request + * matches if it contains an external resource in this list (Example: + * s3://bucket/path). Currently '*' is not allowed. + * + */ + @Import(name="externalResources") + private @Nullable Output> externalResources; + + /** + * @return A list of external resources that are allowed to be accessed. A request + * matches if it contains an external resource in this list (Example: + * s3://bucket/path). Currently '*' is not allowed. + * + */ + public Optional>> externalResources() { + return Optional.ofNullable(this.externalResources); + } + + /** + * A list of `ApiOperations` that this egress rule applies to. A request matches + * if it contains an operation/service in this list. + * Structure is documented below. + * + */ + @Import(name="operations") + private @Nullable Output> operations; + + /** + * @return A list of `ApiOperations` that this egress rule applies to. A request matches + * if it contains an operation/service in this list. + * Structure is documented below. + * + */ + public Optional>> operations() { + return Optional.ofNullable(this.operations); + } + + /** + * A list of resources, currently only projects in the form + * `projects/<projectnumber>`, that match this to stanza. A request matches + * if it contains a resource in this list. If * is specified for resources, + * then this `EgressTo` rule will authorize access to all resources outside + * the perimeter. + * + */ + @Import(name="resources") + private @Nullable Output> resources; + + /** + * @return A list of resources, currently only projects in the form + * `projects/<projectnumber>`, that match this to stanza. A request matches + * if it contains a resource in this list. If * is specified for resources, + * then this `EgressTo` rule will authorize access to all resources outside + * the perimeter. + * + */ + public Optional>> resources() { + return Optional.ofNullable(this.resources); + } + + private ServicePerimeterDryRunEgressPolicyEgressToArgs() {} + + private ServicePerimeterDryRunEgressPolicyEgressToArgs(ServicePerimeterDryRunEgressPolicyEgressToArgs $) { + this.externalResources = $.externalResources; + this.operations = $.operations; + this.resources = $.resources; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(ServicePerimeterDryRunEgressPolicyEgressToArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private ServicePerimeterDryRunEgressPolicyEgressToArgs $; + + public Builder() { + $ = new ServicePerimeterDryRunEgressPolicyEgressToArgs(); + } + + public Builder(ServicePerimeterDryRunEgressPolicyEgressToArgs defaults) { + $ = new ServicePerimeterDryRunEgressPolicyEgressToArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param externalResources A list of external resources that are allowed to be accessed. A request + * matches if it contains an external resource in this list (Example: + * s3://bucket/path). Currently '*' is not allowed. + * + * @return builder + * + */ + public Builder externalResources(@Nullable Output> externalResources) { + $.externalResources = externalResources; + return this; + } + + /** + * @param externalResources A list of external resources that are allowed to be accessed. A request + * matches if it contains an external resource in this list (Example: + * s3://bucket/path). Currently '*' is not allowed. + * + * @return builder + * + */ + public Builder externalResources(List externalResources) { + return externalResources(Output.of(externalResources)); + } + + /** + * @param externalResources A list of external resources that are allowed to be accessed. A request + * matches if it contains an external resource in this list (Example: + * s3://bucket/path). Currently '*' is not allowed. + * + * @return builder + * + */ + public Builder externalResources(String... externalResources) { + return externalResources(List.of(externalResources)); + } + + /** + * @param operations A list of `ApiOperations` that this egress rule applies to. A request matches + * if it contains an operation/service in this list. + * Structure is documented below. + * + * @return builder + * + */ + public Builder operations(@Nullable Output> operations) { + $.operations = operations; + return this; + } + + /** + * @param operations A list of `ApiOperations` that this egress rule applies to. A request matches + * if it contains an operation/service in this list. + * Structure is documented below. + * + * @return builder + * + */ + public Builder operations(List operations) { + return operations(Output.of(operations)); + } + + /** + * @param operations A list of `ApiOperations` that this egress rule applies to. A request matches + * if it contains an operation/service in this list. + * Structure is documented below. + * + * @return builder + * + */ + public Builder operations(ServicePerimeterDryRunEgressPolicyEgressToOperationArgs... operations) { + return operations(List.of(operations)); + } + + /** + * @param resources A list of resources, currently only projects in the form + * `projects/<projectnumber>`, that match this to stanza. A request matches + * if it contains a resource in this list. If * is specified for resources, + * then this `EgressTo` rule will authorize access to all resources outside + * the perimeter. + * + * @return builder + * + */ + public Builder resources(@Nullable Output> resources) { + $.resources = resources; + return this; + } + + /** + * @param resources A list of resources, currently only projects in the form + * `projects/<projectnumber>`, that match this to stanza. A request matches + * if it contains a resource in this list. If * is specified for resources, + * then this `EgressTo` rule will authorize access to all resources outside + * the perimeter. + * + * @return builder + * + */ + public Builder resources(List resources) { + return resources(Output.of(resources)); + } + + /** + * @param resources A list of resources, currently only projects in the form + * `projects/<projectnumber>`, that match this to stanza. A request matches + * if it contains a resource in this list. If * is specified for resources, + * then this `EgressTo` rule will authorize access to all resources outside + * the perimeter. + * + * @return builder + * + */ + public Builder resources(String... resources) { + return resources(List.of(resources)); + } + + public ServicePerimeterDryRunEgressPolicyEgressToArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunEgressPolicyEgressToOperationArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunEgressPolicyEgressToOperationArgs.java new file mode 100644 index 0000000000..0f6e238923 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunEgressPolicyEgressToOperationArgs.java @@ -0,0 +1,160 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class ServicePerimeterDryRunEgressPolicyEgressToOperationArgs extends com.pulumi.resources.ResourceArgs { + + public static final ServicePerimeterDryRunEgressPolicyEgressToOperationArgs Empty = new ServicePerimeterDryRunEgressPolicyEgressToOperationArgs(); + + /** + * API methods or permissions to allow. Method or permission must belong + * to the service specified by `serviceName` field. A single MethodSelector + * entry with `*` specified for the `method` field will allow all methods + * AND permissions for the service specified in `serviceName`. + * Structure is documented below. + * + */ + @Import(name="methodSelectors") + private @Nullable Output> methodSelectors; + + /** + * @return API methods or permissions to allow. Method or permission must belong + * to the service specified by `serviceName` field. A single MethodSelector + * entry with `*` specified for the `method` field will allow all methods + * AND permissions for the service specified in `serviceName`. + * Structure is documented below. + * + */ + public Optional>> methodSelectors() { + return Optional.ofNullable(this.methodSelectors); + } + + /** + * The name of the API whose methods or permissions the `IngressPolicy` or + * `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + * field set to `*` will allow all methods AND permissions for all services. + * + */ + @Import(name="serviceName") + private @Nullable Output serviceName; + + /** + * @return The name of the API whose methods or permissions the `IngressPolicy` or + * `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + * field set to `*` will allow all methods AND permissions for all services. + * + */ + public Optional> serviceName() { + return Optional.ofNullable(this.serviceName); + } + + private ServicePerimeterDryRunEgressPolicyEgressToOperationArgs() {} + + private ServicePerimeterDryRunEgressPolicyEgressToOperationArgs(ServicePerimeterDryRunEgressPolicyEgressToOperationArgs $) { + this.methodSelectors = $.methodSelectors; + this.serviceName = $.serviceName; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(ServicePerimeterDryRunEgressPolicyEgressToOperationArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private ServicePerimeterDryRunEgressPolicyEgressToOperationArgs $; + + public Builder() { + $ = new ServicePerimeterDryRunEgressPolicyEgressToOperationArgs(); + } + + public Builder(ServicePerimeterDryRunEgressPolicyEgressToOperationArgs defaults) { + $ = new ServicePerimeterDryRunEgressPolicyEgressToOperationArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param methodSelectors API methods or permissions to allow. Method or permission must belong + * to the service specified by `serviceName` field. A single MethodSelector + * entry with `*` specified for the `method` field will allow all methods + * AND permissions for the service specified in `serviceName`. + * Structure is documented below. + * + * @return builder + * + */ + public Builder methodSelectors(@Nullable Output> methodSelectors) { + $.methodSelectors = methodSelectors; + return this; + } + + /** + * @param methodSelectors API methods or permissions to allow. Method or permission must belong + * to the service specified by `serviceName` field. A single MethodSelector + * entry with `*` specified for the `method` field will allow all methods + * AND permissions for the service specified in `serviceName`. + * Structure is documented below. + * + * @return builder + * + */ + public Builder methodSelectors(List methodSelectors) { + return methodSelectors(Output.of(methodSelectors)); + } + + /** + * @param methodSelectors API methods or permissions to allow. Method or permission must belong + * to the service specified by `serviceName` field. A single MethodSelector + * entry with `*` specified for the `method` field will allow all methods + * AND permissions for the service specified in `serviceName`. + * Structure is documented below. + * + * @return builder + * + */ + public Builder methodSelectors(ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs... methodSelectors) { + return methodSelectors(List.of(methodSelectors)); + } + + /** + * @param serviceName The name of the API whose methods or permissions the `IngressPolicy` or + * `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + * field set to `*` will allow all methods AND permissions for all services. + * + * @return builder + * + */ + public Builder serviceName(@Nullable Output serviceName) { + $.serviceName = serviceName; + return this; + } + + /** + * @param serviceName The name of the API whose methods or permissions the `IngressPolicy` or + * `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + * field set to `*` will allow all methods AND permissions for all services. + * + * @return builder + * + */ + public Builder serviceName(String serviceName) { + return serviceName(Output.of(serviceName)); + } + + public ServicePerimeterDryRunEgressPolicyEgressToOperationArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs.java new file mode 100644 index 0000000000..4a1b4e83f1 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs.java @@ -0,0 +1,132 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs extends com.pulumi.resources.ResourceArgs { + + public static final ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs Empty = new ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs(); + + /** + * Value for `method` should be a valid method name for the corresponding + * `serviceName` in `ApiOperation`. If `*` used as value for method, + * then ALL methods and permissions are allowed. + * + */ + @Import(name="method") + private @Nullable Output method; + + /** + * @return Value for `method` should be a valid method name for the corresponding + * `serviceName` in `ApiOperation`. If `*` used as value for method, + * then ALL methods and permissions are allowed. + * + */ + public Optional> method() { + return Optional.ofNullable(this.method); + } + + /** + * Value for permission should be a valid Cloud IAM permission for the + * corresponding `serviceName` in `ApiOperation`. + * + */ + @Import(name="permission") + private @Nullable Output permission; + + /** + * @return Value for permission should be a valid Cloud IAM permission for the + * corresponding `serviceName` in `ApiOperation`. + * + */ + public Optional> permission() { + return Optional.ofNullable(this.permission); + } + + private ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs() {} + + private ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs(ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs $) { + this.method = $.method; + this.permission = $.permission; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs $; + + public Builder() { + $ = new ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs(); + } + + public Builder(ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs defaults) { + $ = new ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param method Value for `method` should be a valid method name for the corresponding + * `serviceName` in `ApiOperation`. If `*` used as value for method, + * then ALL methods and permissions are allowed. + * + * @return builder + * + */ + public Builder method(@Nullable Output method) { + $.method = method; + return this; + } + + /** + * @param method Value for `method` should be a valid method name for the corresponding + * `serviceName` in `ApiOperation`. If `*` used as value for method, + * then ALL methods and permissions are allowed. + * + * @return builder + * + */ + public Builder method(String method) { + return method(Output.of(method)); + } + + /** + * @param permission Value for permission should be a valid Cloud IAM permission for the + * corresponding `serviceName` in `ApiOperation`. + * + * @return builder + * + */ + public Builder permission(@Nullable Output permission) { + $.permission = permission; + return this; + } + + /** + * @param permission Value for permission should be a valid Cloud IAM permission for the + * corresponding `serviceName` in `ApiOperation`. + * + * @return builder + * + */ + public Builder permission(String permission) { + return permission(Output.of(permission)); + } + + public ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunEgressPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunEgressPolicyState.java new file mode 100644 index 0000000000..765d38fffc --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunEgressPolicyState.java @@ -0,0 +1,179 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterDryRunEgressPolicyEgressFromArgs; +import com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterDryRunEgressPolicyEgressToArgs; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class ServicePerimeterDryRunEgressPolicyState extends com.pulumi.resources.ResourceArgs { + + public static final ServicePerimeterDryRunEgressPolicyState Empty = new ServicePerimeterDryRunEgressPolicyState(); + + /** + * Defines conditions on the source of a request causing this `EgressPolicy` to apply. + * Structure is documented below. + * + */ + @Import(name="egressFrom") + private @Nullable Output egressFrom; + + /** + * @return Defines conditions on the source of a request causing this `EgressPolicy` to apply. + * Structure is documented below. + * + */ + public Optional> egressFrom() { + return Optional.ofNullable(this.egressFrom); + } + + /** + * Defines the conditions on the `ApiOperation` and destination resources that + * cause this `EgressPolicy` to apply. + * Structure is documented below. + * + */ + @Import(name="egressTo") + private @Nullable Output egressTo; + + /** + * @return Defines the conditions on the `ApiOperation` and destination resources that + * cause this `EgressPolicy` to apply. + * Structure is documented below. + * + */ + public Optional> egressTo() { + return Optional.ofNullable(this.egressTo); + } + + /** + * The name of the Service Perimeter to add this resource to. + * + * *** + * + */ + @Import(name="perimeter") + private @Nullable Output perimeter; + + /** + * @return The name of the Service Perimeter to add this resource to. + * + * *** + * + */ + public Optional> perimeter() { + return Optional.ofNullable(this.perimeter); + } + + private ServicePerimeterDryRunEgressPolicyState() {} + + private ServicePerimeterDryRunEgressPolicyState(ServicePerimeterDryRunEgressPolicyState $) { + this.egressFrom = $.egressFrom; + this.egressTo = $.egressTo; + this.perimeter = $.perimeter; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(ServicePerimeterDryRunEgressPolicyState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private ServicePerimeterDryRunEgressPolicyState $; + + public Builder() { + $ = new ServicePerimeterDryRunEgressPolicyState(); + } + + public Builder(ServicePerimeterDryRunEgressPolicyState defaults) { + $ = new ServicePerimeterDryRunEgressPolicyState(Objects.requireNonNull(defaults)); + } + + /** + * @param egressFrom Defines conditions on the source of a request causing this `EgressPolicy` to apply. + * Structure is documented below. + * + * @return builder + * + */ + public Builder egressFrom(@Nullable Output egressFrom) { + $.egressFrom = egressFrom; + return this; + } + + /** + * @param egressFrom Defines conditions on the source of a request causing this `EgressPolicy` to apply. + * Structure is documented below. + * + * @return builder + * + */ + public Builder egressFrom(ServicePerimeterDryRunEgressPolicyEgressFromArgs egressFrom) { + return egressFrom(Output.of(egressFrom)); + } + + /** + * @param egressTo Defines the conditions on the `ApiOperation` and destination resources that + * cause this `EgressPolicy` to apply. + * Structure is documented below. + * + * @return builder + * + */ + public Builder egressTo(@Nullable Output egressTo) { + $.egressTo = egressTo; + return this; + } + + /** + * @param egressTo Defines the conditions on the `ApiOperation` and destination resources that + * cause this `EgressPolicy` to apply. + * Structure is documented below. + * + * @return builder + * + */ + public Builder egressTo(ServicePerimeterDryRunEgressPolicyEgressToArgs egressTo) { + return egressTo(Output.of(egressTo)); + } + + /** + * @param perimeter The name of the Service Perimeter to add this resource to. + * + * *** + * + * @return builder + * + */ + public Builder perimeter(@Nullable Output perimeter) { + $.perimeter = perimeter; + return this; + } + + /** + * @param perimeter The name of the Service Perimeter to add this resource to. + * + * *** + * + * @return builder + * + */ + public Builder perimeter(String perimeter) { + return perimeter(Output.of(perimeter)); + } + + public ServicePerimeterDryRunEgressPolicyState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunIngressPolicyIngressFromArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunIngressPolicyIngressFromArgs.java new file mode 100644 index 0000000000..70566746b8 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunIngressPolicyIngressFromArgs.java @@ -0,0 +1,206 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class ServicePerimeterDryRunIngressPolicyIngressFromArgs extends com.pulumi.resources.ResourceArgs { + + public static final ServicePerimeterDryRunIngressPolicyIngressFromArgs Empty = new ServicePerimeterDryRunIngressPolicyIngressFromArgs(); + + /** + * A list of identities that are allowed access through this ingress policy. + * Should be in the format of email address. The email address should represent + * individual user or service account only. + * + */ + @Import(name="identities") + private @Nullable Output> identities; + + /** + * @return A list of identities that are allowed access through this ingress policy. + * Should be in the format of email address. The email address should represent + * individual user or service account only. + * + */ + public Optional>> identities() { + return Optional.ofNullable(this.identities); + } + + /** + * Specifies the type of identities that are allowed access from outside the + * perimeter. If left unspecified, then members of `identities` field will be + * allowed access. + * Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + * + */ + @Import(name="identityType") + private @Nullable Output identityType; + + /** + * @return Specifies the type of identities that are allowed access from outside the + * perimeter. If left unspecified, then members of `identities` field will be + * allowed access. + * Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + * + */ + public Optional> identityType() { + return Optional.ofNullable(this.identityType); + } + + /** + * Sources that this `IngressPolicy` authorizes access from. + * Structure is documented below. + * + */ + @Import(name="sources") + private @Nullable Output> sources; + + /** + * @return Sources that this `IngressPolicy` authorizes access from. + * Structure is documented below. + * + */ + public Optional>> sources() { + return Optional.ofNullable(this.sources); + } + + private ServicePerimeterDryRunIngressPolicyIngressFromArgs() {} + + private ServicePerimeterDryRunIngressPolicyIngressFromArgs(ServicePerimeterDryRunIngressPolicyIngressFromArgs $) { + this.identities = $.identities; + this.identityType = $.identityType; + this.sources = $.sources; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(ServicePerimeterDryRunIngressPolicyIngressFromArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private ServicePerimeterDryRunIngressPolicyIngressFromArgs $; + + public Builder() { + $ = new ServicePerimeterDryRunIngressPolicyIngressFromArgs(); + } + + public Builder(ServicePerimeterDryRunIngressPolicyIngressFromArgs defaults) { + $ = new ServicePerimeterDryRunIngressPolicyIngressFromArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param identities A list of identities that are allowed access through this ingress policy. + * Should be in the format of email address. The email address should represent + * individual user or service account only. + * + * @return builder + * + */ + public Builder identities(@Nullable Output> identities) { + $.identities = identities; + return this; + } + + /** + * @param identities A list of identities that are allowed access through this ingress policy. + * Should be in the format of email address. The email address should represent + * individual user or service account only. + * + * @return builder + * + */ + public Builder identities(List identities) { + return identities(Output.of(identities)); + } + + /** + * @param identities A list of identities that are allowed access through this ingress policy. + * Should be in the format of email address. The email address should represent + * individual user or service account only. + * + * @return builder + * + */ + public Builder identities(String... identities) { + return identities(List.of(identities)); + } + + /** + * @param identityType Specifies the type of identities that are allowed access from outside the + * perimeter. If left unspecified, then members of `identities` field will be + * allowed access. + * Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + * + * @return builder + * + */ + public Builder identityType(@Nullable Output identityType) { + $.identityType = identityType; + return this; + } + + /** + * @param identityType Specifies the type of identities that are allowed access from outside the + * perimeter. If left unspecified, then members of `identities` field will be + * allowed access. + * Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + * + * @return builder + * + */ + public Builder identityType(String identityType) { + return identityType(Output.of(identityType)); + } + + /** + * @param sources Sources that this `IngressPolicy` authorizes access from. + * Structure is documented below. + * + * @return builder + * + */ + public Builder sources(@Nullable Output> sources) { + $.sources = sources; + return this; + } + + /** + * @param sources Sources that this `IngressPolicy` authorizes access from. + * Structure is documented below. + * + * @return builder + * + */ + public Builder sources(List sources) { + return sources(Output.of(sources)); + } + + /** + * @param sources Sources that this `IngressPolicy` authorizes access from. + * Structure is documented below. + * + * @return builder + * + */ + public Builder sources(ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs... sources) { + return sources(List.of(sources)); + } + + public ServicePerimeterDryRunIngressPolicyIngressFromArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs.java new file mode 100644 index 0000000000..067c2e8023 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs.java @@ -0,0 +1,168 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs extends com.pulumi.resources.ResourceArgs { + + public static final ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs Empty = new ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs(); + + /** + * An `AccessLevel` resource name that allow resources within the + * `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + * must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + * `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + * resources within the perimeter can only be accessed via Google Cloud calls + * with request origins within the perimeter. + * Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + * If * is specified, then all IngressSources will be allowed. + * + */ + @Import(name="accessLevel") + private @Nullable Output accessLevel; + + /** + * @return An `AccessLevel` resource name that allow resources within the + * `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + * must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + * `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + * resources within the perimeter can only be accessed via Google Cloud calls + * with request origins within the perimeter. + * Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + * If * is specified, then all IngressSources will be allowed. + * + */ + public Optional> accessLevel() { + return Optional.ofNullable(this.accessLevel); + } + + /** + * A Google Cloud resource that is allowed to ingress the perimeter. + * Requests from these resources will be allowed to access perimeter data. + * Currently only projects are allowed. Format `projects/{project_number}` + * The project may be in any Google Cloud organization, not just the + * organization that the perimeter is defined in. `*` is not allowed, the case + * of allowing all Google Cloud resources only is not supported. + * + */ + @Import(name="resource") + private @Nullable Output resource; + + /** + * @return A Google Cloud resource that is allowed to ingress the perimeter. + * Requests from these resources will be allowed to access perimeter data. + * Currently only projects are allowed. Format `projects/{project_number}` + * The project may be in any Google Cloud organization, not just the + * organization that the perimeter is defined in. `*` is not allowed, the case + * of allowing all Google Cloud resources only is not supported. + * + */ + public Optional> resource() { + return Optional.ofNullable(this.resource); + } + + private ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs() {} + + private ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs(ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs $) { + this.accessLevel = $.accessLevel; + this.resource = $.resource; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs $; + + public Builder() { + $ = new ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs(); + } + + public Builder(ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs defaults) { + $ = new ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param accessLevel An `AccessLevel` resource name that allow resources within the + * `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + * must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + * `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + * resources within the perimeter can only be accessed via Google Cloud calls + * with request origins within the perimeter. + * Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + * If * is specified, then all IngressSources will be allowed. + * + * @return builder + * + */ + public Builder accessLevel(@Nullable Output accessLevel) { + $.accessLevel = accessLevel; + return this; + } + + /** + * @param accessLevel An `AccessLevel` resource name that allow resources within the + * `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + * must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + * `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + * resources within the perimeter can only be accessed via Google Cloud calls + * with request origins within the perimeter. + * Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + * If * is specified, then all IngressSources will be allowed. + * + * @return builder + * + */ + public Builder accessLevel(String accessLevel) { + return accessLevel(Output.of(accessLevel)); + } + + /** + * @param resource A Google Cloud resource that is allowed to ingress the perimeter. + * Requests from these resources will be allowed to access perimeter data. + * Currently only projects are allowed. Format `projects/{project_number}` + * The project may be in any Google Cloud organization, not just the + * organization that the perimeter is defined in. `*` is not allowed, the case + * of allowing all Google Cloud resources only is not supported. + * + * @return builder + * + */ + public Builder resource(@Nullable Output resource) { + $.resource = resource; + return this; + } + + /** + * @param resource A Google Cloud resource that is allowed to ingress the perimeter. + * Requests from these resources will be allowed to access perimeter data. + * Currently only projects are allowed. Format `projects/{project_number}` + * The project may be in any Google Cloud organization, not just the + * organization that the perimeter is defined in. `*` is not allowed, the case + * of allowing all Google Cloud resources only is not supported. + * + * @return builder + * + */ + public Builder resource(String resource) { + return resource(Output.of(resource)); + } + + public ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunIngressPolicyIngressToArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunIngressPolicyIngressToArgs.java new file mode 100644 index 0000000000..1fe96e4edd --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunIngressPolicyIngressToArgs.java @@ -0,0 +1,187 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterDryRunIngressPolicyIngressToOperationArgs; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class ServicePerimeterDryRunIngressPolicyIngressToArgs extends com.pulumi.resources.ResourceArgs { + + public static final ServicePerimeterDryRunIngressPolicyIngressToArgs Empty = new ServicePerimeterDryRunIngressPolicyIngressToArgs(); + + /** + * A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + * are allowed to perform in this `ServicePerimeter`. + * Structure is documented below. + * + */ + @Import(name="operations") + private @Nullable Output> operations; + + /** + * @return A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + * are allowed to perform in this `ServicePerimeter`. + * Structure is documented below. + * + */ + public Optional>> operations() { + return Optional.ofNullable(this.operations); + } + + /** + * A list of resources, currently only projects in the form + * `projects/<projectnumber>`, protected by this `ServicePerimeter` + * that are allowed to be accessed by sources defined in the + * corresponding `IngressFrom`. A request matches if it contains + * a resource in this list. If `*` is specified for resources, + * then this `IngressTo` rule will authorize access to all + * resources inside the perimeter, provided that the request + * also matches the `operations` field. + * + */ + @Import(name="resources") + private @Nullable Output> resources; + + /** + * @return A list of resources, currently only projects in the form + * `projects/<projectnumber>`, protected by this `ServicePerimeter` + * that are allowed to be accessed by sources defined in the + * corresponding `IngressFrom`. A request matches if it contains + * a resource in this list. If `*` is specified for resources, + * then this `IngressTo` rule will authorize access to all + * resources inside the perimeter, provided that the request + * also matches the `operations` field. + * + */ + public Optional>> resources() { + return Optional.ofNullable(this.resources); + } + + private ServicePerimeterDryRunIngressPolicyIngressToArgs() {} + + private ServicePerimeterDryRunIngressPolicyIngressToArgs(ServicePerimeterDryRunIngressPolicyIngressToArgs $) { + this.operations = $.operations; + this.resources = $.resources; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(ServicePerimeterDryRunIngressPolicyIngressToArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private ServicePerimeterDryRunIngressPolicyIngressToArgs $; + + public Builder() { + $ = new ServicePerimeterDryRunIngressPolicyIngressToArgs(); + } + + public Builder(ServicePerimeterDryRunIngressPolicyIngressToArgs defaults) { + $ = new ServicePerimeterDryRunIngressPolicyIngressToArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param operations A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + * are allowed to perform in this `ServicePerimeter`. + * Structure is documented below. + * + * @return builder + * + */ + public Builder operations(@Nullable Output> operations) { + $.operations = operations; + return this; + } + + /** + * @param operations A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + * are allowed to perform in this `ServicePerimeter`. + * Structure is documented below. + * + * @return builder + * + */ + public Builder operations(List operations) { + return operations(Output.of(operations)); + } + + /** + * @param operations A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + * are allowed to perform in this `ServicePerimeter`. + * Structure is documented below. + * + * @return builder + * + */ + public Builder operations(ServicePerimeterDryRunIngressPolicyIngressToOperationArgs... operations) { + return operations(List.of(operations)); + } + + /** + * @param resources A list of resources, currently only projects in the form + * `projects/<projectnumber>`, protected by this `ServicePerimeter` + * that are allowed to be accessed by sources defined in the + * corresponding `IngressFrom`. A request matches if it contains + * a resource in this list. If `*` is specified for resources, + * then this `IngressTo` rule will authorize access to all + * resources inside the perimeter, provided that the request + * also matches the `operations` field. + * + * @return builder + * + */ + public Builder resources(@Nullable Output> resources) { + $.resources = resources; + return this; + } + + /** + * @param resources A list of resources, currently only projects in the form + * `projects/<projectnumber>`, protected by this `ServicePerimeter` + * that are allowed to be accessed by sources defined in the + * corresponding `IngressFrom`. A request matches if it contains + * a resource in this list. If `*` is specified for resources, + * then this `IngressTo` rule will authorize access to all + * resources inside the perimeter, provided that the request + * also matches the `operations` field. + * + * @return builder + * + */ + public Builder resources(List resources) { + return resources(Output.of(resources)); + } + + /** + * @param resources A list of resources, currently only projects in the form + * `projects/<projectnumber>`, protected by this `ServicePerimeter` + * that are allowed to be accessed by sources defined in the + * corresponding `IngressFrom`. A request matches if it contains + * a resource in this list. If `*` is specified for resources, + * then this `IngressTo` rule will authorize access to all + * resources inside the perimeter, provided that the request + * also matches the `operations` field. + * + * @return builder + * + */ + public Builder resources(String... resources) { + return resources(List.of(resources)); + } + + public ServicePerimeterDryRunIngressPolicyIngressToArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunIngressPolicyIngressToOperationArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunIngressPolicyIngressToOperationArgs.java new file mode 100644 index 0000000000..56cca6ecf4 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunIngressPolicyIngressToOperationArgs.java @@ -0,0 +1,160 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class ServicePerimeterDryRunIngressPolicyIngressToOperationArgs extends com.pulumi.resources.ResourceArgs { + + public static final ServicePerimeterDryRunIngressPolicyIngressToOperationArgs Empty = new ServicePerimeterDryRunIngressPolicyIngressToOperationArgs(); + + /** + * API methods or permissions to allow. Method or permission must belong to + * the service specified by serviceName field. A single `MethodSelector` entry + * with `*` specified for the method field will allow all methods AND + * permissions for the service specified in `serviceName`. + * Structure is documented below. + * + */ + @Import(name="methodSelectors") + private @Nullable Output> methodSelectors; + + /** + * @return API methods or permissions to allow. Method or permission must belong to + * the service specified by serviceName field. A single `MethodSelector` entry + * with `*` specified for the method field will allow all methods AND + * permissions for the service specified in `serviceName`. + * Structure is documented below. + * + */ + public Optional>> methodSelectors() { + return Optional.ofNullable(this.methodSelectors); + } + + /** + * The name of the API whose methods or permissions the `IngressPolicy` or + * `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + * field set to `*` will allow all methods AND permissions for all services. + * + */ + @Import(name="serviceName") + private @Nullable Output serviceName; + + /** + * @return The name of the API whose methods or permissions the `IngressPolicy` or + * `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + * field set to `*` will allow all methods AND permissions for all services. + * + */ + public Optional> serviceName() { + return Optional.ofNullable(this.serviceName); + } + + private ServicePerimeterDryRunIngressPolicyIngressToOperationArgs() {} + + private ServicePerimeterDryRunIngressPolicyIngressToOperationArgs(ServicePerimeterDryRunIngressPolicyIngressToOperationArgs $) { + this.methodSelectors = $.methodSelectors; + this.serviceName = $.serviceName; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(ServicePerimeterDryRunIngressPolicyIngressToOperationArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private ServicePerimeterDryRunIngressPolicyIngressToOperationArgs $; + + public Builder() { + $ = new ServicePerimeterDryRunIngressPolicyIngressToOperationArgs(); + } + + public Builder(ServicePerimeterDryRunIngressPolicyIngressToOperationArgs defaults) { + $ = new ServicePerimeterDryRunIngressPolicyIngressToOperationArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param methodSelectors API methods or permissions to allow. Method or permission must belong to + * the service specified by serviceName field. A single `MethodSelector` entry + * with `*` specified for the method field will allow all methods AND + * permissions for the service specified in `serviceName`. + * Structure is documented below. + * + * @return builder + * + */ + public Builder methodSelectors(@Nullable Output> methodSelectors) { + $.methodSelectors = methodSelectors; + return this; + } + + /** + * @param methodSelectors API methods or permissions to allow. Method or permission must belong to + * the service specified by serviceName field. A single `MethodSelector` entry + * with `*` specified for the method field will allow all methods AND + * permissions for the service specified in `serviceName`. + * Structure is documented below. + * + * @return builder + * + */ + public Builder methodSelectors(List methodSelectors) { + return methodSelectors(Output.of(methodSelectors)); + } + + /** + * @param methodSelectors API methods or permissions to allow. Method or permission must belong to + * the service specified by serviceName field. A single `MethodSelector` entry + * with `*` specified for the method field will allow all methods AND + * permissions for the service specified in `serviceName`. + * Structure is documented below. + * + * @return builder + * + */ + public Builder methodSelectors(ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs... methodSelectors) { + return methodSelectors(List.of(methodSelectors)); + } + + /** + * @param serviceName The name of the API whose methods or permissions the `IngressPolicy` or + * `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + * field set to `*` will allow all methods AND permissions for all services. + * + * @return builder + * + */ + public Builder serviceName(@Nullable Output serviceName) { + $.serviceName = serviceName; + return this; + } + + /** + * @param serviceName The name of the API whose methods or permissions the `IngressPolicy` or + * `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + * field set to `*` will allow all methods AND permissions for all services. + * + * @return builder + * + */ + public Builder serviceName(String serviceName) { + return serviceName(Output.of(serviceName)); + } + + public ServicePerimeterDryRunIngressPolicyIngressToOperationArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs.java new file mode 100644 index 0000000000..9d3ab67c27 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs.java @@ -0,0 +1,132 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs extends com.pulumi.resources.ResourceArgs { + + public static final ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs Empty = new ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs(); + + /** + * Value for method should be a valid method name for the corresponding + * serviceName in `ApiOperation`. If `*` used as value for `method`, then + * ALL methods and permissions are allowed. + * + */ + @Import(name="method") + private @Nullable Output method; + + /** + * @return Value for method should be a valid method name for the corresponding + * serviceName in `ApiOperation`. If `*` used as value for `method`, then + * ALL methods and permissions are allowed. + * + */ + public Optional> method() { + return Optional.ofNullable(this.method); + } + + /** + * Value for permission should be a valid Cloud IAM permission for the + * corresponding `serviceName` in `ApiOperation`. + * + */ + @Import(name="permission") + private @Nullable Output permission; + + /** + * @return Value for permission should be a valid Cloud IAM permission for the + * corresponding `serviceName` in `ApiOperation`. + * + */ + public Optional> permission() { + return Optional.ofNullable(this.permission); + } + + private ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs() {} + + private ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs(ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs $) { + this.method = $.method; + this.permission = $.permission; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs $; + + public Builder() { + $ = new ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs(); + } + + public Builder(ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs defaults) { + $ = new ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param method Value for method should be a valid method name for the corresponding + * serviceName in `ApiOperation`. If `*` used as value for `method`, then + * ALL methods and permissions are allowed. + * + * @return builder + * + */ + public Builder method(@Nullable Output method) { + $.method = method; + return this; + } + + /** + * @param method Value for method should be a valid method name for the corresponding + * serviceName in `ApiOperation`. If `*` used as value for `method`, then + * ALL methods and permissions are allowed. + * + * @return builder + * + */ + public Builder method(String method) { + return method(Output.of(method)); + } + + /** + * @param permission Value for permission should be a valid Cloud IAM permission for the + * corresponding `serviceName` in `ApiOperation`. + * + * @return builder + * + */ + public Builder permission(@Nullable Output permission) { + $.permission = permission; + return this; + } + + /** + * @param permission Value for permission should be a valid Cloud IAM permission for the + * corresponding `serviceName` in `ApiOperation`. + * + * @return builder + * + */ + public Builder permission(String permission) { + return permission(Output.of(permission)); + } + + public ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunIngressPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunIngressPolicyState.java new file mode 100644 index 0000000000..bec09d355d --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterDryRunIngressPolicyState.java @@ -0,0 +1,183 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterDryRunIngressPolicyIngressFromArgs; +import com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterDryRunIngressPolicyIngressToArgs; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class ServicePerimeterDryRunIngressPolicyState extends com.pulumi.resources.ResourceArgs { + + public static final ServicePerimeterDryRunIngressPolicyState Empty = new ServicePerimeterDryRunIngressPolicyState(); + + /** + * Defines the conditions on the source of a request causing this `IngressPolicy` + * to apply. + * Structure is documented below. + * + */ + @Import(name="ingressFrom") + private @Nullable Output ingressFrom; + + /** + * @return Defines the conditions on the source of a request causing this `IngressPolicy` + * to apply. + * Structure is documented below. + * + */ + public Optional> ingressFrom() { + return Optional.ofNullable(this.ingressFrom); + } + + /** + * Defines the conditions on the `ApiOperation` and request destination that cause + * this `IngressPolicy` to apply. + * Structure is documented below. + * + */ + @Import(name="ingressTo") + private @Nullable Output ingressTo; + + /** + * @return Defines the conditions on the `ApiOperation` and request destination that cause + * this `IngressPolicy` to apply. + * Structure is documented below. + * + */ + public Optional> ingressTo() { + return Optional.ofNullable(this.ingressTo); + } + + /** + * The name of the Service Perimeter to add this resource to. + * + * *** + * + */ + @Import(name="perimeter") + private @Nullable Output perimeter; + + /** + * @return The name of the Service Perimeter to add this resource to. + * + * *** + * + */ + public Optional> perimeter() { + return Optional.ofNullable(this.perimeter); + } + + private ServicePerimeterDryRunIngressPolicyState() {} + + private ServicePerimeterDryRunIngressPolicyState(ServicePerimeterDryRunIngressPolicyState $) { + this.ingressFrom = $.ingressFrom; + this.ingressTo = $.ingressTo; + this.perimeter = $.perimeter; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(ServicePerimeterDryRunIngressPolicyState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private ServicePerimeterDryRunIngressPolicyState $; + + public Builder() { + $ = new ServicePerimeterDryRunIngressPolicyState(); + } + + public Builder(ServicePerimeterDryRunIngressPolicyState defaults) { + $ = new ServicePerimeterDryRunIngressPolicyState(Objects.requireNonNull(defaults)); + } + + /** + * @param ingressFrom Defines the conditions on the source of a request causing this `IngressPolicy` + * to apply. + * Structure is documented below. + * + * @return builder + * + */ + public Builder ingressFrom(@Nullable Output ingressFrom) { + $.ingressFrom = ingressFrom; + return this; + } + + /** + * @param ingressFrom Defines the conditions on the source of a request causing this `IngressPolicy` + * to apply. + * Structure is documented below. + * + * @return builder + * + */ + public Builder ingressFrom(ServicePerimeterDryRunIngressPolicyIngressFromArgs ingressFrom) { + return ingressFrom(Output.of(ingressFrom)); + } + + /** + * @param ingressTo Defines the conditions on the `ApiOperation` and request destination that cause + * this `IngressPolicy` to apply. + * Structure is documented below. + * + * @return builder + * + */ + public Builder ingressTo(@Nullable Output ingressTo) { + $.ingressTo = ingressTo; + return this; + } + + /** + * @param ingressTo Defines the conditions on the `ApiOperation` and request destination that cause + * this `IngressPolicy` to apply. + * Structure is documented below. + * + * @return builder + * + */ + public Builder ingressTo(ServicePerimeterDryRunIngressPolicyIngressToArgs ingressTo) { + return ingressTo(Output.of(ingressTo)); + } + + /** + * @param perimeter The name of the Service Perimeter to add this resource to. + * + * *** + * + * @return builder + * + */ + public Builder perimeter(@Nullable Output perimeter) { + $.perimeter = perimeter; + return this; + } + + /** + * @param perimeter The name of the Service Perimeter to add this resource to. + * + * *** + * + * @return builder + * + */ + public Builder perimeter(String perimeter) { + return perimeter(Output.of(perimeter)); + } + + public ServicePerimeterDryRunIngressPolicyState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunEgressPolicyEgressFrom.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunEgressPolicyEgressFrom.java new file mode 100644 index 0000000000..95c2ddb433 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunEgressPolicyEgressFrom.java @@ -0,0 +1,142 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.gcp.accesscontextmanager.outputs.ServicePerimeterDryRunEgressPolicyEgressFromSource; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class ServicePerimeterDryRunEgressPolicyEgressFrom { + /** + * @return A list of identities that are allowed access through this `EgressPolicy`. + * Should be in the format of email address. The email address should + * represent individual user or service account only. + * + */ + private @Nullable List identities; + /** + * @return Specifies the type of identities that are allowed access to outside the + * perimeter. If left unspecified, then members of `identities` field will + * be allowed access. + * Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + * + */ + private @Nullable String identityType; + /** + * @return Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. + * Possible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`. + * + */ + private @Nullable String sourceRestriction; + /** + * @return Sources that this EgressPolicy authorizes access from. + * Structure is documented below. + * + */ + private @Nullable List sources; + + private ServicePerimeterDryRunEgressPolicyEgressFrom() {} + /** + * @return A list of identities that are allowed access through this `EgressPolicy`. + * Should be in the format of email address. The email address should + * represent individual user or service account only. + * + */ + public List identities() { + return this.identities == null ? List.of() : this.identities; + } + /** + * @return Specifies the type of identities that are allowed access to outside the + * perimeter. If left unspecified, then members of `identities` field will + * be allowed access. + * Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + * + */ + public Optional identityType() { + return Optional.ofNullable(this.identityType); + } + /** + * @return Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. + * Possible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`. + * + */ + public Optional sourceRestriction() { + return Optional.ofNullable(this.sourceRestriction); + } + /** + * @return Sources that this EgressPolicy authorizes access from. + * Structure is documented below. + * + */ + public List sources() { + return this.sources == null ? List.of() : this.sources; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(ServicePerimeterDryRunEgressPolicyEgressFrom defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List identities; + private @Nullable String identityType; + private @Nullable String sourceRestriction; + private @Nullable List sources; + public Builder() {} + public Builder(ServicePerimeterDryRunEgressPolicyEgressFrom defaults) { + Objects.requireNonNull(defaults); + this.identities = defaults.identities; + this.identityType = defaults.identityType; + this.sourceRestriction = defaults.sourceRestriction; + this.sources = defaults.sources; + } + + @CustomType.Setter + public Builder identities(@Nullable List identities) { + + this.identities = identities; + return this; + } + public Builder identities(String... identities) { + return identities(List.of(identities)); + } + @CustomType.Setter + public Builder identityType(@Nullable String identityType) { + + this.identityType = identityType; + return this; + } + @CustomType.Setter + public Builder sourceRestriction(@Nullable String sourceRestriction) { + + this.sourceRestriction = sourceRestriction; + return this; + } + @CustomType.Setter + public Builder sources(@Nullable List sources) { + + this.sources = sources; + return this; + } + public Builder sources(ServicePerimeterDryRunEgressPolicyEgressFromSource... sources) { + return sources(List.of(sources)); + } + public ServicePerimeterDryRunEgressPolicyEgressFrom build() { + final var _resultValue = new ServicePerimeterDryRunEgressPolicyEgressFrom(); + _resultValue.identities = identities; + _resultValue.identityType = identityType; + _resultValue.sourceRestriction = sourceRestriction; + _resultValue.sources = sources; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunEgressPolicyEgressFromSource.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunEgressPolicyEgressFromSource.java new file mode 100644 index 0000000000..036933e2ad --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunEgressPolicyEgressFromSource.java @@ -0,0 +1,57 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class ServicePerimeterDryRunEgressPolicyEgressFromSource { + /** + * @return An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside. + * + */ + private @Nullable String accessLevel; + + private ServicePerimeterDryRunEgressPolicyEgressFromSource() {} + /** + * @return An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside. + * + */ + public Optional accessLevel() { + return Optional.ofNullable(this.accessLevel); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(ServicePerimeterDryRunEgressPolicyEgressFromSource defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable String accessLevel; + public Builder() {} + public Builder(ServicePerimeterDryRunEgressPolicyEgressFromSource defaults) { + Objects.requireNonNull(defaults); + this.accessLevel = defaults.accessLevel; + } + + @CustomType.Setter + public Builder accessLevel(@Nullable String accessLevel) { + + this.accessLevel = accessLevel; + return this; + } + public ServicePerimeterDryRunEgressPolicyEgressFromSource build() { + final var _resultValue = new ServicePerimeterDryRunEgressPolicyEgressFromSource(); + _resultValue.accessLevel = accessLevel; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunEgressPolicyEgressTo.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunEgressPolicyEgressTo.java new file mode 100644 index 0000000000..cf00435824 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunEgressPolicyEgressTo.java @@ -0,0 +1,125 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.gcp.accesscontextmanager.outputs.ServicePerimeterDryRunEgressPolicyEgressToOperation; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class ServicePerimeterDryRunEgressPolicyEgressTo { + /** + * @return A list of external resources that are allowed to be accessed. A request + * matches if it contains an external resource in this list (Example: + * s3://bucket/path). Currently '*' is not allowed. + * + */ + private @Nullable List externalResources; + /** + * @return A list of `ApiOperations` that this egress rule applies to. A request matches + * if it contains an operation/service in this list. + * Structure is documented below. + * + */ + private @Nullable List operations; + /** + * @return A list of resources, currently only projects in the form + * `projects/<projectnumber>`, that match this to stanza. A request matches + * if it contains a resource in this list. If * is specified for resources, + * then this `EgressTo` rule will authorize access to all resources outside + * the perimeter. + * + */ + private @Nullable List resources; + + private ServicePerimeterDryRunEgressPolicyEgressTo() {} + /** + * @return A list of external resources that are allowed to be accessed. A request + * matches if it contains an external resource in this list (Example: + * s3://bucket/path). Currently '*' is not allowed. + * + */ + public List externalResources() { + return this.externalResources == null ? List.of() : this.externalResources; + } + /** + * @return A list of `ApiOperations` that this egress rule applies to. A request matches + * if it contains an operation/service in this list. + * Structure is documented below. + * + */ + public List operations() { + return this.operations == null ? List.of() : this.operations; + } + /** + * @return A list of resources, currently only projects in the form + * `projects/<projectnumber>`, that match this to stanza. A request matches + * if it contains a resource in this list. If * is specified for resources, + * then this `EgressTo` rule will authorize access to all resources outside + * the perimeter. + * + */ + public List resources() { + return this.resources == null ? List.of() : this.resources; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(ServicePerimeterDryRunEgressPolicyEgressTo defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List externalResources; + private @Nullable List operations; + private @Nullable List resources; + public Builder() {} + public Builder(ServicePerimeterDryRunEgressPolicyEgressTo defaults) { + Objects.requireNonNull(defaults); + this.externalResources = defaults.externalResources; + this.operations = defaults.operations; + this.resources = defaults.resources; + } + + @CustomType.Setter + public Builder externalResources(@Nullable List externalResources) { + + this.externalResources = externalResources; + return this; + } + public Builder externalResources(String... externalResources) { + return externalResources(List.of(externalResources)); + } + @CustomType.Setter + public Builder operations(@Nullable List operations) { + + this.operations = operations; + return this; + } + public Builder operations(ServicePerimeterDryRunEgressPolicyEgressToOperation... operations) { + return operations(List.of(operations)); + } + @CustomType.Setter + public Builder resources(@Nullable List resources) { + + this.resources = resources; + return this; + } + public Builder resources(String... resources) { + return resources(List.of(resources)); + } + public ServicePerimeterDryRunEgressPolicyEgressTo build() { + final var _resultValue = new ServicePerimeterDryRunEgressPolicyEgressTo(); + _resultValue.externalResources = externalResources; + _resultValue.operations = operations; + _resultValue.resources = resources; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunEgressPolicyEgressToOperation.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunEgressPolicyEgressToOperation.java new file mode 100644 index 0000000000..fdf8b653f6 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunEgressPolicyEgressToOperation.java @@ -0,0 +1,95 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.gcp.accesscontextmanager.outputs.ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class ServicePerimeterDryRunEgressPolicyEgressToOperation { + /** + * @return API methods or permissions to allow. Method or permission must belong + * to the service specified by `serviceName` field. A single MethodSelector + * entry with `*` specified for the `method` field will allow all methods + * AND permissions for the service specified in `serviceName`. + * Structure is documented below. + * + */ + private @Nullable List methodSelectors; + /** + * @return The name of the API whose methods or permissions the `IngressPolicy` or + * `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + * field set to `*` will allow all methods AND permissions for all services. + * + */ + private @Nullable String serviceName; + + private ServicePerimeterDryRunEgressPolicyEgressToOperation() {} + /** + * @return API methods or permissions to allow. Method or permission must belong + * to the service specified by `serviceName` field. A single MethodSelector + * entry with `*` specified for the `method` field will allow all methods + * AND permissions for the service specified in `serviceName`. + * Structure is documented below. + * + */ + public List methodSelectors() { + return this.methodSelectors == null ? List.of() : this.methodSelectors; + } + /** + * @return The name of the API whose methods or permissions the `IngressPolicy` or + * `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + * field set to `*` will allow all methods AND permissions for all services. + * + */ + public Optional serviceName() { + return Optional.ofNullable(this.serviceName); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(ServicePerimeterDryRunEgressPolicyEgressToOperation defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List methodSelectors; + private @Nullable String serviceName; + public Builder() {} + public Builder(ServicePerimeterDryRunEgressPolicyEgressToOperation defaults) { + Objects.requireNonNull(defaults); + this.methodSelectors = defaults.methodSelectors; + this.serviceName = defaults.serviceName; + } + + @CustomType.Setter + public Builder methodSelectors(@Nullable List methodSelectors) { + + this.methodSelectors = methodSelectors; + return this; + } + public Builder methodSelectors(ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector... methodSelectors) { + return methodSelectors(List.of(methodSelectors)); + } + @CustomType.Setter + public Builder serviceName(@Nullable String serviceName) { + + this.serviceName = serviceName; + return this; + } + public ServicePerimeterDryRunEgressPolicyEgressToOperation build() { + final var _resultValue = new ServicePerimeterDryRunEgressPolicyEgressToOperation(); + _resultValue.methodSelectors = methodSelectors; + _resultValue.serviceName = serviceName; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector.java new file mode 100644 index 0000000000..ffce0901f5 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector.java @@ -0,0 +1,84 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector { + /** + * @return Value for `method` should be a valid method name for the corresponding + * `serviceName` in `ApiOperation`. If `*` used as value for method, + * then ALL methods and permissions are allowed. + * + */ + private @Nullable String method; + /** + * @return Value for permission should be a valid Cloud IAM permission for the + * corresponding `serviceName` in `ApiOperation`. + * + */ + private @Nullable String permission; + + private ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector() {} + /** + * @return Value for `method` should be a valid method name for the corresponding + * `serviceName` in `ApiOperation`. If `*` used as value for method, + * then ALL methods and permissions are allowed. + * + */ + public Optional method() { + return Optional.ofNullable(this.method); + } + /** + * @return Value for permission should be a valid Cloud IAM permission for the + * corresponding `serviceName` in `ApiOperation`. + * + */ + public Optional permission() { + return Optional.ofNullable(this.permission); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable String method; + private @Nullable String permission; + public Builder() {} + public Builder(ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector defaults) { + Objects.requireNonNull(defaults); + this.method = defaults.method; + this.permission = defaults.permission; + } + + @CustomType.Setter + public Builder method(@Nullable String method) { + + this.method = method; + return this; + } + @CustomType.Setter + public Builder permission(@Nullable String permission) { + + this.permission = permission; + return this; + } + public ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector build() { + final var _resultValue = new ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector(); + _resultValue.method = method; + _resultValue.permission = permission; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunIngressPolicyIngressFrom.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunIngressPolicyIngressFrom.java new file mode 100644 index 0000000000..a03ca15fd8 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunIngressPolicyIngressFrom.java @@ -0,0 +1,119 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.gcp.accesscontextmanager.outputs.ServicePerimeterDryRunIngressPolicyIngressFromSource; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class ServicePerimeterDryRunIngressPolicyIngressFrom { + /** + * @return A list of identities that are allowed access through this ingress policy. + * Should be in the format of email address. The email address should represent + * individual user or service account only. + * + */ + private @Nullable List identities; + /** + * @return Specifies the type of identities that are allowed access from outside the + * perimeter. If left unspecified, then members of `identities` field will be + * allowed access. + * Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + * + */ + private @Nullable String identityType; + /** + * @return Sources that this `IngressPolicy` authorizes access from. + * Structure is documented below. + * + */ + private @Nullable List sources; + + private ServicePerimeterDryRunIngressPolicyIngressFrom() {} + /** + * @return A list of identities that are allowed access through this ingress policy. + * Should be in the format of email address. The email address should represent + * individual user or service account only. + * + */ + public List identities() { + return this.identities == null ? List.of() : this.identities; + } + /** + * @return Specifies the type of identities that are allowed access from outside the + * perimeter. If left unspecified, then members of `identities` field will be + * allowed access. + * Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + * + */ + public Optional identityType() { + return Optional.ofNullable(this.identityType); + } + /** + * @return Sources that this `IngressPolicy` authorizes access from. + * Structure is documented below. + * + */ + public List sources() { + return this.sources == null ? List.of() : this.sources; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(ServicePerimeterDryRunIngressPolicyIngressFrom defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List identities; + private @Nullable String identityType; + private @Nullable List sources; + public Builder() {} + public Builder(ServicePerimeterDryRunIngressPolicyIngressFrom defaults) { + Objects.requireNonNull(defaults); + this.identities = defaults.identities; + this.identityType = defaults.identityType; + this.sources = defaults.sources; + } + + @CustomType.Setter + public Builder identities(@Nullable List identities) { + + this.identities = identities; + return this; + } + public Builder identities(String... identities) { + return identities(List.of(identities)); + } + @CustomType.Setter + public Builder identityType(@Nullable String identityType) { + + this.identityType = identityType; + return this; + } + @CustomType.Setter + public Builder sources(@Nullable List sources) { + + this.sources = sources; + return this; + } + public Builder sources(ServicePerimeterDryRunIngressPolicyIngressFromSource... sources) { + return sources(List.of(sources)); + } + public ServicePerimeterDryRunIngressPolicyIngressFrom build() { + final var _resultValue = new ServicePerimeterDryRunIngressPolicyIngressFrom(); + _resultValue.identities = identities; + _resultValue.identityType = identityType; + _resultValue.sources = sources; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunIngressPolicyIngressFromSource.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunIngressPolicyIngressFromSource.java new file mode 100644 index 0000000000..caef1c8516 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunIngressPolicyIngressFromSource.java @@ -0,0 +1,102 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class ServicePerimeterDryRunIngressPolicyIngressFromSource { + /** + * @return An `AccessLevel` resource name that allow resources within the + * `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + * must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + * `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + * resources within the perimeter can only be accessed via Google Cloud calls + * with request origins within the perimeter. + * Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + * If * is specified, then all IngressSources will be allowed. + * + */ + private @Nullable String accessLevel; + /** + * @return A Google Cloud resource that is allowed to ingress the perimeter. + * Requests from these resources will be allowed to access perimeter data. + * Currently only projects are allowed. Format `projects/{project_number}` + * The project may be in any Google Cloud organization, not just the + * organization that the perimeter is defined in. `*` is not allowed, the case + * of allowing all Google Cloud resources only is not supported. + * + */ + private @Nullable String resource; + + private ServicePerimeterDryRunIngressPolicyIngressFromSource() {} + /** + * @return An `AccessLevel` resource name that allow resources within the + * `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + * must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + * `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + * resources within the perimeter can only be accessed via Google Cloud calls + * with request origins within the perimeter. + * Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + * If * is specified, then all IngressSources will be allowed. + * + */ + public Optional accessLevel() { + return Optional.ofNullable(this.accessLevel); + } + /** + * @return A Google Cloud resource that is allowed to ingress the perimeter. + * Requests from these resources will be allowed to access perimeter data. + * Currently only projects are allowed. Format `projects/{project_number}` + * The project may be in any Google Cloud organization, not just the + * organization that the perimeter is defined in. `*` is not allowed, the case + * of allowing all Google Cloud resources only is not supported. + * + */ + public Optional resource() { + return Optional.ofNullable(this.resource); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(ServicePerimeterDryRunIngressPolicyIngressFromSource defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable String accessLevel; + private @Nullable String resource; + public Builder() {} + public Builder(ServicePerimeterDryRunIngressPolicyIngressFromSource defaults) { + Objects.requireNonNull(defaults); + this.accessLevel = defaults.accessLevel; + this.resource = defaults.resource; + } + + @CustomType.Setter + public Builder accessLevel(@Nullable String accessLevel) { + + this.accessLevel = accessLevel; + return this; + } + @CustomType.Setter + public Builder resource(@Nullable String resource) { + + this.resource = resource; + return this; + } + public ServicePerimeterDryRunIngressPolicyIngressFromSource build() { + final var _resultValue = new ServicePerimeterDryRunIngressPolicyIngressFromSource(); + _resultValue.accessLevel = accessLevel; + _resultValue.resource = resource; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunIngressPolicyIngressTo.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunIngressPolicyIngressTo.java new file mode 100644 index 0000000000..87b5abdc68 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunIngressPolicyIngressTo.java @@ -0,0 +1,103 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.gcp.accesscontextmanager.outputs.ServicePerimeterDryRunIngressPolicyIngressToOperation; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class ServicePerimeterDryRunIngressPolicyIngressTo { + /** + * @return A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + * are allowed to perform in this `ServicePerimeter`. + * Structure is documented below. + * + */ + private @Nullable List operations; + /** + * @return A list of resources, currently only projects in the form + * `projects/<projectnumber>`, protected by this `ServicePerimeter` + * that are allowed to be accessed by sources defined in the + * corresponding `IngressFrom`. A request matches if it contains + * a resource in this list. If `*` is specified for resources, + * then this `IngressTo` rule will authorize access to all + * resources inside the perimeter, provided that the request + * also matches the `operations` field. + * + */ + private @Nullable List resources; + + private ServicePerimeterDryRunIngressPolicyIngressTo() {} + /** + * @return A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + * are allowed to perform in this `ServicePerimeter`. + * Structure is documented below. + * + */ + public List operations() { + return this.operations == null ? List.of() : this.operations; + } + /** + * @return A list of resources, currently only projects in the form + * `projects/<projectnumber>`, protected by this `ServicePerimeter` + * that are allowed to be accessed by sources defined in the + * corresponding `IngressFrom`. A request matches if it contains + * a resource in this list. If `*` is specified for resources, + * then this `IngressTo` rule will authorize access to all + * resources inside the perimeter, provided that the request + * also matches the `operations` field. + * + */ + public List resources() { + return this.resources == null ? List.of() : this.resources; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(ServicePerimeterDryRunIngressPolicyIngressTo defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List operations; + private @Nullable List resources; + public Builder() {} + public Builder(ServicePerimeterDryRunIngressPolicyIngressTo defaults) { + Objects.requireNonNull(defaults); + this.operations = defaults.operations; + this.resources = defaults.resources; + } + + @CustomType.Setter + public Builder operations(@Nullable List operations) { + + this.operations = operations; + return this; + } + public Builder operations(ServicePerimeterDryRunIngressPolicyIngressToOperation... operations) { + return operations(List.of(operations)); + } + @CustomType.Setter + public Builder resources(@Nullable List resources) { + + this.resources = resources; + return this; + } + public Builder resources(String... resources) { + return resources(List.of(resources)); + } + public ServicePerimeterDryRunIngressPolicyIngressTo build() { + final var _resultValue = new ServicePerimeterDryRunIngressPolicyIngressTo(); + _resultValue.operations = operations; + _resultValue.resources = resources; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunIngressPolicyIngressToOperation.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunIngressPolicyIngressToOperation.java new file mode 100644 index 0000000000..26489d56b0 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunIngressPolicyIngressToOperation.java @@ -0,0 +1,95 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.gcp.accesscontextmanager.outputs.ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class ServicePerimeterDryRunIngressPolicyIngressToOperation { + /** + * @return API methods or permissions to allow. Method or permission must belong to + * the service specified by serviceName field. A single `MethodSelector` entry + * with `*` specified for the method field will allow all methods AND + * permissions for the service specified in `serviceName`. + * Structure is documented below. + * + */ + private @Nullable List methodSelectors; + /** + * @return The name of the API whose methods or permissions the `IngressPolicy` or + * `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + * field set to `*` will allow all methods AND permissions for all services. + * + */ + private @Nullable String serviceName; + + private ServicePerimeterDryRunIngressPolicyIngressToOperation() {} + /** + * @return API methods or permissions to allow. Method or permission must belong to + * the service specified by serviceName field. A single `MethodSelector` entry + * with `*` specified for the method field will allow all methods AND + * permissions for the service specified in `serviceName`. + * Structure is documented below. + * + */ + public List methodSelectors() { + return this.methodSelectors == null ? List.of() : this.methodSelectors; + } + /** + * @return The name of the API whose methods or permissions the `IngressPolicy` or + * `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + * field set to `*` will allow all methods AND permissions for all services. + * + */ + public Optional serviceName() { + return Optional.ofNullable(this.serviceName); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(ServicePerimeterDryRunIngressPolicyIngressToOperation defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List methodSelectors; + private @Nullable String serviceName; + public Builder() {} + public Builder(ServicePerimeterDryRunIngressPolicyIngressToOperation defaults) { + Objects.requireNonNull(defaults); + this.methodSelectors = defaults.methodSelectors; + this.serviceName = defaults.serviceName; + } + + @CustomType.Setter + public Builder methodSelectors(@Nullable List methodSelectors) { + + this.methodSelectors = methodSelectors; + return this; + } + public Builder methodSelectors(ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector... methodSelectors) { + return methodSelectors(List.of(methodSelectors)); + } + @CustomType.Setter + public Builder serviceName(@Nullable String serviceName) { + + this.serviceName = serviceName; + return this; + } + public ServicePerimeterDryRunIngressPolicyIngressToOperation build() { + final var _resultValue = new ServicePerimeterDryRunIngressPolicyIngressToOperation(); + _resultValue.methodSelectors = methodSelectors; + _resultValue.serviceName = serviceName; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector.java new file mode 100644 index 0000000000..529bfbacea --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector.java @@ -0,0 +1,84 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.accesscontextmanager.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector { + /** + * @return Value for method should be a valid method name for the corresponding + * serviceName in `ApiOperation`. If `*` used as value for `method`, then + * ALL methods and permissions are allowed. + * + */ + private @Nullable String method; + /** + * @return Value for permission should be a valid Cloud IAM permission for the + * corresponding `serviceName` in `ApiOperation`. + * + */ + private @Nullable String permission; + + private ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector() {} + /** + * @return Value for method should be a valid method name for the corresponding + * serviceName in `ApiOperation`. If `*` used as value for `method`, then + * ALL methods and permissions are allowed. + * + */ + public Optional method() { + return Optional.ofNullable(this.method); + } + /** + * @return Value for permission should be a valid Cloud IAM permission for the + * corresponding `serviceName` in `ApiOperation`. + * + */ + public Optional permission() { + return Optional.ofNullable(this.permission); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable String method; + private @Nullable String permission; + public Builder() {} + public Builder(ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector defaults) { + Objects.requireNonNull(defaults); + this.method = defaults.method; + this.permission = defaults.permission; + } + + @CustomType.Setter + public Builder method(@Nullable String method) { + + this.method = method; + return this; + } + @CustomType.Setter + public Builder permission(@Nullable String permission) { + + this.permission = permission; + return this; + } + public ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector build() { + final var _resultValue = new ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector(); + _resultValue.method = method; + _resultValue.permission = permission; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/applicationintegration/Client.java b/sdk/java/src/main/java/com/pulumi/gcp/applicationintegration/Client.java index 53a4c2b6bc..49b5ffc707 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/applicationintegration/Client.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/applicationintegration/Client.java @@ -116,7 +116,7 @@ * .build()); * * var serviceAccount = new Account("serviceAccount", AccountArgs.builder() - * .accountId("service-account-id") + * .accountId("my-service-acc") * .displayName("Service Account") * .build()); * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/clouddeploy/inputs/TargetGkeArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/clouddeploy/inputs/TargetGkeArgs.java index 8743cb0cd7..e9b05a0f7a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/clouddeploy/inputs/TargetGkeArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/clouddeploy/inputs/TargetGkeArgs.java @@ -46,11 +46,27 @@ public Optional> internalIp() { return Optional.ofNullable(this.internalIp); } + /** + * Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server. + * + */ + @Import(name="proxyUrl") + private @Nullable Output proxyUrl; + + /** + * @return Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server. + * + */ + public Optional> proxyUrl() { + return Optional.ofNullable(this.proxyUrl); + } + private TargetGkeArgs() {} private TargetGkeArgs(TargetGkeArgs $) { this.cluster = $.cluster; this.internalIp = $.internalIp; + this.proxyUrl = $.proxyUrl; } public static Builder builder() { @@ -113,6 +129,27 @@ public Builder internalIp(Boolean internalIp) { return internalIp(Output.of(internalIp)); } + /** + * @param proxyUrl Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server. + * + * @return builder + * + */ + public Builder proxyUrl(@Nullable Output proxyUrl) { + $.proxyUrl = proxyUrl; + return this; + } + + /** + * @param proxyUrl Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server. + * + * @return builder + * + */ + public Builder proxyUrl(String proxyUrl) { + return proxyUrl(Output.of(proxyUrl)); + } + public TargetGkeArgs build() { return $; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/clouddeploy/outputs/TargetGke.java b/sdk/java/src/main/java/com/pulumi/gcp/clouddeploy/outputs/TargetGke.java index 4c7d62f171..53ef4f30db 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/clouddeploy/outputs/TargetGke.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/clouddeploy/outputs/TargetGke.java @@ -22,6 +22,11 @@ public final class TargetGke { * */ private @Nullable Boolean internalIp; + /** + * @return Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server. + * + */ + private @Nullable String proxyUrl; private TargetGke() {} /** @@ -38,6 +43,13 @@ public Optional cluster() { public Optional internalIp() { return Optional.ofNullable(this.internalIp); } + /** + * @return Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server. + * + */ + public Optional proxyUrl() { + return Optional.ofNullable(this.proxyUrl); + } public static Builder builder() { return new Builder(); @@ -50,11 +62,13 @@ public static Builder builder(TargetGke defaults) { public static final class Builder { private @Nullable String cluster; private @Nullable Boolean internalIp; + private @Nullable String proxyUrl; public Builder() {} public Builder(TargetGke defaults) { Objects.requireNonNull(defaults); this.cluster = defaults.cluster; this.internalIp = defaults.internalIp; + this.proxyUrl = defaults.proxyUrl; } @CustomType.Setter @@ -69,10 +83,17 @@ public Builder internalIp(@Nullable Boolean internalIp) { this.internalIp = internalIp; return this; } + @CustomType.Setter + public Builder proxyUrl(@Nullable String proxyUrl) { + + this.proxyUrl = proxyUrl; + return this; + } public TargetGke build() { final var _resultValue = new TargetGke(); _resultValue.cluster = cluster; _resultValue.internalIp = internalIp; + _resultValue.proxyUrl = proxyUrl; return _resultValue; } } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/JobBinaryAuthorizationArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/JobBinaryAuthorizationArgs.java index 084753a702..a65fef402e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/JobBinaryAuthorizationArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/JobBinaryAuthorizationArgs.java @@ -31,6 +31,21 @@ public Optional> breakglassJustification() { return Optional.ofNullable(this.breakglassJustification); } + /** + * The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + * + */ + @Import(name="policy") + private @Nullable Output policy; + + /** + * @return The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + * + */ + public Optional> policy() { + return Optional.ofNullable(this.policy); + } + /** * If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. * @@ -50,6 +65,7 @@ private JobBinaryAuthorizationArgs() {} private JobBinaryAuthorizationArgs(JobBinaryAuthorizationArgs $) { this.breakglassJustification = $.breakglassJustification; + this.policy = $.policy; this.useDefault = $.useDefault; } @@ -92,6 +108,27 @@ public Builder breakglassJustification(String breakglassJustification) { return breakglassJustification(Output.of(breakglassJustification)); } + /** + * @param policy The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + * + * @return builder + * + */ + public Builder policy(@Nullable Output policy) { + $.policy = policy; + return this; + } + + /** + * @param policy The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + * + * @return builder + * + */ + public Builder policy(String policy) { + return policy(Output.of(policy)); + } + /** * @param useDefault If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/ServiceBinaryAuthorizationArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/ServiceBinaryAuthorizationArgs.java index c67f802942..f2dd2c7ca3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/ServiceBinaryAuthorizationArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/ServiceBinaryAuthorizationArgs.java @@ -31,6 +31,21 @@ public Optional> breakglassJustification() { return Optional.ofNullable(this.breakglassJustification); } + /** + * The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + * + */ + @Import(name="policy") + private @Nullable Output policy; + + /** + * @return The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + * + */ + public Optional> policy() { + return Optional.ofNullable(this.policy); + } + /** * If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. * @@ -50,6 +65,7 @@ private ServiceBinaryAuthorizationArgs() {} private ServiceBinaryAuthorizationArgs(ServiceBinaryAuthorizationArgs $) { this.breakglassJustification = $.breakglassJustification; + this.policy = $.policy; this.useDefault = $.useDefault; } @@ -92,6 +108,27 @@ public Builder breakglassJustification(String breakglassJustification) { return breakglassJustification(Output.of(breakglassJustification)); } + /** + * @param policy The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + * + * @return builder + * + */ + public Builder policy(@Nullable Output policy) { + $.policy = policy; + return this; + } + + /** + * @param policy The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + * + * @return builder + * + */ + public Builder policy(String policy) { + return policy(Output.of(policy)); + } + /** * @param useDefault If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/outputs/GetJobBinaryAuthorization.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/outputs/GetJobBinaryAuthorization.java index 9c76970f84..b67aba97d5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/outputs/GetJobBinaryAuthorization.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/outputs/GetJobBinaryAuthorization.java @@ -16,6 +16,11 @@ public final class GetJobBinaryAuthorization { * */ private String breakglassJustification; + /** + * @return The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + * + */ + private String policy; /** * @return If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. * @@ -30,6 +35,13 @@ private GetJobBinaryAuthorization() {} public String breakglassJustification() { return this.breakglassJustification; } + /** + * @return The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + * + */ + public String policy() { + return this.policy; + } /** * @return If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. * @@ -48,11 +60,13 @@ public static Builder builder(GetJobBinaryAuthorization defaults) { @CustomType.Builder public static final class Builder { private String breakglassJustification; + private String policy; private Boolean useDefault; public Builder() {} public Builder(GetJobBinaryAuthorization defaults) { Objects.requireNonNull(defaults); this.breakglassJustification = defaults.breakglassJustification; + this.policy = defaults.policy; this.useDefault = defaults.useDefault; } @@ -65,6 +79,14 @@ public Builder breakglassJustification(String breakglassJustification) { return this; } @CustomType.Setter + public Builder policy(String policy) { + if (policy == null) { + throw new MissingRequiredPropertyException("GetJobBinaryAuthorization", "policy"); + } + this.policy = policy; + return this; + } + @CustomType.Setter public Builder useDefault(Boolean useDefault) { if (useDefault == null) { throw new MissingRequiredPropertyException("GetJobBinaryAuthorization", "useDefault"); @@ -75,6 +97,7 @@ public Builder useDefault(Boolean useDefault) { public GetJobBinaryAuthorization build() { final var _resultValue = new GetJobBinaryAuthorization(); _resultValue.breakglassJustification = breakglassJustification; + _resultValue.policy = policy; _resultValue.useDefault = useDefault; return _resultValue; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/outputs/GetServiceBinaryAuthorization.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/outputs/GetServiceBinaryAuthorization.java index 1d9c6ada78..4a2ee7a450 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/outputs/GetServiceBinaryAuthorization.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/outputs/GetServiceBinaryAuthorization.java @@ -16,6 +16,11 @@ public final class GetServiceBinaryAuthorization { * */ private String breakglassJustification; + /** + * @return The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + * + */ + private String policy; /** * @return If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. * @@ -30,6 +35,13 @@ private GetServiceBinaryAuthorization() {} public String breakglassJustification() { return this.breakglassJustification; } + /** + * @return The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + * + */ + public String policy() { + return this.policy; + } /** * @return If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. * @@ -48,11 +60,13 @@ public static Builder builder(GetServiceBinaryAuthorization defaults) { @CustomType.Builder public static final class Builder { private String breakglassJustification; + private String policy; private Boolean useDefault; public Builder() {} public Builder(GetServiceBinaryAuthorization defaults) { Objects.requireNonNull(defaults); this.breakglassJustification = defaults.breakglassJustification; + this.policy = defaults.policy; this.useDefault = defaults.useDefault; } @@ -65,6 +79,14 @@ public Builder breakglassJustification(String breakglassJustification) { return this; } @CustomType.Setter + public Builder policy(String policy) { + if (policy == null) { + throw new MissingRequiredPropertyException("GetServiceBinaryAuthorization", "policy"); + } + this.policy = policy; + return this; + } + @CustomType.Setter public Builder useDefault(Boolean useDefault) { if (useDefault == null) { throw new MissingRequiredPropertyException("GetServiceBinaryAuthorization", "useDefault"); @@ -75,6 +97,7 @@ public Builder useDefault(Boolean useDefault) { public GetServiceBinaryAuthorization build() { final var _resultValue = new GetServiceBinaryAuthorization(); _resultValue.breakglassJustification = breakglassJustification; + _resultValue.policy = policy; _resultValue.useDefault = useDefault; return _resultValue; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/outputs/JobBinaryAuthorization.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/outputs/JobBinaryAuthorization.java index 12f29f2f0e..ad1e912bbc 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/outputs/JobBinaryAuthorization.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/outputs/JobBinaryAuthorization.java @@ -17,6 +17,11 @@ public final class JobBinaryAuthorization { * */ private @Nullable String breakglassJustification; + /** + * @return The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + * + */ + private @Nullable String policy; /** * @return If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. * @@ -31,6 +36,13 @@ private JobBinaryAuthorization() {} public Optional breakglassJustification() { return Optional.ofNullable(this.breakglassJustification); } + /** + * @return The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + * + */ + public Optional policy() { + return Optional.ofNullable(this.policy); + } /** * @return If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. * @@ -49,11 +61,13 @@ public static Builder builder(JobBinaryAuthorization defaults) { @CustomType.Builder public static final class Builder { private @Nullable String breakglassJustification; + private @Nullable String policy; private @Nullable Boolean useDefault; public Builder() {} public Builder(JobBinaryAuthorization defaults) { Objects.requireNonNull(defaults); this.breakglassJustification = defaults.breakglassJustification; + this.policy = defaults.policy; this.useDefault = defaults.useDefault; } @@ -64,6 +78,12 @@ public Builder breakglassJustification(@Nullable String breakglassJustification) return this; } @CustomType.Setter + public Builder policy(@Nullable String policy) { + + this.policy = policy; + return this; + } + @CustomType.Setter public Builder useDefault(@Nullable Boolean useDefault) { this.useDefault = useDefault; @@ -72,6 +92,7 @@ public Builder useDefault(@Nullable Boolean useDefault) { public JobBinaryAuthorization build() { final var _resultValue = new JobBinaryAuthorization(); _resultValue.breakglassJustification = breakglassJustification; + _resultValue.policy = policy; _resultValue.useDefault = useDefault; return _resultValue; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/outputs/ServiceBinaryAuthorization.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/outputs/ServiceBinaryAuthorization.java index 53bb7a4a60..a58270f172 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/outputs/ServiceBinaryAuthorization.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/outputs/ServiceBinaryAuthorization.java @@ -17,6 +17,11 @@ public final class ServiceBinaryAuthorization { * */ private @Nullable String breakglassJustification; + /** + * @return The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + * + */ + private @Nullable String policy; /** * @return If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. * @@ -31,6 +36,13 @@ private ServiceBinaryAuthorization() {} public Optional breakglassJustification() { return Optional.ofNullable(this.breakglassJustification); } + /** + * @return The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + * + */ + public Optional policy() { + return Optional.ofNullable(this.policy); + } /** * @return If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. * @@ -49,11 +61,13 @@ public static Builder builder(ServiceBinaryAuthorization defaults) { @CustomType.Builder public static final class Builder { private @Nullable String breakglassJustification; + private @Nullable String policy; private @Nullable Boolean useDefault; public Builder() {} public Builder(ServiceBinaryAuthorization defaults) { Objects.requireNonNull(defaults); this.breakglassJustification = defaults.breakglassJustification; + this.policy = defaults.policy; this.useDefault = defaults.useDefault; } @@ -64,6 +78,12 @@ public Builder breakglassJustification(@Nullable String breakglassJustification) return this; } @CustomType.Setter + public Builder policy(@Nullable String policy) { + + this.policy = policy; + return this; + } + @CustomType.Setter public Builder useDefault(@Nullable Boolean useDefault) { this.useDefault = useDefault; @@ -72,6 +92,7 @@ public Builder useDefault(@Nullable Boolean useDefault) { public ServiceBinaryAuthorization build() { final var _resultValue = new ServiceBinaryAuthorization(); _resultValue.breakglassJustification = breakglassJustification; + _resultValue.policy = policy; _resultValue.useDefault = useDefault; return _resultValue; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionTargetHttpsProxy.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionTargetHttpsProxy.java index c4f3820b19..f676a7b882 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionTargetHttpsProxy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionTargetHttpsProxy.java @@ -508,6 +508,10 @@ public Output selfLink() { * INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED * loadBalancingScheme consult ServerTlsPolicy documentation. * If left blank, communications are not encrypted. + * If you remove this field from your configuration at the same time as + * deleting or recreating a referenced ServerTlsPolicy resource, you will + * receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + * within the ServerTlsPolicy resource to avoid this. * */ @Export(name="serverTlsPolicy", refs={String.class}, tree="[0]") @@ -523,6 +527,10 @@ public Output selfLink() { * INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED * loadBalancingScheme consult ServerTlsPolicy documentation. * If left blank, communications are not encrypted. + * If you remove this field from your configuration at the same time as + * deleting or recreating a referenced ServerTlsPolicy resource, you will + * receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + * within the ServerTlsPolicy resource to avoid this. * */ public Output> serverTlsPolicy() { diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionTargetHttpsProxyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionTargetHttpsProxyArgs.java index 883b4b2ae7..07d22ed63d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionTargetHttpsProxyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionTargetHttpsProxyArgs.java @@ -122,6 +122,10 @@ public Optional> region() { * INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED * loadBalancingScheme consult ServerTlsPolicy documentation. * If left blank, communications are not encrypted. + * If you remove this field from your configuration at the same time as + * deleting or recreating a referenced ServerTlsPolicy resource, you will + * receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + * within the ServerTlsPolicy resource to avoid this. * */ @Import(name="serverTlsPolicy") @@ -137,6 +141,10 @@ public Optional> region() { * INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED * loadBalancingScheme consult ServerTlsPolicy documentation. * If left blank, communications are not encrypted. + * If you remove this field from your configuration at the same time as + * deleting or recreating a referenced ServerTlsPolicy resource, you will + * receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + * within the ServerTlsPolicy resource to avoid this. * */ public Optional> serverTlsPolicy() { @@ -381,6 +389,10 @@ public Builder region(String region) { * INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED * loadBalancingScheme consult ServerTlsPolicy documentation. * If left blank, communications are not encrypted. + * If you remove this field from your configuration at the same time as + * deleting or recreating a referenced ServerTlsPolicy resource, you will + * receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + * within the ServerTlsPolicy resource to avoid this. * * @return builder * @@ -400,6 +412,10 @@ public Builder serverTlsPolicy(@Nullable Output serverTlsPolicy) { * INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED * loadBalancingScheme consult ServerTlsPolicy documentation. * If left blank, communications are not encrypted. + * If you remove this field from your configuration at the same time as + * deleting or recreating a referenced ServerTlsPolicy resource, you will + * receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + * within the ServerTlsPolicy resource to avoid this. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionTargetHttpsProxyState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionTargetHttpsProxyState.java index af5f9e5d05..476cbbcd53 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionTargetHttpsProxyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionTargetHttpsProxyState.java @@ -167,6 +167,10 @@ public Optional> selfLink() { * INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED * loadBalancingScheme consult ServerTlsPolicy documentation. * If left blank, communications are not encrypted. + * If you remove this field from your configuration at the same time as + * deleting or recreating a referenced ServerTlsPolicy resource, you will + * receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + * within the ServerTlsPolicy resource to avoid this. * */ @Import(name="serverTlsPolicy") @@ -182,6 +186,10 @@ public Optional> selfLink() { * INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED * loadBalancingScheme consult ServerTlsPolicy documentation. * If left blank, communications are not encrypted. + * If you remove this field from your configuration at the same time as + * deleting or recreating a referenced ServerTlsPolicy resource, you will + * receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + * within the ServerTlsPolicy resource to avoid this. * */ public Optional> serverTlsPolicy() { @@ -492,6 +500,10 @@ public Builder selfLink(String selfLink) { * INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED * loadBalancingScheme consult ServerTlsPolicy documentation. * If left blank, communications are not encrypted. + * If you remove this field from your configuration at the same time as + * deleting or recreating a referenced ServerTlsPolicy resource, you will + * receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + * within the ServerTlsPolicy resource to avoid this. * * @return builder * @@ -511,6 +523,10 @@ public Builder serverTlsPolicy(@Nullable Output serverTlsPolicy) { * INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED * loadBalancingScheme consult ServerTlsPolicy documentation. * If left blank, communications are not encrypted. + * If you remove this field from your configuration at the same time as + * deleting or recreating a referenced ServerTlsPolicy resource, you will + * receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + * within the ServerTlsPolicy resource to avoid this. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/container/inputs/ClusterClusterAutoscalingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/container/inputs/ClusterClusterAutoscalingArgs.java index b59377fcf2..ec61b1dc34 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/container/inputs/ClusterClusterAutoscalingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/container/inputs/ClusterClusterAutoscalingArgs.java @@ -38,6 +38,25 @@ public Optional> a return Optional.ofNullable(this.autoProvisioningDefaults); } + /** + * The list of Google Compute Engine + * [zones](https://cloud.google.com/compute/docs/zones#available) in which the + * NodePool's nodes can be created by NAP. + * + */ + @Import(name="autoProvisioningLocations") + private @Nullable Output> autoProvisioningLocations; + + /** + * @return The list of Google Compute Engine + * [zones](https://cloud.google.com/compute/docs/zones#available) in which the + * NodePool's nodes can be created by NAP. + * + */ + public Optional>> autoProvisioningLocations() { + return Optional.ofNullable(this.autoProvisioningLocations); + } + /** * Configuration * options for the [Autoscaling profile](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler#autoscaling_profiles) @@ -101,6 +120,7 @@ private ClusterClusterAutoscalingArgs() {} private ClusterClusterAutoscalingArgs(ClusterClusterAutoscalingArgs $) { this.autoProvisioningDefaults = $.autoProvisioningDefaults; + this.autoProvisioningLocations = $.autoProvisioningLocations; this.autoscalingProfile = $.autoscalingProfile; this.enabled = $.enabled; this.resourceLimits = $.resourceLimits; @@ -149,6 +169,43 @@ public Builder autoProvisioningDefaults(ClusterClusterAutoscalingAutoProvisionin return autoProvisioningDefaults(Output.of(autoProvisioningDefaults)); } + /** + * @param autoProvisioningLocations The list of Google Compute Engine + * [zones](https://cloud.google.com/compute/docs/zones#available) in which the + * NodePool's nodes can be created by NAP. + * + * @return builder + * + */ + public Builder autoProvisioningLocations(@Nullable Output> autoProvisioningLocations) { + $.autoProvisioningLocations = autoProvisioningLocations; + return this; + } + + /** + * @param autoProvisioningLocations The list of Google Compute Engine + * [zones](https://cloud.google.com/compute/docs/zones#available) in which the + * NodePool's nodes can be created by NAP. + * + * @return builder + * + */ + public Builder autoProvisioningLocations(List autoProvisioningLocations) { + return autoProvisioningLocations(Output.of(autoProvisioningLocations)); + } + + /** + * @param autoProvisioningLocations The list of Google Compute Engine + * [zones](https://cloud.google.com/compute/docs/zones#available) in which the + * NodePool's nodes can be created by NAP. + * + * @return builder + * + */ + public Builder autoProvisioningLocations(String... autoProvisioningLocations) { + return autoProvisioningLocations(List.of(autoProvisioningLocations)); + } + /** * @param autoscalingProfile Configuration * options for the [Autoscaling profile](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler#autoscaling_profiles) diff --git a/sdk/java/src/main/java/com/pulumi/gcp/container/outputs/ClusterClusterAutoscaling.java b/sdk/java/src/main/java/com/pulumi/gcp/container/outputs/ClusterClusterAutoscaling.java index c08018c244..6eba1ab1d0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/container/outputs/ClusterClusterAutoscaling.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/container/outputs/ClusterClusterAutoscaling.java @@ -22,6 +22,13 @@ public final class ClusterClusterAutoscaling { * */ private @Nullable ClusterClusterAutoscalingAutoProvisioningDefaults autoProvisioningDefaults; + /** + * @return The list of Google Compute Engine + * [zones](https://cloud.google.com/compute/docs/zones#available) in which the + * NodePool's nodes can be created by NAP. + * + */ + private @Nullable List autoProvisioningLocations; /** * @return Configuration * options for the [Autoscaling profile](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler#autoscaling_profiles) @@ -55,6 +62,15 @@ private ClusterClusterAutoscaling() {} public Optional autoProvisioningDefaults() { return Optional.ofNullable(this.autoProvisioningDefaults); } + /** + * @return The list of Google Compute Engine + * [zones](https://cloud.google.com/compute/docs/zones#available) in which the + * NodePool's nodes can be created by NAP. + * + */ + public List autoProvisioningLocations() { + return this.autoProvisioningLocations == null ? List.of() : this.autoProvisioningLocations; + } /** * @return Configuration * options for the [Autoscaling profile](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler#autoscaling_profiles) @@ -94,6 +110,7 @@ public static Builder builder(ClusterClusterAutoscaling defaults) { @CustomType.Builder public static final class Builder { private @Nullable ClusterClusterAutoscalingAutoProvisioningDefaults autoProvisioningDefaults; + private @Nullable List autoProvisioningLocations; private @Nullable String autoscalingProfile; private @Nullable Boolean enabled; private @Nullable List resourceLimits; @@ -101,6 +118,7 @@ public Builder() {} public Builder(ClusterClusterAutoscaling defaults) { Objects.requireNonNull(defaults); this.autoProvisioningDefaults = defaults.autoProvisioningDefaults; + this.autoProvisioningLocations = defaults.autoProvisioningLocations; this.autoscalingProfile = defaults.autoscalingProfile; this.enabled = defaults.enabled; this.resourceLimits = defaults.resourceLimits; @@ -113,6 +131,15 @@ public Builder autoProvisioningDefaults(@Nullable ClusterClusterAutoscalingAutoP return this; } @CustomType.Setter + public Builder autoProvisioningLocations(@Nullable List autoProvisioningLocations) { + + this.autoProvisioningLocations = autoProvisioningLocations; + return this; + } + public Builder autoProvisioningLocations(String... autoProvisioningLocations) { + return autoProvisioningLocations(List.of(autoProvisioningLocations)); + } + @CustomType.Setter public Builder autoscalingProfile(@Nullable String autoscalingProfile) { this.autoscalingProfile = autoscalingProfile; @@ -136,6 +163,7 @@ public Builder resourceLimits(ClusterClusterAutoscalingResourceLimit... resource public ClusterClusterAutoscaling build() { final var _resultValue = new ClusterClusterAutoscaling(); _resultValue.autoProvisioningDefaults = autoProvisioningDefaults; + _resultValue.autoProvisioningLocations = autoProvisioningLocations; _resultValue.autoscalingProfile = autoscalingProfile; _resultValue.enabled = enabled; _resultValue.resourceLimits = resourceLimits; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/container/outputs/GetClusterClusterAutoscaling.java b/sdk/java/src/main/java/com/pulumi/gcp/container/outputs/GetClusterClusterAutoscaling.java index 03c95888d2..05bb20a814 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/container/outputs/GetClusterClusterAutoscaling.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/container/outputs/GetClusterClusterAutoscaling.java @@ -19,6 +19,11 @@ public final class GetClusterClusterAutoscaling { * */ private List autoProvisioningDefaults; + /** + * @return The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP. + * + */ + private List autoProvisioningLocations; /** * @return Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED. * @@ -43,6 +48,13 @@ private GetClusterClusterAutoscaling() {} public List autoProvisioningDefaults() { return this.autoProvisioningDefaults; } + /** + * @return The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP. + * + */ + public List autoProvisioningLocations() { + return this.autoProvisioningLocations; + } /** * @return Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED. * @@ -75,6 +87,7 @@ public static Builder builder(GetClusterClusterAutoscaling defaults) { @CustomType.Builder public static final class Builder { private List autoProvisioningDefaults; + private List autoProvisioningLocations; private String autoscalingProfile; private Boolean enabled; private List resourceLimits; @@ -82,6 +95,7 @@ public Builder() {} public Builder(GetClusterClusterAutoscaling defaults) { Objects.requireNonNull(defaults); this.autoProvisioningDefaults = defaults.autoProvisioningDefaults; + this.autoProvisioningLocations = defaults.autoProvisioningLocations; this.autoscalingProfile = defaults.autoscalingProfile; this.enabled = defaults.enabled; this.resourceLimits = defaults.resourceLimits; @@ -99,6 +113,17 @@ public Builder autoProvisioningDefaults(GetClusterClusterAutoscalingAutoProvisio return autoProvisioningDefaults(List.of(autoProvisioningDefaults)); } @CustomType.Setter + public Builder autoProvisioningLocations(List autoProvisioningLocations) { + if (autoProvisioningLocations == null) { + throw new MissingRequiredPropertyException("GetClusterClusterAutoscaling", "autoProvisioningLocations"); + } + this.autoProvisioningLocations = autoProvisioningLocations; + return this; + } + public Builder autoProvisioningLocations(String... autoProvisioningLocations) { + return autoProvisioningLocations(List.of(autoProvisioningLocations)); + } + @CustomType.Setter public Builder autoscalingProfile(String autoscalingProfile) { if (autoscalingProfile == null) { throw new MissingRequiredPropertyException("GetClusterClusterAutoscaling", "autoscalingProfile"); @@ -128,6 +153,7 @@ public Builder resourceLimits(GetClusterClusterAutoscalingResourceLimit... resou public GetClusterClusterAutoscaling build() { final var _resultValue = new GetClusterClusterAutoscaling(); _resultValue.autoProvisioningDefaults = autoProvisioningDefaults; + _resultValue.autoProvisioningLocations = autoProvisioningLocations; _resultValue.autoscalingProfile = autoscalingProfile; _resultValue.enabled = enabled; _resultValue.resourceLimits = resourceLimits; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataform/Repository.java b/sdk/java/src/main/java/com/pulumi/gcp/dataform/Repository.java index 22bf117320..e85623d175 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataform/Repository.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataform/Repository.java @@ -37,10 +37,17 @@ * import com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs; * import com.pulumi.gcp.secretmanager.SecretVersion; * import com.pulumi.gcp.secretmanager.SecretVersionArgs; + * import com.pulumi.gcp.kms.KeyRing; + * import com.pulumi.gcp.kms.KeyRingArgs; + * import com.pulumi.gcp.kms.CryptoKey; + * import com.pulumi.gcp.kms.CryptoKeyArgs; + * import com.pulumi.gcp.kms.CryptoKeyIAMBinding; + * import com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs; * import com.pulumi.gcp.dataform.Repository; * import com.pulumi.gcp.dataform.RepositoryArgs; * import com.pulumi.gcp.dataform.inputs.RepositoryGitRemoteSettingsArgs; * import com.pulumi.gcp.dataform.inputs.RepositoryWorkspaceCompilationOverridesArgs; + * import com.pulumi.resources.CustomResourceOptions; * import java.util.List; * import java.util.ArrayList; * import java.util.Map; @@ -48,12 +55,12 @@ * import java.nio.file.Files; * import java.nio.file.Paths; * - * public class App { - * public static void main(String[] args) { + * public class App }{{@code + * public static void main(String[] args) }{{@code * Pulumi.run(App::stack); - * } + * }}{@code * - * public static void stack(Context ctx) { + * public static void stack(Context ctx) }{{@code * var secret = new Secret("secret", SecretArgs.builder() * .secretId("my-secret") * .replication(SecretReplicationArgs.builder() @@ -66,10 +73,27 @@ * .secretData("secret-data") * .build()); * + * var keyring = new KeyRing("keyring", KeyRingArgs.builder() + * .name("example-key-ring") + * .location("us-central1") + * .build()); + * + * var exampleKey = new CryptoKey("exampleKey", CryptoKeyArgs.builder() + * .name("example-crypto-key-name") + * .keyRing(keyring.id()) + * .build()); + * + * var cryptoKeyBinding = new CryptoKeyIAMBinding("cryptoKeyBinding", CryptoKeyIAMBindingArgs.builder() + * .cryptoKeyId(exampleKey.id()) + * .role("roles/cloudkms.cryptoKeyEncrypterDecrypter") + * .members(String.format("serviceAccount:service-%s}{@literal @}{@code gcp-sa-dataform.iam.gserviceaccount.com", project.number())) + * .build()); + * * var dataformRepository = new Repository("dataformRepository", RepositoryArgs.builder() * .name("dataform_repository") * .displayName("dataform_repository") * .npmrcEnvironmentVariablesSecretVersion(secretVersion.id()) + * .kmsKeyName(exampleKey.id()) * .labels(Map.of("label_foo1", "label-bar1")) * .gitRemoteSettings(RepositoryGitRemoteSettingsArgs.builder() * .url("https://github.com/OWNER/REPOSITORY.git") @@ -81,10 +105,12 @@ * .schemaSuffix("_suffix") * .tablePrefix("prefix_") * .build()) - * .build()); + * .build(), CustomResourceOptions.builder() + * .dependsOn(cryptoKeyBinding) + * .build()); * - * } - * } + * }}{@code + * }}{@code * } * * <!--End PulumiCodeChooser --> @@ -166,6 +192,22 @@ public Output> effectiveLabels() { public Output> gitRemoteSettings() { return Codegen.optional(this.gitRemoteSettings); } + /** + * Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + * It is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] + * + */ + @Export(name="kmsKeyName", refs={String.class}, tree="[0]") + private Output kmsKeyName; + + /** + * @return Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + * It is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] + * + */ + public Output> kmsKeyName() { + return Codegen.optional(this.kmsKeyName); + } /** * Optional. Repository user labels. * An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataform/RepositoryArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataform/RepositoryArgs.java index 4804d20cb0..a863c272db 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataform/RepositoryArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataform/RepositoryArgs.java @@ -50,6 +50,23 @@ public Optional> gitRemoteSettings() { return Optional.ofNullable(this.gitRemoteSettings); } + /** + * Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + * It is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] + * + */ + @Import(name="kmsKeyName") + private @Nullable Output kmsKeyName; + + /** + * @return Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + * It is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] + * + */ + public Optional> kmsKeyName() { + return Optional.ofNullable(this.kmsKeyName); + } + /** * Optional. Repository user labels. * An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. @@ -176,6 +193,7 @@ private RepositoryArgs() {} private RepositoryArgs(RepositoryArgs $) { this.displayName = $.displayName; this.gitRemoteSettings = $.gitRemoteSettings; + this.kmsKeyName = $.kmsKeyName; this.labels = $.labels; this.name = $.name; this.npmrcEnvironmentVariablesSecretVersion = $.npmrcEnvironmentVariablesSecretVersion; @@ -247,6 +265,29 @@ public Builder gitRemoteSettings(RepositoryGitRemoteSettingsArgs gitRemoteSettin return gitRemoteSettings(Output.of(gitRemoteSettings)); } + /** + * @param kmsKeyName Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + * It is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] + * + * @return builder + * + */ + public Builder kmsKeyName(@Nullable Output kmsKeyName) { + $.kmsKeyName = kmsKeyName; + return this; + } + + /** + * @param kmsKeyName Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + * It is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] + * + * @return builder + * + */ + public Builder kmsKeyName(String kmsKeyName) { + return kmsKeyName(Output.of(kmsKeyName)); + } + /** * @param labels Optional. Repository user labels. * An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataform/inputs/RepositoryState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataform/inputs/RepositoryState.java index 747294df4f..b0a9e54a3b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataform/inputs/RepositoryState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataform/inputs/RepositoryState.java @@ -65,6 +65,23 @@ public Optional> gitRemoteSettings() { return Optional.ofNullable(this.gitRemoteSettings); } + /** + * Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + * It is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] + * + */ + @Import(name="kmsKeyName") + private @Nullable Output kmsKeyName; + + /** + * @return Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + * It is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] + * + */ + public Optional> kmsKeyName() { + return Optional.ofNullable(this.kmsKeyName); + } + /** * Optional. Repository user labels. * An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. @@ -209,6 +226,7 @@ private RepositoryState(RepositoryState $) { this.displayName = $.displayName; this.effectiveLabels = $.effectiveLabels; this.gitRemoteSettings = $.gitRemoteSettings; + this.kmsKeyName = $.kmsKeyName; this.labels = $.labels; this.name = $.name; this.npmrcEnvironmentVariablesSecretVersion = $.npmrcEnvironmentVariablesSecretVersion; @@ -302,6 +320,29 @@ public Builder gitRemoteSettings(RepositoryGitRemoteSettingsArgs gitRemoteSettin return gitRemoteSettings(Output.of(gitRemoteSettings)); } + /** + * @param kmsKeyName Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + * It is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] + * + * @return builder + * + */ + public Builder kmsKeyName(@Nullable Output kmsKeyName) { + $.kmsKeyName = kmsKeyName; + return this; + } + + /** + * @param kmsKeyName Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + * It is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] + * + * @return builder + * + */ + public Builder kmsKeyName(String kmsKeyName) { + return kmsKeyName(Output.of(kmsKeyName)); + } + /** * @param labels Optional. Repository user labels. * An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. diff --git a/sdk/java/src/main/java/com/pulumi/gcp/discoveryengine/DataStore.java b/sdk/java/src/main/java/com/pulumi/gcp/discoveryengine/DataStore.java index 9675df4ede..2dfafa2eb3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/discoveryengine/DataStore.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/discoveryengine/DataStore.java @@ -63,6 +63,7 @@ * .contentConfig("NO_CONTENT") * .solutionTypes("SOLUTION_TYPE_SEARCH") * .createAdvancedSiteSearch(false) + * .skipDefaultSchemaCreation(false) * .build()); * * } @@ -332,6 +333,32 @@ public Output name() { public Output project() { return this.project; } + /** + * A boolean flag indicating whether to skip the default schema creation for + * the data store. Only enable this flag if you are certain that the default + * schema is incompatible with your use case. + * If set to true, you must manually create a schema for the data store + * before any documents can be ingested. + * This flag cannot be specified if `data_store.starting_schema` is + * specified. + * + */ + @Export(name="skipDefaultSchemaCreation", refs={Boolean.class}, tree="[0]") + private Output skipDefaultSchemaCreation; + + /** + * @return A boolean flag indicating whether to skip the default schema creation for + * the data store. Only enable this flag if you are certain that the default + * schema is incompatible with your use case. + * If set to true, you must manually create a schema for the data store + * before any documents can be ingested. + * This flag cannot be specified if `data_store.starting_schema` is + * specified. + * + */ + public Output> skipDefaultSchemaCreation() { + return Codegen.optional(this.skipDefaultSchemaCreation); + } /** * The solutions that the data store enrolls. * Each value may be one of: `SOLUTION_TYPE_RECOMMENDATION`, `SOLUTION_TYPE_SEARCH`, `SOLUTION_TYPE_CHAT`. diff --git a/sdk/java/src/main/java/com/pulumi/gcp/discoveryengine/DataStoreArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/discoveryengine/DataStoreArgs.java index 34342602ab..e14c227e1f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/discoveryengine/DataStoreArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/discoveryengine/DataStoreArgs.java @@ -159,6 +159,33 @@ public Optional> project() { return Optional.ofNullable(this.project); } + /** + * A boolean flag indicating whether to skip the default schema creation for + * the data store. Only enable this flag if you are certain that the default + * schema is incompatible with your use case. + * If set to true, you must manually create a schema for the data store + * before any documents can be ingested. + * This flag cannot be specified if `data_store.starting_schema` is + * specified. + * + */ + @Import(name="skipDefaultSchemaCreation") + private @Nullable Output skipDefaultSchemaCreation; + + /** + * @return A boolean flag indicating whether to skip the default schema creation for + * the data store. Only enable this flag if you are certain that the default + * schema is incompatible with your use case. + * If set to true, you must manually create a schema for the data store + * before any documents can be ingested. + * This flag cannot be specified if `data_store.starting_schema` is + * specified. + * + */ + public Optional> skipDefaultSchemaCreation() { + return Optional.ofNullable(this.skipDefaultSchemaCreation); + } + /** * The solutions that the data store enrolls. * Each value may be one of: `SOLUTION_TYPE_RECOMMENDATION`, `SOLUTION_TYPE_SEARCH`, `SOLUTION_TYPE_CHAT`. @@ -187,6 +214,7 @@ private DataStoreArgs(DataStoreArgs $) { this.industryVertical = $.industryVertical; this.location = $.location; this.project = $.project; + this.skipDefaultSchemaCreation = $.skipDefaultSchemaCreation; this.solutionTypes = $.solutionTypes; } @@ -396,6 +424,39 @@ public Builder project(String project) { return project(Output.of(project)); } + /** + * @param skipDefaultSchemaCreation A boolean flag indicating whether to skip the default schema creation for + * the data store. Only enable this flag if you are certain that the default + * schema is incompatible with your use case. + * If set to true, you must manually create a schema for the data store + * before any documents can be ingested. + * This flag cannot be specified if `data_store.starting_schema` is + * specified. + * + * @return builder + * + */ + public Builder skipDefaultSchemaCreation(@Nullable Output skipDefaultSchemaCreation) { + $.skipDefaultSchemaCreation = skipDefaultSchemaCreation; + return this; + } + + /** + * @param skipDefaultSchemaCreation A boolean flag indicating whether to skip the default schema creation for + * the data store. Only enable this flag if you are certain that the default + * schema is incompatible with your use case. + * If set to true, you must manually create a schema for the data store + * before any documents can be ingested. + * This flag cannot be specified if `data_store.starting_schema` is + * specified. + * + * @return builder + * + */ + public Builder skipDefaultSchemaCreation(Boolean skipDefaultSchemaCreation) { + return skipDefaultSchemaCreation(Output.of(skipDefaultSchemaCreation)); + } + /** * @param solutionTypes The solutions that the data store enrolls. * Each value may be one of: `SOLUTION_TYPE_RECOMMENDATION`, `SOLUTION_TYPE_SEARCH`, `SOLUTION_TYPE_CHAT`. diff --git a/sdk/java/src/main/java/com/pulumi/gcp/discoveryengine/inputs/DataStoreState.java b/sdk/java/src/main/java/com/pulumi/gcp/discoveryengine/inputs/DataStoreState.java index d004f4842e..e06a431346 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/discoveryengine/inputs/DataStoreState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/discoveryengine/inputs/DataStoreState.java @@ -209,6 +209,33 @@ public Optional> project() { return Optional.ofNullable(this.project); } + /** + * A boolean flag indicating whether to skip the default schema creation for + * the data store. Only enable this flag if you are certain that the default + * schema is incompatible with your use case. + * If set to true, you must manually create a schema for the data store + * before any documents can be ingested. + * This flag cannot be specified if `data_store.starting_schema` is + * specified. + * + */ + @Import(name="skipDefaultSchemaCreation") + private @Nullable Output skipDefaultSchemaCreation; + + /** + * @return A boolean flag indicating whether to skip the default schema creation for + * the data store. Only enable this flag if you are certain that the default + * schema is incompatible with your use case. + * If set to true, you must manually create a schema for the data store + * before any documents can be ingested. + * This flag cannot be specified if `data_store.starting_schema` is + * specified. + * + */ + public Optional> skipDefaultSchemaCreation() { + return Optional.ofNullable(this.skipDefaultSchemaCreation); + } + /** * The solutions that the data store enrolls. * Each value may be one of: `SOLUTION_TYPE_RECOMMENDATION`, `SOLUTION_TYPE_SEARCH`, `SOLUTION_TYPE_CHAT`. @@ -240,6 +267,7 @@ private DataStoreState(DataStoreState $) { this.location = $.location; this.name = $.name; this.project = $.project; + this.skipDefaultSchemaCreation = $.skipDefaultSchemaCreation; this.solutionTypes = $.solutionTypes; } @@ -518,6 +546,39 @@ public Builder project(String project) { return project(Output.of(project)); } + /** + * @param skipDefaultSchemaCreation A boolean flag indicating whether to skip the default schema creation for + * the data store. Only enable this flag if you are certain that the default + * schema is incompatible with your use case. + * If set to true, you must manually create a schema for the data store + * before any documents can be ingested. + * This flag cannot be specified if `data_store.starting_schema` is + * specified. + * + * @return builder + * + */ + public Builder skipDefaultSchemaCreation(@Nullable Output skipDefaultSchemaCreation) { + $.skipDefaultSchemaCreation = skipDefaultSchemaCreation; + return this; + } + + /** + * @param skipDefaultSchemaCreation A boolean flag indicating whether to skip the default schema creation for + * the data store. Only enable this flag if you are certain that the default + * schema is incompatible with your use case. + * If set to true, you must manually create a schema for the data store + * before any documents can be ingested. + * This flag cannot be specified if `data_store.starting_schema` is + * specified. + * + * @return builder + * + */ + public Builder skipDefaultSchemaCreation(Boolean skipDefaultSchemaCreation) { + return skipDefaultSchemaCreation(Output.of(skipDefaultSchemaCreation)); + } + /** * @param solutionTypes The solutions that the data store enrolls. * Each value may be one of: `SOLUTION_TYPE_RECOMMENDATION`, `SOLUTION_TYPE_SEARCH`, `SOLUTION_TYPE_CHAT`. diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureFleetDefaultMemberConfigConfigmanagementArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureFleetDefaultMemberConfigConfigmanagementArgs.java index b513216c46..383a82dedd 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureFleetDefaultMemberConfigConfigmanagementArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureFleetDefaultMemberConfigConfigmanagementArgs.java @@ -33,6 +33,23 @@ public Optional management; + + /** + * @return Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + * Possible values are: `MANAGEMENT_UNSPECIFIED`, `MANAGEMENT_AUTOMATIC`, `MANAGEMENT_MANUAL`. + * + */ + public Optional> management() { + return Optional.ofNullable(this.management); + } + /** * Version of ACM installed * @@ -52,6 +69,7 @@ private FeatureFleetDefaultMemberConfigConfigmanagementArgs() {} private FeatureFleetDefaultMemberConfigConfigmanagementArgs(FeatureFleetDefaultMemberConfigConfigmanagementArgs $) { this.configSync = $.configSync; + this.management = $.management; this.version = $.version; } @@ -96,6 +114,29 @@ public Builder configSync(FeatureFleetDefaultMemberConfigConfigmanagementConfigS return configSync(Output.of(configSync)); } + /** + * @param management Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + * Possible values are: `MANAGEMENT_UNSPECIFIED`, `MANAGEMENT_AUTOMATIC`, `MANAGEMENT_MANUAL`. + * + * @return builder + * + */ + public Builder management(@Nullable Output management) { + $.management = management; + return this; + } + + /** + * @param management Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + * Possible values are: `MANAGEMENT_UNSPECIFIED`, `MANAGEMENT_AUTOMATIC`, `MANAGEMENT_MANUAL`. + * + * @return builder + * + */ + public Builder management(String management) { + return management(Output.of(management)); + } + /** * @param version Version of ACM installed * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureMembershipConfigmanagementArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureMembershipConfigmanagementArgs.java index ab430b1cf5..25e2993753 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureMembershipConfigmanagementArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureMembershipConfigmanagementArgs.java @@ -64,6 +64,21 @@ public Optional return Optional.ofNullable(this.hierarchyController); } + /** + * Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + * + */ + @Import(name="management") + private @Nullable Output management; + + /** + * @return Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + * + */ + public Optional> management() { + return Optional.ofNullable(this.management); + } + /** * Policy Controller configuration for the cluster. Structure is documented below. * @@ -100,6 +115,7 @@ private FeatureMembershipConfigmanagementArgs(FeatureMembershipConfigmanagementA this.binauthz = $.binauthz; this.configSync = $.configSync; this.hierarchyController = $.hierarchyController; + this.management = $.management; this.policyController = $.policyController; this.version = $.version; } @@ -185,6 +201,27 @@ public Builder hierarchyController(FeatureMembershipConfigmanagementHierarchyCon return hierarchyController(Output.of(hierarchyController)); } + /** + * @param management Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + * + * @return builder + * + */ + public Builder management(@Nullable Output management) { + $.management = management; + return this; + } + + /** + * @param management Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + * + * @return builder + * + */ + public Builder management(String management) { + return management(Output.of(management)); + } + /** * @param policyController Policy Controller configuration for the cluster. Structure is documented below. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureMembershipConfigmanagementConfigSyncArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureMembershipConfigmanagementConfigSyncArgs.java index 7fbe8ddf79..d49a15e1c0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureMembershipConfigmanagementConfigSyncArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureMembershipConfigmanagementConfigSyncArgs.java @@ -18,6 +18,21 @@ public final class FeatureMembershipConfigmanagementConfigSyncArgs extends com.p public static final FeatureMembershipConfigmanagementConfigSyncArgs Empty = new FeatureMembershipConfigmanagementConfigSyncArgs(); + /** + * Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. + * + */ + @Import(name="enabled") + private @Nullable Output enabled; + + /** + * @return Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. + * + */ + public Optional> enabled() { + return Optional.ofNullable(this.enabled); + } + /** * (Optional) Structure is documented below. * @@ -100,6 +115,7 @@ public Optional> sourceFormat() { private FeatureMembershipConfigmanagementConfigSyncArgs() {} private FeatureMembershipConfigmanagementConfigSyncArgs(FeatureMembershipConfigmanagementConfigSyncArgs $) { + this.enabled = $.enabled; this.git = $.git; this.metricsGcpServiceAccountEmail = $.metricsGcpServiceAccountEmail; this.oci = $.oci; @@ -125,6 +141,27 @@ public Builder(FeatureMembershipConfigmanagementConfigSyncArgs defaults) { $ = new FeatureMembershipConfigmanagementConfigSyncArgs(Objects.requireNonNull(defaults)); } + /** + * @param enabled Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. + * + * @return builder + * + */ + public Builder enabled(@Nullable Output enabled) { + $.enabled = enabled; + return this; + } + + /** + * @param enabled Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. + * + * @return builder + * + */ + public Builder enabled(Boolean enabled) { + return enabled(Output.of(enabled)); + } + /** * @param git (Optional) Structure is documented below. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/outputs/FeatureFleetDefaultMemberConfigConfigmanagement.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/outputs/FeatureFleetDefaultMemberConfigConfigmanagement.java index 1d7c0f6b7c..793cc69656 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/outputs/FeatureFleetDefaultMemberConfigConfigmanagement.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/outputs/FeatureFleetDefaultMemberConfigConfigmanagement.java @@ -18,6 +18,12 @@ public final class FeatureFleetDefaultMemberConfigConfigmanagement { * */ private @Nullable FeatureFleetDefaultMemberConfigConfigmanagementConfigSync configSync; + /** + * @return Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + * Possible values are: `MANAGEMENT_UNSPECIFIED`, `MANAGEMENT_AUTOMATIC`, `MANAGEMENT_MANUAL`. + * + */ + private @Nullable String management; /** * @return Version of ACM installed * @@ -33,6 +39,14 @@ private FeatureFleetDefaultMemberConfigConfigmanagement() {} public Optional configSync() { return Optional.ofNullable(this.configSync); } + /** + * @return Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + * Possible values are: `MANAGEMENT_UNSPECIFIED`, `MANAGEMENT_AUTOMATIC`, `MANAGEMENT_MANUAL`. + * + */ + public Optional management() { + return Optional.ofNullable(this.management); + } /** * @return Version of ACM installed * @@ -51,11 +65,13 @@ public static Builder builder(FeatureFleetDefaultMemberConfigConfigmanagement de @CustomType.Builder public static final class Builder { private @Nullable FeatureFleetDefaultMemberConfigConfigmanagementConfigSync configSync; + private @Nullable String management; private @Nullable String version; public Builder() {} public Builder(FeatureFleetDefaultMemberConfigConfigmanagement defaults) { Objects.requireNonNull(defaults); this.configSync = defaults.configSync; + this.management = defaults.management; this.version = defaults.version; } @@ -66,6 +82,12 @@ public Builder configSync(@Nullable FeatureFleetDefaultMemberConfigConfigmanagem return this; } @CustomType.Setter + public Builder management(@Nullable String management) { + + this.management = management; + return this; + } + @CustomType.Setter public Builder version(@Nullable String version) { this.version = version; @@ -74,6 +96,7 @@ public Builder version(@Nullable String version) { public FeatureFleetDefaultMemberConfigConfigmanagement build() { final var _resultValue = new FeatureFleetDefaultMemberConfigConfigmanagement(); _resultValue.configSync = configSync; + _resultValue.management = management; _resultValue.version = version; return _resultValue; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/outputs/FeatureMembershipConfigmanagement.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/outputs/FeatureMembershipConfigmanagement.java index 3217ee386b..8b7cdf7332 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/outputs/FeatureMembershipConfigmanagement.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/outputs/FeatureMembershipConfigmanagement.java @@ -30,6 +30,11 @@ public final class FeatureMembershipConfigmanagement { * */ private @Nullable FeatureMembershipConfigmanagementHierarchyController hierarchyController; + /** + * @return Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + * + */ + private @Nullable String management; /** * @return Policy Controller configuration for the cluster. Structure is documented below. * @@ -63,6 +68,13 @@ public Optional configSync() { public Optional hierarchyController() { return Optional.ofNullable(this.hierarchyController); } + /** + * @return Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + * + */ + public Optional management() { + return Optional.ofNullable(this.management); + } /** * @return Policy Controller configuration for the cluster. Structure is documented below. * @@ -90,6 +102,7 @@ public static final class Builder { private @Nullable FeatureMembershipConfigmanagementBinauthz binauthz; private @Nullable FeatureMembershipConfigmanagementConfigSync configSync; private @Nullable FeatureMembershipConfigmanagementHierarchyController hierarchyController; + private @Nullable String management; private @Nullable FeatureMembershipConfigmanagementPolicyController policyController; private @Nullable String version; public Builder() {} @@ -98,6 +111,7 @@ public Builder(FeatureMembershipConfigmanagement defaults) { this.binauthz = defaults.binauthz; this.configSync = defaults.configSync; this.hierarchyController = defaults.hierarchyController; + this.management = defaults.management; this.policyController = defaults.policyController; this.version = defaults.version; } @@ -121,6 +135,12 @@ public Builder hierarchyController(@Nullable FeatureMembershipConfigmanagementHi return this; } @CustomType.Setter + public Builder management(@Nullable String management) { + + this.management = management; + return this; + } + @CustomType.Setter public Builder policyController(@Nullable FeatureMembershipConfigmanagementPolicyController policyController) { this.policyController = policyController; @@ -137,6 +157,7 @@ public FeatureMembershipConfigmanagement build() { _resultValue.binauthz = binauthz; _resultValue.configSync = configSync; _resultValue.hierarchyController = hierarchyController; + _resultValue.management = management; _resultValue.policyController = policyController; _resultValue.version = version; return _resultValue; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/outputs/FeatureMembershipConfigmanagementConfigSync.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/outputs/FeatureMembershipConfigmanagementConfigSync.java index fc84dd4168..1df403e066 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/outputs/FeatureMembershipConfigmanagementConfigSync.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/outputs/FeatureMembershipConfigmanagementConfigSync.java @@ -14,6 +14,11 @@ @CustomType public final class FeatureMembershipConfigmanagementConfigSync { + /** + * @return Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. + * + */ + private @Nullable Boolean enabled; /** * @return (Optional) Structure is documented below. * @@ -43,6 +48,13 @@ public final class FeatureMembershipConfigmanagementConfigSync { private @Nullable String sourceFormat; private FeatureMembershipConfigmanagementConfigSync() {} + /** + * @return Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. + * + */ + public Optional enabled() { + return Optional.ofNullable(this.enabled); + } /** * @return (Optional) Structure is documented below. * @@ -90,6 +102,7 @@ public static Builder builder(FeatureMembershipConfigmanagementConfigSync defaul } @CustomType.Builder public static final class Builder { + private @Nullable Boolean enabled; private @Nullable FeatureMembershipConfigmanagementConfigSyncGit git; private @Nullable String metricsGcpServiceAccountEmail; private @Nullable FeatureMembershipConfigmanagementConfigSyncOci oci; @@ -98,6 +111,7 @@ public static final class Builder { public Builder() {} public Builder(FeatureMembershipConfigmanagementConfigSync defaults) { Objects.requireNonNull(defaults); + this.enabled = defaults.enabled; this.git = defaults.git; this.metricsGcpServiceAccountEmail = defaults.metricsGcpServiceAccountEmail; this.oci = defaults.oci; @@ -105,6 +119,12 @@ public Builder(FeatureMembershipConfigmanagementConfigSync defaults) { this.sourceFormat = defaults.sourceFormat; } + @CustomType.Setter + public Builder enabled(@Nullable Boolean enabled) { + + this.enabled = enabled; + return this; + } @CustomType.Setter public Builder git(@Nullable FeatureMembershipConfigmanagementConfigSyncGit git) { @@ -137,6 +157,7 @@ public Builder sourceFormat(@Nullable String sourceFormat) { } public FeatureMembershipConfigmanagementConfigSync build() { final var _resultValue = new FeatureMembershipConfigmanagementConfigSync(); + _resultValue.enabled = enabled; _resultValue.git = git; _resultValue.metricsGcpServiceAccountEmail = metricsGcpServiceAccountEmail; _resultValue.oci = oci; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/logging/LogViewIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/logging/LogViewIamBinding.java index a92d153ee7..da8ee99ca5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/logging/LogViewIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/logging/LogViewIamBinding.java @@ -17,6 +17,586 @@ import javax.annotation.Nullable; /** + * Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + * + * * `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * * `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * * `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + * + * > **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + * + * > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + * + * ## gcp.logging.LogViewIamPolicy + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.organizations.OrganizationsFunctions;
+ * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
+ * import com.pulumi.gcp.logging.LogViewIamPolicy;
+ * import com.pulumi.gcp.logging.LogViewIamPolicyArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
+ *             .bindings(GetIAMPolicyBindingArgs.builder()
+ *                 .role("roles/logging.admin")
+ *                 .members("user:jane}{@literal @}{@code example.com")
+ *                 .build())
+ *             .build());
+ * 
+ *         var policy = new LogViewIamPolicy("policy", LogViewIamPolicyArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.organizations.OrganizationsFunctions;
+ * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
+ * import com.pulumi.gcp.logging.LogViewIamPolicy;
+ * import com.pulumi.gcp.logging.LogViewIamPolicyArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
+ *             .bindings(GetIAMPolicyBindingArgs.builder()
+ *                 .role("roles/logging.admin")
+ *                 .members("user:jane}{@literal @}{@code example.com")
+ *                 .condition(GetIAMPolicyBindingConditionArgs.builder()
+ *                     .title("expires_after_2019_12_31")
+ *                     .description("Expiring at midnight of 2019-12-31")
+ *                     .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
+ *                     .build())
+ *                 .build())
+ *             .build());
+ * 
+ *         var policy = new LogViewIamPolicy("policy", LogViewIamPolicyArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * ## gcp.logging.LogViewIamBinding + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamBinding;
+ * import com.pulumi.gcp.logging.LogViewIamBindingArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var binding = new LogViewIamBinding("binding", LogViewIamBindingArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .members("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamBinding;
+ * import com.pulumi.gcp.logging.LogViewIamBindingArgs;
+ * import com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var binding = new LogViewIamBinding("binding", LogViewIamBindingArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .members("user:jane}{@literal @}{@code example.com")
+ *             .condition(LogViewIamBindingConditionArgs.builder()
+ *                 .title("expires_after_2019_12_31")
+ *                 .description("Expiring at midnight of 2019-12-31")
+ *                 .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
+ *                 .build())
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * ## gcp.logging.LogViewIamMember + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamMember;
+ * import com.pulumi.gcp.logging.LogViewIamMemberArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var member = new LogViewIamMember("member", LogViewIamMemberArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .member("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamMember;
+ * import com.pulumi.gcp.logging.LogViewIamMemberArgs;
+ * import com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var member = new LogViewIamMember("member", LogViewIamMemberArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .member("user:jane}{@literal @}{@code example.com")
+ *             .condition(LogViewIamMemberConditionArgs.builder()
+ *                 .title("expires_after_2019_12_31")
+ *                 .description("Expiring at midnight of 2019-12-31")
+ *                 .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
+ *                 .build())
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + * + * full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + * --- + * + * # IAM policy for Cloud (Stackdriver) Logging LogView + * Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + * + * * `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * * `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * * `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + * + * > **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + * + * > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + * + * ## gcp.logging.LogViewIamPolicy + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.organizations.OrganizationsFunctions;
+ * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
+ * import com.pulumi.gcp.logging.LogViewIamPolicy;
+ * import com.pulumi.gcp.logging.LogViewIamPolicyArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
+ *             .bindings(GetIAMPolicyBindingArgs.builder()
+ *                 .role("roles/logging.admin")
+ *                 .members("user:jane}{@literal @}{@code example.com")
+ *                 .build())
+ *             .build());
+ * 
+ *         var policy = new LogViewIamPolicy("policy", LogViewIamPolicyArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.organizations.OrganizationsFunctions;
+ * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
+ * import com.pulumi.gcp.logging.LogViewIamPolicy;
+ * import com.pulumi.gcp.logging.LogViewIamPolicyArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
+ *             .bindings(GetIAMPolicyBindingArgs.builder()
+ *                 .role("roles/logging.admin")
+ *                 .members("user:jane}{@literal @}{@code example.com")
+ *                 .condition(GetIAMPolicyBindingConditionArgs.builder()
+ *                     .title("expires_after_2019_12_31")
+ *                     .description("Expiring at midnight of 2019-12-31")
+ *                     .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
+ *                     .build())
+ *                 .build())
+ *             .build());
+ * 
+ *         var policy = new LogViewIamPolicy("policy", LogViewIamPolicyArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * ## gcp.logging.LogViewIamBinding + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamBinding;
+ * import com.pulumi.gcp.logging.LogViewIamBindingArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var binding = new LogViewIamBinding("binding", LogViewIamBindingArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .members("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamBinding;
+ * import com.pulumi.gcp.logging.LogViewIamBindingArgs;
+ * import com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var binding = new LogViewIamBinding("binding", LogViewIamBindingArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .members("user:jane}{@literal @}{@code example.com")
+ *             .condition(LogViewIamBindingConditionArgs.builder()
+ *                 .title("expires_after_2019_12_31")
+ *                 .description("Expiring at midnight of 2019-12-31")
+ *                 .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
+ *                 .build())
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * ## gcp.logging.LogViewIamMember + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamMember;
+ * import com.pulumi.gcp.logging.LogViewIamMemberArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var member = new LogViewIamMember("member", LogViewIamMemberArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .member("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamMember;
+ * import com.pulumi.gcp.logging.LogViewIamMemberArgs;
+ * import com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var member = new LogViewIamMember("member", LogViewIamMemberArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .member("user:jane}{@literal @}{@code example.com")
+ *             .condition(LogViewIamMemberConditionArgs.builder()
+ *                 .title("expires_after_2019_12_31")
+ *                 .description("Expiring at midnight of 2019-12-31")
+ *                 .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
+ *                 .build())
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: diff --git a/sdk/java/src/main/java/com/pulumi/gcp/logging/LogViewIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/logging/LogViewIamMember.java index e8a1c37fb3..b15a47f857 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/logging/LogViewIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/logging/LogViewIamMember.java @@ -16,6 +16,586 @@ import javax.annotation.Nullable; /** + * Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + * + * * `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * * `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * * `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + * + * > **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + * + * > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + * + * ## gcp.logging.LogViewIamPolicy + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.organizations.OrganizationsFunctions;
+ * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
+ * import com.pulumi.gcp.logging.LogViewIamPolicy;
+ * import com.pulumi.gcp.logging.LogViewIamPolicyArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
+ *             .bindings(GetIAMPolicyBindingArgs.builder()
+ *                 .role("roles/logging.admin")
+ *                 .members("user:jane}{@literal @}{@code example.com")
+ *                 .build())
+ *             .build());
+ * 
+ *         var policy = new LogViewIamPolicy("policy", LogViewIamPolicyArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.organizations.OrganizationsFunctions;
+ * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
+ * import com.pulumi.gcp.logging.LogViewIamPolicy;
+ * import com.pulumi.gcp.logging.LogViewIamPolicyArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
+ *             .bindings(GetIAMPolicyBindingArgs.builder()
+ *                 .role("roles/logging.admin")
+ *                 .members("user:jane}{@literal @}{@code example.com")
+ *                 .condition(GetIAMPolicyBindingConditionArgs.builder()
+ *                     .title("expires_after_2019_12_31")
+ *                     .description("Expiring at midnight of 2019-12-31")
+ *                     .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
+ *                     .build())
+ *                 .build())
+ *             .build());
+ * 
+ *         var policy = new LogViewIamPolicy("policy", LogViewIamPolicyArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * ## gcp.logging.LogViewIamBinding + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamBinding;
+ * import com.pulumi.gcp.logging.LogViewIamBindingArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var binding = new LogViewIamBinding("binding", LogViewIamBindingArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .members("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamBinding;
+ * import com.pulumi.gcp.logging.LogViewIamBindingArgs;
+ * import com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var binding = new LogViewIamBinding("binding", LogViewIamBindingArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .members("user:jane}{@literal @}{@code example.com")
+ *             .condition(LogViewIamBindingConditionArgs.builder()
+ *                 .title("expires_after_2019_12_31")
+ *                 .description("Expiring at midnight of 2019-12-31")
+ *                 .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
+ *                 .build())
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * ## gcp.logging.LogViewIamMember + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamMember;
+ * import com.pulumi.gcp.logging.LogViewIamMemberArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var member = new LogViewIamMember("member", LogViewIamMemberArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .member("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamMember;
+ * import com.pulumi.gcp.logging.LogViewIamMemberArgs;
+ * import com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var member = new LogViewIamMember("member", LogViewIamMemberArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .member("user:jane}{@literal @}{@code example.com")
+ *             .condition(LogViewIamMemberConditionArgs.builder()
+ *                 .title("expires_after_2019_12_31")
+ *                 .description("Expiring at midnight of 2019-12-31")
+ *                 .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
+ *                 .build())
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + * + * full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + * --- + * + * # IAM policy for Cloud (Stackdriver) Logging LogView + * Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + * + * * `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * * `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * * `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + * + * > **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + * + * > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + * + * ## gcp.logging.LogViewIamPolicy + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.organizations.OrganizationsFunctions;
+ * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
+ * import com.pulumi.gcp.logging.LogViewIamPolicy;
+ * import com.pulumi.gcp.logging.LogViewIamPolicyArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
+ *             .bindings(GetIAMPolicyBindingArgs.builder()
+ *                 .role("roles/logging.admin")
+ *                 .members("user:jane}{@literal @}{@code example.com")
+ *                 .build())
+ *             .build());
+ * 
+ *         var policy = new LogViewIamPolicy("policy", LogViewIamPolicyArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.organizations.OrganizationsFunctions;
+ * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
+ * import com.pulumi.gcp.logging.LogViewIamPolicy;
+ * import com.pulumi.gcp.logging.LogViewIamPolicyArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
+ *             .bindings(GetIAMPolicyBindingArgs.builder()
+ *                 .role("roles/logging.admin")
+ *                 .members("user:jane}{@literal @}{@code example.com")
+ *                 .condition(GetIAMPolicyBindingConditionArgs.builder()
+ *                     .title("expires_after_2019_12_31")
+ *                     .description("Expiring at midnight of 2019-12-31")
+ *                     .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
+ *                     .build())
+ *                 .build())
+ *             .build());
+ * 
+ *         var policy = new LogViewIamPolicy("policy", LogViewIamPolicyArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * ## gcp.logging.LogViewIamBinding + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamBinding;
+ * import com.pulumi.gcp.logging.LogViewIamBindingArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var binding = new LogViewIamBinding("binding", LogViewIamBindingArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .members("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamBinding;
+ * import com.pulumi.gcp.logging.LogViewIamBindingArgs;
+ * import com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var binding = new LogViewIamBinding("binding", LogViewIamBindingArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .members("user:jane}{@literal @}{@code example.com")
+ *             .condition(LogViewIamBindingConditionArgs.builder()
+ *                 .title("expires_after_2019_12_31")
+ *                 .description("Expiring at midnight of 2019-12-31")
+ *                 .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
+ *                 .build())
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * ## gcp.logging.LogViewIamMember + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamMember;
+ * import com.pulumi.gcp.logging.LogViewIamMemberArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var member = new LogViewIamMember("member", LogViewIamMemberArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .member("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamMember;
+ * import com.pulumi.gcp.logging.LogViewIamMemberArgs;
+ * import com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var member = new LogViewIamMember("member", LogViewIamMemberArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .member("user:jane}{@literal @}{@code example.com")
+ *             .condition(LogViewIamMemberConditionArgs.builder()
+ *                 .title("expires_after_2019_12_31")
+ *                 .description("Expiring at midnight of 2019-12-31")
+ *                 .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
+ *                 .build())
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: diff --git a/sdk/java/src/main/java/com/pulumi/gcp/logging/LogViewIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/logging/LogViewIamPolicy.java index 0f156a5195..66779c1a6b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/logging/LogViewIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/logging/LogViewIamPolicy.java @@ -14,6 +14,586 @@ import javax.annotation.Nullable; /** + * Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + * + * * `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * * `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * * `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + * + * > **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + * + * > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + * + * ## gcp.logging.LogViewIamPolicy + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.organizations.OrganizationsFunctions;
+ * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
+ * import com.pulumi.gcp.logging.LogViewIamPolicy;
+ * import com.pulumi.gcp.logging.LogViewIamPolicyArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
+ *             .bindings(GetIAMPolicyBindingArgs.builder()
+ *                 .role("roles/logging.admin")
+ *                 .members("user:jane}{@literal @}{@code example.com")
+ *                 .build())
+ *             .build());
+ * 
+ *         var policy = new LogViewIamPolicy("policy", LogViewIamPolicyArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.organizations.OrganizationsFunctions;
+ * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
+ * import com.pulumi.gcp.logging.LogViewIamPolicy;
+ * import com.pulumi.gcp.logging.LogViewIamPolicyArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
+ *             .bindings(GetIAMPolicyBindingArgs.builder()
+ *                 .role("roles/logging.admin")
+ *                 .members("user:jane}{@literal @}{@code example.com")
+ *                 .condition(GetIAMPolicyBindingConditionArgs.builder()
+ *                     .title("expires_after_2019_12_31")
+ *                     .description("Expiring at midnight of 2019-12-31")
+ *                     .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
+ *                     .build())
+ *                 .build())
+ *             .build());
+ * 
+ *         var policy = new LogViewIamPolicy("policy", LogViewIamPolicyArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * ## gcp.logging.LogViewIamBinding + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamBinding;
+ * import com.pulumi.gcp.logging.LogViewIamBindingArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var binding = new LogViewIamBinding("binding", LogViewIamBindingArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .members("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamBinding;
+ * import com.pulumi.gcp.logging.LogViewIamBindingArgs;
+ * import com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var binding = new LogViewIamBinding("binding", LogViewIamBindingArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .members("user:jane}{@literal @}{@code example.com")
+ *             .condition(LogViewIamBindingConditionArgs.builder()
+ *                 .title("expires_after_2019_12_31")
+ *                 .description("Expiring at midnight of 2019-12-31")
+ *                 .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
+ *                 .build())
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * ## gcp.logging.LogViewIamMember + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamMember;
+ * import com.pulumi.gcp.logging.LogViewIamMemberArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var member = new LogViewIamMember("member", LogViewIamMemberArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .member("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamMember;
+ * import com.pulumi.gcp.logging.LogViewIamMemberArgs;
+ * import com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var member = new LogViewIamMember("member", LogViewIamMemberArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .member("user:jane}{@literal @}{@code example.com")
+ *             .condition(LogViewIamMemberConditionArgs.builder()
+ *                 .title("expires_after_2019_12_31")
+ *                 .description("Expiring at midnight of 2019-12-31")
+ *                 .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
+ *                 .build())
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + * + * full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + * --- + * + * # IAM policy for Cloud (Stackdriver) Logging LogView + * Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + * + * * `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * * `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * * `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + * + * > **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + * + * > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + * + * ## gcp.logging.LogViewIamPolicy + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.organizations.OrganizationsFunctions;
+ * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
+ * import com.pulumi.gcp.logging.LogViewIamPolicy;
+ * import com.pulumi.gcp.logging.LogViewIamPolicyArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
+ *             .bindings(GetIAMPolicyBindingArgs.builder()
+ *                 .role("roles/logging.admin")
+ *                 .members("user:jane}{@literal @}{@code example.com")
+ *                 .build())
+ *             .build());
+ * 
+ *         var policy = new LogViewIamPolicy("policy", LogViewIamPolicyArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.organizations.OrganizationsFunctions;
+ * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
+ * import com.pulumi.gcp.logging.LogViewIamPolicy;
+ * import com.pulumi.gcp.logging.LogViewIamPolicyArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
+ *             .bindings(GetIAMPolicyBindingArgs.builder()
+ *                 .role("roles/logging.admin")
+ *                 .members("user:jane}{@literal @}{@code example.com")
+ *                 .condition(GetIAMPolicyBindingConditionArgs.builder()
+ *                     .title("expires_after_2019_12_31")
+ *                     .description("Expiring at midnight of 2019-12-31")
+ *                     .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
+ *                     .build())
+ *                 .build())
+ *             .build());
+ * 
+ *         var policy = new LogViewIamPolicy("policy", LogViewIamPolicyArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * ## gcp.logging.LogViewIamBinding + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamBinding;
+ * import com.pulumi.gcp.logging.LogViewIamBindingArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var binding = new LogViewIamBinding("binding", LogViewIamBindingArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .members("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamBinding;
+ * import com.pulumi.gcp.logging.LogViewIamBindingArgs;
+ * import com.pulumi.gcp.logging.inputs.LogViewIamBindingConditionArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var binding = new LogViewIamBinding("binding", LogViewIamBindingArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .members("user:jane}{@literal @}{@code example.com")
+ *             .condition(LogViewIamBindingConditionArgs.builder()
+ *                 .title("expires_after_2019_12_31")
+ *                 .description("Expiring at midnight of 2019-12-31")
+ *                 .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
+ *                 .build())
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * ## gcp.logging.LogViewIamMember + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamMember;
+ * import com.pulumi.gcp.logging.LogViewIamMemberArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var member = new LogViewIamMember("member", LogViewIamMemberArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .member("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.logging.LogViewIamMember;
+ * import com.pulumi.gcp.logging.LogViewIamMemberArgs;
+ * import com.pulumi.gcp.logging.inputs.LogViewIamMemberConditionArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var member = new LogViewIamMember("member", LogViewIamMemberArgs.builder()
+ *             .parent(loggingLogView.parent())
+ *             .location(loggingLogView.location())
+ *             .bucket(loggingLogView.bucket())
+ *             .name(loggingLogView.name())
+ *             .role("roles/logging.admin")
+ *             .member("user:jane}{@literal @}{@code example.com")
+ *             .condition(LogViewIamMemberConditionArgs.builder()
+ *                 .title("expires_after_2019_12_31")
+ *                 .description("Expiring at midnight of 2019-12-31")
+ *                 .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
+ *                 .build())
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: diff --git a/sdk/java/src/main/java/com/pulumi/gcp/logging/LoggingFunctions.java b/sdk/java/src/main/java/com/pulumi/gcp/logging/LoggingFunctions.java index 1c68d43d2b..a2eca478df 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/logging/LoggingFunctions.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/logging/LoggingFunctions.java @@ -225,15 +225,183 @@ public static Output getFolderSettings(GetFolderSetting public static CompletableFuture getFolderSettingsPlain(GetFolderSettingsPlainArgs args, InvokeOptions options) { return Deployment.getInstance().invokeAsync("gcp:logging/getFolderSettings:getFolderSettings", TypeShape.of(GetFolderSettingsResult.class), args, Utilities.withVersion(options)); } + /** + * Retrieves the current IAM policy data for logview + * + * ## example + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.gcp.logging.LoggingFunctions;
+     * import com.pulumi.gcp.logging.inputs.GetLogViewIamPolicyArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var policy = LoggingFunctions.getLogViewIamPolicy(GetLogViewIamPolicyArgs.builder()
+     *             .parent(loggingLogView.parent())
+     *             .location(loggingLogView.location())
+     *             .bucket(loggingLogView.bucket())
+     *             .name(loggingLogView.name())
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ public static Output getLogViewIamPolicy(GetLogViewIamPolicyArgs args) { return getLogViewIamPolicy(args, InvokeOptions.Empty); } + /** + * Retrieves the current IAM policy data for logview + * + * ## example + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.gcp.logging.LoggingFunctions;
+     * import com.pulumi.gcp.logging.inputs.GetLogViewIamPolicyArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var policy = LoggingFunctions.getLogViewIamPolicy(GetLogViewIamPolicyArgs.builder()
+     *             .parent(loggingLogView.parent())
+     *             .location(loggingLogView.location())
+     *             .bucket(loggingLogView.bucket())
+     *             .name(loggingLogView.name())
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ public static CompletableFuture getLogViewIamPolicyPlain(GetLogViewIamPolicyPlainArgs args) { return getLogViewIamPolicyPlain(args, InvokeOptions.Empty); } + /** + * Retrieves the current IAM policy data for logview + * + * ## example + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.gcp.logging.LoggingFunctions;
+     * import com.pulumi.gcp.logging.inputs.GetLogViewIamPolicyArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var policy = LoggingFunctions.getLogViewIamPolicy(GetLogViewIamPolicyArgs.builder()
+     *             .parent(loggingLogView.parent())
+     *             .location(loggingLogView.location())
+     *             .bucket(loggingLogView.bucket())
+     *             .name(loggingLogView.name())
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ public static Output getLogViewIamPolicy(GetLogViewIamPolicyArgs args, InvokeOptions options) { return Deployment.getInstance().invoke("gcp:logging/getLogViewIamPolicy:getLogViewIamPolicy", TypeShape.of(GetLogViewIamPolicyResult.class), args, Utilities.withVersion(options)); } + /** + * Retrieves the current IAM policy data for logview + * + * ## example + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.gcp.logging.LoggingFunctions;
+     * import com.pulumi.gcp.logging.inputs.GetLogViewIamPolicyArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var policy = LoggingFunctions.getLogViewIamPolicy(GetLogViewIamPolicyArgs.builder()
+     *             .parent(loggingLogView.parent())
+     *             .location(loggingLogView.location())
+     *             .bucket(loggingLogView.bucket())
+     *             .name(loggingLogView.name())
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ public static CompletableFuture getLogViewIamPolicyPlain(GetLogViewIamPolicyPlainArgs args, InvokeOptions options) { return Deployment.getInstance().invokeAsync("gcp:logging/getLogViewIamPolicy:getLogViewIamPolicy", TypeShape.of(GetLogViewIamPolicyResult.class), args, Utilities.withVersion(options)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/netapp/inputs/VolumeReplicationTransferStatArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/netapp/inputs/VolumeReplicationTransferStatArgs.java index 4015d3da0d..9ce684fc59 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/netapp/inputs/VolumeReplicationTransferStatArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/netapp/inputs/VolumeReplicationTransferStatArgs.java @@ -106,7 +106,7 @@ public Optional> lastTransferError() { /** * (Output) - * Total time taken so far during current transfer. + * Cumulative time taken across all transfers for the replication relationship. * */ @Import(name="totalTransferDuration") @@ -114,7 +114,7 @@ public Optional> lastTransferError() { /** * @return (Output) - * Total time taken so far during current transfer. + * Cumulative time taken across all transfers for the replication relationship. * */ public Optional> totalTransferDuration() { @@ -123,7 +123,7 @@ public Optional> totalTransferDuration() { /** * (Output) - * Number of bytes transferred so far in current transfer. + * Cumulative bytes transferred so far for the replication relationship. * */ @Import(name="transferBytes") @@ -131,7 +131,7 @@ public Optional> totalTransferDuration() { /** * @return (Output) - * Number of bytes transferred so far in current transfer. + * Cumulative bytes transferred so far for the replication relationship. * */ public Optional> transferBytes() { @@ -307,7 +307,7 @@ public Builder lastTransferError(String lastTransferError) { /** * @param totalTransferDuration (Output) - * Total time taken so far during current transfer. + * Cumulative time taken across all transfers for the replication relationship. * * @return builder * @@ -319,7 +319,7 @@ public Builder totalTransferDuration(@Nullable Output totalTransferDurat /** * @param totalTransferDuration (Output) - * Total time taken so far during current transfer. + * Cumulative time taken across all transfers for the replication relationship. * * @return builder * @@ -330,7 +330,7 @@ public Builder totalTransferDuration(String totalTransferDuration) { /** * @param transferBytes (Output) - * Number of bytes transferred so far in current transfer. + * Cumulative bytes transferred so far for the replication relationship. * * @return builder * @@ -342,7 +342,7 @@ public Builder transferBytes(@Nullable Output transferBytes) { /** * @param transferBytes (Output) - * Number of bytes transferred so far in current transfer. + * Cumulative bytes transferred so far for the replication relationship. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/netapp/outputs/VolumeReplicationTransferStat.java b/sdk/java/src/main/java/com/pulumi/gcp/netapp/outputs/VolumeReplicationTransferStat.java index 47605ceaeb..91d7098920 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/netapp/outputs/VolumeReplicationTransferStat.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/netapp/outputs/VolumeReplicationTransferStat.java @@ -45,13 +45,13 @@ public final class VolumeReplicationTransferStat { private @Nullable String lastTransferError; /** * @return (Output) - * Total time taken so far during current transfer. + * Cumulative time taken across all transfers for the replication relationship. * */ private @Nullable String totalTransferDuration; /** * @return (Output) - * Number of bytes transferred so far in current transfer. + * Cumulative bytes transferred so far for the replication relationship. * */ private @Nullable String transferBytes; @@ -107,7 +107,7 @@ public Optional lastTransferError() { } /** * @return (Output) - * Total time taken so far during current transfer. + * Cumulative time taken across all transfers for the replication relationship. * */ public Optional totalTransferDuration() { @@ -115,7 +115,7 @@ public Optional totalTransferDuration() { } /** * @return (Output) - * Number of bytes transferred so far in current transfer. + * Cumulative bytes transferred so far for the replication relationship. * */ public Optional transferBytes() { diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networkconnectivity/RegionalEndpoint.java b/sdk/java/src/main/java/com/pulumi/gcp/networkconnectivity/RegionalEndpoint.java index 8f7bc9a2be..4cf790f732 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/networkconnectivity/RegionalEndpoint.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/networkconnectivity/RegionalEndpoint.java @@ -71,12 +71,12 @@ * var default_ = new RegionalEndpoint("default", RegionalEndpointArgs.builder() * .name("my-rep") * .location("us-central1") - * .targetGoogleApi("boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com") + * .targetGoogleApi("storage.us-central1.p.rep.googleapis.com") * .accessType("REGIONAL") * .address("192.168.0.5") * .network(myNetwork.id()) * .subnetwork(mySubnetwork.id()) - * .description("My RegionalEndpoint targeting Google API boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com") + * .description("My RegionalEndpoint targeting Google API storage.us-central1.p.rep.googleapis.com") * .labels(Map.of("env", "default")) * .build()); * @@ -129,7 +129,7 @@ * var default_ = new RegionalEndpoint("default", RegionalEndpointArgs.builder() * .name("my-rep") * .location("us-central1") - * .targetGoogleApi("boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com") + * .targetGoogleApi("storage.us-central1.p.rep.googleapis.com") * .accessType("GLOBAL") * .address("192.168.0.4") * .network(myNetwork.id()) diff --git a/sdk/java/src/main/java/com/pulumi/gcp/organizations/Project.java b/sdk/java/src/main/java/com/pulumi/gcp/organizations/Project.java index a61e4e301e..5094ed37d1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/organizations/Project.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/organizations/Project.java @@ -172,6 +172,12 @@ public Output> autoCreateNetwork() { public Output> billingAccount() { return Codegen.optional(this.billingAccount); } + @Export(name="deletionPolicy", refs={String.class}, tree="[0]") + private Output deletionPolicy; + + public Output> deletionPolicy() { + return Codegen.optional(this.deletionPolicy); + } /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. * @@ -307,20 +313,26 @@ public Output> pulumiLabels() { return this.pulumiLabels; } /** - * If true, the resource can be deleted - * without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. + * If true, the resource can be deleted without + * deleting the Project via the Google API. `skip_delete` is deprecated and will be + * removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + * can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` + * to a `deletion_policy` value of `ABANDON` for equivalent behavior. * * @deprecated - * skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead. + * skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior. * */ - @Deprecated /* skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead. */ + @Deprecated /* skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior. */ @Export(name="skipDelete", refs={Boolean.class}, tree="[0]") private Output skipDelete; /** - * @return If true, the resource can be deleted - * without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. + * @return If true, the resource can be deleted without + * deleting the Project via the Google API. `skip_delete` is deprecated and will be + * removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + * can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` + * to a `deletion_policy` value of `ABANDON` for equivalent behavior. * */ public Output skipDelete() { diff --git a/sdk/java/src/main/java/com/pulumi/gcp/organizations/ProjectArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/organizations/ProjectArgs.java index 9235b56186..12fc86c626 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/organizations/ProjectArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/organizations/ProjectArgs.java @@ -59,6 +59,13 @@ public Optional> billingAccount() { return Optional.ofNullable(this.billingAccount); } + @Import(name="deletionPolicy") + private @Nullable Output deletionPolicy; + + public Optional> deletionPolicy() { + return Optional.ofNullable(this.deletionPolicy); + } + /** * The numeric ID of the folder this project should be * created under. Only one of `org_id` or `folder_id` may be @@ -157,26 +164,32 @@ public Optional> projectId() { } /** - * If true, the resource can be deleted - * without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. + * If true, the resource can be deleted without + * deleting the Project via the Google API. `skip_delete` is deprecated and will be + * removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + * can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` + * to a `deletion_policy` value of `ABANDON` for equivalent behavior. * * @deprecated - * skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead. + * skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior. * */ - @Deprecated /* skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead. */ + @Deprecated /* skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior. */ @Import(name="skipDelete") private @Nullable Output skipDelete; /** - * @return If true, the resource can be deleted - * without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. + * @return If true, the resource can be deleted without + * deleting the Project via the Google API. `skip_delete` is deprecated and will be + * removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + * can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` + * to a `deletion_policy` value of `ABANDON` for equivalent behavior. * * @deprecated - * skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead. + * skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior. * */ - @Deprecated /* skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead. */ + @Deprecated /* skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior. */ public Optional> skipDelete() { return Optional.ofNullable(this.skipDelete); } @@ -186,6 +199,7 @@ private ProjectArgs() {} private ProjectArgs(ProjectArgs $) { this.autoCreateNetwork = $.autoCreateNetwork; this.billingAccount = $.billingAccount; + this.deletionPolicy = $.deletionPolicy; this.folderId = $.folderId; this.labels = $.labels; this.name = $.name; @@ -266,6 +280,15 @@ public Builder billingAccount(String billingAccount) { return billingAccount(Output.of(billingAccount)); } + public Builder deletionPolicy(@Nullable Output deletionPolicy) { + $.deletionPolicy = deletionPolicy; + return this; + } + + public Builder deletionPolicy(String deletionPolicy) { + return deletionPolicy(Output.of(deletionPolicy)); + } + /** * @param folderId The numeric ID of the folder this project should be * created under. Only one of `org_id` or `folder_id` may be @@ -394,32 +417,38 @@ public Builder projectId(String projectId) { } /** - * @param skipDelete If true, the resource can be deleted - * without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. + * @param skipDelete If true, the resource can be deleted without + * deleting the Project via the Google API. `skip_delete` is deprecated and will be + * removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + * can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` + * to a `deletion_policy` value of `ABANDON` for equivalent behavior. * * @return builder * * @deprecated - * skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead. + * skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior. * */ - @Deprecated /* skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead. */ + @Deprecated /* skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior. */ public Builder skipDelete(@Nullable Output skipDelete) { $.skipDelete = skipDelete; return this; } /** - * @param skipDelete If true, the resource can be deleted - * without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. + * @param skipDelete If true, the resource can be deleted without + * deleting the Project via the Google API. `skip_delete` is deprecated and will be + * removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + * can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` + * to a `deletion_policy` value of `ABANDON` for equivalent behavior. * * @return builder * * @deprecated - * skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead. + * skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior. * */ - @Deprecated /* skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead. */ + @Deprecated /* skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior. */ public Builder skipDelete(Boolean skipDelete) { return skipDelete(Output.of(skipDelete)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/organizations/inputs/ProjectState.java b/sdk/java/src/main/java/com/pulumi/gcp/organizations/inputs/ProjectState.java index 72e7ae5696..1d4a71b95d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/organizations/inputs/ProjectState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/organizations/inputs/ProjectState.java @@ -59,6 +59,13 @@ public Optional> billingAccount() { return Optional.ofNullable(this.billingAccount); } + @Import(name="deletionPolicy") + private @Nullable Output deletionPolicy; + + public Optional> deletionPolicy() { + return Optional.ofNullable(this.deletionPolicy); + } + /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. * @@ -202,26 +209,32 @@ public Optional>> pulumiLabels() { } /** - * If true, the resource can be deleted - * without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. + * If true, the resource can be deleted without + * deleting the Project via the Google API. `skip_delete` is deprecated and will be + * removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + * can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` + * to a `deletion_policy` value of `ABANDON` for equivalent behavior. * * @deprecated - * skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead. + * skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior. * */ - @Deprecated /* skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead. */ + @Deprecated /* skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior. */ @Import(name="skipDelete") private @Nullable Output skipDelete; /** - * @return If true, the resource can be deleted - * without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. + * @return If true, the resource can be deleted without + * deleting the Project via the Google API. `skip_delete` is deprecated and will be + * removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + * can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` + * to a `deletion_policy` value of `ABANDON` for equivalent behavior. * * @deprecated - * skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead. + * skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior. * */ - @Deprecated /* skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead. */ + @Deprecated /* skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior. */ public Optional> skipDelete() { return Optional.ofNullable(this.skipDelete); } @@ -231,6 +244,7 @@ private ProjectState() {} private ProjectState(ProjectState $) { this.autoCreateNetwork = $.autoCreateNetwork; this.billingAccount = $.billingAccount; + this.deletionPolicy = $.deletionPolicy; this.effectiveLabels = $.effectiveLabels; this.folderId = $.folderId; this.labels = $.labels; @@ -314,6 +328,15 @@ public Builder billingAccount(String billingAccount) { return billingAccount(Output.of(billingAccount)); } + public Builder deletionPolicy(@Nullable Output deletionPolicy) { + $.deletionPolicy = deletionPolicy; + return this; + } + + public Builder deletionPolicy(String deletionPolicy) { + return deletionPolicy(Output.of(deletionPolicy)); + } + /** * @param effectiveLabels All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. * @@ -505,32 +528,38 @@ public Builder pulumiLabels(Map pulumiLabels) { } /** - * @param skipDelete If true, the resource can be deleted - * without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. + * @param skipDelete If true, the resource can be deleted without + * deleting the Project via the Google API. `skip_delete` is deprecated and will be + * removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + * can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` + * to a `deletion_policy` value of `ABANDON` for equivalent behavior. * * @return builder * * @deprecated - * skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead. + * skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior. * */ - @Deprecated /* skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead. */ + @Deprecated /* skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior. */ public Builder skipDelete(@Nullable Output skipDelete) { $.skipDelete = skipDelete; return this; } /** - * @param skipDelete If true, the resource can be deleted - * without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. + * @param skipDelete If true, the resource can be deleted without + * deleting the Project via the Google API. `skip_delete` is deprecated and will be + * removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + * can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` + * to a `deletion_policy` value of `ABANDON` for equivalent behavior. * * @return builder * * @deprecated - * skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead. + * skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior. * */ - @Deprecated /* skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead. */ + @Deprecated /* skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior. */ public Builder skipDelete(Boolean skipDelete) { return skipDelete(Output.of(skipDelete)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/organizations/outputs/GetProjectResult.java b/sdk/java/src/main/java/com/pulumi/gcp/organizations/outputs/GetProjectResult.java index c9e30e4d53..0172651f92 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/organizations/outputs/GetProjectResult.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/organizations/outputs/GetProjectResult.java @@ -16,6 +16,7 @@ public final class GetProjectResult { private Boolean autoCreateNetwork; private String billingAccount; + private String deletionPolicy; private Map effectiveLabels; private String folderId; /** @@ -42,6 +43,9 @@ public Boolean autoCreateNetwork() { public String billingAccount() { return this.billingAccount; } + public String deletionPolicy() { + return this.deletionPolicy; + } public Map effectiveLabels() { return this.effectiveLabels; } @@ -92,6 +96,7 @@ public static Builder builder(GetProjectResult defaults) { public static final class Builder { private Boolean autoCreateNetwork; private String billingAccount; + private String deletionPolicy; private Map effectiveLabels; private String folderId; private String id; @@ -107,6 +112,7 @@ public Builder(GetProjectResult defaults) { Objects.requireNonNull(defaults); this.autoCreateNetwork = defaults.autoCreateNetwork; this.billingAccount = defaults.billingAccount; + this.deletionPolicy = defaults.deletionPolicy; this.effectiveLabels = defaults.effectiveLabels; this.folderId = defaults.folderId; this.id = defaults.id; @@ -136,6 +142,14 @@ public Builder billingAccount(String billingAccount) { return this; } @CustomType.Setter + public Builder deletionPolicy(String deletionPolicy) { + if (deletionPolicy == null) { + throw new MissingRequiredPropertyException("GetProjectResult", "deletionPolicy"); + } + this.deletionPolicy = deletionPolicy; + return this; + } + @CustomType.Setter public Builder effectiveLabels(Map effectiveLabels) { if (effectiveLabels == null) { throw new MissingRequiredPropertyException("GetProjectResult", "effectiveLabels"); @@ -217,6 +231,7 @@ public GetProjectResult build() { final var _resultValue = new GetProjectResult(); _resultValue.autoCreateNetwork = autoCreateNetwork; _resultValue.billingAccount = billingAccount; + _resultValue.deletionPolicy = deletionPolicy; _resultValue.effectiveLabels = effectiveLabels; _resultValue.folderId = folderId; _resultValue.id = id; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/SecuritycenterFunctions.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/SecuritycenterFunctions.java index d13697f0dc..3cb80bfe05 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/SecuritycenterFunctions.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/SecuritycenterFunctions.java @@ -10,7 +10,10 @@ import com.pulumi.gcp.Utilities; import com.pulumi.gcp.securitycenter.inputs.GetSourceIamPolicyArgs; import com.pulumi.gcp.securitycenter.inputs.GetSourceIamPolicyPlainArgs; +import com.pulumi.gcp.securitycenter.inputs.GetV2OrganizationSourceIamPolicyArgs; +import com.pulumi.gcp.securitycenter.inputs.GetV2OrganizationSourceIamPolicyPlainArgs; import com.pulumi.gcp.securitycenter.outputs.GetSourceIamPolicyResult; +import com.pulumi.gcp.securitycenter.outputs.GetV2OrganizationSourceIamPolicyResult; import java.util.concurrent.CompletableFuture; public final class SecuritycenterFunctions { @@ -182,4 +185,172 @@ public static Output getSourceIamPolicy(GetSourceIamPo public static CompletableFuture getSourceIamPolicyPlain(GetSourceIamPolicyPlainArgs args, InvokeOptions options) { return Deployment.getInstance().invokeAsync("gcp:securitycenter/getSourceIamPolicy:getSourceIamPolicy", TypeShape.of(GetSourceIamPolicyResult.class), args, Utilities.withVersion(options)); } + /** + * Retrieves the current IAM policy data for organizationsource + * + * ## example + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.gcp.securitycenter.SecuritycenterFunctions;
+     * import com.pulumi.gcp.securitycenter.inputs.GetV2OrganizationSourceIamPolicyArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var policy = SecuritycenterFunctions.getV2OrganizationSourceIamPolicy(GetV2OrganizationSourceIamPolicyArgs.builder()
+     *             .source(customSource.name())
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ + public static Output getV2OrganizationSourceIamPolicy(GetV2OrganizationSourceIamPolicyArgs args) { + return getV2OrganizationSourceIamPolicy(args, InvokeOptions.Empty); + } + /** + * Retrieves the current IAM policy data for organizationsource + * + * ## example + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.gcp.securitycenter.SecuritycenterFunctions;
+     * import com.pulumi.gcp.securitycenter.inputs.GetV2OrganizationSourceIamPolicyArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var policy = SecuritycenterFunctions.getV2OrganizationSourceIamPolicy(GetV2OrganizationSourceIamPolicyArgs.builder()
+     *             .source(customSource.name())
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ + public static CompletableFuture getV2OrganizationSourceIamPolicyPlain(GetV2OrganizationSourceIamPolicyPlainArgs args) { + return getV2OrganizationSourceIamPolicyPlain(args, InvokeOptions.Empty); + } + /** + * Retrieves the current IAM policy data for organizationsource + * + * ## example + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.gcp.securitycenter.SecuritycenterFunctions;
+     * import com.pulumi.gcp.securitycenter.inputs.GetV2OrganizationSourceIamPolicyArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var policy = SecuritycenterFunctions.getV2OrganizationSourceIamPolicy(GetV2OrganizationSourceIamPolicyArgs.builder()
+     *             .source(customSource.name())
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ + public static Output getV2OrganizationSourceIamPolicy(GetV2OrganizationSourceIamPolicyArgs args, InvokeOptions options) { + return Deployment.getInstance().invoke("gcp:securitycenter/getV2OrganizationSourceIamPolicy:getV2OrganizationSourceIamPolicy", TypeShape.of(GetV2OrganizationSourceIamPolicyResult.class), args, Utilities.withVersion(options)); + } + /** + * Retrieves the current IAM policy data for organizationsource + * + * ## example + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.gcp.securitycenter.SecuritycenterFunctions;
+     * import com.pulumi.gcp.securitycenter.inputs.GetV2OrganizationSourceIamPolicyArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var policy = SecuritycenterFunctions.getV2OrganizationSourceIamPolicy(GetV2OrganizationSourceIamPolicyArgs.builder()
+     *             .source(customSource.name())
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ + public static CompletableFuture getV2OrganizationSourceIamPolicyPlain(GetV2OrganizationSourceIamPolicyPlainArgs args, InvokeOptions options) { + return Deployment.getInstance().invokeAsync("gcp:securitycenter/getV2OrganizationSourceIamPolicy:getV2OrganizationSourceIamPolicy", TypeShape.of(GetV2OrganizationSourceIamPolicyResult.class), args, Utilities.withVersion(options)); + } } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2FolderMuteConfig.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2FolderMuteConfig.java new file mode 100644 index 0000000000..437dd8c2c1 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2FolderMuteConfig.java @@ -0,0 +1,323 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.gcp.Utilities; +import com.pulumi.gcp.securitycenter.V2FolderMuteConfigArgs; +import com.pulumi.gcp.securitycenter.inputs.V2FolderMuteConfigState; +import java.lang.String; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * Mute Findings is a volume management feature in Security Command Center + * that lets you manually or programmatically hide irrelevant findings, + * and create filters to automatically silence existing and future + * findings based on criteria you specify. + * + * To get more information about FolderMuteConfig, see: + * + * * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/folders.muteConfigs) + * + * ## Example Usage + * + * ### Scc V2 Folder Mute Config Basic + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.organizations.Folder;
+ * import com.pulumi.gcp.organizations.FolderArgs;
+ * import com.pulumi.gcp.securitycenter.V2FolderMuteConfig;
+ * import com.pulumi.gcp.securitycenter.V2FolderMuteConfigArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         var folder = new Folder("folder", FolderArgs.builder()
+ *             .parent("organizations/123456789")
+ *             .displayName("folder-name")
+ *             .build());
+ * 
+ *         var default_ = new V2FolderMuteConfig("default", V2FolderMuteConfigArgs.builder()
+ *             .muteConfigId("my-config")
+ *             .folder(folder.folderId())
+ *             .location("global")
+ *             .description("My custom Cloud Security Command Center Finding Folder mute Configuration")
+ *             .filter("severity = \"HIGH\"")
+ *             .type("STATIC")
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## Import + * + * FolderMuteConfig can be imported using any of these accepted formats: + * + * * `folders/{{folder}}/locations/{{location}}/muteConfigs/{{mute_config_id}}` + * + * * `{{folder}}/{{location}}/{{mute_config_id}}` + * + * When using the `pulumi import` command, FolderMuteConfig can be imported using one of the formats above. For example: + * + * ```sh + * $ pulumi import gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig default folders/{{folder}}/locations/{{location}}/muteConfigs/{{mute_config_id}} + * ``` + * + * ```sh + * $ pulumi import gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig default {{folder}}/{{location}}/{{mute_config_id}} + * ``` + * + */ +@ResourceType(type="gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig") +public class V2FolderMuteConfig extends com.pulumi.resources.CustomResource { + /** + * The time at which the mute config was created. This field is set by + * the server and will be ignored if provided on config creation. + * + */ + @Export(name="createTime", refs={String.class}, tree="[0]") + private Output createTime; + + /** + * @return The time at which the mute config was created. This field is set by + * the server and will be ignored if provided on config creation. + * + */ + public Output createTime() { + return this.createTime; + } + /** + * A description of the mute config. + * + */ + @Export(name="description", refs={String.class}, tree="[0]") + private Output description; + + /** + * @return A description of the mute config. + * + */ + public Output> description() { + return Codegen.optional(this.description); + } + /** + * An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + * + */ + @Export(name="filter", refs={String.class}, tree="[0]") + private Output filter; + + /** + * @return An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + * + */ + public Output filter() { + return this.filter; + } + /** + * The folder whose Cloud Security Command Center the Mute + * Config lives in. + * + */ + @Export(name="folder", refs={String.class}, tree="[0]") + private Output folder; + + /** + * @return The folder whose Cloud Security Command Center the Mute + * Config lives in. + * + */ + public Output folder() { + return this.folder; + } + /** + * location Id is provided by folder. If not provided, Use global as default. + * + */ + @Export(name="location", refs={String.class}, tree="[0]") + private Output location; + + /** + * @return location Id is provided by folder. If not provided, Use global as default. + * + */ + public Output> location() { + return Codegen.optional(this.location); + } + /** + * Email address of the user who last edited the mute config. This + * field is set by the server and will be ignored if provided on + * config creation or update. + * + */ + @Export(name="mostRecentEditor", refs={String.class}, tree="[0]") + private Output mostRecentEditor; + + /** + * @return Email address of the user who last edited the mute config. This + * field is set by the server and will be ignored if provided on + * config creation or update. + * + */ + public Output mostRecentEditor() { + return this.mostRecentEditor; + } + /** + * Unique identifier provided by the client within the parent scope. + * + * *** + * + */ + @Export(name="muteConfigId", refs={String.class}, tree="[0]") + private Output muteConfigId; + + /** + * @return Unique identifier provided by the client within the parent scope. + * + * *** + * + */ + public Output muteConfigId() { + return this.muteConfigId; + } + /** + * Name of the mute config. Its format is + * organizations/{organization}/locations/global/muteConfigs/{configId}, + * folders/{folder}/locations/global/muteConfigs/{configId}, + * or projects/{project}/locations/global/muteConfigs/{configId} + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return Name of the mute config. Its format is + * organizations/{organization}/locations/global/muteConfigs/{configId}, + * folders/{folder}/locations/global/muteConfigs/{configId}, + * or projects/{project}/locations/global/muteConfigs/{configId} + * + */ + public Output name() { + return this.name; + } + /** + * The type of the mute config. + * + */ + @Export(name="type", refs={String.class}, tree="[0]") + private Output type; + + /** + * @return The type of the mute config. + * + */ + public Output type() { + return this.type; + } + /** + * Output only. The most recent time at which the mute config was + * updated. This field is set by the server and will be ignored if + * provided on config creation or update. + * + */ + @Export(name="updateTime", refs={String.class}, tree="[0]") + private Output updateTime; + + /** + * @return Output only. The most recent time at which the mute config was + * updated. This field is set by the server and will be ignored if + * provided on config creation or update. + * + */ + public Output updateTime() { + return this.updateTime; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public V2FolderMuteConfig(java.lang.String name) { + this(name, V2FolderMuteConfigArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public V2FolderMuteConfig(java.lang.String name, V2FolderMuteConfigArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public V2FolderMuteConfig(java.lang.String name, V2FolderMuteConfigArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false); + } + + private V2FolderMuteConfig(java.lang.String name, Output id, @Nullable V2FolderMuteConfigState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig", name, state, makeResourceOptions(options, id), false); + } + + private static V2FolderMuteConfigArgs makeArgs(V2FolderMuteConfigArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + if (options != null && options.getUrn().isPresent()) { + return null; + } + return args == null ? V2FolderMuteConfigArgs.Empty : args; + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static V2FolderMuteConfig get(java.lang.String name, Output id, @Nullable V2FolderMuteConfigState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new V2FolderMuteConfig(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2FolderMuteConfigArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2FolderMuteConfigArgs.java new file mode 100644 index 0000000000..24589e73f1 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2FolderMuteConfigArgs.java @@ -0,0 +1,309 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class V2FolderMuteConfigArgs extends com.pulumi.resources.ResourceArgs { + + public static final V2FolderMuteConfigArgs Empty = new V2FolderMuteConfigArgs(); + + /** + * A description of the mute config. + * + */ + @Import(name="description") + private @Nullable Output description; + + /** + * @return A description of the mute config. + * + */ + public Optional> description() { + return Optional.ofNullable(this.description); + } + + /** + * An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + * + */ + @Import(name="filter", required=true) + private Output filter; + + /** + * @return An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + * + */ + public Output filter() { + return this.filter; + } + + /** + * The folder whose Cloud Security Command Center the Mute + * Config lives in. + * + */ + @Import(name="folder", required=true) + private Output folder; + + /** + * @return The folder whose Cloud Security Command Center the Mute + * Config lives in. + * + */ + public Output folder() { + return this.folder; + } + + /** + * location Id is provided by folder. If not provided, Use global as default. + * + */ + @Import(name="location") + private @Nullable Output location; + + /** + * @return location Id is provided by folder. If not provided, Use global as default. + * + */ + public Optional> location() { + return Optional.ofNullable(this.location); + } + + /** + * Unique identifier provided by the client within the parent scope. + * + * *** + * + */ + @Import(name="muteConfigId", required=true) + private Output muteConfigId; + + /** + * @return Unique identifier provided by the client within the parent scope. + * + * *** + * + */ + public Output muteConfigId() { + return this.muteConfigId; + } + + /** + * The type of the mute config. + * + */ + @Import(name="type", required=true) + private Output type; + + /** + * @return The type of the mute config. + * + */ + public Output type() { + return this.type; + } + + private V2FolderMuteConfigArgs() {} + + private V2FolderMuteConfigArgs(V2FolderMuteConfigArgs $) { + this.description = $.description; + this.filter = $.filter; + this.folder = $.folder; + this.location = $.location; + this.muteConfigId = $.muteConfigId; + this.type = $.type; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(V2FolderMuteConfigArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private V2FolderMuteConfigArgs $; + + public Builder() { + $ = new V2FolderMuteConfigArgs(); + } + + public Builder(V2FolderMuteConfigArgs defaults) { + $ = new V2FolderMuteConfigArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param description A description of the mute config. + * + * @return builder + * + */ + public Builder description(@Nullable Output description) { + $.description = description; + return this; + } + + /** + * @param description A description of the mute config. + * + * @return builder + * + */ + public Builder description(String description) { + return description(Output.of(description)); + } + + /** + * @param filter An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + * + * @return builder + * + */ + public Builder filter(Output filter) { + $.filter = filter; + return this; + } + + /** + * @param filter An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + * + * @return builder + * + */ + public Builder filter(String filter) { + return filter(Output.of(filter)); + } + + /** + * @param folder The folder whose Cloud Security Command Center the Mute + * Config lives in. + * + * @return builder + * + */ + public Builder folder(Output folder) { + $.folder = folder; + return this; + } + + /** + * @param folder The folder whose Cloud Security Command Center the Mute + * Config lives in. + * + * @return builder + * + */ + public Builder folder(String folder) { + return folder(Output.of(folder)); + } + + /** + * @param location location Id is provided by folder. If not provided, Use global as default. + * + * @return builder + * + */ + public Builder location(@Nullable Output location) { + $.location = location; + return this; + } + + /** + * @param location location Id is provided by folder. If not provided, Use global as default. + * + * @return builder + * + */ + public Builder location(String location) { + return location(Output.of(location)); + } + + /** + * @param muteConfigId Unique identifier provided by the client within the parent scope. + * + * *** + * + * @return builder + * + */ + public Builder muteConfigId(Output muteConfigId) { + $.muteConfigId = muteConfigId; + return this; + } + + /** + * @param muteConfigId Unique identifier provided by the client within the parent scope. + * + * *** + * + * @return builder + * + */ + public Builder muteConfigId(String muteConfigId) { + return muteConfigId(Output.of(muteConfigId)); + } + + /** + * @param type The type of the mute config. + * + * @return builder + * + */ + public Builder type(Output type) { + $.type = type; + return this; + } + + /** + * @param type The type of the mute config. + * + * @return builder + * + */ + public Builder type(String type) { + return type(Output.of(type)); + } + + public V2FolderMuteConfigArgs build() { + if ($.filter == null) { + throw new MissingRequiredPropertyException("V2FolderMuteConfigArgs", "filter"); + } + if ($.folder == null) { + throw new MissingRequiredPropertyException("V2FolderMuteConfigArgs", "folder"); + } + if ($.muteConfigId == null) { + throw new MissingRequiredPropertyException("V2FolderMuteConfigArgs", "muteConfigId"); + } + if ($.type == null) { + throw new MissingRequiredPropertyException("V2FolderMuteConfigArgs", "type"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSource.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSource.java new file mode 100644 index 0000000000..23dc065806 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSource.java @@ -0,0 +1,217 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.gcp.Utilities; +import com.pulumi.gcp.securitycenter.V2OrganizationSourceArgs; +import com.pulumi.gcp.securitycenter.inputs.V2OrganizationSourceState; +import java.lang.String; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * A Cloud Security Command Center's (Cloud SCC) finding source. A finding + * source is an entity or a mechanism that can produce a finding. A source is + * like a container of findings that come from the same scanner, logger, + * monitor, etc. + * + * To get more information about OrganizationSource, see: + * + * * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/organizations.sources) + * * How-to Guides + * * [Official Documentation](https://cloud.google.com/security-command-center/docs) + * + * ## Example Usage + * + * ### Scc Source Basic + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.securitycenter.Source;
+ * import com.pulumi.gcp.securitycenter.SourceArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         var customSource = new Source("customSource", SourceArgs.builder()
+ *             .displayName("My Source")
+ *             .organization("123456789")
+ *             .description("My custom Cloud Security Command Center Finding Source")
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## Import + * + * OrganizationSource can be imported using any of these accepted formats: + * + * * `organizations/{{organization}}/sources/{{name}}` + * + * * `{{organization}}/{{name}}` + * + * When using the `pulumi import` command, OrganizationSource can be imported using one of the formats above. For example: + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSource:V2OrganizationSource default organizations/{{organization}}/sources/{{name}} + * ``` + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSource:V2OrganizationSource default {{organization}}/{{name}} + * ``` + * + */ +@ResourceType(type="gcp:securitycenter/v2OrganizationSource:V2OrganizationSource") +public class V2OrganizationSource extends com.pulumi.resources.CustomResource { + /** + * The description of the source (max of 1024 characters). + * + */ + @Export(name="description", refs={String.class}, tree="[0]") + private Output description; + + /** + * @return The description of the source (max of 1024 characters). + * + */ + public Output> description() { + return Codegen.optional(this.description); + } + /** + * The source’s display name. A source’s display name must be unique + * amongst its siblings, for example, two sources with the same parent + * can't share the same display name. The display name must start and end + * with a letter or digit, may contain letters, digits, spaces, hyphens, + * and underscores, and can be no longer than 32 characters. + * + */ + @Export(name="displayName", refs={String.class}, tree="[0]") + private Output displayName; + + /** + * @return The source’s display name. A source’s display name must be unique + * amongst its siblings, for example, two sources with the same parent + * can't share the same display name. The display name must start and end + * with a letter or digit, may contain letters, digits, spaces, hyphens, + * and underscores, and can be no longer than 32 characters. + * + */ + public Output displayName() { + return this.displayName; + } + /** + * The resource name of this source, in the format + * `organizations/{{organization}}/sources/{{source}}`. + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return The resource name of this source, in the format + * `organizations/{{organization}}/sources/{{source}}`. + * + */ + public Output name() { + return this.name; + } + /** + * The organization whose Cloud Security Command Center the Source + * lives in. + * + * *** + * + */ + @Export(name="organization", refs={String.class}, tree="[0]") + private Output organization; + + /** + * @return The organization whose Cloud Security Command Center the Source + * lives in. + * + * *** + * + */ + public Output organization() { + return this.organization; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public V2OrganizationSource(java.lang.String name) { + this(name, V2OrganizationSourceArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public V2OrganizationSource(java.lang.String name, V2OrganizationSourceArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public V2OrganizationSource(java.lang.String name, V2OrganizationSourceArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:securitycenter/v2OrganizationSource:V2OrganizationSource", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false); + } + + private V2OrganizationSource(java.lang.String name, Output id, @Nullable V2OrganizationSourceState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:securitycenter/v2OrganizationSource:V2OrganizationSource", name, state, makeResourceOptions(options, id), false); + } + + private static V2OrganizationSourceArgs makeArgs(V2OrganizationSourceArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + if (options != null && options.getUrn().isPresent()) { + return null; + } + return args == null ? V2OrganizationSourceArgs.Empty : args; + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static V2OrganizationSource get(java.lang.String name, Output id, @Nullable V2OrganizationSourceState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new V2OrganizationSource(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceArgs.java new file mode 100644 index 0000000000..43b759bf7e --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceArgs.java @@ -0,0 +1,192 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class V2OrganizationSourceArgs extends com.pulumi.resources.ResourceArgs { + + public static final V2OrganizationSourceArgs Empty = new V2OrganizationSourceArgs(); + + /** + * The description of the source (max of 1024 characters). + * + */ + @Import(name="description") + private @Nullable Output description; + + /** + * @return The description of the source (max of 1024 characters). + * + */ + public Optional> description() { + return Optional.ofNullable(this.description); + } + + /** + * The source’s display name. A source’s display name must be unique + * amongst its siblings, for example, two sources with the same parent + * can't share the same display name. The display name must start and end + * with a letter or digit, may contain letters, digits, spaces, hyphens, + * and underscores, and can be no longer than 32 characters. + * + */ + @Import(name="displayName", required=true) + private Output displayName; + + /** + * @return The source’s display name. A source’s display name must be unique + * amongst its siblings, for example, two sources with the same parent + * can't share the same display name. The display name must start and end + * with a letter or digit, may contain letters, digits, spaces, hyphens, + * and underscores, and can be no longer than 32 characters. + * + */ + public Output displayName() { + return this.displayName; + } + + /** + * The organization whose Cloud Security Command Center the Source + * lives in. + * + * *** + * + */ + @Import(name="organization", required=true) + private Output organization; + + /** + * @return The organization whose Cloud Security Command Center the Source + * lives in. + * + * *** + * + */ + public Output organization() { + return this.organization; + } + + private V2OrganizationSourceArgs() {} + + private V2OrganizationSourceArgs(V2OrganizationSourceArgs $) { + this.description = $.description; + this.displayName = $.displayName; + this.organization = $.organization; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(V2OrganizationSourceArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private V2OrganizationSourceArgs $; + + public Builder() { + $ = new V2OrganizationSourceArgs(); + } + + public Builder(V2OrganizationSourceArgs defaults) { + $ = new V2OrganizationSourceArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param description The description of the source (max of 1024 characters). + * + * @return builder + * + */ + public Builder description(@Nullable Output description) { + $.description = description; + return this; + } + + /** + * @param description The description of the source (max of 1024 characters). + * + * @return builder + * + */ + public Builder description(String description) { + return description(Output.of(description)); + } + + /** + * @param displayName The source’s display name. A source’s display name must be unique + * amongst its siblings, for example, two sources with the same parent + * can't share the same display name. The display name must start and end + * with a letter or digit, may contain letters, digits, spaces, hyphens, + * and underscores, and can be no longer than 32 characters. + * + * @return builder + * + */ + public Builder displayName(Output displayName) { + $.displayName = displayName; + return this; + } + + /** + * @param displayName The source’s display name. A source’s display name must be unique + * amongst its siblings, for example, two sources with the same parent + * can't share the same display name. The display name must start and end + * with a letter or digit, may contain letters, digits, spaces, hyphens, + * and underscores, and can be no longer than 32 characters. + * + * @return builder + * + */ + public Builder displayName(String displayName) { + return displayName(Output.of(displayName)); + } + + /** + * @param organization The organization whose Cloud Security Command Center the Source + * lives in. + * + * *** + * + * @return builder + * + */ + public Builder organization(Output organization) { + $.organization = organization; + return this; + } + + /** + * @param organization The organization whose Cloud Security Command Center the Source + * lives in. + * + * *** + * + * @return builder + * + */ + public Builder organization(String organization) { + return organization(Output.of(organization)); + } + + public V2OrganizationSourceArgs build() { + if ($.displayName == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceArgs", "displayName"); + } + if ($.organization == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceArgs", "organization"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceIamBinding.java new file mode 100644 index 0000000000..fc4fbbf66d --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceIamBinding.java @@ -0,0 +1,479 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.gcp.Utilities; +import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs; +import com.pulumi.gcp.securitycenter.inputs.V2OrganizationSourceIamBindingState; +import com.pulumi.gcp.securitycenter.outputs.V2OrganizationSourceIamBindingCondition; +import java.lang.String; +import java.util.List; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * * `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * * `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + * + * ## gcp.securitycenter.V2OrganizationSourceIamPolicy + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.organizations.OrganizationsFunctions;
+ * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
+ *             .bindings(GetIAMPolicyBindingArgs.builder()
+ *                 .role("roles/viewer")
+ *                 .members("user:jane}{@literal @}{@code example.com")
+ *                 .build())
+ *             .build());
+ * 
+ *         var policy = new V2OrganizationSourceIamPolicy("policy", V2OrganizationSourceIamPolicyArgs.builder()
+ *             .source(customSource.name())
+ *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## gcp.securitycenter.V2OrganizationSourceIamBinding + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var binding = new V2OrganizationSourceIamBinding("binding", V2OrganizationSourceIamBindingArgs.builder()
+ *             .source(customSource.name())
+ *             .role("roles/viewer")
+ *             .members("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## gcp.securitycenter.V2OrganizationSourceIamMember + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var member = new V2OrganizationSourceIamMember("member", V2OrganizationSourceIamMemberArgs.builder()
+ *             .source(customSource.name())
+ *             .role("roles/viewer")
+ *             .member("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + * + * full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + * --- + * + * # IAM policy for Security Command Center (SCC)v2 API OrganizationSource + * Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * * `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * * `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + * + * ## gcp.securitycenter.V2OrganizationSourceIamPolicy + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.organizations.OrganizationsFunctions;
+ * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
+ *             .bindings(GetIAMPolicyBindingArgs.builder()
+ *                 .role("roles/viewer")
+ *                 .members("user:jane}{@literal @}{@code example.com")
+ *                 .build())
+ *             .build());
+ * 
+ *         var policy = new V2OrganizationSourceIamPolicy("policy", V2OrganizationSourceIamPolicyArgs.builder()
+ *             .source(customSource.name())
+ *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## gcp.securitycenter.V2OrganizationSourceIamBinding + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var binding = new V2OrganizationSourceIamBinding("binding", V2OrganizationSourceIamBindingArgs.builder()
+ *             .source(customSource.name())
+ *             .role("roles/viewer")
+ *             .members("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## gcp.securitycenter.V2OrganizationSourceIamMember + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var member = new V2OrganizationSourceIamMember("member", V2OrganizationSourceIamMemberArgs.builder()
+ *             .source(customSource.name())
+ *             .role("roles/viewer")
+ *             .member("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## Import + * + * For all import syntaxes, the "resource in question" can take any of the following forms: + * + * * organizations/{{organization}}/sources/{{source}} + * + * * {{organization}}/{{source}} + * + * * {{source}} + * + * Any variables not passed in the import command will be taken from the provider configuration. + * + * Security Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member. + * + * IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor "organizations/{{organization}}/sources/{{source}} roles/viewer user:jane{@literal @}example.com" + * ``` + * + * IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor "organizations/{{organization}}/sources/{{source}} roles/viewer" + * ``` + * + * IAM policy imports use the identifier of the resource in question, e.g. + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor organizations/{{organization}}/sources/{{source}} + * ``` + * + * -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + * + * full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + * + */ +@ResourceType(type="gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding") +public class V2OrganizationSourceIamBinding extends com.pulumi.resources.CustomResource { + @Export(name="condition", refs={V2OrganizationSourceIamBindingCondition.class}, tree="[0]") + private Output condition; + + public Output> condition() { + return Codegen.optional(this.condition); + } + /** + * (Computed) The etag of the IAM policy. + * + */ + @Export(name="etag", refs={String.class}, tree="[0]") + private Output etag; + + /** + * @return (Computed) The etag of the IAM policy. + * + */ + public Output etag() { + return this.etag; + } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; + + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ + public Output> members() { + return this.members; + } + @Export(name="organization", refs={String.class}, tree="[0]") + private Output organization; + + public Output organization() { + return this.organization; + } + /** + * The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + * + */ + @Export(name="role", refs={String.class}, tree="[0]") + private Output role; + + /** + * @return The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + * + */ + public Output role() { + return this.role; + } + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Export(name="source", refs={String.class}, tree="[0]") + private Output source; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ + public Output source() { + return this.source; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public V2OrganizationSourceIamBinding(java.lang.String name) { + this(name, V2OrganizationSourceIamBindingArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public V2OrganizationSourceIamBinding(java.lang.String name, V2OrganizationSourceIamBindingArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public V2OrganizationSourceIamBinding(java.lang.String name, V2OrganizationSourceIamBindingArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false); + } + + private V2OrganizationSourceIamBinding(java.lang.String name, Output id, @Nullable V2OrganizationSourceIamBindingState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding", name, state, makeResourceOptions(options, id), false); + } + + private static V2OrganizationSourceIamBindingArgs makeArgs(V2OrganizationSourceIamBindingArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + if (options != null && options.getUrn().isPresent()) { + return null; + } + return args == null ? V2OrganizationSourceIamBindingArgs.Empty : args; + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static V2OrganizationSourceIamBinding get(java.lang.String name, Output id, @Nullable V2OrganizationSourceIamBindingState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new V2OrganizationSourceIamBinding(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceIamBindingArgs.java new file mode 100644 index 0000000000..076306dcf6 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceIamBindingArgs.java @@ -0,0 +1,274 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import com.pulumi.gcp.securitycenter.inputs.V2OrganizationSourceIamBindingConditionArgs; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class V2OrganizationSourceIamBindingArgs extends com.pulumi.resources.ResourceArgs { + + public static final V2OrganizationSourceIamBindingArgs Empty = new V2OrganizationSourceIamBindingArgs(); + + @Import(name="condition") + private @Nullable Output condition; + + public Optional> condition() { + return Optional.ofNullable(this.condition); + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ + @Import(name="members", required=true) + private Output> members; + + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ + public Output> members() { + return this.members; + } + + @Import(name="organization", required=true) + private Output organization; + + public Output organization() { + return this.organization; + } + + /** + * The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + * + */ + @Import(name="role", required=true) + private Output role; + + /** + * @return The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + * + */ + public Output role() { + return this.role; + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="source", required=true) + private Output source; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ + public Output source() { + return this.source; + } + + private V2OrganizationSourceIamBindingArgs() {} + + private V2OrganizationSourceIamBindingArgs(V2OrganizationSourceIamBindingArgs $) { + this.condition = $.condition; + this.members = $.members; + this.organization = $.organization; + this.role = $.role; + this.source = $.source; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(V2OrganizationSourceIamBindingArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private V2OrganizationSourceIamBindingArgs $; + + public Builder() { + $ = new V2OrganizationSourceIamBindingArgs(); + } + + public Builder(V2OrganizationSourceIamBindingArgs defaults) { + $ = new V2OrganizationSourceIamBindingArgs(Objects.requireNonNull(defaults)); + } + + public Builder condition(@Nullable Output condition) { + $.condition = condition; + return this; + } + + public Builder condition(V2OrganizationSourceIamBindingConditionArgs condition) { + return condition(Output.of(condition)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ + public Builder members(Output> members) { + $.members = members; + return this; + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ + public Builder members(List members) { + return members(Output.of(members)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ + public Builder members(String... members) { + return members(List.of(members)); + } + + public Builder organization(Output organization) { + $.organization = organization; + return this; + } + + public Builder organization(String organization) { + return organization(Output.of(organization)); + } + + /** + * @param role The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + * + * @return builder + * + */ + public Builder role(Output role) { + $.role = role; + return this; + } + + /** + * @param role The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + * + * @return builder + * + */ + public Builder role(String role) { + return role(Output.of(role)); + } + + /** + * @param source Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder source(Output source) { + $.source = source; + return this; + } + + /** + * @param source Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder source(String source) { + return source(Output.of(source)); + } + + public V2OrganizationSourceIamBindingArgs build() { + if ($.members == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceIamBindingArgs", "members"); + } + if ($.organization == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceIamBindingArgs", "organization"); + } + if ($.role == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceIamBindingArgs", "role"); + } + if ($.source == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceIamBindingArgs", "source"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceIamMember.java new file mode 100644 index 0000000000..72107008c5 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceIamMember.java @@ -0,0 +1,478 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.gcp.Utilities; +import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs; +import com.pulumi.gcp.securitycenter.inputs.V2OrganizationSourceIamMemberState; +import com.pulumi.gcp.securitycenter.outputs.V2OrganizationSourceIamMemberCondition; +import java.lang.String; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * * `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * * `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + * + * ## gcp.securitycenter.V2OrganizationSourceIamPolicy + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.organizations.OrganizationsFunctions;
+ * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
+ *             .bindings(GetIAMPolicyBindingArgs.builder()
+ *                 .role("roles/viewer")
+ *                 .members("user:jane}{@literal @}{@code example.com")
+ *                 .build())
+ *             .build());
+ * 
+ *         var policy = new V2OrganizationSourceIamPolicy("policy", V2OrganizationSourceIamPolicyArgs.builder()
+ *             .source(customSource.name())
+ *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## gcp.securitycenter.V2OrganizationSourceIamBinding + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var binding = new V2OrganizationSourceIamBinding("binding", V2OrganizationSourceIamBindingArgs.builder()
+ *             .source(customSource.name())
+ *             .role("roles/viewer")
+ *             .members("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## gcp.securitycenter.V2OrganizationSourceIamMember + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var member = new V2OrganizationSourceIamMember("member", V2OrganizationSourceIamMemberArgs.builder()
+ *             .source(customSource.name())
+ *             .role("roles/viewer")
+ *             .member("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + * + * full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + * --- + * + * # IAM policy for Security Command Center (SCC)v2 API OrganizationSource + * Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * * `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * * `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + * + * ## gcp.securitycenter.V2OrganizationSourceIamPolicy + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.organizations.OrganizationsFunctions;
+ * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
+ *             .bindings(GetIAMPolicyBindingArgs.builder()
+ *                 .role("roles/viewer")
+ *                 .members("user:jane}{@literal @}{@code example.com")
+ *                 .build())
+ *             .build());
+ * 
+ *         var policy = new V2OrganizationSourceIamPolicy("policy", V2OrganizationSourceIamPolicyArgs.builder()
+ *             .source(customSource.name())
+ *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## gcp.securitycenter.V2OrganizationSourceIamBinding + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var binding = new V2OrganizationSourceIamBinding("binding", V2OrganizationSourceIamBindingArgs.builder()
+ *             .source(customSource.name())
+ *             .role("roles/viewer")
+ *             .members("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## gcp.securitycenter.V2OrganizationSourceIamMember + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var member = new V2OrganizationSourceIamMember("member", V2OrganizationSourceIamMemberArgs.builder()
+ *             .source(customSource.name())
+ *             .role("roles/viewer")
+ *             .member("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## Import + * + * For all import syntaxes, the "resource in question" can take any of the following forms: + * + * * organizations/{{organization}}/sources/{{source}} + * + * * {{organization}}/{{source}} + * + * * {{source}} + * + * Any variables not passed in the import command will be taken from the provider configuration. + * + * Security Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member. + * + * IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor "organizations/{{organization}}/sources/{{source}} roles/viewer user:jane{@literal @}example.com" + * ``` + * + * IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor "organizations/{{organization}}/sources/{{source}} roles/viewer" + * ``` + * + * IAM policy imports use the identifier of the resource in question, e.g. + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor organizations/{{organization}}/sources/{{source}} + * ``` + * + * -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + * + * full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + * + */ +@ResourceType(type="gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember") +public class V2OrganizationSourceIamMember extends com.pulumi.resources.CustomResource { + @Export(name="condition", refs={V2OrganizationSourceIamMemberCondition.class}, tree="[0]") + private Output condition; + + public Output> condition() { + return Codegen.optional(this.condition); + } + /** + * (Computed) The etag of the IAM policy. + * + */ + @Export(name="etag", refs={String.class}, tree="[0]") + private Output etag; + + /** + * @return (Computed) The etag of the IAM policy. + * + */ + public Output etag() { + return this.etag; + } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; + + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ + public Output member() { + return this.member; + } + @Export(name="organization", refs={String.class}, tree="[0]") + private Output organization; + + public Output organization() { + return this.organization; + } + /** + * The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + * + */ + @Export(name="role", refs={String.class}, tree="[0]") + private Output role; + + /** + * @return The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + * + */ + public Output role() { + return this.role; + } + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Export(name="source", refs={String.class}, tree="[0]") + private Output source; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ + public Output source() { + return this.source; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public V2OrganizationSourceIamMember(java.lang.String name) { + this(name, V2OrganizationSourceIamMemberArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public V2OrganizationSourceIamMember(java.lang.String name, V2OrganizationSourceIamMemberArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public V2OrganizationSourceIamMember(java.lang.String name, V2OrganizationSourceIamMemberArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false); + } + + private V2OrganizationSourceIamMember(java.lang.String name, Output id, @Nullable V2OrganizationSourceIamMemberState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember", name, state, makeResourceOptions(options, id), false); + } + + private static V2OrganizationSourceIamMemberArgs makeArgs(V2OrganizationSourceIamMemberArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + if (options != null && options.getUrn().isPresent()) { + return null; + } + return args == null ? V2OrganizationSourceIamMemberArgs.Empty : args; + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static V2OrganizationSourceIamMember get(java.lang.String name, Output id, @Nullable V2OrganizationSourceIamMemberState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new V2OrganizationSourceIamMember(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceIamMemberArgs.java new file mode 100644 index 0000000000..3fc021a883 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceIamMemberArgs.java @@ -0,0 +1,253 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import com.pulumi.gcp.securitycenter.inputs.V2OrganizationSourceIamMemberConditionArgs; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class V2OrganizationSourceIamMemberArgs extends com.pulumi.resources.ResourceArgs { + + public static final V2OrganizationSourceIamMemberArgs Empty = new V2OrganizationSourceIamMemberArgs(); + + @Import(name="condition") + private @Nullable Output condition; + + public Optional> condition() { + return Optional.ofNullable(this.condition); + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ + @Import(name="member", required=true) + private Output member; + + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ + public Output member() { + return this.member; + } + + @Import(name="organization", required=true) + private Output organization; + + public Output organization() { + return this.organization; + } + + /** + * The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + * + */ + @Import(name="role", required=true) + private Output role; + + /** + * @return The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + * + */ + public Output role() { + return this.role; + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="source", required=true) + private Output source; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ + public Output source() { + return this.source; + } + + private V2OrganizationSourceIamMemberArgs() {} + + private V2OrganizationSourceIamMemberArgs(V2OrganizationSourceIamMemberArgs $) { + this.condition = $.condition; + this.member = $.member; + this.organization = $.organization; + this.role = $.role; + this.source = $.source; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(V2OrganizationSourceIamMemberArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private V2OrganizationSourceIamMemberArgs $; + + public Builder() { + $ = new V2OrganizationSourceIamMemberArgs(); + } + + public Builder(V2OrganizationSourceIamMemberArgs defaults) { + $ = new V2OrganizationSourceIamMemberArgs(Objects.requireNonNull(defaults)); + } + + public Builder condition(@Nullable Output condition) { + $.condition = condition; + return this; + } + + public Builder condition(V2OrganizationSourceIamMemberConditionArgs condition) { + return condition(Output.of(condition)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ + public Builder member(Output member) { + $.member = member; + return this; + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ + public Builder member(String member) { + return member(Output.of(member)); + } + + public Builder organization(Output organization) { + $.organization = organization; + return this; + } + + public Builder organization(String organization) { + return organization(Output.of(organization)); + } + + /** + * @param role The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + * + * @return builder + * + */ + public Builder role(Output role) { + $.role = role; + return this; + } + + /** + * @param role The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + * + * @return builder + * + */ + public Builder role(String role) { + return role(Output.of(role)); + } + + /** + * @param source Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder source(Output source) { + $.source = source; + return this; + } + + /** + * @param source Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder source(String source) { + return source(Output.of(source)); + } + + public V2OrganizationSourceIamMemberArgs build() { + if ($.member == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceIamMemberArgs", "member"); + } + if ($.organization == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceIamMemberArgs", "organization"); + } + if ($.role == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceIamMemberArgs", "role"); + } + if ($.source == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceIamMemberArgs", "source"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceIamPolicy.java new file mode 100644 index 0000000000..9fee8907cb --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceIamPolicy.java @@ -0,0 +1,434 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.gcp.Utilities; +import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs; +import com.pulumi.gcp.securitycenter.inputs.V2OrganizationSourceIamPolicyState; +import java.lang.String; +import javax.annotation.Nullable; + +/** + * Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * * `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * * `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + * + * ## gcp.securitycenter.V2OrganizationSourceIamPolicy + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.organizations.OrganizationsFunctions;
+ * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
+ *             .bindings(GetIAMPolicyBindingArgs.builder()
+ *                 .role("roles/viewer")
+ *                 .members("user:jane}{@literal @}{@code example.com")
+ *                 .build())
+ *             .build());
+ * 
+ *         var policy = new V2OrganizationSourceIamPolicy("policy", V2OrganizationSourceIamPolicyArgs.builder()
+ *             .source(customSource.name())
+ *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## gcp.securitycenter.V2OrganizationSourceIamBinding + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var binding = new V2OrganizationSourceIamBinding("binding", V2OrganizationSourceIamBindingArgs.builder()
+ *             .source(customSource.name())
+ *             .role("roles/viewer")
+ *             .members("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## gcp.securitycenter.V2OrganizationSourceIamMember + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var member = new V2OrganizationSourceIamMember("member", V2OrganizationSourceIamMemberArgs.builder()
+ *             .source(customSource.name())
+ *             .role("roles/viewer")
+ *             .member("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + * + * full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + * --- + * + * # IAM policy for Security Command Center (SCC)v2 API OrganizationSource + * Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * * `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * * `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + * + * ## gcp.securitycenter.V2OrganizationSourceIamPolicy + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.organizations.OrganizationsFunctions;
+ * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicy;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamPolicyArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
+ *             .bindings(GetIAMPolicyBindingArgs.builder()
+ *                 .role("roles/viewer")
+ *                 .members("user:jane}{@literal @}{@code example.com")
+ *                 .build())
+ *             .build());
+ * 
+ *         var policy = new V2OrganizationSourceIamPolicy("policy", V2OrganizationSourceIamPolicyArgs.builder()
+ *             .source(customSource.name())
+ *             .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## gcp.securitycenter.V2OrganizationSourceIamBinding + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBinding;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamBindingArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var binding = new V2OrganizationSourceIamBinding("binding", V2OrganizationSourceIamBindingArgs.builder()
+ *             .source(customSource.name())
+ *             .role("roles/viewer")
+ *             .members("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## gcp.securitycenter.V2OrganizationSourceIamMember + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMember;
+ * import com.pulumi.gcp.securitycenter.V2OrganizationSourceIamMemberArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App }{{@code
+ *     public static void main(String[] args) }{{@code
+ *         Pulumi.run(App::stack);
+ *     }}{@code
+ * 
+ *     public static void stack(Context ctx) }{{@code
+ *         var member = new V2OrganizationSourceIamMember("member", V2OrganizationSourceIamMemberArgs.builder()
+ *             .source(customSource.name())
+ *             .role("roles/viewer")
+ *             .member("user:jane}{@literal @}{@code example.com")
+ *             .build());
+ * 
+ *     }}{@code
+ * }}{@code
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## Import + * + * For all import syntaxes, the "resource in question" can take any of the following forms: + * + * * organizations/{{organization}}/sources/{{source}} + * + * * {{organization}}/{{source}} + * + * * {{source}} + * + * Any variables not passed in the import command will be taken from the provider configuration. + * + * Security Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member. + * + * IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor "organizations/{{organization}}/sources/{{source}} roles/viewer user:jane{@literal @}example.com" + * ``` + * + * IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor "organizations/{{organization}}/sources/{{source}} roles/viewer" + * ``` + * + * IAM policy imports use the identifier of the resource in question, e.g. + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor organizations/{{organization}}/sources/{{source}} + * ``` + * + * -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + * + * full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + * + */ +@ResourceType(type="gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy") +public class V2OrganizationSourceIamPolicy extends com.pulumi.resources.CustomResource { + /** + * (Computed) The etag of the IAM policy. + * + */ + @Export(name="etag", refs={String.class}, tree="[0]") + private Output etag; + + /** + * @return (Computed) The etag of the IAM policy. + * + */ + public Output etag() { + return this.etag; + } + @Export(name="organization", refs={String.class}, tree="[0]") + private Output organization; + + public Output organization() { + return this.organization; + } + /** + * The policy data generated by + * a `gcp.organizations.getIAMPolicy` data source. + * + */ + @Export(name="policyData", refs={String.class}, tree="[0]") + private Output policyData; + + /** + * @return The policy data generated by + * a `gcp.organizations.getIAMPolicy` data source. + * + */ + public Output policyData() { + return this.policyData; + } + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Export(name="source", refs={String.class}, tree="[0]") + private Output source; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ + public Output source() { + return this.source; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public V2OrganizationSourceIamPolicy(java.lang.String name) { + this(name, V2OrganizationSourceIamPolicyArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public V2OrganizationSourceIamPolicy(java.lang.String name, V2OrganizationSourceIamPolicyArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public V2OrganizationSourceIamPolicy(java.lang.String name, V2OrganizationSourceIamPolicyArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false); + } + + private V2OrganizationSourceIamPolicy(java.lang.String name, Output id, @Nullable V2OrganizationSourceIamPolicyState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy", name, state, makeResourceOptions(options, id), false); + } + + private static V2OrganizationSourceIamPolicyArgs makeArgs(V2OrganizationSourceIamPolicyArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + if (options != null && options.getUrn().isPresent()) { + return null; + } + return args == null ? V2OrganizationSourceIamPolicyArgs.Empty : args; + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static V2OrganizationSourceIamPolicy get(java.lang.String name, Output id, @Nullable V2OrganizationSourceIamPolicyState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new V2OrganizationSourceIamPolicy(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceIamPolicyArgs.java new file mode 100644 index 0000000000..76b7c3288d --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2OrganizationSourceIamPolicyArgs.java @@ -0,0 +1,149 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; + + +public final class V2OrganizationSourceIamPolicyArgs extends com.pulumi.resources.ResourceArgs { + + public static final V2OrganizationSourceIamPolicyArgs Empty = new V2OrganizationSourceIamPolicyArgs(); + + @Import(name="organization", required=true) + private Output organization; + + public Output organization() { + return this.organization; + } + + /** + * The policy data generated by + * a `gcp.organizations.getIAMPolicy` data source. + * + */ + @Import(name="policyData", required=true) + private Output policyData; + + /** + * @return The policy data generated by + * a `gcp.organizations.getIAMPolicy` data source. + * + */ + public Output policyData() { + return this.policyData; + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="source", required=true) + private Output source; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ + public Output source() { + return this.source; + } + + private V2OrganizationSourceIamPolicyArgs() {} + + private V2OrganizationSourceIamPolicyArgs(V2OrganizationSourceIamPolicyArgs $) { + this.organization = $.organization; + this.policyData = $.policyData; + this.source = $.source; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(V2OrganizationSourceIamPolicyArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private V2OrganizationSourceIamPolicyArgs $; + + public Builder() { + $ = new V2OrganizationSourceIamPolicyArgs(); + } + + public Builder(V2OrganizationSourceIamPolicyArgs defaults) { + $ = new V2OrganizationSourceIamPolicyArgs(Objects.requireNonNull(defaults)); + } + + public Builder organization(Output organization) { + $.organization = organization; + return this; + } + + public Builder organization(String organization) { + return organization(Output.of(organization)); + } + + /** + * @param policyData The policy data generated by + * a `gcp.organizations.getIAMPolicy` data source. + * + * @return builder + * + */ + public Builder policyData(Output policyData) { + $.policyData = policyData; + return this; + } + + /** + * @param policyData The policy data generated by + * a `gcp.organizations.getIAMPolicy` data source. + * + * @return builder + * + */ + public Builder policyData(String policyData) { + return policyData(Output.of(policyData)); + } + + /** + * @param source Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder source(Output source) { + $.source = source; + return this; + } + + /** + * @param source Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder source(String source) { + return source(Output.of(source)); + } + + public V2OrganizationSourceIamPolicyArgs build() { + if ($.organization == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceIamPolicyArgs", "organization"); + } + if ($.policyData == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceIamPolicyArgs", "policyData"); + } + if ($.source == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceIamPolicyArgs", "source"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2ProjectMuteConfig.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2ProjectMuteConfig.java new file mode 100644 index 0000000000..80924f634a --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2ProjectMuteConfig.java @@ -0,0 +1,322 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.gcp.Utilities; +import com.pulumi.gcp.securitycenter.V2ProjectMuteConfigArgs; +import com.pulumi.gcp.securitycenter.inputs.V2ProjectMuteConfigState; +import java.lang.String; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * Mute Findings is a volume management feature in Security Command Center + * that lets you manually or programmatically hide irrelevant findings, + * and create filters to automatically silence existing and future + * findings based on criteria you specify. + * + * To get more information about ProjectMuteConfig, see: + * + * * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/projects.muteConfigs) + * + * ## Example Usage + * + * ### Scc V2 Project Mute Config Basic + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.securitycenter.V2ProjectMuteConfig;
+ * import com.pulumi.gcp.securitycenter.V2ProjectMuteConfigArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         var default_ = new V2ProjectMuteConfig("default", V2ProjectMuteConfigArgs.builder()
+ *             .muteConfigId("my-config")
+ *             .project("")
+ *             .location("global")
+ *             .description("My custom Cloud Security Command Center Finding Project mute Configuration")
+ *             .filter("severity = \"HIGH\"")
+ *             .type("STATIC")
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## Import + * + * ProjectMuteConfig can be imported using any of these accepted formats: + * + * * `projects/{{project}}/locations/{{location}}/muteConfigs/{{mute_config_id}}` + * + * * `{{project}}/{{location}}/{{mute_config_id}}` + * + * * `{{location}}/{{mute_config_id}}` + * + * When using the `pulumi import` command, ProjectMuteConfig can be imported using one of the formats above. For example: + * + * ```sh + * $ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default projects/{{project}}/locations/{{location}}/muteConfigs/{{mute_config_id}} + * ``` + * + * ```sh + * $ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default {{project}}/{{location}}/{{mute_config_id}} + * ``` + * + * ```sh + * $ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default {{location}}/{{mute_config_id}} + * ``` + * + */ +@ResourceType(type="gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig") +public class V2ProjectMuteConfig extends com.pulumi.resources.CustomResource { + /** + * The time at which the mute config was created. This field is set by + * the server and will be ignored if provided on config creation. + * + */ + @Export(name="createTime", refs={String.class}, tree="[0]") + private Output createTime; + + /** + * @return The time at which the mute config was created. This field is set by + * the server and will be ignored if provided on config creation. + * + */ + public Output createTime() { + return this.createTime; + } + /** + * A description of the mute config. + * + */ + @Export(name="description", refs={String.class}, tree="[0]") + private Output description; + + /** + * @return A description of the mute config. + * + */ + public Output> description() { + return Codegen.optional(this.description); + } + /** + * An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + * + */ + @Export(name="filter", refs={String.class}, tree="[0]") + private Output filter; + + /** + * @return An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + * + */ + public Output filter() { + return this.filter; + } + /** + * location Id is provided by project. If not provided, Use global as default. + * + */ + @Export(name="location", refs={String.class}, tree="[0]") + private Output location; + + /** + * @return location Id is provided by project. If not provided, Use global as default. + * + */ + public Output> location() { + return Codegen.optional(this.location); + } + /** + * Email address of the user who last edited the mute config. This + * field is set by the server and will be ignored if provided on + * config creation or update. + * + */ + @Export(name="mostRecentEditor", refs={String.class}, tree="[0]") + private Output mostRecentEditor; + + /** + * @return Email address of the user who last edited the mute config. This + * field is set by the server and will be ignored if provided on + * config creation or update. + * + */ + public Output mostRecentEditor() { + return this.mostRecentEditor; + } + /** + * Unique identifier provided by the client within the parent scope. + * + * *** + * + */ + @Export(name="muteConfigId", refs={String.class}, tree="[0]") + private Output muteConfigId; + + /** + * @return Unique identifier provided by the client within the parent scope. + * + * *** + * + */ + public Output muteConfigId() { + return this.muteConfigId; + } + /** + * Name of the mute config. Its format is + * projects/{project}/locations/global/muteConfigs/{configId}, + * folders/{folder}/locations/global/muteConfigs/{configId}, + * or organizations/{organization}/locations/global/muteConfigs/{configId} + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return Name of the mute config. Its format is + * projects/{project}/locations/global/muteConfigs/{configId}, + * folders/{folder}/locations/global/muteConfigs/{configId}, + * or organizations/{organization}/locations/global/muteConfigs/{configId} + * + */ + public Output name() { + return this.name; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + public Output project() { + return this.project; + } + /** + * The type of the mute config. + * + */ + @Export(name="type", refs={String.class}, tree="[0]") + private Output type; + + /** + * @return The type of the mute config. + * + */ + public Output type() { + return this.type; + } + /** + * Output only. The most recent time at which the mute config was + * updated. This field is set by the server and will be ignored if + * provided on config creation or update. + * + */ + @Export(name="updateTime", refs={String.class}, tree="[0]") + private Output updateTime; + + /** + * @return Output only. The most recent time at which the mute config was + * updated. This field is set by the server and will be ignored if + * provided on config creation or update. + * + */ + public Output updateTime() { + return this.updateTime; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public V2ProjectMuteConfig(java.lang.String name) { + this(name, V2ProjectMuteConfigArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public V2ProjectMuteConfig(java.lang.String name, V2ProjectMuteConfigArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public V2ProjectMuteConfig(java.lang.String name, V2ProjectMuteConfigArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false); + } + + private V2ProjectMuteConfig(java.lang.String name, Output id, @Nullable V2ProjectMuteConfigState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig", name, state, makeResourceOptions(options, id), false); + } + + private static V2ProjectMuteConfigArgs makeArgs(V2ProjectMuteConfigArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + if (options != null && options.getUrn().isPresent()) { + return null; + } + return args == null ? V2ProjectMuteConfigArgs.Empty : args; + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static V2ProjectMuteConfig get(java.lang.String name, Output id, @Nullable V2ProjectMuteConfigState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new V2ProjectMuteConfig(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2ProjectMuteConfigArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2ProjectMuteConfigArgs.java new file mode 100644 index 0000000000..7420dd5f5e --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2ProjectMuteConfigArgs.java @@ -0,0 +1,306 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class V2ProjectMuteConfigArgs extends com.pulumi.resources.ResourceArgs { + + public static final V2ProjectMuteConfigArgs Empty = new V2ProjectMuteConfigArgs(); + + /** + * A description of the mute config. + * + */ + @Import(name="description") + private @Nullable Output description; + + /** + * @return A description of the mute config. + * + */ + public Optional> description() { + return Optional.ofNullable(this.description); + } + + /** + * An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + * + */ + @Import(name="filter", required=true) + private Output filter; + + /** + * @return An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + * + */ + public Output filter() { + return this.filter; + } + + /** + * location Id is provided by project. If not provided, Use global as default. + * + */ + @Import(name="location") + private @Nullable Output location; + + /** + * @return location Id is provided by project. If not provided, Use global as default. + * + */ + public Optional> location() { + return Optional.ofNullable(this.location); + } + + /** + * Unique identifier provided by the client within the parent scope. + * + * *** + * + */ + @Import(name="muteConfigId", required=true) + private Output muteConfigId; + + /** + * @return Unique identifier provided by the client within the parent scope. + * + * *** + * + */ + public Output muteConfigId() { + return this.muteConfigId; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + public Optional> project() { + return Optional.ofNullable(this.project); + } + + /** + * The type of the mute config. + * + */ + @Import(name="type", required=true) + private Output type; + + /** + * @return The type of the mute config. + * + */ + public Output type() { + return this.type; + } + + private V2ProjectMuteConfigArgs() {} + + private V2ProjectMuteConfigArgs(V2ProjectMuteConfigArgs $) { + this.description = $.description; + this.filter = $.filter; + this.location = $.location; + this.muteConfigId = $.muteConfigId; + this.project = $.project; + this.type = $.type; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(V2ProjectMuteConfigArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private V2ProjectMuteConfigArgs $; + + public Builder() { + $ = new V2ProjectMuteConfigArgs(); + } + + public Builder(V2ProjectMuteConfigArgs defaults) { + $ = new V2ProjectMuteConfigArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param description A description of the mute config. + * + * @return builder + * + */ + public Builder description(@Nullable Output description) { + $.description = description; + return this; + } + + /** + * @param description A description of the mute config. + * + * @return builder + * + */ + public Builder description(String description) { + return description(Output.of(description)); + } + + /** + * @param filter An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + * + * @return builder + * + */ + public Builder filter(Output filter) { + $.filter = filter; + return this; + } + + /** + * @param filter An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + * + * @return builder + * + */ + public Builder filter(String filter) { + return filter(Output.of(filter)); + } + + /** + * @param location location Id is provided by project. If not provided, Use global as default. + * + * @return builder + * + */ + public Builder location(@Nullable Output location) { + $.location = location; + return this; + } + + /** + * @param location location Id is provided by project. If not provided, Use global as default. + * + * @return builder + * + */ + public Builder location(String location) { + return location(Output.of(location)); + } + + /** + * @param muteConfigId Unique identifier provided by the client within the parent scope. + * + * *** + * + * @return builder + * + */ + public Builder muteConfigId(Output muteConfigId) { + $.muteConfigId = muteConfigId; + return this; + } + + /** + * @param muteConfigId Unique identifier provided by the client within the parent scope. + * + * *** + * + * @return builder + * + */ + public Builder muteConfigId(String muteConfigId) { + return muteConfigId(Output.of(muteConfigId)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + * @return builder + * + */ + public Builder project(String project) { + return project(Output.of(project)); + } + + /** + * @param type The type of the mute config. + * + * @return builder + * + */ + public Builder type(Output type) { + $.type = type; + return this; + } + + /** + * @param type The type of the mute config. + * + * @return builder + * + */ + public Builder type(String type) { + return type(Output.of(type)); + } + + public V2ProjectMuteConfigArgs build() { + if ($.filter == null) { + throw new MissingRequiredPropertyException("V2ProjectMuteConfigArgs", "filter"); + } + if ($.muteConfigId == null) { + throw new MissingRequiredPropertyException("V2ProjectMuteConfigArgs", "muteConfigId"); + } + if ($.type == null) { + throw new MissingRequiredPropertyException("V2ProjectMuteConfigArgs", "type"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2ProjectNotificationConfig.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2ProjectNotificationConfig.java new file mode 100644 index 0000000000..47263e1dd3 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2ProjectNotificationConfig.java @@ -0,0 +1,277 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.gcp.Utilities; +import com.pulumi.gcp.securitycenter.V2ProjectNotificationConfigArgs; +import com.pulumi.gcp.securitycenter.inputs.V2ProjectNotificationConfigState; +import com.pulumi.gcp.securitycenter.outputs.V2ProjectNotificationConfigStreamingConfig; +import java.lang.String; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * A Cloud Security Command Center (Cloud SCC) notification configs. A + * notification config is a Cloud SCC resource that contains the + * configuration to send notifications for create/update events of + * findings, assets and etc. + * > **Note:** In order to use Cloud SCC resources, your organization must be enrolled + * in [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center). + * Without doing so, you may run into errors during resource creation. + * + * To get more information about ProjectNotificationConfig, see: + * + * * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/projects.locations.notificationConfigs) + * * How-to Guides + * * [Official Documentation](https://cloud.google.com/security-command-center/docs) + * + * ## Example Usage + * + * ### Scc V2 Project Notification Config Basic + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.pubsub.Topic;
+ * import com.pulumi.gcp.pubsub.TopicArgs;
+ * import com.pulumi.gcp.securitycenter.V2ProjectNotificationConfig;
+ * import com.pulumi.gcp.securitycenter.V2ProjectNotificationConfigArgs;
+ * import com.pulumi.gcp.securitycenter.inputs.V2ProjectNotificationConfigStreamingConfigArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         var sccV2ProjectNotification = new Topic("sccV2ProjectNotification", TopicArgs.builder()
+ *             .name("my-topic")
+ *             .build());
+ * 
+ *         var customNotificationConfig = new V2ProjectNotificationConfig("customNotificationConfig", V2ProjectNotificationConfigArgs.builder()
+ *             .configId("my-config")
+ *             .project("my-project-name")
+ *             .location("global")
+ *             .description("My custom Cloud Security Command Center Finding Notification Configuration")
+ *             .pubsubTopic(sccV2ProjectNotification.id())
+ *             .streamingConfig(V2ProjectNotificationConfigStreamingConfigArgs.builder()
+ *                 .filter("category = \"OPEN_FIREWALL\" AND state = \"ACTIVE\"")
+ *                 .build())
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## Import + * + * ProjectNotificationConfig can be imported using any of these accepted formats: + * + * * `projects/{{project}}/locations/{{location}}/notificationConfigs/{{config_id}}` + * + * * `{{project}}/{{location}}/{{config_id}}` + * + * * `{{location}}/{{config_id}}` + * + * When using the `pulumi import` command, ProjectNotificationConfig can be imported using one of the formats above. For example: + * + * ```sh + * $ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default projects/{{project}}/locations/{{location}}/notificationConfigs/{{config_id}} + * ``` + * + * ```sh + * $ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default {{project}}/{{location}}/{{config_id}} + * ``` + * + * ```sh + * $ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default {{location}}/{{config_id}} + * ``` + * + */ +@ResourceType(type="gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig") +public class V2ProjectNotificationConfig extends com.pulumi.resources.CustomResource { + /** + * This must be unique within the project. + * + */ + @Export(name="configId", refs={String.class}, tree="[0]") + private Output configId; + + /** + * @return This must be unique within the project. + * + */ + public Output configId() { + return this.configId; + } + /** + * The description of the notification config (max of 1024 characters). + * + */ + @Export(name="description", refs={String.class}, tree="[0]") + private Output description; + + /** + * @return The description of the notification config (max of 1024 characters). + * + */ + public Output> description() { + return Codegen.optional(this.description); + } + /** + * Location ID of the parent organization. Only global is supported at the moment. + * + */ + @Export(name="location", refs={String.class}, tree="[0]") + private Output location; + + /** + * @return Location ID of the parent organization. Only global is supported at the moment. + * + */ + public Output> location() { + return Codegen.optional(this.location); + } + /** + * The resource name of this notification config, in the format + * `projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}`. + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return The resource name of this notification config, in the format + * `projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}`. + * + */ + public Output name() { + return this.name; + } + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + public Output project() { + return this.project; + } + /** + * The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". + * + */ + @Export(name="pubsubTopic", refs={String.class}, tree="[0]") + private Output pubsubTopic; + + /** + * @return The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". + * + */ + public Output> pubsubTopic() { + return Codegen.optional(this.pubsubTopic); + } + /** + * The service account that needs "pubsub.topics.publish" permission to + * publish to the Pub/Sub topic. + * + */ + @Export(name="serviceAccount", refs={String.class}, tree="[0]") + private Output serviceAccount; + + /** + * @return The service account that needs "pubsub.topics.publish" permission to + * publish to the Pub/Sub topic. + * + */ + public Output serviceAccount() { + return this.serviceAccount; + } + /** + * The config for triggering streaming-based notifications. + * Structure is documented below. + * + */ + @Export(name="streamingConfig", refs={V2ProjectNotificationConfigStreamingConfig.class}, tree="[0]") + private Output streamingConfig; + + /** + * @return The config for triggering streaming-based notifications. + * Structure is documented below. + * + */ + public Output streamingConfig() { + return this.streamingConfig; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public V2ProjectNotificationConfig(java.lang.String name) { + this(name, V2ProjectNotificationConfigArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public V2ProjectNotificationConfig(java.lang.String name, V2ProjectNotificationConfigArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public V2ProjectNotificationConfig(java.lang.String name, V2ProjectNotificationConfigArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false); + } + + private V2ProjectNotificationConfig(java.lang.String name, Output id, @Nullable V2ProjectNotificationConfigState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig", name, state, makeResourceOptions(options, id), false); + } + + private static V2ProjectNotificationConfigArgs makeArgs(V2ProjectNotificationConfigArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + if (options != null && options.getUrn().isPresent()) { + return null; + } + return args == null ? V2ProjectNotificationConfigArgs.Empty : args; + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static V2ProjectNotificationConfig get(java.lang.String name, Output id, @Nullable V2ProjectNotificationConfigState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new V2ProjectNotificationConfig(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2ProjectNotificationConfigArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2ProjectNotificationConfigArgs.java new file mode 100644 index 0000000000..ddd4dbf1ca --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/V2ProjectNotificationConfigArgs.java @@ -0,0 +1,260 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import com.pulumi.gcp.securitycenter.inputs.V2ProjectNotificationConfigStreamingConfigArgs; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class V2ProjectNotificationConfigArgs extends com.pulumi.resources.ResourceArgs { + + public static final V2ProjectNotificationConfigArgs Empty = new V2ProjectNotificationConfigArgs(); + + /** + * This must be unique within the project. + * + */ + @Import(name="configId", required=true) + private Output configId; + + /** + * @return This must be unique within the project. + * + */ + public Output configId() { + return this.configId; + } + + /** + * The description of the notification config (max of 1024 characters). + * + */ + @Import(name="description") + private @Nullable Output description; + + /** + * @return The description of the notification config (max of 1024 characters). + * + */ + public Optional> description() { + return Optional.ofNullable(this.description); + } + + /** + * Location ID of the parent organization. Only global is supported at the moment. + * + */ + @Import(name="location") + private @Nullable Output location; + + /** + * @return Location ID of the parent organization. Only global is supported at the moment. + * + */ + public Optional> location() { + return Optional.ofNullable(this.location); + } + + @Import(name="project") + private @Nullable Output project; + + public Optional> project() { + return Optional.ofNullable(this.project); + } + + /** + * The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". + * + */ + @Import(name="pubsubTopic") + private @Nullable Output pubsubTopic; + + /** + * @return The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". + * + */ + public Optional> pubsubTopic() { + return Optional.ofNullable(this.pubsubTopic); + } + + /** + * The config for triggering streaming-based notifications. + * Structure is documented below. + * + */ + @Import(name="streamingConfig", required=true) + private Output streamingConfig; + + /** + * @return The config for triggering streaming-based notifications. + * Structure is documented below. + * + */ + public Output streamingConfig() { + return this.streamingConfig; + } + + private V2ProjectNotificationConfigArgs() {} + + private V2ProjectNotificationConfigArgs(V2ProjectNotificationConfigArgs $) { + this.configId = $.configId; + this.description = $.description; + this.location = $.location; + this.project = $.project; + this.pubsubTopic = $.pubsubTopic; + this.streamingConfig = $.streamingConfig; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(V2ProjectNotificationConfigArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private V2ProjectNotificationConfigArgs $; + + public Builder() { + $ = new V2ProjectNotificationConfigArgs(); + } + + public Builder(V2ProjectNotificationConfigArgs defaults) { + $ = new V2ProjectNotificationConfigArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param configId This must be unique within the project. + * + * @return builder + * + */ + public Builder configId(Output configId) { + $.configId = configId; + return this; + } + + /** + * @param configId This must be unique within the project. + * + * @return builder + * + */ + public Builder configId(String configId) { + return configId(Output.of(configId)); + } + + /** + * @param description The description of the notification config (max of 1024 characters). + * + * @return builder + * + */ + public Builder description(@Nullable Output description) { + $.description = description; + return this; + } + + /** + * @param description The description of the notification config (max of 1024 characters). + * + * @return builder + * + */ + public Builder description(String description) { + return description(Output.of(description)); + } + + /** + * @param location Location ID of the parent organization. Only global is supported at the moment. + * + * @return builder + * + */ + public Builder location(@Nullable Output location) { + $.location = location; + return this; + } + + /** + * @param location Location ID of the parent organization. Only global is supported at the moment. + * + * @return builder + * + */ + public Builder location(String location) { + return location(Output.of(location)); + } + + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + public Builder project(String project) { + return project(Output.of(project)); + } + + /** + * @param pubsubTopic The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". + * + * @return builder + * + */ + public Builder pubsubTopic(@Nullable Output pubsubTopic) { + $.pubsubTopic = pubsubTopic; + return this; + } + + /** + * @param pubsubTopic The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". + * + * @return builder + * + */ + public Builder pubsubTopic(String pubsubTopic) { + return pubsubTopic(Output.of(pubsubTopic)); + } + + /** + * @param streamingConfig The config for triggering streaming-based notifications. + * Structure is documented below. + * + * @return builder + * + */ + public Builder streamingConfig(Output streamingConfig) { + $.streamingConfig = streamingConfig; + return this; + } + + /** + * @param streamingConfig The config for triggering streaming-based notifications. + * Structure is documented below. + * + * @return builder + * + */ + public Builder streamingConfig(V2ProjectNotificationConfigStreamingConfigArgs streamingConfig) { + return streamingConfig(Output.of(streamingConfig)); + } + + public V2ProjectNotificationConfigArgs build() { + if ($.configId == null) { + throw new MissingRequiredPropertyException("V2ProjectNotificationConfigArgs", "configId"); + } + if ($.streamingConfig == null) { + throw new MissingRequiredPropertyException("V2ProjectNotificationConfigArgs", "streamingConfig"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/GetV2OrganizationSourceIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/GetV2OrganizationSourceIamPolicyArgs.java new file mode 100644 index 0000000000..5cf8625a31 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/GetV2OrganizationSourceIamPolicyArgs.java @@ -0,0 +1,105 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; + + +public final class GetV2OrganizationSourceIamPolicyArgs extends com.pulumi.resources.InvokeArgs { + + public static final GetV2OrganizationSourceIamPolicyArgs Empty = new GetV2OrganizationSourceIamPolicyArgs(); + + @Import(name="organization", required=true) + private Output organization; + + public Output organization() { + return this.organization; + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="source", required=true) + private Output source; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ + public Output source() { + return this.source; + } + + private GetV2OrganizationSourceIamPolicyArgs() {} + + private GetV2OrganizationSourceIamPolicyArgs(GetV2OrganizationSourceIamPolicyArgs $) { + this.organization = $.organization; + this.source = $.source; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GetV2OrganizationSourceIamPolicyArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GetV2OrganizationSourceIamPolicyArgs $; + + public Builder() { + $ = new GetV2OrganizationSourceIamPolicyArgs(); + } + + public Builder(GetV2OrganizationSourceIamPolicyArgs defaults) { + $ = new GetV2OrganizationSourceIamPolicyArgs(Objects.requireNonNull(defaults)); + } + + public Builder organization(Output organization) { + $.organization = organization; + return this; + } + + public Builder organization(String organization) { + return organization(Output.of(organization)); + } + + /** + * @param source Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder source(Output source) { + $.source = source; + return this; + } + + /** + * @param source Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder source(String source) { + return source(Output.of(source)); + } + + public GetV2OrganizationSourceIamPolicyArgs build() { + if ($.organization == null) { + throw new MissingRequiredPropertyException("GetV2OrganizationSourceIamPolicyArgs", "organization"); + } + if ($.source == null) { + throw new MissingRequiredPropertyException("GetV2OrganizationSourceIamPolicyArgs", "source"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/GetV2OrganizationSourceIamPolicyPlainArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/GetV2OrganizationSourceIamPolicyPlainArgs.java new file mode 100644 index 0000000000..9e6a12a591 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/GetV2OrganizationSourceIamPolicyPlainArgs.java @@ -0,0 +1,90 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter.inputs; + +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; + + +public final class GetV2OrganizationSourceIamPolicyPlainArgs extends com.pulumi.resources.InvokeArgs { + + public static final GetV2OrganizationSourceIamPolicyPlainArgs Empty = new GetV2OrganizationSourceIamPolicyPlainArgs(); + + @Import(name="organization", required=true) + private String organization; + + public String organization() { + return this.organization; + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="source", required=true) + private String source; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ + public String source() { + return this.source; + } + + private GetV2OrganizationSourceIamPolicyPlainArgs() {} + + private GetV2OrganizationSourceIamPolicyPlainArgs(GetV2OrganizationSourceIamPolicyPlainArgs $) { + this.organization = $.organization; + this.source = $.source; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GetV2OrganizationSourceIamPolicyPlainArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GetV2OrganizationSourceIamPolicyPlainArgs $; + + public Builder() { + $ = new GetV2OrganizationSourceIamPolicyPlainArgs(); + } + + public Builder(GetV2OrganizationSourceIamPolicyPlainArgs defaults) { + $ = new GetV2OrganizationSourceIamPolicyPlainArgs(Objects.requireNonNull(defaults)); + } + + public Builder organization(String organization) { + $.organization = organization; + return this; + } + + /** + * @param source Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder source(String source) { + $.source = source; + return this; + } + + public GetV2OrganizationSourceIamPolicyPlainArgs build() { + if ($.organization == null) { + throw new MissingRequiredPropertyException("GetV2OrganizationSourceIamPolicyPlainArgs", "organization"); + } + if ($.source == null) { + throw new MissingRequiredPropertyException("GetV2OrganizationSourceIamPolicyPlainArgs", "source"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2FolderMuteConfigState.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2FolderMuteConfigState.java new file mode 100644 index 0000000000..12ba60f7e7 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2FolderMuteConfigState.java @@ -0,0 +1,476 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class V2FolderMuteConfigState extends com.pulumi.resources.ResourceArgs { + + public static final V2FolderMuteConfigState Empty = new V2FolderMuteConfigState(); + + /** + * The time at which the mute config was created. This field is set by + * the server and will be ignored if provided on config creation. + * + */ + @Import(name="createTime") + private @Nullable Output createTime; + + /** + * @return The time at which the mute config was created. This field is set by + * the server and will be ignored if provided on config creation. + * + */ + public Optional> createTime() { + return Optional.ofNullable(this.createTime); + } + + /** + * A description of the mute config. + * + */ + @Import(name="description") + private @Nullable Output description; + + /** + * @return A description of the mute config. + * + */ + public Optional> description() { + return Optional.ofNullable(this.description); + } + + /** + * An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + * + */ + @Import(name="filter") + private @Nullable Output filter; + + /** + * @return An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + * + */ + public Optional> filter() { + return Optional.ofNullable(this.filter); + } + + /** + * The folder whose Cloud Security Command Center the Mute + * Config lives in. + * + */ + @Import(name="folder") + private @Nullable Output folder; + + /** + * @return The folder whose Cloud Security Command Center the Mute + * Config lives in. + * + */ + public Optional> folder() { + return Optional.ofNullable(this.folder); + } + + /** + * location Id is provided by folder. If not provided, Use global as default. + * + */ + @Import(name="location") + private @Nullable Output location; + + /** + * @return location Id is provided by folder. If not provided, Use global as default. + * + */ + public Optional> location() { + return Optional.ofNullable(this.location); + } + + /** + * Email address of the user who last edited the mute config. This + * field is set by the server and will be ignored if provided on + * config creation or update. + * + */ + @Import(name="mostRecentEditor") + private @Nullable Output mostRecentEditor; + + /** + * @return Email address of the user who last edited the mute config. This + * field is set by the server and will be ignored if provided on + * config creation or update. + * + */ + public Optional> mostRecentEditor() { + return Optional.ofNullable(this.mostRecentEditor); + } + + /** + * Unique identifier provided by the client within the parent scope. + * + * *** + * + */ + @Import(name="muteConfigId") + private @Nullable Output muteConfigId; + + /** + * @return Unique identifier provided by the client within the parent scope. + * + * *** + * + */ + public Optional> muteConfigId() { + return Optional.ofNullable(this.muteConfigId); + } + + /** + * Name of the mute config. Its format is + * organizations/{organization}/locations/global/muteConfigs/{configId}, + * folders/{folder}/locations/global/muteConfigs/{configId}, + * or projects/{project}/locations/global/muteConfigs/{configId} + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Name of the mute config. Its format is + * organizations/{organization}/locations/global/muteConfigs/{configId}, + * folders/{folder}/locations/global/muteConfigs/{configId}, + * or projects/{project}/locations/global/muteConfigs/{configId} + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + /** + * The type of the mute config. + * + */ + @Import(name="type") + private @Nullable Output type; + + /** + * @return The type of the mute config. + * + */ + public Optional> type() { + return Optional.ofNullable(this.type); + } + + /** + * Output only. The most recent time at which the mute config was + * updated. This field is set by the server and will be ignored if + * provided on config creation or update. + * + */ + @Import(name="updateTime") + private @Nullable Output updateTime; + + /** + * @return Output only. The most recent time at which the mute config was + * updated. This field is set by the server and will be ignored if + * provided on config creation or update. + * + */ + public Optional> updateTime() { + return Optional.ofNullable(this.updateTime); + } + + private V2FolderMuteConfigState() {} + + private V2FolderMuteConfigState(V2FolderMuteConfigState $) { + this.createTime = $.createTime; + this.description = $.description; + this.filter = $.filter; + this.folder = $.folder; + this.location = $.location; + this.mostRecentEditor = $.mostRecentEditor; + this.muteConfigId = $.muteConfigId; + this.name = $.name; + this.type = $.type; + this.updateTime = $.updateTime; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(V2FolderMuteConfigState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private V2FolderMuteConfigState $; + + public Builder() { + $ = new V2FolderMuteConfigState(); + } + + public Builder(V2FolderMuteConfigState defaults) { + $ = new V2FolderMuteConfigState(Objects.requireNonNull(defaults)); + } + + /** + * @param createTime The time at which the mute config was created. This field is set by + * the server and will be ignored if provided on config creation. + * + * @return builder + * + */ + public Builder createTime(@Nullable Output createTime) { + $.createTime = createTime; + return this; + } + + /** + * @param createTime The time at which the mute config was created. This field is set by + * the server and will be ignored if provided on config creation. + * + * @return builder + * + */ + public Builder createTime(String createTime) { + return createTime(Output.of(createTime)); + } + + /** + * @param description A description of the mute config. + * + * @return builder + * + */ + public Builder description(@Nullable Output description) { + $.description = description; + return this; + } + + /** + * @param description A description of the mute config. + * + * @return builder + * + */ + public Builder description(String description) { + return description(Output.of(description)); + } + + /** + * @param filter An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + * + * @return builder + * + */ + public Builder filter(@Nullable Output filter) { + $.filter = filter; + return this; + } + + /** + * @param filter An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + * + * @return builder + * + */ + public Builder filter(String filter) { + return filter(Output.of(filter)); + } + + /** + * @param folder The folder whose Cloud Security Command Center the Mute + * Config lives in. + * + * @return builder + * + */ + public Builder folder(@Nullable Output folder) { + $.folder = folder; + return this; + } + + /** + * @param folder The folder whose Cloud Security Command Center the Mute + * Config lives in. + * + * @return builder + * + */ + public Builder folder(String folder) { + return folder(Output.of(folder)); + } + + /** + * @param location location Id is provided by folder. If not provided, Use global as default. + * + * @return builder + * + */ + public Builder location(@Nullable Output location) { + $.location = location; + return this; + } + + /** + * @param location location Id is provided by folder. If not provided, Use global as default. + * + * @return builder + * + */ + public Builder location(String location) { + return location(Output.of(location)); + } + + /** + * @param mostRecentEditor Email address of the user who last edited the mute config. This + * field is set by the server and will be ignored if provided on + * config creation or update. + * + * @return builder + * + */ + public Builder mostRecentEditor(@Nullable Output mostRecentEditor) { + $.mostRecentEditor = mostRecentEditor; + return this; + } + + /** + * @param mostRecentEditor Email address of the user who last edited the mute config. This + * field is set by the server and will be ignored if provided on + * config creation or update. + * + * @return builder + * + */ + public Builder mostRecentEditor(String mostRecentEditor) { + return mostRecentEditor(Output.of(mostRecentEditor)); + } + + /** + * @param muteConfigId Unique identifier provided by the client within the parent scope. + * + * *** + * + * @return builder + * + */ + public Builder muteConfigId(@Nullable Output muteConfigId) { + $.muteConfigId = muteConfigId; + return this; + } + + /** + * @param muteConfigId Unique identifier provided by the client within the parent scope. + * + * *** + * + * @return builder + * + */ + public Builder muteConfigId(String muteConfigId) { + return muteConfigId(Output.of(muteConfigId)); + } + + /** + * @param name Name of the mute config. Its format is + * organizations/{organization}/locations/global/muteConfigs/{configId}, + * folders/{folder}/locations/global/muteConfigs/{configId}, + * or projects/{project}/locations/global/muteConfigs/{configId} + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Name of the mute config. Its format is + * organizations/{organization}/locations/global/muteConfigs/{configId}, + * folders/{folder}/locations/global/muteConfigs/{configId}, + * or projects/{project}/locations/global/muteConfigs/{configId} + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + /** + * @param type The type of the mute config. + * + * @return builder + * + */ + public Builder type(@Nullable Output type) { + $.type = type; + return this; + } + + /** + * @param type The type of the mute config. + * + * @return builder + * + */ + public Builder type(String type) { + return type(Output.of(type)); + } + + /** + * @param updateTime Output only. The most recent time at which the mute config was + * updated. This field is set by the server and will be ignored if + * provided on config creation or update. + * + * @return builder + * + */ + public Builder updateTime(@Nullable Output updateTime) { + $.updateTime = updateTime; + return this; + } + + /** + * @param updateTime Output only. The most recent time at which the mute config was + * updated. This field is set by the server and will be ignored if + * provided on config creation or update. + * + * @return builder + * + */ + public Builder updateTime(String updateTime) { + return updateTime(Output.of(updateTime)); + } + + public V2FolderMuteConfigState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2OrganizationSourceIamBindingConditionArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2OrganizationSourceIamBindingConditionArgs.java new file mode 100644 index 0000000000..53f9bf9e97 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2OrganizationSourceIamBindingConditionArgs.java @@ -0,0 +1,104 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class V2OrganizationSourceIamBindingConditionArgs extends com.pulumi.resources.ResourceArgs { + + public static final V2OrganizationSourceIamBindingConditionArgs Empty = new V2OrganizationSourceIamBindingConditionArgs(); + + @Import(name="description") + private @Nullable Output description; + + public Optional> description() { + return Optional.ofNullable(this.description); + } + + @Import(name="expression", required=true) + private Output expression; + + public Output expression() { + return this.expression; + } + + @Import(name="title", required=true) + private Output title; + + public Output title() { + return this.title; + } + + private V2OrganizationSourceIamBindingConditionArgs() {} + + private V2OrganizationSourceIamBindingConditionArgs(V2OrganizationSourceIamBindingConditionArgs $) { + this.description = $.description; + this.expression = $.expression; + this.title = $.title; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(V2OrganizationSourceIamBindingConditionArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private V2OrganizationSourceIamBindingConditionArgs $; + + public Builder() { + $ = new V2OrganizationSourceIamBindingConditionArgs(); + } + + public Builder(V2OrganizationSourceIamBindingConditionArgs defaults) { + $ = new V2OrganizationSourceIamBindingConditionArgs(Objects.requireNonNull(defaults)); + } + + public Builder description(@Nullable Output description) { + $.description = description; + return this; + } + + public Builder description(String description) { + return description(Output.of(description)); + } + + public Builder expression(Output expression) { + $.expression = expression; + return this; + } + + public Builder expression(String expression) { + return expression(Output.of(expression)); + } + + public Builder title(Output title) { + $.title = title; + return this; + } + + public Builder title(String title) { + return title(Output.of(title)); + } + + public V2OrganizationSourceIamBindingConditionArgs build() { + if ($.expression == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceIamBindingConditionArgs", "expression"); + } + if ($.title == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceIamBindingConditionArgs", "title"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2OrganizationSourceIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2OrganizationSourceIamBindingState.java new file mode 100644 index 0000000000..c6475a7037 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2OrganizationSourceIamBindingState.java @@ -0,0 +1,298 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.securitycenter.inputs.V2OrganizationSourceIamBindingConditionArgs; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class V2OrganizationSourceIamBindingState extends com.pulumi.resources.ResourceArgs { + + public static final V2OrganizationSourceIamBindingState Empty = new V2OrganizationSourceIamBindingState(); + + @Import(name="condition") + private @Nullable Output condition; + + public Optional> condition() { + return Optional.ofNullable(this.condition); + } + + /** + * (Computed) The etag of the IAM policy. + * + */ + @Import(name="etag") + private @Nullable Output etag; + + /** + * @return (Computed) The etag of the IAM policy. + * + */ + public Optional> etag() { + return Optional.ofNullable(this.etag); + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ + @Import(name="members") + private @Nullable Output> members; + + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + @Import(name="organization") + private @Nullable Output organization; + + public Optional> organization() { + return Optional.ofNullable(this.organization); + } + + /** + * The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + * + */ + @Import(name="role") + private @Nullable Output role; + + /** + * @return The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + * + */ + public Optional> role() { + return Optional.ofNullable(this.role); + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="source") + private @Nullable Output source; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ + public Optional> source() { + return Optional.ofNullable(this.source); + } + + private V2OrganizationSourceIamBindingState() {} + + private V2OrganizationSourceIamBindingState(V2OrganizationSourceIamBindingState $) { + this.condition = $.condition; + this.etag = $.etag; + this.members = $.members; + this.organization = $.organization; + this.role = $.role; + this.source = $.source; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(V2OrganizationSourceIamBindingState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private V2OrganizationSourceIamBindingState $; + + public Builder() { + $ = new V2OrganizationSourceIamBindingState(); + } + + public Builder(V2OrganizationSourceIamBindingState defaults) { + $ = new V2OrganizationSourceIamBindingState(Objects.requireNonNull(defaults)); + } + + public Builder condition(@Nullable Output condition) { + $.condition = condition; + return this; + } + + public Builder condition(V2OrganizationSourceIamBindingConditionArgs condition) { + return condition(Output.of(condition)); + } + + /** + * @param etag (Computed) The etag of the IAM policy. + * + * @return builder + * + */ + public Builder etag(@Nullable Output etag) { + $.etag = etag; + return this; + } + + /** + * @param etag (Computed) The etag of the IAM policy. + * + * @return builder + * + */ + public Builder etag(String etag) { + return etag(Output.of(etag)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ + public Builder members(@Nullable Output> members) { + $.members = members; + return this; + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ + public Builder members(List members) { + return members(Output.of(members)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ + public Builder members(String... members) { + return members(List.of(members)); + } + + public Builder organization(@Nullable Output organization) { + $.organization = organization; + return this; + } + + public Builder organization(String organization) { + return organization(Output.of(organization)); + } + + /** + * @param role The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + * + * @return builder + * + */ + public Builder role(@Nullable Output role) { + $.role = role; + return this; + } + + /** + * @param role The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + * + * @return builder + * + */ + public Builder role(String role) { + return role(Output.of(role)); + } + + /** + * @param source Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder source(@Nullable Output source) { + $.source = source; + return this; + } + + /** + * @param source Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder source(String source) { + return source(Output.of(source)); + } + + public V2OrganizationSourceIamBindingState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2OrganizationSourceIamMemberConditionArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2OrganizationSourceIamMemberConditionArgs.java new file mode 100644 index 0000000000..7eb240c4d5 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2OrganizationSourceIamMemberConditionArgs.java @@ -0,0 +1,104 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class V2OrganizationSourceIamMemberConditionArgs extends com.pulumi.resources.ResourceArgs { + + public static final V2OrganizationSourceIamMemberConditionArgs Empty = new V2OrganizationSourceIamMemberConditionArgs(); + + @Import(name="description") + private @Nullable Output description; + + public Optional> description() { + return Optional.ofNullable(this.description); + } + + @Import(name="expression", required=true) + private Output expression; + + public Output expression() { + return this.expression; + } + + @Import(name="title", required=true) + private Output title; + + public Output title() { + return this.title; + } + + private V2OrganizationSourceIamMemberConditionArgs() {} + + private V2OrganizationSourceIamMemberConditionArgs(V2OrganizationSourceIamMemberConditionArgs $) { + this.description = $.description; + this.expression = $.expression; + this.title = $.title; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(V2OrganizationSourceIamMemberConditionArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private V2OrganizationSourceIamMemberConditionArgs $; + + public Builder() { + $ = new V2OrganizationSourceIamMemberConditionArgs(); + } + + public Builder(V2OrganizationSourceIamMemberConditionArgs defaults) { + $ = new V2OrganizationSourceIamMemberConditionArgs(Objects.requireNonNull(defaults)); + } + + public Builder description(@Nullable Output description) { + $.description = description; + return this; + } + + public Builder description(String description) { + return description(Output.of(description)); + } + + public Builder expression(Output expression) { + $.expression = expression; + return this; + } + + public Builder expression(String expression) { + return expression(Output.of(expression)); + } + + public Builder title(Output title) { + $.title = title; + return this; + } + + public Builder title(String title) { + return title(Output.of(title)); + } + + public V2OrganizationSourceIamMemberConditionArgs build() { + if ($.expression == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceIamMemberConditionArgs", "expression"); + } + if ($.title == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceIamMemberConditionArgs", "title"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2OrganizationSourceIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2OrganizationSourceIamMemberState.java new file mode 100644 index 0000000000..cbdc4dbe91 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2OrganizationSourceIamMemberState.java @@ -0,0 +1,277 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.securitycenter.inputs.V2OrganizationSourceIamMemberConditionArgs; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class V2OrganizationSourceIamMemberState extends com.pulumi.resources.ResourceArgs { + + public static final V2OrganizationSourceIamMemberState Empty = new V2OrganizationSourceIamMemberState(); + + @Import(name="condition") + private @Nullable Output condition; + + public Optional> condition() { + return Optional.ofNullable(this.condition); + } + + /** + * (Computed) The etag of the IAM policy. + * + */ + @Import(name="etag") + private @Nullable Output etag; + + /** + * @return (Computed) The etag of the IAM policy. + * + */ + public Optional> etag() { + return Optional.ofNullable(this.etag); + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ + @Import(name="member") + private @Nullable Output member; + + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + @Import(name="organization") + private @Nullable Output organization; + + public Optional> organization() { + return Optional.ofNullable(this.organization); + } + + /** + * The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + * + */ + @Import(name="role") + private @Nullable Output role; + + /** + * @return The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + * + */ + public Optional> role() { + return Optional.ofNullable(this.role); + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="source") + private @Nullable Output source; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ + public Optional> source() { + return Optional.ofNullable(this.source); + } + + private V2OrganizationSourceIamMemberState() {} + + private V2OrganizationSourceIamMemberState(V2OrganizationSourceIamMemberState $) { + this.condition = $.condition; + this.etag = $.etag; + this.member = $.member; + this.organization = $.organization; + this.role = $.role; + this.source = $.source; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(V2OrganizationSourceIamMemberState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private V2OrganizationSourceIamMemberState $; + + public Builder() { + $ = new V2OrganizationSourceIamMemberState(); + } + + public Builder(V2OrganizationSourceIamMemberState defaults) { + $ = new V2OrganizationSourceIamMemberState(Objects.requireNonNull(defaults)); + } + + public Builder condition(@Nullable Output condition) { + $.condition = condition; + return this; + } + + public Builder condition(V2OrganizationSourceIamMemberConditionArgs condition) { + return condition(Output.of(condition)); + } + + /** + * @param etag (Computed) The etag of the IAM policy. + * + * @return builder + * + */ + public Builder etag(@Nullable Output etag) { + $.etag = etag; + return this; + } + + /** + * @param etag (Computed) The etag of the IAM policy. + * + * @return builder + * + */ + public Builder etag(String etag) { + return etag(Output.of(etag)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ + public Builder member(@Nullable Output member) { + $.member = member; + return this; + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice{@literal @}gmail.com or joe{@literal @}example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app{@literal @}appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins{@literal @}example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ + public Builder member(String member) { + return member(Output.of(member)); + } + + public Builder organization(@Nullable Output organization) { + $.organization = organization; + return this; + } + + public Builder organization(String organization) { + return organization(Output.of(organization)); + } + + /** + * @param role The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + * + * @return builder + * + */ + public Builder role(@Nullable Output role) { + $.role = role; + return this; + } + + /** + * @param role The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + * + * @return builder + * + */ + public Builder role(String role) { + return role(Output.of(role)); + } + + /** + * @param source Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder source(@Nullable Output source) { + $.source = source; + return this; + } + + /** + * @param source Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder source(String source) { + return source(Output.of(source)); + } + + public V2OrganizationSourceIamMemberState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2OrganizationSourceIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2OrganizationSourceIamPolicyState.java new file mode 100644 index 0000000000..ca9636a4c0 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2OrganizationSourceIamPolicyState.java @@ -0,0 +1,178 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class V2OrganizationSourceIamPolicyState extends com.pulumi.resources.ResourceArgs { + + public static final V2OrganizationSourceIamPolicyState Empty = new V2OrganizationSourceIamPolicyState(); + + /** + * (Computed) The etag of the IAM policy. + * + */ + @Import(name="etag") + private @Nullable Output etag; + + /** + * @return (Computed) The etag of the IAM policy. + * + */ + public Optional> etag() { + return Optional.ofNullable(this.etag); + } + + @Import(name="organization") + private @Nullable Output organization; + + public Optional> organization() { + return Optional.ofNullable(this.organization); + } + + /** + * The policy data generated by + * a `gcp.organizations.getIAMPolicy` data source. + * + */ + @Import(name="policyData") + private @Nullable Output policyData; + + /** + * @return The policy data generated by + * a `gcp.organizations.getIAMPolicy` data source. + * + */ + public Optional> policyData() { + return Optional.ofNullable(this.policyData); + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="source") + private @Nullable Output source; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ + public Optional> source() { + return Optional.ofNullable(this.source); + } + + private V2OrganizationSourceIamPolicyState() {} + + private V2OrganizationSourceIamPolicyState(V2OrganizationSourceIamPolicyState $) { + this.etag = $.etag; + this.organization = $.organization; + this.policyData = $.policyData; + this.source = $.source; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(V2OrganizationSourceIamPolicyState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private V2OrganizationSourceIamPolicyState $; + + public Builder() { + $ = new V2OrganizationSourceIamPolicyState(); + } + + public Builder(V2OrganizationSourceIamPolicyState defaults) { + $ = new V2OrganizationSourceIamPolicyState(Objects.requireNonNull(defaults)); + } + + /** + * @param etag (Computed) The etag of the IAM policy. + * + * @return builder + * + */ + public Builder etag(@Nullable Output etag) { + $.etag = etag; + return this; + } + + /** + * @param etag (Computed) The etag of the IAM policy. + * + * @return builder + * + */ + public Builder etag(String etag) { + return etag(Output.of(etag)); + } + + public Builder organization(@Nullable Output organization) { + $.organization = organization; + return this; + } + + public Builder organization(String organization) { + return organization(Output.of(organization)); + } + + /** + * @param policyData The policy data generated by + * a `gcp.organizations.getIAMPolicy` data source. + * + * @return builder + * + */ + public Builder policyData(@Nullable Output policyData) { + $.policyData = policyData; + return this; + } + + /** + * @param policyData The policy data generated by + * a `gcp.organizations.getIAMPolicy` data source. + * + * @return builder + * + */ + public Builder policyData(String policyData) { + return policyData(Output.of(policyData)); + } + + /** + * @param source Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder source(@Nullable Output source) { + $.source = source; + return this; + } + + /** + * @param source Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder source(String source) { + return source(Output.of(source)); + } + + public V2OrganizationSourceIamPolicyState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2OrganizationSourceState.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2OrganizationSourceState.java new file mode 100644 index 0000000000..940ca18dd8 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2OrganizationSourceState.java @@ -0,0 +1,226 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class V2OrganizationSourceState extends com.pulumi.resources.ResourceArgs { + + public static final V2OrganizationSourceState Empty = new V2OrganizationSourceState(); + + /** + * The description of the source (max of 1024 characters). + * + */ + @Import(name="description") + private @Nullable Output description; + + /** + * @return The description of the source (max of 1024 characters). + * + */ + public Optional> description() { + return Optional.ofNullable(this.description); + } + + /** + * The source’s display name. A source’s display name must be unique + * amongst its siblings, for example, two sources with the same parent + * can't share the same display name. The display name must start and end + * with a letter or digit, may contain letters, digits, spaces, hyphens, + * and underscores, and can be no longer than 32 characters. + * + */ + @Import(name="displayName") + private @Nullable Output displayName; + + /** + * @return The source’s display name. A source’s display name must be unique + * amongst its siblings, for example, two sources with the same parent + * can't share the same display name. The display name must start and end + * with a letter or digit, may contain letters, digits, spaces, hyphens, + * and underscores, and can be no longer than 32 characters. + * + */ + public Optional> displayName() { + return Optional.ofNullable(this.displayName); + } + + /** + * The resource name of this source, in the format + * `organizations/{{organization}}/sources/{{source}}`. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return The resource name of this source, in the format + * `organizations/{{organization}}/sources/{{source}}`. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + /** + * The organization whose Cloud Security Command Center the Source + * lives in. + * + * *** + * + */ + @Import(name="organization") + private @Nullable Output organization; + + /** + * @return The organization whose Cloud Security Command Center the Source + * lives in. + * + * *** + * + */ + public Optional> organization() { + return Optional.ofNullable(this.organization); + } + + private V2OrganizationSourceState() {} + + private V2OrganizationSourceState(V2OrganizationSourceState $) { + this.description = $.description; + this.displayName = $.displayName; + this.name = $.name; + this.organization = $.organization; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(V2OrganizationSourceState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private V2OrganizationSourceState $; + + public Builder() { + $ = new V2OrganizationSourceState(); + } + + public Builder(V2OrganizationSourceState defaults) { + $ = new V2OrganizationSourceState(Objects.requireNonNull(defaults)); + } + + /** + * @param description The description of the source (max of 1024 characters). + * + * @return builder + * + */ + public Builder description(@Nullable Output description) { + $.description = description; + return this; + } + + /** + * @param description The description of the source (max of 1024 characters). + * + * @return builder + * + */ + public Builder description(String description) { + return description(Output.of(description)); + } + + /** + * @param displayName The source’s display name. A source’s display name must be unique + * amongst its siblings, for example, two sources with the same parent + * can't share the same display name. The display name must start and end + * with a letter or digit, may contain letters, digits, spaces, hyphens, + * and underscores, and can be no longer than 32 characters. + * + * @return builder + * + */ + public Builder displayName(@Nullable Output displayName) { + $.displayName = displayName; + return this; + } + + /** + * @param displayName The source’s display name. A source’s display name must be unique + * amongst its siblings, for example, two sources with the same parent + * can't share the same display name. The display name must start and end + * with a letter or digit, may contain letters, digits, spaces, hyphens, + * and underscores, and can be no longer than 32 characters. + * + * @return builder + * + */ + public Builder displayName(String displayName) { + return displayName(Output.of(displayName)); + } + + /** + * @param name The resource name of this source, in the format + * `organizations/{{organization}}/sources/{{source}}`. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name The resource name of this source, in the format + * `organizations/{{organization}}/sources/{{source}}`. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + /** + * @param organization The organization whose Cloud Security Command Center the Source + * lives in. + * + * *** + * + * @return builder + * + */ + public Builder organization(@Nullable Output organization) { + $.organization = organization; + return this; + } + + /** + * @param organization The organization whose Cloud Security Command Center the Source + * lives in. + * + * *** + * + * @return builder + * + */ + public Builder organization(String organization) { + return organization(Output.of(organization)); + } + + public V2OrganizationSourceState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2ProjectMuteConfigState.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2ProjectMuteConfigState.java new file mode 100644 index 0000000000..1ac9fe9320 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2ProjectMuteConfigState.java @@ -0,0 +1,476 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class V2ProjectMuteConfigState extends com.pulumi.resources.ResourceArgs { + + public static final V2ProjectMuteConfigState Empty = new V2ProjectMuteConfigState(); + + /** + * The time at which the mute config was created. This field is set by + * the server and will be ignored if provided on config creation. + * + */ + @Import(name="createTime") + private @Nullable Output createTime; + + /** + * @return The time at which the mute config was created. This field is set by + * the server and will be ignored if provided on config creation. + * + */ + public Optional> createTime() { + return Optional.ofNullable(this.createTime); + } + + /** + * A description of the mute config. + * + */ + @Import(name="description") + private @Nullable Output description; + + /** + * @return A description of the mute config. + * + */ + public Optional> description() { + return Optional.ofNullable(this.description); + } + + /** + * An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + * + */ + @Import(name="filter") + private @Nullable Output filter; + + /** + * @return An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + * + */ + public Optional> filter() { + return Optional.ofNullable(this.filter); + } + + /** + * location Id is provided by project. If not provided, Use global as default. + * + */ + @Import(name="location") + private @Nullable Output location; + + /** + * @return location Id is provided by project. If not provided, Use global as default. + * + */ + public Optional> location() { + return Optional.ofNullable(this.location); + } + + /** + * Email address of the user who last edited the mute config. This + * field is set by the server and will be ignored if provided on + * config creation or update. + * + */ + @Import(name="mostRecentEditor") + private @Nullable Output mostRecentEditor; + + /** + * @return Email address of the user who last edited the mute config. This + * field is set by the server and will be ignored if provided on + * config creation or update. + * + */ + public Optional> mostRecentEditor() { + return Optional.ofNullable(this.mostRecentEditor); + } + + /** + * Unique identifier provided by the client within the parent scope. + * + * *** + * + */ + @Import(name="muteConfigId") + private @Nullable Output muteConfigId; + + /** + * @return Unique identifier provided by the client within the parent scope. + * + * *** + * + */ + public Optional> muteConfigId() { + return Optional.ofNullable(this.muteConfigId); + } + + /** + * Name of the mute config. Its format is + * projects/{project}/locations/global/muteConfigs/{configId}, + * folders/{folder}/locations/global/muteConfigs/{configId}, + * or organizations/{organization}/locations/global/muteConfigs/{configId} + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Name of the mute config. Its format is + * projects/{project}/locations/global/muteConfigs/{configId}, + * folders/{folder}/locations/global/muteConfigs/{configId}, + * or organizations/{organization}/locations/global/muteConfigs/{configId} + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + public Optional> project() { + return Optional.ofNullable(this.project); + } + + /** + * The type of the mute config. + * + */ + @Import(name="type") + private @Nullable Output type; + + /** + * @return The type of the mute config. + * + */ + public Optional> type() { + return Optional.ofNullable(this.type); + } + + /** + * Output only. The most recent time at which the mute config was + * updated. This field is set by the server and will be ignored if + * provided on config creation or update. + * + */ + @Import(name="updateTime") + private @Nullable Output updateTime; + + /** + * @return Output only. The most recent time at which the mute config was + * updated. This field is set by the server and will be ignored if + * provided on config creation or update. + * + */ + public Optional> updateTime() { + return Optional.ofNullable(this.updateTime); + } + + private V2ProjectMuteConfigState() {} + + private V2ProjectMuteConfigState(V2ProjectMuteConfigState $) { + this.createTime = $.createTime; + this.description = $.description; + this.filter = $.filter; + this.location = $.location; + this.mostRecentEditor = $.mostRecentEditor; + this.muteConfigId = $.muteConfigId; + this.name = $.name; + this.project = $.project; + this.type = $.type; + this.updateTime = $.updateTime; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(V2ProjectMuteConfigState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private V2ProjectMuteConfigState $; + + public Builder() { + $ = new V2ProjectMuteConfigState(); + } + + public Builder(V2ProjectMuteConfigState defaults) { + $ = new V2ProjectMuteConfigState(Objects.requireNonNull(defaults)); + } + + /** + * @param createTime The time at which the mute config was created. This field is set by + * the server and will be ignored if provided on config creation. + * + * @return builder + * + */ + public Builder createTime(@Nullable Output createTime) { + $.createTime = createTime; + return this; + } + + /** + * @param createTime The time at which the mute config was created. This field is set by + * the server and will be ignored if provided on config creation. + * + * @return builder + * + */ + public Builder createTime(String createTime) { + return createTime(Output.of(createTime)); + } + + /** + * @param description A description of the mute config. + * + * @return builder + * + */ + public Builder description(@Nullable Output description) { + $.description = description; + return this; + } + + /** + * @param description A description of the mute config. + * + * @return builder + * + */ + public Builder description(String description) { + return description(Output.of(description)); + } + + /** + * @param filter An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + * + * @return builder + * + */ + public Builder filter(@Nullable Output filter) { + $.filter = filter; + return this; + } + + /** + * @param filter An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + * + * @return builder + * + */ + public Builder filter(String filter) { + return filter(Output.of(filter)); + } + + /** + * @param location location Id is provided by project. If not provided, Use global as default. + * + * @return builder + * + */ + public Builder location(@Nullable Output location) { + $.location = location; + return this; + } + + /** + * @param location location Id is provided by project. If not provided, Use global as default. + * + * @return builder + * + */ + public Builder location(String location) { + return location(Output.of(location)); + } + + /** + * @param mostRecentEditor Email address of the user who last edited the mute config. This + * field is set by the server and will be ignored if provided on + * config creation or update. + * + * @return builder + * + */ + public Builder mostRecentEditor(@Nullable Output mostRecentEditor) { + $.mostRecentEditor = mostRecentEditor; + return this; + } + + /** + * @param mostRecentEditor Email address of the user who last edited the mute config. This + * field is set by the server and will be ignored if provided on + * config creation or update. + * + * @return builder + * + */ + public Builder mostRecentEditor(String mostRecentEditor) { + return mostRecentEditor(Output.of(mostRecentEditor)); + } + + /** + * @param muteConfigId Unique identifier provided by the client within the parent scope. + * + * *** + * + * @return builder + * + */ + public Builder muteConfigId(@Nullable Output muteConfigId) { + $.muteConfigId = muteConfigId; + return this; + } + + /** + * @param muteConfigId Unique identifier provided by the client within the parent scope. + * + * *** + * + * @return builder + * + */ + public Builder muteConfigId(String muteConfigId) { + return muteConfigId(Output.of(muteConfigId)); + } + + /** + * @param name Name of the mute config. Its format is + * projects/{project}/locations/global/muteConfigs/{configId}, + * folders/{folder}/locations/global/muteConfigs/{configId}, + * or organizations/{organization}/locations/global/muteConfigs/{configId} + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Name of the mute config. Its format is + * projects/{project}/locations/global/muteConfigs/{configId}, + * folders/{folder}/locations/global/muteConfigs/{configId}, + * or organizations/{organization}/locations/global/muteConfigs/{configId} + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + * @return builder + * + */ + public Builder project(String project) { + return project(Output.of(project)); + } + + /** + * @param type The type of the mute config. + * + * @return builder + * + */ + public Builder type(@Nullable Output type) { + $.type = type; + return this; + } + + /** + * @param type The type of the mute config. + * + * @return builder + * + */ + public Builder type(String type) { + return type(Output.of(type)); + } + + /** + * @param updateTime Output only. The most recent time at which the mute config was + * updated. This field is set by the server and will be ignored if + * provided on config creation or update. + * + * @return builder + * + */ + public Builder updateTime(@Nullable Output updateTime) { + $.updateTime = updateTime; + return this; + } + + /** + * @param updateTime Output only. The most recent time at which the mute config was + * updated. This field is set by the server and will be ignored if + * provided on config creation or update. + * + * @return builder + * + */ + public Builder updateTime(String updateTime) { + return updateTime(Output.of(updateTime)); + } + + public V2ProjectMuteConfigState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2ProjectNotificationConfigState.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2ProjectNotificationConfigState.java new file mode 100644 index 0000000000..4012faf469 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2ProjectNotificationConfigState.java @@ -0,0 +1,335 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.securitycenter.inputs.V2ProjectNotificationConfigStreamingConfigArgs; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class V2ProjectNotificationConfigState extends com.pulumi.resources.ResourceArgs { + + public static final V2ProjectNotificationConfigState Empty = new V2ProjectNotificationConfigState(); + + /** + * This must be unique within the project. + * + */ + @Import(name="configId") + private @Nullable Output configId; + + /** + * @return This must be unique within the project. + * + */ + public Optional> configId() { + return Optional.ofNullable(this.configId); + } + + /** + * The description of the notification config (max of 1024 characters). + * + */ + @Import(name="description") + private @Nullable Output description; + + /** + * @return The description of the notification config (max of 1024 characters). + * + */ + public Optional> description() { + return Optional.ofNullable(this.description); + } + + /** + * Location ID of the parent organization. Only global is supported at the moment. + * + */ + @Import(name="location") + private @Nullable Output location; + + /** + * @return Location ID of the parent organization. Only global is supported at the moment. + * + */ + public Optional> location() { + return Optional.ofNullable(this.location); + } + + /** + * The resource name of this notification config, in the format + * `projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}`. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return The resource name of this notification config, in the format + * `projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}`. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + @Import(name="project") + private @Nullable Output project; + + public Optional> project() { + return Optional.ofNullable(this.project); + } + + /** + * The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". + * + */ + @Import(name="pubsubTopic") + private @Nullable Output pubsubTopic; + + /** + * @return The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". + * + */ + public Optional> pubsubTopic() { + return Optional.ofNullable(this.pubsubTopic); + } + + /** + * The service account that needs "pubsub.topics.publish" permission to + * publish to the Pub/Sub topic. + * + */ + @Import(name="serviceAccount") + private @Nullable Output serviceAccount; + + /** + * @return The service account that needs "pubsub.topics.publish" permission to + * publish to the Pub/Sub topic. + * + */ + public Optional> serviceAccount() { + return Optional.ofNullable(this.serviceAccount); + } + + /** + * The config for triggering streaming-based notifications. + * Structure is documented below. + * + */ + @Import(name="streamingConfig") + private @Nullable Output streamingConfig; + + /** + * @return The config for triggering streaming-based notifications. + * Structure is documented below. + * + */ + public Optional> streamingConfig() { + return Optional.ofNullable(this.streamingConfig); + } + + private V2ProjectNotificationConfigState() {} + + private V2ProjectNotificationConfigState(V2ProjectNotificationConfigState $) { + this.configId = $.configId; + this.description = $.description; + this.location = $.location; + this.name = $.name; + this.project = $.project; + this.pubsubTopic = $.pubsubTopic; + this.serviceAccount = $.serviceAccount; + this.streamingConfig = $.streamingConfig; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(V2ProjectNotificationConfigState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private V2ProjectNotificationConfigState $; + + public Builder() { + $ = new V2ProjectNotificationConfigState(); + } + + public Builder(V2ProjectNotificationConfigState defaults) { + $ = new V2ProjectNotificationConfigState(Objects.requireNonNull(defaults)); + } + + /** + * @param configId This must be unique within the project. + * + * @return builder + * + */ + public Builder configId(@Nullable Output configId) { + $.configId = configId; + return this; + } + + /** + * @param configId This must be unique within the project. + * + * @return builder + * + */ + public Builder configId(String configId) { + return configId(Output.of(configId)); + } + + /** + * @param description The description of the notification config (max of 1024 characters). + * + * @return builder + * + */ + public Builder description(@Nullable Output description) { + $.description = description; + return this; + } + + /** + * @param description The description of the notification config (max of 1024 characters). + * + * @return builder + * + */ + public Builder description(String description) { + return description(Output.of(description)); + } + + /** + * @param location Location ID of the parent organization. Only global is supported at the moment. + * + * @return builder + * + */ + public Builder location(@Nullable Output location) { + $.location = location; + return this; + } + + /** + * @param location Location ID of the parent organization. Only global is supported at the moment. + * + * @return builder + * + */ + public Builder location(String location) { + return location(Output.of(location)); + } + + /** + * @param name The resource name of this notification config, in the format + * `projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}`. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name The resource name of this notification config, in the format + * `projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}`. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + public Builder project(String project) { + return project(Output.of(project)); + } + + /** + * @param pubsubTopic The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". + * + * @return builder + * + */ + public Builder pubsubTopic(@Nullable Output pubsubTopic) { + $.pubsubTopic = pubsubTopic; + return this; + } + + /** + * @param pubsubTopic The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". + * + * @return builder + * + */ + public Builder pubsubTopic(String pubsubTopic) { + return pubsubTopic(Output.of(pubsubTopic)); + } + + /** + * @param serviceAccount The service account that needs "pubsub.topics.publish" permission to + * publish to the Pub/Sub topic. + * + * @return builder + * + */ + public Builder serviceAccount(@Nullable Output serviceAccount) { + $.serviceAccount = serviceAccount; + return this; + } + + /** + * @param serviceAccount The service account that needs "pubsub.topics.publish" permission to + * publish to the Pub/Sub topic. + * + * @return builder + * + */ + public Builder serviceAccount(String serviceAccount) { + return serviceAccount(Output.of(serviceAccount)); + } + + /** + * @param streamingConfig The config for triggering streaming-based notifications. + * Structure is documented below. + * + * @return builder + * + */ + public Builder streamingConfig(@Nullable Output streamingConfig) { + $.streamingConfig = streamingConfig; + return this; + } + + /** + * @param streamingConfig The config for triggering streaming-based notifications. + * Structure is documented below. + * + * @return builder + * + */ + public Builder streamingConfig(V2ProjectNotificationConfigStreamingConfigArgs streamingConfig) { + return streamingConfig(Output.of(streamingConfig)); + } + + public V2ProjectNotificationConfigState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2ProjectNotificationConfigStreamingConfigArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2ProjectNotificationConfigStreamingConfigArgs.java new file mode 100644 index 0000000000..313316508f --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/inputs/V2ProjectNotificationConfigStreamingConfigArgs.java @@ -0,0 +1,165 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; + + +public final class V2ProjectNotificationConfigStreamingConfigArgs extends com.pulumi.resources.ResourceArgs { + + public static final V2ProjectNotificationConfigStreamingConfigArgs Empty = new V2ProjectNotificationConfigStreamingConfigArgs(); + + /** + * Expression that defines the filter to apply across create/update + * events of assets or findings as specified by the event type. The + * expression is a list of zero or more restrictions combined via + * logical operators AND and OR. Parentheses are supported, and OR + * has higher precedence than AND. + * Restrictions have the form <field> <operator> <value> and may have + * a - character in front of them to indicate negation. The fields + * map to those defined in the corresponding resource. + * The supported operators are: + * * = for all value types. + * * > , <, >=, <= for integer values. + * * :, meaning substring matching, for strings. + * The supported value types are: + * * string literals in quotes. + * * integer literals without quotes. + * * boolean literals true and false without quotes. + * See + * [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + * for information on how to write a filter. + * + * *** + * + */ + @Import(name="filter", required=true) + private Output filter; + + /** + * @return Expression that defines the filter to apply across create/update + * events of assets or findings as specified by the event type. The + * expression is a list of zero or more restrictions combined via + * logical operators AND and OR. Parentheses are supported, and OR + * has higher precedence than AND. + * Restrictions have the form <field> <operator> <value> and may have + * a - character in front of them to indicate negation. The fields + * map to those defined in the corresponding resource. + * The supported operators are: + * * = for all value types. + * * > , <, >=, <= for integer values. + * * :, meaning substring matching, for strings. + * The supported value types are: + * * string literals in quotes. + * * integer literals without quotes. + * * boolean literals true and false without quotes. + * See + * [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + * for information on how to write a filter. + * + * *** + * + */ + public Output filter() { + return this.filter; + } + + private V2ProjectNotificationConfigStreamingConfigArgs() {} + + private V2ProjectNotificationConfigStreamingConfigArgs(V2ProjectNotificationConfigStreamingConfigArgs $) { + this.filter = $.filter; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(V2ProjectNotificationConfigStreamingConfigArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private V2ProjectNotificationConfigStreamingConfigArgs $; + + public Builder() { + $ = new V2ProjectNotificationConfigStreamingConfigArgs(); + } + + public Builder(V2ProjectNotificationConfigStreamingConfigArgs defaults) { + $ = new V2ProjectNotificationConfigStreamingConfigArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param filter Expression that defines the filter to apply across create/update + * events of assets or findings as specified by the event type. The + * expression is a list of zero or more restrictions combined via + * logical operators AND and OR. Parentheses are supported, and OR + * has higher precedence than AND. + * Restrictions have the form <field> <operator> <value> and may have + * a - character in front of them to indicate negation. The fields + * map to those defined in the corresponding resource. + * The supported operators are: + * * = for all value types. + * * > , <, >=, <= for integer values. + * * :, meaning substring matching, for strings. + * The supported value types are: + * * string literals in quotes. + * * integer literals without quotes. + * * boolean literals true and false without quotes. + * See + * [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + * for information on how to write a filter. + * + * *** + * + * @return builder + * + */ + public Builder filter(Output filter) { + $.filter = filter; + return this; + } + + /** + * @param filter Expression that defines the filter to apply across create/update + * events of assets or findings as specified by the event type. The + * expression is a list of zero or more restrictions combined via + * logical operators AND and OR. Parentheses are supported, and OR + * has higher precedence than AND. + * Restrictions have the form <field> <operator> <value> and may have + * a - character in front of them to indicate negation. The fields + * map to those defined in the corresponding resource. + * The supported operators are: + * * = for all value types. + * * > , <, >=, <= for integer values. + * * :, meaning substring matching, for strings. + * The supported value types are: + * * string literals in quotes. + * * integer literals without quotes. + * * boolean literals true and false without quotes. + * See + * [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + * for information on how to write a filter. + * + * *** + * + * @return builder + * + */ + public Builder filter(String filter) { + return filter(Output.of(filter)); + } + + public V2ProjectNotificationConfigStreamingConfigArgs build() { + if ($.filter == null) { + throw new MissingRequiredPropertyException("V2ProjectNotificationConfigStreamingConfigArgs", "filter"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/outputs/GetV2OrganizationSourceIamPolicyResult.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/outputs/GetV2OrganizationSourceIamPolicyResult.java new file mode 100644 index 0000000000..125fae4d78 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/outputs/GetV2OrganizationSourceIamPolicyResult.java @@ -0,0 +1,136 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; + +@CustomType +public final class GetV2OrganizationSourceIamPolicyResult { + /** + * @return (Computed) The etag of the IAM policy. + * + */ + private String etag; + /** + * @return The provider-assigned unique ID for this managed resource. + * + */ + private String id; + private String organization; + /** + * @return (Required only by `gcp.securitycenter.V2OrganizationSourceIamPolicy`) The policy data generated by + * a `gcp.organizations.getIAMPolicy` data source. + * + */ + private String policyData; + private String source; + + private GetV2OrganizationSourceIamPolicyResult() {} + /** + * @return (Computed) The etag of the IAM policy. + * + */ + public String etag() { + return this.etag; + } + /** + * @return The provider-assigned unique ID for this managed resource. + * + */ + public String id() { + return this.id; + } + public String organization() { + return this.organization; + } + /** + * @return (Required only by `gcp.securitycenter.V2OrganizationSourceIamPolicy`) The policy data generated by + * a `gcp.organizations.getIAMPolicy` data source. + * + */ + public String policyData() { + return this.policyData; + } + public String source() { + return this.source; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GetV2OrganizationSourceIamPolicyResult defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private String etag; + private String id; + private String organization; + private String policyData; + private String source; + public Builder() {} + public Builder(GetV2OrganizationSourceIamPolicyResult defaults) { + Objects.requireNonNull(defaults); + this.etag = defaults.etag; + this.id = defaults.id; + this.organization = defaults.organization; + this.policyData = defaults.policyData; + this.source = defaults.source; + } + + @CustomType.Setter + public Builder etag(String etag) { + if (etag == null) { + throw new MissingRequiredPropertyException("GetV2OrganizationSourceIamPolicyResult", "etag"); + } + this.etag = etag; + return this; + } + @CustomType.Setter + public Builder id(String id) { + if (id == null) { + throw new MissingRequiredPropertyException("GetV2OrganizationSourceIamPolicyResult", "id"); + } + this.id = id; + return this; + } + @CustomType.Setter + public Builder organization(String organization) { + if (organization == null) { + throw new MissingRequiredPropertyException("GetV2OrganizationSourceIamPolicyResult", "organization"); + } + this.organization = organization; + return this; + } + @CustomType.Setter + public Builder policyData(String policyData) { + if (policyData == null) { + throw new MissingRequiredPropertyException("GetV2OrganizationSourceIamPolicyResult", "policyData"); + } + this.policyData = policyData; + return this; + } + @CustomType.Setter + public Builder source(String source) { + if (source == null) { + throw new MissingRequiredPropertyException("GetV2OrganizationSourceIamPolicyResult", "source"); + } + this.source = source; + return this; + } + public GetV2OrganizationSourceIamPolicyResult build() { + final var _resultValue = new GetV2OrganizationSourceIamPolicyResult(); + _resultValue.etag = etag; + _resultValue.id = id; + _resultValue.organization = organization; + _resultValue.policyData = policyData; + _resultValue.source = source; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/outputs/V2OrganizationSourceIamBindingCondition.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/outputs/V2OrganizationSourceIamBindingCondition.java new file mode 100644 index 0000000000..f322325acd --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/outputs/V2OrganizationSourceIamBindingCondition.java @@ -0,0 +1,80 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class V2OrganizationSourceIamBindingCondition { + private @Nullable String description; + private String expression; + private String title; + + private V2OrganizationSourceIamBindingCondition() {} + public Optional description() { + return Optional.ofNullable(this.description); + } + public String expression() { + return this.expression; + } + public String title() { + return this.title; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(V2OrganizationSourceIamBindingCondition defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable String description; + private String expression; + private String title; + public Builder() {} + public Builder(V2OrganizationSourceIamBindingCondition defaults) { + Objects.requireNonNull(defaults); + this.description = defaults.description; + this.expression = defaults.expression; + this.title = defaults.title; + } + + @CustomType.Setter + public Builder description(@Nullable String description) { + + this.description = description; + return this; + } + @CustomType.Setter + public Builder expression(String expression) { + if (expression == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceIamBindingCondition", "expression"); + } + this.expression = expression; + return this; + } + @CustomType.Setter + public Builder title(String title) { + if (title == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceIamBindingCondition", "title"); + } + this.title = title; + return this; + } + public V2OrganizationSourceIamBindingCondition build() { + final var _resultValue = new V2OrganizationSourceIamBindingCondition(); + _resultValue.description = description; + _resultValue.expression = expression; + _resultValue.title = title; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/outputs/V2OrganizationSourceIamMemberCondition.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/outputs/V2OrganizationSourceIamMemberCondition.java new file mode 100644 index 0000000000..77e4fafbea --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/outputs/V2OrganizationSourceIamMemberCondition.java @@ -0,0 +1,80 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class V2OrganizationSourceIamMemberCondition { + private @Nullable String description; + private String expression; + private String title; + + private V2OrganizationSourceIamMemberCondition() {} + public Optional description() { + return Optional.ofNullable(this.description); + } + public String expression() { + return this.expression; + } + public String title() { + return this.title; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(V2OrganizationSourceIamMemberCondition defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable String description; + private String expression; + private String title; + public Builder() {} + public Builder(V2OrganizationSourceIamMemberCondition defaults) { + Objects.requireNonNull(defaults); + this.description = defaults.description; + this.expression = defaults.expression; + this.title = defaults.title; + } + + @CustomType.Setter + public Builder description(@Nullable String description) { + + this.description = description; + return this; + } + @CustomType.Setter + public Builder expression(String expression) { + if (expression == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceIamMemberCondition", "expression"); + } + this.expression = expression; + return this; + } + @CustomType.Setter + public Builder title(String title) { + if (title == null) { + throw new MissingRequiredPropertyException("V2OrganizationSourceIamMemberCondition", "title"); + } + this.title = title; + return this; + } + public V2OrganizationSourceIamMemberCondition build() { + final var _resultValue = new V2OrganizationSourceIamMemberCondition(); + _resultValue.description = description; + _resultValue.expression = expression; + _resultValue.title = title; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/outputs/V2ProjectNotificationConfigStreamingConfig.java b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/outputs/V2ProjectNotificationConfigStreamingConfig.java new file mode 100644 index 0000000000..a18c9087c4 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/securitycenter/outputs/V2ProjectNotificationConfigStreamingConfig.java @@ -0,0 +1,98 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.securitycenter.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; + +@CustomType +public final class V2ProjectNotificationConfigStreamingConfig { + /** + * @return Expression that defines the filter to apply across create/update + * events of assets or findings as specified by the event type. The + * expression is a list of zero or more restrictions combined via + * logical operators AND and OR. Parentheses are supported, and OR + * has higher precedence than AND. + * Restrictions have the form <field> <operator> <value> and may have + * a - character in front of them to indicate negation. The fields + * map to those defined in the corresponding resource. + * The supported operators are: + * * = for all value types. + * * > , <, >=, <= for integer values. + * * :, meaning substring matching, for strings. + * The supported value types are: + * * string literals in quotes. + * * integer literals without quotes. + * * boolean literals true and false without quotes. + * See + * [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + * for information on how to write a filter. + * + * *** + * + */ + private String filter; + + private V2ProjectNotificationConfigStreamingConfig() {} + /** + * @return Expression that defines the filter to apply across create/update + * events of assets or findings as specified by the event type. The + * expression is a list of zero or more restrictions combined via + * logical operators AND and OR. Parentheses are supported, and OR + * has higher precedence than AND. + * Restrictions have the form <field> <operator> <value> and may have + * a - character in front of them to indicate negation. The fields + * map to those defined in the corresponding resource. + * The supported operators are: + * * = for all value types. + * * > , <, >=, <= for integer values. + * * :, meaning substring matching, for strings. + * The supported value types are: + * * string literals in quotes. + * * integer literals without quotes. + * * boolean literals true and false without quotes. + * See + * [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + * for information on how to write a filter. + * + * *** + * + */ + public String filter() { + return this.filter; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(V2ProjectNotificationConfigStreamingConfig defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private String filter; + public Builder() {} + public Builder(V2ProjectNotificationConfigStreamingConfig defaults) { + Objects.requireNonNull(defaults); + this.filter = defaults.filter; + } + + @CustomType.Setter + public Builder filter(String filter) { + if (filter == null) { + throw new MissingRequiredPropertyException("V2ProjectNotificationConfigStreamingConfig", "filter"); + } + this.filter = filter; + return this; + } + public V2ProjectNotificationConfigStreamingConfig build() { + final var _resultValue = new V2ProjectNotificationConfigStreamingConfig(); + _resultValue.filter = filter; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/Instance.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/Instance.java index 3718825dbd..19fcbcd087 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/Instance.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/Instance.java @@ -341,7 +341,6 @@ public Output>> labels() { * A unique identifier for the instance, which cannot be changed after * the instance is created. The name must be between 6 and 30 characters * in length. - * * If not provided, a random string starting with `tf-` will be selected. * */ @@ -352,7 +351,6 @@ public Output>> labels() { * @return A unique identifier for the instance, which cannot be changed after * the instance is created. The name must be between 6 and 30 characters * in length. - * * If not provided, a random string starting with `tf-` will be selected. * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceArgs.java index fc531818f0..fb12f52431 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceArgs.java @@ -133,7 +133,6 @@ public Optional>> labels() { * A unique identifier for the instance, which cannot be changed after * the instance is created. The name must be between 6 and 30 characters * in length. - * * If not provided, a random string starting with `tf-` will be selected. * */ @@ -144,7 +143,6 @@ public Optional>> labels() { * @return A unique identifier for the instance, which cannot be changed after * the instance is created. The name must be between 6 and 30 characters * in length. - * * If not provided, a random string starting with `tf-` will be selected. * */ @@ -358,7 +356,6 @@ public Builder labels(Map labels) { * @param name A unique identifier for the instance, which cannot be changed after * the instance is created. The name must be between 6 and 30 characters * in length. - * * If not provided, a random string starting with `tf-` will be selected. * * @return builder @@ -373,7 +370,6 @@ public Builder name(@Nullable Output name) { * @param name A unique identifier for the instance, which cannot be changed after * the instance is created. The name must be between 6 and 30 characters * in length. - * * If not provided, a random string starting with `tf-` will be selected. * * @return builder diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/InstanceState.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/InstanceState.java index 8450c09cea..d9ac690e45 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/InstanceState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/InstanceState.java @@ -147,7 +147,6 @@ public Optional>> labels() { * A unique identifier for the instance, which cannot be changed after * the instance is created. The name must be between 6 and 30 characters * in length. - * * If not provided, a random string starting with `tf-` will be selected. * */ @@ -158,7 +157,6 @@ public Optional>> labels() { * @return A unique identifier for the instance, which cannot be changed after * the instance is created. The name must be between 6 and 30 characters * in length. - * * If not provided, a random string starting with `tf-` will be selected. * */ @@ -428,7 +426,6 @@ public Builder labels(Map labels) { * @param name A unique identifier for the instance, which cannot be changed after * the instance is created. The name must be between 6 and 30 characters * in length. - * * If not provided, a random string starting with `tf-` will be selected. * * @return builder @@ -443,7 +440,6 @@ public Builder name(@Nullable Output name) { * @param name A unique identifier for the instance, which cannot be changed after * the instance is created. The name must be between 6 and 30 characters * in length. - * * If not provided, a random string starting with `tf-` will be selected. * * @return builder diff --git a/sdk/java/src/main/java/com/pulumi/gcp/sql/inputs/DatabaseInstanceSettingsArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/sql/inputs/DatabaseInstanceSettingsArgs.java index 8dc103816c..fd0d63b46d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/sql/inputs/DatabaseInstanceSettingsArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/sql/inputs/DatabaseInstanceSettingsArgs.java @@ -111,14 +111,14 @@ public Optional> collation() { } /** - * Specifies if connections must use Cloud SQL connectors. + * Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. * */ @Import(name="connectorEnforcement") private @Nullable Output connectorEnforcement; /** - * @return Specifies if connections must use Cloud SQL connectors. + * @return Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. * */ public Optional> connectorEnforcement() { @@ -568,7 +568,7 @@ public Builder collation(String collation) { } /** - * @param connectorEnforcement Specifies if connections must use Cloud SQL connectors. + * @param connectorEnforcement Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. * * @return builder * @@ -579,7 +579,7 @@ public Builder connectorEnforcement(@Nullable Output connectorEnforcemen } /** - * @param connectorEnforcement Specifies if connections must use Cloud SQL connectors. + * @param connectorEnforcement Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/sql/outputs/DatabaseInstanceSettings.java b/sdk/java/src/main/java/com/pulumi/gcp/sql/outputs/DatabaseInstanceSettings.java index e99438916d..5d71fb976c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/sql/outputs/DatabaseInstanceSettings.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/sql/outputs/DatabaseInstanceSettings.java @@ -53,7 +53,7 @@ public final class DatabaseInstanceSettings { */ private @Nullable String collation; /** - * @return Specifies if connections must use Cloud SQL connectors. + * @return Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. * */ private @Nullable String connectorEnforcement; @@ -185,7 +185,7 @@ public Optional collation() { return Optional.ofNullable(this.collation); } /** - * @return Specifies if connections must use Cloud SQL connectors. + * @return Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. * */ public Optional connectorEnforcement() { diff --git a/sdk/java/src/main/java/com/pulumi/gcp/sql/outputs/GetDatabaseInstanceSetting.java b/sdk/java/src/main/java/com/pulumi/gcp/sql/outputs/GetDatabaseInstanceSetting.java index 4533acd61b..960cbc4f9b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/sql/outputs/GetDatabaseInstanceSetting.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/sql/outputs/GetDatabaseInstanceSetting.java @@ -50,7 +50,7 @@ public final class GetDatabaseInstanceSetting { */ private String collation; /** - * @return Specifies if connections must use Cloud SQL connectors. + * @return Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. * */ private String connectorEnforcement; @@ -178,7 +178,7 @@ public String collation() { return this.collation; } /** - * @return Specifies if connections must use Cloud SQL connectors. + * @return Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. * */ public String connectorEnforcement() { diff --git a/sdk/java/src/main/java/com/pulumi/gcp/sql/outputs/GetDatabaseInstancesInstanceSetting.java b/sdk/java/src/main/java/com/pulumi/gcp/sql/outputs/GetDatabaseInstancesInstanceSetting.java index 1af2576aab..7d7724432c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/sql/outputs/GetDatabaseInstancesInstanceSetting.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/sql/outputs/GetDatabaseInstancesInstanceSetting.java @@ -50,7 +50,7 @@ public final class GetDatabaseInstancesInstanceSetting { */ private String collation; /** - * @return Specifies if connections must use Cloud SQL connectors. + * @return Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. * */ private String connectorEnforcement; @@ -178,7 +178,7 @@ public String collation() { return this.collation; } /** - * @return Specifies if connections must use Cloud SQL connectors. + * @return Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. * */ public String connectorEnforcement() { diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketObject.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketObject.java index a9209dd017..65f2102db1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketObject.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketObject.java @@ -14,6 +14,7 @@ import com.pulumi.gcp.storage.outputs.BucketObjectCustomerEncryption; import com.pulumi.gcp.storage.outputs.BucketObjectRetention; import java.lang.Boolean; +import java.lang.Integer; import java.lang.String; import java.util.List; import java.util.Map; @@ -262,6 +263,20 @@ public Output> detectMd5hash() { public Output> eventBasedHold() { return Codegen.optional(this.eventBasedHold); } + /** + * (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + * + */ + @Export(name="generation", refs={Integer.class}, tree="[0]") + private Output generation; + + /** + * @return (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + * + */ + public Output generation() { + return this.generation; + } /** * The resource name of the Cloud KMS key that will be used to [encrypt](https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys) the object. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/ManagedFolder.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/ManagedFolder.java index 85a3424901..25630d0282 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/storage/ManagedFolder.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/ManagedFolder.java @@ -10,7 +10,9 @@ import com.pulumi.gcp.Utilities; import com.pulumi.gcp.storage.ManagedFolderArgs; import com.pulumi.gcp.storage.inputs.ManagedFolderState; +import java.lang.Boolean; import java.lang.String; +import java.util.Optional; import javax.annotation.Nullable; /** @@ -70,6 +72,7 @@ * var folder = new ManagedFolder("folder", ManagedFolderArgs.builder() * .bucket(bucket.name()) * .name("managed/folder/name/") + * .forceDestroy(true) * .build()); * * } @@ -127,6 +130,26 @@ public Output bucket() { public Output createTime() { return this.createTime; } + /** + * Allows the deletion of a managed folder even if contains + * objects. If a non-empty managed folder is deleted, any objects + * within the folder will remain in a simulated folder with the + * same name. + * + */ + @Export(name="forceDestroy", refs={Boolean.class}, tree="[0]") + private Output forceDestroy; + + /** + * @return Allows the deletion of a managed folder even if contains + * objects. If a non-empty managed folder is deleted, any objects + * within the folder will remain in a simulated folder with the + * same name. + * + */ + public Output> forceDestroy() { + return Codegen.optional(this.forceDestroy); + } /** * The metadata generation of the managed folder. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/ManagedFolderArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/ManagedFolderArgs.java index c142e283e7..b0b3bc04bf 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/storage/ManagedFolderArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/ManagedFolderArgs.java @@ -6,6 +6,7 @@ import com.pulumi.core.Output; import com.pulumi.core.annotations.Import; import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; import java.lang.String; import java.util.Objects; import java.util.Optional; @@ -31,6 +32,27 @@ public Output bucket() { return this.bucket; } + /** + * Allows the deletion of a managed folder even if contains + * objects. If a non-empty managed folder is deleted, any objects + * within the folder will remain in a simulated folder with the + * same name. + * + */ + @Import(name="forceDestroy") + private @Nullable Output forceDestroy; + + /** + * @return Allows the deletion of a managed folder even if contains + * objects. If a non-empty managed folder is deleted, any objects + * within the folder will remain in a simulated folder with the + * same name. + * + */ + public Optional> forceDestroy() { + return Optional.ofNullable(this.forceDestroy); + } + /** * The name of the managed folder expressed as a path. Must include * trailing '/'. For example, `example_dir/example_dir2/`. @@ -56,6 +78,7 @@ private ManagedFolderArgs() {} private ManagedFolderArgs(ManagedFolderArgs $) { this.bucket = $.bucket; + this.forceDestroy = $.forceDestroy; this.name = $.name; } @@ -98,6 +121,33 @@ public Builder bucket(String bucket) { return bucket(Output.of(bucket)); } + /** + * @param forceDestroy Allows the deletion of a managed folder even if contains + * objects. If a non-empty managed folder is deleted, any objects + * within the folder will remain in a simulated folder with the + * same name. + * + * @return builder + * + */ + public Builder forceDestroy(@Nullable Output forceDestroy) { + $.forceDestroy = forceDestroy; + return this; + } + + /** + * @param forceDestroy Allows the deletion of a managed folder even if contains + * objects. If a non-empty managed folder is deleted, any objects + * within the folder will remain in a simulated folder with the + * same name. + * + * @return builder + * + */ + public Builder forceDestroy(Boolean forceDestroy) { + return forceDestroy(Output.of(forceDestroy)); + } + /** * @param name The name of the managed folder expressed as a path. Must include * trailing '/'. For example, `example_dir/example_dir2/`. diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/BucketObjectState.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/BucketObjectState.java index 6f2b759a81..d691b1eef4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/BucketObjectState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/BucketObjectState.java @@ -9,6 +9,7 @@ import com.pulumi.gcp.storage.inputs.BucketObjectCustomerEncryptionArgs; import com.pulumi.gcp.storage.inputs.BucketObjectRetentionArgs; import java.lang.Boolean; +import java.lang.Integer; import java.lang.String; import java.util.Map; import java.util.Objects; @@ -181,6 +182,21 @@ public Optional> eventBasedHold() { return Optional.ofNullable(this.eventBasedHold); } + /** + * (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + * + */ + @Import(name="generation") + private @Nullable Output generation; + + /** + * @return (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + * + */ + public Optional> generation() { + return Optional.ofNullable(this.generation); + } + /** * The resource name of the Cloud KMS key that will be used to [encrypt](https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys) the object. * @@ -376,6 +392,7 @@ private BucketObjectState(BucketObjectState $) { this.customerEncryption = $.customerEncryption; this.detectMd5hash = $.detectMd5hash; this.eventBasedHold = $.eventBasedHold; + this.generation = $.generation; this.kmsKeyName = $.kmsKeyName; this.md5hash = $.md5hash; this.mediaLink = $.mediaLink; @@ -630,6 +647,27 @@ public Builder eventBasedHold(Boolean eventBasedHold) { return eventBasedHold(Output.of(eventBasedHold)); } + /** + * @param generation (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + * + * @return builder + * + */ + public Builder generation(@Nullable Output generation) { + $.generation = generation; + return this; + } + + /** + * @param generation (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + * + * @return builder + * + */ + public Builder generation(Integer generation) { + return generation(Output.of(generation)); + } + /** * @param kmsKeyName The resource name of the Cloud KMS key that will be used to [encrypt](https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys) the object. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/ManagedFolderState.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/ManagedFolderState.java index e4b48327cf..d92c068eb6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/ManagedFolderState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/ManagedFolderState.java @@ -5,6 +5,7 @@ import com.pulumi.core.Output; import com.pulumi.core.annotations.Import; +import java.lang.Boolean; import java.lang.String; import java.util.Objects; import java.util.Optional; @@ -45,6 +46,27 @@ public Optional> createTime() { return Optional.ofNullable(this.createTime); } + /** + * Allows the deletion of a managed folder even if contains + * objects. If a non-empty managed folder is deleted, any objects + * within the folder will remain in a simulated folder with the + * same name. + * + */ + @Import(name="forceDestroy") + private @Nullable Output forceDestroy; + + /** + * @return Allows the deletion of a managed folder even if contains + * objects. If a non-empty managed folder is deleted, any objects + * within the folder will remain in a simulated folder with the + * same name. + * + */ + public Optional> forceDestroy() { + return Optional.ofNullable(this.forceDestroy); + } + /** * The metadata generation of the managed folder. * @@ -116,6 +138,7 @@ private ManagedFolderState() {} private ManagedFolderState(ManagedFolderState $) { this.bucket = $.bucket; this.createTime = $.createTime; + this.forceDestroy = $.forceDestroy; this.metageneration = $.metageneration; this.name = $.name; this.selfLink = $.selfLink; @@ -182,6 +205,33 @@ public Builder createTime(String createTime) { return createTime(Output.of(createTime)); } + /** + * @param forceDestroy Allows the deletion of a managed folder even if contains + * objects. If a non-empty managed folder is deleted, any objects + * within the folder will remain in a simulated folder with the + * same name. + * + * @return builder + * + */ + public Builder forceDestroy(@Nullable Output forceDestroy) { + $.forceDestroy = forceDestroy; + return this; + } + + /** + * @param forceDestroy Allows the deletion of a managed folder even if contains + * objects. If a non-empty managed folder is deleted, any objects + * within the folder will remain in a simulated folder with the + * same name. + * + * @return builder + * + */ + public Builder forceDestroy(Boolean forceDestroy) { + return forceDestroy(Output.of(forceDestroy)); + } + /** * @param metageneration The metadata generation of the managed folder. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/outputs/GetBucketObjectContentResult.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/outputs/GetBucketObjectContentResult.java index 7b281be198..c5cc9dccf2 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/storage/outputs/GetBucketObjectContentResult.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/outputs/GetBucketObjectContentResult.java @@ -8,6 +8,7 @@ import com.pulumi.gcp.storage.outputs.GetBucketObjectContentCustomerEncryption; import com.pulumi.gcp.storage.outputs.GetBucketObjectContentRetention; import java.lang.Boolean; +import java.lang.Integer; import java.lang.String; import java.util.List; import java.util.Map; @@ -32,6 +33,7 @@ public final class GetBucketObjectContentResult { private List customerEncryptions; private String detectMd5hash; private Boolean eventBasedHold; + private Integer generation; /** * @return The provider-assigned unique ID for this managed resource. * @@ -87,6 +89,9 @@ public String detectMd5hash() { public Boolean eventBasedHold() { return this.eventBasedHold; } + public Integer generation() { + return this.generation; + } /** * @return The provider-assigned unique ID for this managed resource. * @@ -148,6 +153,7 @@ public static final class Builder { private List customerEncryptions; private String detectMd5hash; private Boolean eventBasedHold; + private Integer generation; private String id; private String kmsKeyName; private String md5hash; @@ -174,6 +180,7 @@ public Builder(GetBucketObjectContentResult defaults) { this.customerEncryptions = defaults.customerEncryptions; this.detectMd5hash = defaults.detectMd5hash; this.eventBasedHold = defaults.eventBasedHold; + this.generation = defaults.generation; this.id = defaults.id; this.kmsKeyName = defaults.kmsKeyName; this.md5hash = defaults.md5hash; @@ -278,6 +285,14 @@ public Builder eventBasedHold(Boolean eventBasedHold) { return this; } @CustomType.Setter + public Builder generation(Integer generation) { + if (generation == null) { + throw new MissingRequiredPropertyException("GetBucketObjectContentResult", "generation"); + } + this.generation = generation; + return this; + } + @CustomType.Setter public Builder id(String id) { if (id == null) { throw new MissingRequiredPropertyException("GetBucketObjectContentResult", "id"); @@ -389,6 +404,7 @@ public GetBucketObjectContentResult build() { _resultValue.customerEncryptions = customerEncryptions; _resultValue.detectMd5hash = detectMd5hash; _resultValue.eventBasedHold = eventBasedHold; + _resultValue.generation = generation; _resultValue.id = id; _resultValue.kmsKeyName = kmsKeyName; _resultValue.md5hash = md5hash; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/outputs/GetBucketObjectResult.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/outputs/GetBucketObjectResult.java index c3e2904d5c..232bce5db2 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/storage/outputs/GetBucketObjectResult.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/outputs/GetBucketObjectResult.java @@ -8,6 +8,7 @@ import com.pulumi.gcp.storage.outputs.GetBucketObjectCustomerEncryption; import com.pulumi.gcp.storage.outputs.GetBucketObjectRetention; import java.lang.Boolean; +import java.lang.Integer; import java.lang.String; import java.util.List; import java.util.Map; @@ -57,6 +58,11 @@ public final class GetBucketObjectResult { * */ private Boolean eventBasedHold; + /** + * @return (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + * + */ + private Integer generation; /** * @return The provider-assigned unique ID for this managed resource. * @@ -159,6 +165,13 @@ public String detectMd5hash() { public Boolean eventBasedHold() { return this.eventBasedHold; } + /** + * @return (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + * + */ + public Integer generation() { + return this.generation; + } /** * @return The provider-assigned unique ID for this managed resource. * @@ -242,6 +255,7 @@ public static final class Builder { private List customerEncryptions; private String detectMd5hash; private Boolean eventBasedHold; + private Integer generation; private String id; private String kmsKeyName; private String md5hash; @@ -268,6 +282,7 @@ public Builder(GetBucketObjectResult defaults) { this.customerEncryptions = defaults.customerEncryptions; this.detectMd5hash = defaults.detectMd5hash; this.eventBasedHold = defaults.eventBasedHold; + this.generation = defaults.generation; this.id = defaults.id; this.kmsKeyName = defaults.kmsKeyName; this.md5hash = defaults.md5hash; @@ -372,6 +387,14 @@ public Builder eventBasedHold(Boolean eventBasedHold) { return this; } @CustomType.Setter + public Builder generation(Integer generation) { + if (generation == null) { + throw new MissingRequiredPropertyException("GetBucketObjectResult", "generation"); + } + this.generation = generation; + return this; + } + @CustomType.Setter public Builder id(String id) { if (id == null) { throw new MissingRequiredPropertyException("GetBucketObjectResult", "id"); @@ -481,6 +504,7 @@ public GetBucketObjectResult build() { _resultValue.customerEncryptions = customerEncryptions; _resultValue.detectMd5hash = detectMd5hash; _resultValue.eventBasedHold = eventBasedHold; + _resultValue.generation = generation; _resultValue.id = id; _resultValue.kmsKeyName = kmsKeyName; _resultValue.md5hash = md5hash; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/vmwareengine/NetworkPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/vmwareengine/NetworkPolicy.java index d2543b6b94..06d6eeb1f5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/vmwareengine/NetworkPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/vmwareengine/NetworkPolicy.java @@ -53,7 +53,7 @@ * * public static void stack(Context ctx) { * var network_policy_nw = new Network("network-policy-nw", NetworkArgs.builder() - * .name("standard-nw") + * .name("sample-network") * .location("global") * .type("STANDARD") * .description("VMwareEngine standard network sample") @@ -101,7 +101,7 @@ * * public static void stack(Context ctx) { * var network_policy_nw = new Network("network-policy-nw", NetworkArgs.builder() - * .name("standard-full-nw") + * .name("sample-network") * .location("global") * .type("STANDARD") * .description("VMwareEngine standard network sample") @@ -109,7 +109,7 @@ * * var vmw_engine_network_policy = new NetworkPolicy("vmw-engine-network-policy", NetworkPolicyArgs.builder() * .location("us-west1") - * .name("sample-network-policy-full") + * .name("sample-network-policy") * .edgeServicesCidr("192.168.30.0/26") * .vmwareEngineNetwork(network_policy_nw.id()) * .description("Sample Network Policy") diff --git a/sdk/nodejs/accesscontextmanager/index.ts b/sdk/nodejs/accesscontextmanager/index.ts index b31e4f65ed..4947bc1680 100644 --- a/sdk/nodejs/accesscontextmanager/index.ts +++ b/sdk/nodejs/accesscontextmanager/index.ts @@ -70,6 +70,16 @@ export type ServicePerimeter = import("./servicePerimeter").ServicePerimeter; export const ServicePerimeter: typeof import("./servicePerimeter").ServicePerimeter = null as any; utilities.lazyLoad(exports, ["ServicePerimeter"], () => require("./servicePerimeter")); +export { ServicePerimeterDryRunEgressPolicyArgs, ServicePerimeterDryRunEgressPolicyState } from "./servicePerimeterDryRunEgressPolicy"; +export type ServicePerimeterDryRunEgressPolicy = import("./servicePerimeterDryRunEgressPolicy").ServicePerimeterDryRunEgressPolicy; +export const ServicePerimeterDryRunEgressPolicy: typeof import("./servicePerimeterDryRunEgressPolicy").ServicePerimeterDryRunEgressPolicy = null as any; +utilities.lazyLoad(exports, ["ServicePerimeterDryRunEgressPolicy"], () => require("./servicePerimeterDryRunEgressPolicy")); + +export { ServicePerimeterDryRunIngressPolicyArgs, ServicePerimeterDryRunIngressPolicyState } from "./servicePerimeterDryRunIngressPolicy"; +export type ServicePerimeterDryRunIngressPolicy = import("./servicePerimeterDryRunIngressPolicy").ServicePerimeterDryRunIngressPolicy; +export const ServicePerimeterDryRunIngressPolicy: typeof import("./servicePerimeterDryRunIngressPolicy").ServicePerimeterDryRunIngressPolicy = null as any; +utilities.lazyLoad(exports, ["ServicePerimeterDryRunIngressPolicy"], () => require("./servicePerimeterDryRunIngressPolicy")); + export { ServicePerimeterDryRunResourceArgs, ServicePerimeterDryRunResourceState } from "./servicePerimeterDryRunResource"; export type ServicePerimeterDryRunResource = import("./servicePerimeterDryRunResource").ServicePerimeterDryRunResource; export const ServicePerimeterDryRunResource: typeof import("./servicePerimeterDryRunResource").ServicePerimeterDryRunResource = null as any; @@ -124,6 +134,10 @@ const _module = { return new IngressPolicy(name, undefined, { urn }) case "gcp:accesscontextmanager/servicePerimeter:ServicePerimeter": return new ServicePerimeter(name, undefined, { urn }) + case "gcp:accesscontextmanager/servicePerimeterDryRunEgressPolicy:ServicePerimeterDryRunEgressPolicy": + return new ServicePerimeterDryRunEgressPolicy(name, undefined, { urn }) + case "gcp:accesscontextmanager/servicePerimeterDryRunIngressPolicy:ServicePerimeterDryRunIngressPolicy": + return new ServicePerimeterDryRunIngressPolicy(name, undefined, { urn }) case "gcp:accesscontextmanager/servicePerimeterDryRunResource:ServicePerimeterDryRunResource": return new ServicePerimeterDryRunResource(name, undefined, { urn }) case "gcp:accesscontextmanager/servicePerimeterEgressPolicy:ServicePerimeterEgressPolicy": @@ -151,6 +165,8 @@ pulumi.runtime.registerResourceModule("gcp", "accesscontextmanager/egressPolicy" pulumi.runtime.registerResourceModule("gcp", "accesscontextmanager/gcpUserAccessBinding", _module) pulumi.runtime.registerResourceModule("gcp", "accesscontextmanager/ingressPolicy", _module) pulumi.runtime.registerResourceModule("gcp", "accesscontextmanager/servicePerimeter", _module) +pulumi.runtime.registerResourceModule("gcp", "accesscontextmanager/servicePerimeterDryRunEgressPolicy", _module) +pulumi.runtime.registerResourceModule("gcp", "accesscontextmanager/servicePerimeterDryRunIngressPolicy", _module) pulumi.runtime.registerResourceModule("gcp", "accesscontextmanager/servicePerimeterDryRunResource", _module) pulumi.runtime.registerResourceModule("gcp", "accesscontextmanager/servicePerimeterEgressPolicy", _module) pulumi.runtime.registerResourceModule("gcp", "accesscontextmanager/servicePerimeterIngressPolicy", _module) diff --git a/sdk/nodejs/accesscontextmanager/servicePerimeterDryRunEgressPolicy.ts b/sdk/nodejs/accesscontextmanager/servicePerimeterDryRunEgressPolicy.ts new file mode 100644 index 0000000000..124141683d --- /dev/null +++ b/sdk/nodejs/accesscontextmanager/servicePerimeterDryRunEgressPolicy.ts @@ -0,0 +1,152 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../types/input"; +import * as outputs from "../types/output"; +import * as utilities from "../utilities"; + +/** + * Manage a single EgressPolicy in the spec (dry-run) configuration for a service perimeter. + * EgressPolicies match requests based on egressFrom and egressTo stanzas. + * For an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched. + * If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter + * boundary. For example, an EgressPolicy can be used to allow VMs on networks + * within the ServicePerimeter to access a defined set of projects outside the + * perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket + * or query against a BigQuery dataset). + * + * > **Note:** By default, updates to this resource will remove the EgressPolicy from the + * from the perimeter and add it back in a non-atomic manner. To ensure that the new EgressPolicy + * is added before the old one is removed, add a `lifecycle` block with `createBeforeDestroy = true` to this resource. + * + * To get more information about ServicePerimeterDryRunEgressPolicy, see: + * + * * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#egresspolicy) + * + * ## Example Usage + */ +export class ServicePerimeterDryRunEgressPolicy extends pulumi.CustomResource { + /** + * Get an existing ServicePerimeterDryRunEgressPolicy resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: ServicePerimeterDryRunEgressPolicyState, opts?: pulumi.CustomResourceOptions): ServicePerimeterDryRunEgressPolicy { + return new ServicePerimeterDryRunEgressPolicy(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'gcp:accesscontextmanager/servicePerimeterDryRunEgressPolicy:ServicePerimeterDryRunEgressPolicy'; + + /** + * Returns true if the given object is an instance of ServicePerimeterDryRunEgressPolicy. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is ServicePerimeterDryRunEgressPolicy { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === ServicePerimeterDryRunEgressPolicy.__pulumiType; + } + + /** + * Defines conditions on the source of a request causing this `EgressPolicy` to apply. + * Structure is documented below. + */ + public readonly egressFrom!: pulumi.Output; + /** + * Defines the conditions on the `ApiOperation` and destination resources that + * cause this `EgressPolicy` to apply. + * Structure is documented below. + */ + public readonly egressTo!: pulumi.Output; + /** + * The name of the Service Perimeter to add this resource to. + * + * + * - - - + */ + public readonly perimeter!: pulumi.Output; + + /** + * Create a ServicePerimeterDryRunEgressPolicy resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: ServicePerimeterDryRunEgressPolicyArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: ServicePerimeterDryRunEgressPolicyArgs | ServicePerimeterDryRunEgressPolicyState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as ServicePerimeterDryRunEgressPolicyState | undefined; + resourceInputs["egressFrom"] = state ? state.egressFrom : undefined; + resourceInputs["egressTo"] = state ? state.egressTo : undefined; + resourceInputs["perimeter"] = state ? state.perimeter : undefined; + } else { + const args = argsOrState as ServicePerimeterDryRunEgressPolicyArgs | undefined; + if ((!args || args.perimeter === undefined) && !opts.urn) { + throw new Error("Missing required property 'perimeter'"); + } + resourceInputs["egressFrom"] = args ? args.egressFrom : undefined; + resourceInputs["egressTo"] = args ? args.egressTo : undefined; + resourceInputs["perimeter"] = args ? args.perimeter : undefined; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(ServicePerimeterDryRunEgressPolicy.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering ServicePerimeterDryRunEgressPolicy resources. + */ +export interface ServicePerimeterDryRunEgressPolicyState { + /** + * Defines conditions on the source of a request causing this `EgressPolicy` to apply. + * Structure is documented below. + */ + egressFrom?: pulumi.Input; + /** + * Defines the conditions on the `ApiOperation` and destination resources that + * cause this `EgressPolicy` to apply. + * Structure is documented below. + */ + egressTo?: pulumi.Input; + /** + * The name of the Service Perimeter to add this resource to. + * + * + * - - - + */ + perimeter?: pulumi.Input; +} + +/** + * The set of arguments for constructing a ServicePerimeterDryRunEgressPolicy resource. + */ +export interface ServicePerimeterDryRunEgressPolicyArgs { + /** + * Defines conditions on the source of a request causing this `EgressPolicy` to apply. + * Structure is documented below. + */ + egressFrom?: pulumi.Input; + /** + * Defines the conditions on the `ApiOperation` and destination resources that + * cause this `EgressPolicy` to apply. + * Structure is documented below. + */ + egressTo?: pulumi.Input; + /** + * The name of the Service Perimeter to add this resource to. + * + * + * - - - + */ + perimeter: pulumi.Input; +} diff --git a/sdk/nodejs/accesscontextmanager/servicePerimeterDryRunIngressPolicy.ts b/sdk/nodejs/accesscontextmanager/servicePerimeterDryRunIngressPolicy.ts new file mode 100644 index 0000000000..749a836587 --- /dev/null +++ b/sdk/nodejs/accesscontextmanager/servicePerimeterDryRunIngressPolicy.ts @@ -0,0 +1,156 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../types/input"; +import * as outputs from "../types/output"; +import * as utilities from "../utilities"; + +/** + * Manage a single IngressPolicy in the spec (dry-run) configuration for a service perimeter. + * IngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match, + * both the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request, + * the request is allowed through the perimeter boundary from outside the perimeter. + * For example, access from the internet can be allowed either based on an AccessLevel or, + * for traffic hosted on Google Cloud, the project of the source network. + * For access from private networks, using the project of the hosting network is required. + * Individual ingress policies can be limited by restricting which services and/ + * or actions they match using the ingressTo field. + * + * > **Note:** By default, updates to this resource will remove the IngressPolicy from the + * from the perimeter and add it back in a non-atomic manner. To ensure that the new IngressPolicy + * is added before the old one is removed, add a `lifecycle` block with `createBeforeDestroy = true` to this resource. + * + * To get more information about ServicePerimeterDryRunIngressPolicy, see: + * + * * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#ingresspolicy) + * + * ## Example Usage + */ +export class ServicePerimeterDryRunIngressPolicy extends pulumi.CustomResource { + /** + * Get an existing ServicePerimeterDryRunIngressPolicy resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: ServicePerimeterDryRunIngressPolicyState, opts?: pulumi.CustomResourceOptions): ServicePerimeterDryRunIngressPolicy { + return new ServicePerimeterDryRunIngressPolicy(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'gcp:accesscontextmanager/servicePerimeterDryRunIngressPolicy:ServicePerimeterDryRunIngressPolicy'; + + /** + * Returns true if the given object is an instance of ServicePerimeterDryRunIngressPolicy. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is ServicePerimeterDryRunIngressPolicy { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === ServicePerimeterDryRunIngressPolicy.__pulumiType; + } + + /** + * Defines the conditions on the source of a request causing this `IngressPolicy` + * to apply. + * Structure is documented below. + */ + public readonly ingressFrom!: pulumi.Output; + /** + * Defines the conditions on the `ApiOperation` and request destination that cause + * this `IngressPolicy` to apply. + * Structure is documented below. + */ + public readonly ingressTo!: pulumi.Output; + /** + * The name of the Service Perimeter to add this resource to. + * + * + * - - - + */ + public readonly perimeter!: pulumi.Output; + + /** + * Create a ServicePerimeterDryRunIngressPolicy resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: ServicePerimeterDryRunIngressPolicyArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: ServicePerimeterDryRunIngressPolicyArgs | ServicePerimeterDryRunIngressPolicyState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as ServicePerimeterDryRunIngressPolicyState | undefined; + resourceInputs["ingressFrom"] = state ? state.ingressFrom : undefined; + resourceInputs["ingressTo"] = state ? state.ingressTo : undefined; + resourceInputs["perimeter"] = state ? state.perimeter : undefined; + } else { + const args = argsOrState as ServicePerimeterDryRunIngressPolicyArgs | undefined; + if ((!args || args.perimeter === undefined) && !opts.urn) { + throw new Error("Missing required property 'perimeter'"); + } + resourceInputs["ingressFrom"] = args ? args.ingressFrom : undefined; + resourceInputs["ingressTo"] = args ? args.ingressTo : undefined; + resourceInputs["perimeter"] = args ? args.perimeter : undefined; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(ServicePerimeterDryRunIngressPolicy.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering ServicePerimeterDryRunIngressPolicy resources. + */ +export interface ServicePerimeterDryRunIngressPolicyState { + /** + * Defines the conditions on the source of a request causing this `IngressPolicy` + * to apply. + * Structure is documented below. + */ + ingressFrom?: pulumi.Input; + /** + * Defines the conditions on the `ApiOperation` and request destination that cause + * this `IngressPolicy` to apply. + * Structure is documented below. + */ + ingressTo?: pulumi.Input; + /** + * The name of the Service Perimeter to add this resource to. + * + * + * - - - + */ + perimeter?: pulumi.Input; +} + +/** + * The set of arguments for constructing a ServicePerimeterDryRunIngressPolicy resource. + */ +export interface ServicePerimeterDryRunIngressPolicyArgs { + /** + * Defines the conditions on the source of a request causing this `IngressPolicy` + * to apply. + * Structure is documented below. + */ + ingressFrom?: pulumi.Input; + /** + * Defines the conditions on the `ApiOperation` and request destination that cause + * this `IngressPolicy` to apply. + * Structure is documented below. + */ + ingressTo?: pulumi.Input; + /** + * The name of the Service Perimeter to add this resource to. + * + * + * - - - + */ + perimeter: pulumi.Input; +} diff --git a/sdk/nodejs/accesscontextmanager/servicePerimeterEgressPolicy.ts b/sdk/nodejs/accesscontextmanager/servicePerimeterEgressPolicy.ts index a861d51b2d..ce1239a6cf 100644 --- a/sdk/nodejs/accesscontextmanager/servicePerimeterEgressPolicy.ts +++ b/sdk/nodejs/accesscontextmanager/servicePerimeterEgressPolicy.ts @@ -7,6 +7,7 @@ import * as outputs from "../types/output"; import * as utilities from "../utilities"; /** + * Manage a single EgressPolicy in the status (enforced) configuration for a service perimeter. * EgressPolicies match requests based on egressFrom and egressTo stanzas. * For an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched. * If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter @@ -24,18 +25,6 @@ import * as utilities from "../utilities"; * * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#egresspolicy) * * ## Example Usage - * - * ## Import - * - * ServicePerimeterEgressPolicy can be imported using any of these accepted formats: - * - * * `{{perimeter}}` - * - * When using the `pulumi import` command, ServicePerimeterEgressPolicy can be imported using one of the formats above. For example: - * - * ```sh - * $ pulumi import gcp:accesscontextmanager/servicePerimeterEgressPolicy:ServicePerimeterEgressPolicy default {{perimeter}} - * ``` */ export class ServicePerimeterEgressPolicy extends pulumi.CustomResource { /** diff --git a/sdk/nodejs/accesscontextmanager/servicePerimeterIngressPolicy.ts b/sdk/nodejs/accesscontextmanager/servicePerimeterIngressPolicy.ts index 51acf7e483..89a9daecc6 100644 --- a/sdk/nodejs/accesscontextmanager/servicePerimeterIngressPolicy.ts +++ b/sdk/nodejs/accesscontextmanager/servicePerimeterIngressPolicy.ts @@ -7,6 +7,7 @@ import * as outputs from "../types/output"; import * as utilities from "../utilities"; /** + * Manage a single IngressPolicy in the status (enforced) configuration for a service perimeter. * IngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match, * both the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request, * the request is allowed through the perimeter boundary from outside the perimeter. @@ -25,18 +26,6 @@ import * as utilities from "../utilities"; * * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#ingresspolicy) * * ## Example Usage - * - * ## Import - * - * ServicePerimeterIngressPolicy can be imported using any of these accepted formats: - * - * * `{{perimeter}}` - * - * When using the `pulumi import` command, ServicePerimeterIngressPolicy can be imported using one of the formats above. For example: - * - * ```sh - * $ pulumi import gcp:accesscontextmanager/servicePerimeterIngressPolicy:ServicePerimeterIngressPolicy default {{perimeter}} - * ``` */ export class ServicePerimeterIngressPolicy extends pulumi.CustomResource { /** diff --git a/sdk/nodejs/applicationintegration/client.ts b/sdk/nodejs/applicationintegration/client.ts index c842ea30f0..e4cc82609e 100644 --- a/sdk/nodejs/applicationintegration/client.ts +++ b/sdk/nodejs/applicationintegration/client.ts @@ -44,7 +44,7 @@ import * as utilities from "../utilities"; * }); * const testKey = new gcp.kms.CryptoKeyVersion("test_key", {cryptoKey: cryptokey.id}); * const serviceAccount = new gcp.serviceaccount.Account("service_account", { - * accountId: "service-account-id", + * accountId: "my-service-acc", * displayName: "Service Account", * }); * const example = new gcp.applicationintegration.Client("example", { diff --git a/sdk/nodejs/compute/regionTargetHttpsProxy.ts b/sdk/nodejs/compute/regionTargetHttpsProxy.ts index d03e1e981a..5748eda594 100644 --- a/sdk/nodejs/compute/regionTargetHttpsProxy.ts +++ b/sdk/nodejs/compute/regionTargetHttpsProxy.ts @@ -313,6 +313,10 @@ export class RegionTargetHttpsProxy extends pulumi.CustomResource { * INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED * loadBalancingScheme consult ServerTlsPolicy documentation. * If left blank, communications are not encrypted. + * If you remove this field from your configuration at the same time as + * deleting or recreating a referenced ServerTlsPolicy resource, you will + * receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + * within the ServerTlsPolicy resource to avoid this. */ public readonly serverTlsPolicy!: pulumi.Output; /** @@ -440,6 +444,10 @@ export interface RegionTargetHttpsProxyState { * INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED * loadBalancingScheme consult ServerTlsPolicy documentation. * If left blank, communications are not encrypted. + * If you remove this field from your configuration at the same time as + * deleting or recreating a referenced ServerTlsPolicy resource, you will + * receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + * within the ServerTlsPolicy resource to avoid this. */ serverTlsPolicy?: pulumi.Input; /** @@ -508,6 +516,10 @@ export interface RegionTargetHttpsProxyArgs { * INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED * loadBalancingScheme consult ServerTlsPolicy documentation. * If left blank, communications are not encrypted. + * If you remove this field from your configuration at the same time as + * deleting or recreating a referenced ServerTlsPolicy resource, you will + * receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + * within the ServerTlsPolicy resource to avoid this. */ serverTlsPolicy?: pulumi.Input; /** diff --git a/sdk/nodejs/dataform/repository.ts b/sdk/nodejs/dataform/repository.ts index 4a0986ed4a..928720219e 100644 --- a/sdk/nodejs/dataform/repository.ts +++ b/sdk/nodejs/dataform/repository.ts @@ -25,10 +25,24 @@ import * as utilities from "../utilities"; * secret: secret.id, * secretData: "secret-data", * }); + * const keyring = new gcp.kms.KeyRing("keyring", { + * name: "example-key-ring", + * location: "us-central1", + * }); + * const exampleKey = new gcp.kms.CryptoKey("example_key", { + * name: "example-crypto-key-name", + * keyRing: keyring.id, + * }); + * const cryptoKeyBinding = new gcp.kms.CryptoKeyIAMBinding("crypto_key_binding", { + * cryptoKeyId: exampleKey.id, + * role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", + * members: [`serviceAccount:service-${project.number}@gcp-sa-dataform.iam.gserviceaccount.com`], + * }); * const dataformRepository = new gcp.dataform.Repository("dataform_repository", { * name: "dataform_repository", * displayName: "dataform_repository", * npmrcEnvironmentVariablesSecretVersion: secretVersion.id, + * kmsKeyName: exampleKey.id, * labels: { * label_foo1: "label-bar1", * }, @@ -42,6 +56,8 @@ import * as utilities from "../utilities"; * schemaSuffix: "_suffix", * tablePrefix: "prefix_", * }, + * }, { + * dependsOn: [cryptoKeyBinding], * }); * ``` * @@ -116,6 +132,11 @@ export class Repository extends pulumi.CustomResource { * Structure is documented below. */ public readonly gitRemoteSettings!: pulumi.Output; + /** + * Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + * It is not possible to add or update the encryption key after the repository is created. Example projects/[kmsProjectId]/locations/[region]/keyRings/[keyRegion]/cryptoKeys/[key] + */ + public readonly kmsKeyName!: pulumi.Output; /** * Optional. Repository user labels. * An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. @@ -175,6 +196,7 @@ export class Repository extends pulumi.CustomResource { resourceInputs["displayName"] = state ? state.displayName : undefined; resourceInputs["effectiveLabels"] = state ? state.effectiveLabels : undefined; resourceInputs["gitRemoteSettings"] = state ? state.gitRemoteSettings : undefined; + resourceInputs["kmsKeyName"] = state ? state.kmsKeyName : undefined; resourceInputs["labels"] = state ? state.labels : undefined; resourceInputs["name"] = state ? state.name : undefined; resourceInputs["npmrcEnvironmentVariablesSecretVersion"] = state ? state.npmrcEnvironmentVariablesSecretVersion : undefined; @@ -187,6 +209,7 @@ export class Repository extends pulumi.CustomResource { const args = argsOrState as RepositoryArgs | undefined; resourceInputs["displayName"] = args ? args.displayName : undefined; resourceInputs["gitRemoteSettings"] = args ? args.gitRemoteSettings : undefined; + resourceInputs["kmsKeyName"] = args ? args.kmsKeyName : undefined; resourceInputs["labels"] = args ? args.labels : undefined; resourceInputs["name"] = args ? args.name : undefined; resourceInputs["npmrcEnvironmentVariablesSecretVersion"] = args ? args.npmrcEnvironmentVariablesSecretVersion : undefined; @@ -221,6 +244,11 @@ export interface RepositoryState { * Structure is documented below. */ gitRemoteSettings?: pulumi.Input; + /** + * Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + * It is not possible to add or update the encryption key after the repository is created. Example projects/[kmsProjectId]/locations/[region]/keyRings/[keyRegion]/cryptoKeys/[key] + */ + kmsKeyName?: pulumi.Input; /** * Optional. Repository user labels. * An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. @@ -278,6 +306,11 @@ export interface RepositoryArgs { * Structure is documented below. */ gitRemoteSettings?: pulumi.Input; + /** + * Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + * It is not possible to add or update the encryption key after the repository is created. Example projects/[kmsProjectId]/locations/[region]/keyRings/[keyRegion]/cryptoKeys/[key] + */ + kmsKeyName?: pulumi.Input; /** * Optional. Repository user labels. * An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. diff --git a/sdk/nodejs/discoveryengine/dataStore.ts b/sdk/nodejs/discoveryengine/dataStore.ts index 3bcbb137e4..01ef53fc12 100644 --- a/sdk/nodejs/discoveryengine/dataStore.ts +++ b/sdk/nodejs/discoveryengine/dataStore.ts @@ -33,6 +33,7 @@ import * as utilities from "../utilities"; * contentConfig: "NO_CONTENT", * solutionTypes: ["SOLUTION_TYPE_SEARCH"], * createAdvancedSiteSearch: false, + * skipDefaultSchemaCreation: false, * }); * ``` * ### Discoveryengine Datastore Document Processing Config @@ -173,6 +174,16 @@ export class DataStore extends pulumi.CustomResource { * If it is not provided, the provider project is used. */ public readonly project!: pulumi.Output; + /** + * A boolean flag indicating whether to skip the default schema creation for + * the data store. Only enable this flag if you are certain that the default + * schema is incompatible with your use case. + * If set to true, you must manually create a schema for the data store + * before any documents can be ingested. + * This flag cannot be specified if `data_store.starting_schema` is + * specified. + */ + public readonly skipDefaultSchemaCreation!: pulumi.Output; /** * The solutions that the data store enrolls. * Each value may be one of: `SOLUTION_TYPE_RECOMMENDATION`, `SOLUTION_TYPE_SEARCH`, `SOLUTION_TYPE_CHAT`. @@ -203,6 +214,7 @@ export class DataStore extends pulumi.CustomResource { resourceInputs["location"] = state ? state.location : undefined; resourceInputs["name"] = state ? state.name : undefined; resourceInputs["project"] = state ? state.project : undefined; + resourceInputs["skipDefaultSchemaCreation"] = state ? state.skipDefaultSchemaCreation : undefined; resourceInputs["solutionTypes"] = state ? state.solutionTypes : undefined; } else { const args = argsOrState as DataStoreArgs | undefined; @@ -229,6 +241,7 @@ export class DataStore extends pulumi.CustomResource { resourceInputs["industryVertical"] = args ? args.industryVertical : undefined; resourceInputs["location"] = args ? args.location : undefined; resourceInputs["project"] = args ? args.project : undefined; + resourceInputs["skipDefaultSchemaCreation"] = args ? args.skipDefaultSchemaCreation : undefined; resourceInputs["solutionTypes"] = args ? args.solutionTypes : undefined; resourceInputs["createTime"] = undefined /*out*/; resourceInputs["defaultSchemaId"] = undefined /*out*/; @@ -301,6 +314,16 @@ export interface DataStoreState { * If it is not provided, the provider project is used. */ project?: pulumi.Input; + /** + * A boolean flag indicating whether to skip the default schema creation for + * the data store. Only enable this flag if you are certain that the default + * schema is incompatible with your use case. + * If set to true, you must manually create a schema for the data store + * before any documents can be ingested. + * This flag cannot be specified if `data_store.starting_schema` is + * specified. + */ + skipDefaultSchemaCreation?: pulumi.Input; /** * The solutions that the data store enrolls. * Each value may be one of: `SOLUTION_TYPE_RECOMMENDATION`, `SOLUTION_TYPE_SEARCH`, `SOLUTION_TYPE_CHAT`. @@ -355,6 +378,16 @@ export interface DataStoreArgs { * If it is not provided, the provider project is used. */ project?: pulumi.Input; + /** + * A boolean flag indicating whether to skip the default schema creation for + * the data store. Only enable this flag if you are certain that the default + * schema is incompatible with your use case. + * If set to true, you must manually create a schema for the data store + * before any documents can be ingested. + * This flag cannot be specified if `data_store.starting_schema` is + * specified. + */ + skipDefaultSchemaCreation?: pulumi.Input; /** * The solutions that the data store enrolls. * Each value may be one of: `SOLUTION_TYPE_RECOMMENDATION`, `SOLUTION_TYPE_SEARCH`, `SOLUTION_TYPE_CHAT`. diff --git a/sdk/nodejs/logging/getLogViewIamPolicy.ts b/sdk/nodejs/logging/getLogViewIamPolicy.ts index 0662ee1a9c..9557f7d11f 100644 --- a/sdk/nodejs/logging/getLogViewIamPolicy.ts +++ b/sdk/nodejs/logging/getLogViewIamPolicy.ts @@ -4,6 +4,23 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; +/** + * Retrieves the current IAM policy data for logview + * + * ## example + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const policy = gcp.logging.getLogViewIamPolicy({ + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * }); + * ``` + */ export function getLogViewIamPolicy(args: GetLogViewIamPolicyArgs, opts?: pulumi.InvokeOptions): Promise { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); @@ -61,6 +78,23 @@ export interface GetLogViewIamPolicyResult { */ readonly policyData: string; } +/** + * Retrieves the current IAM policy data for logview + * + * ## example + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const policy = gcp.logging.getLogViewIamPolicy({ + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * }); + * ``` + */ export function getLogViewIamPolicyOutput(args: GetLogViewIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { return pulumi.output(args).apply((a: any) => getLogViewIamPolicy(a, opts)) } diff --git a/sdk/nodejs/logging/logViewIamBinding.ts b/sdk/nodejs/logging/logViewIamBinding.ts index 88b1382508..fc8e6b9ae8 100644 --- a/sdk/nodejs/logging/logViewIamBinding.ts +++ b/sdk/nodejs/logging/logViewIamBinding.ts @@ -7,6 +7,282 @@ import * as outputs from "../types/output"; import * as utilities from "../utilities"; /** + * Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + * + * * `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * * `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * * `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + * + * > **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + * + * > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + * + * ## gcp.logging.LogViewIamPolicy + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.logging.LogViewIamPolicy("policy", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * With IAM Conditions: + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.logging.LogViewIamPolicy("policy", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * ## gcp.logging.LogViewIamBinding + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.logging.LogViewIamBinding("binding", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * With IAM Conditions: + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.logging.LogViewIamBinding("binding", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * ## gcp.logging.LogViewIamMember + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.logging.LogViewIamMember("member", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * member: "user:jane@example.com", + * }); + * ``` + * + * With IAM Conditions: + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.logging.LogViewIamMember("member", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + * + * full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + * --- + * + * # IAM policy for Cloud (Stackdriver) Logging LogView + * Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + * + * * `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * * `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * * `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + * + * > **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + * + * > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + * + * ## gcp.logging.LogViewIamPolicy + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.logging.LogViewIamPolicy("policy", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * With IAM Conditions: + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.logging.LogViewIamPolicy("policy", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * ## gcp.logging.LogViewIamBinding + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.logging.LogViewIamBinding("binding", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * With IAM Conditions: + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.logging.LogViewIamBinding("binding", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * ## gcp.logging.LogViewIamMember + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.logging.LogViewIamMember("member", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * member: "user:jane@example.com", + * }); + * ``` + * + * With IAM Conditions: + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.logging.LogViewIamMember("member", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: diff --git a/sdk/nodejs/logging/logViewIamMember.ts b/sdk/nodejs/logging/logViewIamMember.ts index 12e8ad5b68..9544442a86 100644 --- a/sdk/nodejs/logging/logViewIamMember.ts +++ b/sdk/nodejs/logging/logViewIamMember.ts @@ -7,6 +7,282 @@ import * as outputs from "../types/output"; import * as utilities from "../utilities"; /** + * Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + * + * * `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * * `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * * `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + * + * > **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + * + * > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + * + * ## gcp.logging.LogViewIamPolicy + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.logging.LogViewIamPolicy("policy", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * With IAM Conditions: + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.logging.LogViewIamPolicy("policy", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * ## gcp.logging.LogViewIamBinding + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.logging.LogViewIamBinding("binding", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * With IAM Conditions: + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.logging.LogViewIamBinding("binding", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * ## gcp.logging.LogViewIamMember + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.logging.LogViewIamMember("member", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * member: "user:jane@example.com", + * }); + * ``` + * + * With IAM Conditions: + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.logging.LogViewIamMember("member", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + * + * full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + * --- + * + * # IAM policy for Cloud (Stackdriver) Logging LogView + * Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + * + * * `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * * `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * * `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + * + * > **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + * + * > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + * + * ## gcp.logging.LogViewIamPolicy + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.logging.LogViewIamPolicy("policy", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * With IAM Conditions: + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.logging.LogViewIamPolicy("policy", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * ## gcp.logging.LogViewIamBinding + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.logging.LogViewIamBinding("binding", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * With IAM Conditions: + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.logging.LogViewIamBinding("binding", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * ## gcp.logging.LogViewIamMember + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.logging.LogViewIamMember("member", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * member: "user:jane@example.com", + * }); + * ``` + * + * With IAM Conditions: + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.logging.LogViewIamMember("member", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: diff --git a/sdk/nodejs/logging/logViewIamPolicy.ts b/sdk/nodejs/logging/logViewIamPolicy.ts index bbd7d38fc9..0bc2255f34 100644 --- a/sdk/nodejs/logging/logViewIamPolicy.ts +++ b/sdk/nodejs/logging/logViewIamPolicy.ts @@ -5,6 +5,282 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; /** + * Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + * + * * `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * * `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * * `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + * + * > **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + * + * > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + * + * ## gcp.logging.LogViewIamPolicy + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.logging.LogViewIamPolicy("policy", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * With IAM Conditions: + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.logging.LogViewIamPolicy("policy", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * ## gcp.logging.LogViewIamBinding + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.logging.LogViewIamBinding("binding", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * With IAM Conditions: + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.logging.LogViewIamBinding("binding", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * ## gcp.logging.LogViewIamMember + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.logging.LogViewIamMember("member", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * member: "user:jane@example.com", + * }); + * ``` + * + * With IAM Conditions: + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.logging.LogViewIamMember("member", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + * + * full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + * --- + * + * # IAM policy for Cloud (Stackdriver) Logging LogView + * Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + * + * * `gcp.logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * * `gcp.logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * * `gcp.logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + * + * > **Note:** `gcp.logging.LogViewIamPolicy` **cannot** be used in conjunction with `gcp.logging.LogViewIamBinding` and `gcp.logging.LogViewIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.logging.LogViewIamBinding` resources **can be** used in conjunction with `gcp.logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + * + * > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + * + * ## gcp.logging.LogViewIamPolicy + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.logging.LogViewIamPolicy("policy", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * With IAM Conditions: + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.logging.LogViewIamPolicy("policy", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * ## gcp.logging.LogViewIamBinding + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.logging.LogViewIamBinding("binding", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * With IAM Conditions: + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.logging.LogViewIamBinding("binding", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * ## gcp.logging.LogViewIamMember + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.logging.LogViewIamMember("member", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * member: "user:jane@example.com", + * }); + * ``` + * + * With IAM Conditions: + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.logging.LogViewIamMember("member", { + * parent: loggingLogView.parent, + * location: loggingLogView.location, + * bucket: loggingLogView.bucket, + * name: loggingLogView.name, + * role: "roles/logging.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: diff --git a/sdk/nodejs/networkconnectivity/regionalEndpoint.ts b/sdk/nodejs/networkconnectivity/regionalEndpoint.ts index d216ce500b..4ac938659a 100644 --- a/sdk/nodejs/networkconnectivity/regionalEndpoint.ts +++ b/sdk/nodejs/networkconnectivity/regionalEndpoint.ts @@ -34,12 +34,12 @@ import * as utilities from "../utilities"; * const _default = new gcp.networkconnectivity.RegionalEndpoint("default", { * name: "my-rep", * location: "us-central1", - * targetGoogleApi: "boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com", + * targetGoogleApi: "storage.us-central1.p.rep.googleapis.com", * accessType: "REGIONAL", * address: "192.168.0.5", * network: myNetwork.id, * subnetwork: mySubnetwork.id, - * description: "My RegionalEndpoint targeting Google API boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com", + * description: "My RegionalEndpoint targeting Google API storage.us-central1.p.rep.googleapis.com", * labels: { * env: "default", * }, @@ -64,7 +64,7 @@ import * as utilities from "../utilities"; * const _default = new gcp.networkconnectivity.RegionalEndpoint("default", { * name: "my-rep", * location: "us-central1", - * targetGoogleApi: "boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com", + * targetGoogleApi: "storage.us-central1.p.rep.googleapis.com", * accessType: "GLOBAL", * address: "192.168.0.4", * network: myNetwork.id, diff --git a/sdk/nodejs/organizations/getProject.ts b/sdk/nodejs/organizations/getProject.ts index 30f6bf24da..281316f962 100644 --- a/sdk/nodejs/organizations/getProject.ts +++ b/sdk/nodejs/organizations/getProject.ts @@ -44,6 +44,7 @@ export interface GetProjectArgs { export interface GetProjectResult { readonly autoCreateNetwork: boolean; readonly billingAccount: string; + readonly deletionPolicy: string; readonly effectiveLabels: {[key: string]: string}; readonly folderId: string; /** diff --git a/sdk/nodejs/organizations/project.ts b/sdk/nodejs/organizations/project.ts index a1dcdfca2a..6bfd4436ba 100644 --- a/sdk/nodejs/organizations/project.ts +++ b/sdk/nodejs/organizations/project.ts @@ -107,6 +107,7 @@ export class Project extends pulumi.CustomResource { * for more details. */ public readonly billingAccount!: pulumi.Output; + public readonly deletionPolicy!: pulumi.Output; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ @@ -151,10 +152,13 @@ export class Project extends pulumi.CustomResource { */ public /*out*/ readonly pulumiLabels!: pulumi.Output<{[key: string]: string}>; /** - * If true, the resource can be deleted - * without deleting the Project via the Google API. `skipDelete` is deprecated and will be removed in a future major release. The new release adds support for `deletionPolicy` instead. + * If true, the resource can be deleted without + * deleting the Project via the Google API. `skipDelete` is deprecated and will be + * removed in 6.0.0. Please use deletionPolicy instead. A `skipDelete` value of `false` + * can be changed to a `deletionPolicy` value of `DELETE` and a `skipDelete` value of `true` + * to a `deletionPolicy` value of `ABANDON` for equivalent behavior. * - * @deprecated skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletionPolicy instead. + * @deprecated skip_delete is deprecated and will be removed in 6.0.0. Please use deletionPolicy instead. A skipDelete value of false can be changed to a deletionPolicy value of DELETE and a skipDelete value of true to a deletionPolicy value of ABANDON for equivalent behavior. */ public readonly skipDelete!: pulumi.Output; @@ -173,6 +177,7 @@ export class Project extends pulumi.CustomResource { const state = argsOrState as ProjectState | undefined; resourceInputs["autoCreateNetwork"] = state ? state.autoCreateNetwork : undefined; resourceInputs["billingAccount"] = state ? state.billingAccount : undefined; + resourceInputs["deletionPolicy"] = state ? state.deletionPolicy : undefined; resourceInputs["effectiveLabels"] = state ? state.effectiveLabels : undefined; resourceInputs["folderId"] = state ? state.folderId : undefined; resourceInputs["labels"] = state ? state.labels : undefined; @@ -186,6 +191,7 @@ export class Project extends pulumi.CustomResource { const args = argsOrState as ProjectArgs | undefined; resourceInputs["autoCreateNetwork"] = args ? args.autoCreateNetwork : undefined; resourceInputs["billingAccount"] = args ? args.billingAccount : undefined; + resourceInputs["deletionPolicy"] = args ? args.deletionPolicy : undefined; resourceInputs["folderId"] = args ? args.folderId : undefined; resourceInputs["labels"] = args ? args.labels : undefined; resourceInputs["name"] = args ? args.name : undefined; @@ -221,6 +227,7 @@ export interface ProjectState { * for more details. */ billingAccount?: pulumi.Input; + deletionPolicy?: pulumi.Input; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ @@ -265,10 +272,13 @@ export interface ProjectState { */ pulumiLabels?: pulumi.Input<{[key: string]: pulumi.Input}>; /** - * If true, the resource can be deleted - * without deleting the Project via the Google API. `skipDelete` is deprecated and will be removed in a future major release. The new release adds support for `deletionPolicy` instead. + * If true, the resource can be deleted without + * deleting the Project via the Google API. `skipDelete` is deprecated and will be + * removed in 6.0.0. Please use deletionPolicy instead. A `skipDelete` value of `false` + * can be changed to a `deletionPolicy` value of `DELETE` and a `skipDelete` value of `true` + * to a `deletionPolicy` value of `ABANDON` for equivalent behavior. * - * @deprecated skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletionPolicy instead. + * @deprecated skip_delete is deprecated and will be removed in 6.0.0. Please use deletionPolicy instead. A skipDelete value of false can be changed to a deletionPolicy value of DELETE and a skipDelete value of true to a deletionPolicy value of ABANDON for equivalent behavior. */ skipDelete?: pulumi.Input; } @@ -291,6 +301,7 @@ export interface ProjectArgs { * for more details. */ billingAccount?: pulumi.Input; + deletionPolicy?: pulumi.Input; /** * The numeric ID of the folder this project should be * created under. Only one of `orgId` or `folderId` may be @@ -323,10 +334,13 @@ export interface ProjectArgs { */ projectId?: pulumi.Input; /** - * If true, the resource can be deleted - * without deleting the Project via the Google API. `skipDelete` is deprecated and will be removed in a future major release. The new release adds support for `deletionPolicy` instead. + * If true, the resource can be deleted without + * deleting the Project via the Google API. `skipDelete` is deprecated and will be + * removed in 6.0.0. Please use deletionPolicy instead. A `skipDelete` value of `false` + * can be changed to a `deletionPolicy` value of `DELETE` and a `skipDelete` value of `true` + * to a `deletionPolicy` value of `ABANDON` for equivalent behavior. * - * @deprecated skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletionPolicy instead. + * @deprecated skip_delete is deprecated and will be removed in 6.0.0. Please use deletionPolicy instead. A skipDelete value of false can be changed to a deletionPolicy value of DELETE and a skipDelete value of true to a deletionPolicy value of ABANDON for equivalent behavior. */ skipDelete?: pulumi.Input; } diff --git a/sdk/nodejs/securitycenter/getV2OrganizationSourceIamPolicy.ts b/sdk/nodejs/securitycenter/getV2OrganizationSourceIamPolicy.ts new file mode 100644 index 0000000000..4e3595f81c --- /dev/null +++ b/sdk/nodejs/securitycenter/getV2OrganizationSourceIamPolicy.ts @@ -0,0 +1,88 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "../utilities"; + +/** + * Retrieves the current IAM policy data for organizationsource + * + * ## example + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const policy = gcp.securitycenter.getV2OrganizationSourceIamPolicy({ + * source: customSource.name, + * }); + * ``` + */ +export function getV2OrganizationSourceIamPolicy(args: GetV2OrganizationSourceIamPolicyArgs, opts?: pulumi.InvokeOptions): Promise { + + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); + return pulumi.runtime.invoke("gcp:securitycenter/getV2OrganizationSourceIamPolicy:getV2OrganizationSourceIamPolicy", { + "organization": args.organization, + "source": args.source, + }, opts); +} + +/** + * A collection of arguments for invoking getV2OrganizationSourceIamPolicy. + */ +export interface GetV2OrganizationSourceIamPolicyArgs { + organization: string; + /** + * Used to find the parent resource to bind the IAM policy to + */ + source: string; +} + +/** + * A collection of values returned by getV2OrganizationSourceIamPolicy. + */ +export interface GetV2OrganizationSourceIamPolicyResult { + /** + * (Computed) The etag of the IAM policy. + */ + readonly etag: string; + /** + * The provider-assigned unique ID for this managed resource. + */ + readonly id: string; + readonly organization: string; + /** + * (Required only by `gcp.securitycenter.V2OrganizationSourceIamPolicy`) The policy data generated by + * a `gcp.organizations.getIAMPolicy` data source. + */ + readonly policyData: string; + readonly source: string; +} +/** + * Retrieves the current IAM policy data for organizationsource + * + * ## example + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const policy = gcp.securitycenter.getV2OrganizationSourceIamPolicy({ + * source: customSource.name, + * }); + * ``` + */ +export function getV2OrganizationSourceIamPolicyOutput(args: GetV2OrganizationSourceIamPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { + return pulumi.output(args).apply((a: any) => getV2OrganizationSourceIamPolicy(a, opts)) +} + +/** + * A collection of arguments for invoking getV2OrganizationSourceIamPolicy. + */ +export interface GetV2OrganizationSourceIamPolicyOutputArgs { + organization: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + source: pulumi.Input; +} diff --git a/sdk/nodejs/securitycenter/index.ts b/sdk/nodejs/securitycenter/index.ts index e89e69a747..267b86a6d3 100644 --- a/sdk/nodejs/securitycenter/index.ts +++ b/sdk/nodejs/securitycenter/index.ts @@ -20,6 +20,11 @@ export const getSourceIamPolicy: typeof import("./getSourceIamPolicy").getSource export const getSourceIamPolicyOutput: typeof import("./getSourceIamPolicy").getSourceIamPolicyOutput = null as any; utilities.lazyLoad(exports, ["getSourceIamPolicy","getSourceIamPolicyOutput"], () => require("./getSourceIamPolicy")); +export { GetV2OrganizationSourceIamPolicyArgs, GetV2OrganizationSourceIamPolicyResult, GetV2OrganizationSourceIamPolicyOutputArgs } from "./getV2OrganizationSourceIamPolicy"; +export const getV2OrganizationSourceIamPolicy: typeof import("./getV2OrganizationSourceIamPolicy").getV2OrganizationSourceIamPolicy = null as any; +export const getV2OrganizationSourceIamPolicyOutput: typeof import("./getV2OrganizationSourceIamPolicy").getV2OrganizationSourceIamPolicyOutput = null as any; +utilities.lazyLoad(exports, ["getV2OrganizationSourceIamPolicy","getV2OrganizationSourceIamPolicyOutput"], () => require("./getV2OrganizationSourceIamPolicy")); + export { InstanceIamBindingArgs, InstanceIamBindingState } from "./instanceIamBinding"; export type InstanceIamBinding = import("./instanceIamBinding").InstanceIamBinding; export const InstanceIamBinding: typeof import("./instanceIamBinding").InstanceIamBinding = null as any; @@ -100,6 +105,11 @@ export type SourceIamPolicy = import("./sourceIamPolicy").SourceIamPolicy; export const SourceIamPolicy: typeof import("./sourceIamPolicy").SourceIamPolicy = null as any; utilities.lazyLoad(exports, ["SourceIamPolicy"], () => require("./sourceIamPolicy")); +export { V2FolderMuteConfigArgs, V2FolderMuteConfigState } from "./v2folderMuteConfig"; +export type V2FolderMuteConfig = import("./v2folderMuteConfig").V2FolderMuteConfig; +export const V2FolderMuteConfig: typeof import("./v2folderMuteConfig").V2FolderMuteConfig = null as any; +utilities.lazyLoad(exports, ["V2FolderMuteConfig"], () => require("./v2folderMuteConfig")); + export { V2OrganizationMuteConfigArgs, V2OrganizationMuteConfigState } from "./v2organizationMuteConfig"; export type V2OrganizationMuteConfig = import("./v2organizationMuteConfig").V2OrganizationMuteConfig; export const V2OrganizationMuteConfig: typeof import("./v2organizationMuteConfig").V2OrganizationMuteConfig = null as any; @@ -110,6 +120,36 @@ export type V2OrganizationNotificationConfig = import("./v2organizationNotificat export const V2OrganizationNotificationConfig: typeof import("./v2organizationNotificationConfig").V2OrganizationNotificationConfig = null as any; utilities.lazyLoad(exports, ["V2OrganizationNotificationConfig"], () => require("./v2organizationNotificationConfig")); +export { V2OrganizationSourceArgs, V2OrganizationSourceState } from "./v2organizationSource"; +export type V2OrganizationSource = import("./v2organizationSource").V2OrganizationSource; +export const V2OrganizationSource: typeof import("./v2organizationSource").V2OrganizationSource = null as any; +utilities.lazyLoad(exports, ["V2OrganizationSource"], () => require("./v2organizationSource")); + +export { V2OrganizationSourceIamBindingArgs, V2OrganizationSourceIamBindingState } from "./v2organizationSourceIamBinding"; +export type V2OrganizationSourceIamBinding = import("./v2organizationSourceIamBinding").V2OrganizationSourceIamBinding; +export const V2OrganizationSourceIamBinding: typeof import("./v2organizationSourceIamBinding").V2OrganizationSourceIamBinding = null as any; +utilities.lazyLoad(exports, ["V2OrganizationSourceIamBinding"], () => require("./v2organizationSourceIamBinding")); + +export { V2OrganizationSourceIamMemberArgs, V2OrganizationSourceIamMemberState } from "./v2organizationSourceIamMember"; +export type V2OrganizationSourceIamMember = import("./v2organizationSourceIamMember").V2OrganizationSourceIamMember; +export const V2OrganizationSourceIamMember: typeof import("./v2organizationSourceIamMember").V2OrganizationSourceIamMember = null as any; +utilities.lazyLoad(exports, ["V2OrganizationSourceIamMember"], () => require("./v2organizationSourceIamMember")); + +export { V2OrganizationSourceIamPolicyArgs, V2OrganizationSourceIamPolicyState } from "./v2organizationSourceIamPolicy"; +export type V2OrganizationSourceIamPolicy = import("./v2organizationSourceIamPolicy").V2OrganizationSourceIamPolicy; +export const V2OrganizationSourceIamPolicy: typeof import("./v2organizationSourceIamPolicy").V2OrganizationSourceIamPolicy = null as any; +utilities.lazyLoad(exports, ["V2OrganizationSourceIamPolicy"], () => require("./v2organizationSourceIamPolicy")); + +export { V2ProjectMuteConfigArgs, V2ProjectMuteConfigState } from "./v2projectMuteConfig"; +export type V2ProjectMuteConfig = import("./v2projectMuteConfig").V2ProjectMuteConfig; +export const V2ProjectMuteConfig: typeof import("./v2projectMuteConfig").V2ProjectMuteConfig = null as any; +utilities.lazyLoad(exports, ["V2ProjectMuteConfig"], () => require("./v2projectMuteConfig")); + +export { V2ProjectNotificationConfigArgs, V2ProjectNotificationConfigState } from "./v2projectNotificationConfig"; +export type V2ProjectNotificationConfig = import("./v2projectNotificationConfig").V2ProjectNotificationConfig; +export const V2ProjectNotificationConfig: typeof import("./v2projectNotificationConfig").V2ProjectNotificationConfig = null as any; +utilities.lazyLoad(exports, ["V2ProjectNotificationConfig"], () => require("./v2projectNotificationConfig")); + const _module = { version: utilities.getVersion(), @@ -151,10 +191,24 @@ const _module = { return new SourceIamMember(name, undefined, { urn }) case "gcp:securitycenter/sourceIamPolicy:SourceIamPolicy": return new SourceIamPolicy(name, undefined, { urn }) + case "gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig": + return new V2FolderMuteConfig(name, undefined, { urn }) case "gcp:securitycenter/v2OrganizationMuteConfig:V2OrganizationMuteConfig": return new V2OrganizationMuteConfig(name, undefined, { urn }) case "gcp:securitycenter/v2OrganizationNotificationConfig:V2OrganizationNotificationConfig": return new V2OrganizationNotificationConfig(name, undefined, { urn }) + case "gcp:securitycenter/v2OrganizationSource:V2OrganizationSource": + return new V2OrganizationSource(name, undefined, { urn }) + case "gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding": + return new V2OrganizationSourceIamBinding(name, undefined, { urn }) + case "gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember": + return new V2OrganizationSourceIamMember(name, undefined, { urn }) + case "gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy": + return new V2OrganizationSourceIamPolicy(name, undefined, { urn }) + case "gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig": + return new V2ProjectMuteConfig(name, undefined, { urn }) + case "gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig": + return new V2ProjectNotificationConfig(name, undefined, { urn }) default: throw new Error(`unknown resource type ${type}`); } @@ -178,5 +232,12 @@ pulumi.runtime.registerResourceModule("gcp", "securitycenter/source", _module) pulumi.runtime.registerResourceModule("gcp", "securitycenter/sourceIamBinding", _module) pulumi.runtime.registerResourceModule("gcp", "securitycenter/sourceIamMember", _module) pulumi.runtime.registerResourceModule("gcp", "securitycenter/sourceIamPolicy", _module) +pulumi.runtime.registerResourceModule("gcp", "securitycenter/v2FolderMuteConfig", _module) pulumi.runtime.registerResourceModule("gcp", "securitycenter/v2OrganizationMuteConfig", _module) pulumi.runtime.registerResourceModule("gcp", "securitycenter/v2OrganizationNotificationConfig", _module) +pulumi.runtime.registerResourceModule("gcp", "securitycenter/v2OrganizationSource", _module) +pulumi.runtime.registerResourceModule("gcp", "securitycenter/v2OrganizationSourceIamBinding", _module) +pulumi.runtime.registerResourceModule("gcp", "securitycenter/v2OrganizationSourceIamMember", _module) +pulumi.runtime.registerResourceModule("gcp", "securitycenter/v2OrganizationSourceIamPolicy", _module) +pulumi.runtime.registerResourceModule("gcp", "securitycenter/v2ProjectMuteConfig", _module) +pulumi.runtime.registerResourceModule("gcp", "securitycenter/v2ProjectNotificationConfig", _module) diff --git a/sdk/nodejs/securitycenter/v2folderMuteConfig.ts b/sdk/nodejs/securitycenter/v2folderMuteConfig.ts new file mode 100644 index 0000000000..cda3b62736 --- /dev/null +++ b/sdk/nodejs/securitycenter/v2folderMuteConfig.ts @@ -0,0 +1,293 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "../utilities"; + +/** + * Mute Findings is a volume management feature in Security Command Center + * that lets you manually or programmatically hide irrelevant findings, + * and create filters to automatically silence existing and future + * findings based on criteria you specify. + * + * To get more information about FolderMuteConfig, see: + * + * * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/folders.muteConfigs) + * + * ## Example Usage + * + * ### Scc V2 Folder Mute Config Basic + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const folder = new gcp.organizations.Folder("folder", { + * parent: "organizations/123456789", + * displayName: "folder-name", + * }); + * const _default = new gcp.securitycenter.V2FolderMuteConfig("default", { + * muteConfigId: "my-config", + * folder: folder.folderId, + * location: "global", + * description: "My custom Cloud Security Command Center Finding Folder mute Configuration", + * filter: "severity = \"HIGH\"", + * type: "STATIC", + * }); + * ``` + * + * ## Import + * + * FolderMuteConfig can be imported using any of these accepted formats: + * + * * `folders/{{folder}}/locations/{{location}}/muteConfigs/{{mute_config_id}}` + * + * * `{{folder}}/{{location}}/{{mute_config_id}}` + * + * When using the `pulumi import` command, FolderMuteConfig can be imported using one of the formats above. For example: + * + * ```sh + * $ pulumi import gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig default folders/{{folder}}/locations/{{location}}/muteConfigs/{{mute_config_id}} + * ``` + * + * ```sh + * $ pulumi import gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig default {{folder}}/{{location}}/{{mute_config_id}} + * ``` + */ +export class V2FolderMuteConfig extends pulumi.CustomResource { + /** + * Get an existing V2FolderMuteConfig resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: V2FolderMuteConfigState, opts?: pulumi.CustomResourceOptions): V2FolderMuteConfig { + return new V2FolderMuteConfig(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig'; + + /** + * Returns true if the given object is an instance of V2FolderMuteConfig. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is V2FolderMuteConfig { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === V2FolderMuteConfig.__pulumiType; + } + + /** + * The time at which the mute config was created. This field is set by + * the server and will be ignored if provided on config creation. + */ + public /*out*/ readonly createTime!: pulumi.Output; + /** + * A description of the mute config. + */ + public readonly description!: pulumi.Output; + /** + * An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + */ + public readonly filter!: pulumi.Output; + /** + * The folder whose Cloud Security Command Center the Mute + * Config lives in. + */ + public readonly folder!: pulumi.Output; + /** + * location Id is provided by folder. If not provided, Use global as default. + */ + public readonly location!: pulumi.Output; + /** + * Email address of the user who last edited the mute config. This + * field is set by the server and will be ignored if provided on + * config creation or update. + */ + public /*out*/ readonly mostRecentEditor!: pulumi.Output; + /** + * Unique identifier provided by the client within the parent scope. + * + * + * - - - + */ + public readonly muteConfigId!: pulumi.Output; + /** + * Name of the mute config. Its format is + * organizations/{organization}/locations/global/muteConfigs/{configId}, + * folders/{folder}/locations/global/muteConfigs/{configId}, + * or projects/{project}/locations/global/muteConfigs/{configId} + */ + public /*out*/ readonly name!: pulumi.Output; + /** + * The type of the mute config. + */ + public readonly type!: pulumi.Output; + /** + * Output only. The most recent time at which the mute config was + * updated. This field is set by the server and will be ignored if + * provided on config creation or update. + */ + public /*out*/ readonly updateTime!: pulumi.Output; + + /** + * Create a V2FolderMuteConfig resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: V2FolderMuteConfigArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: V2FolderMuteConfigArgs | V2FolderMuteConfigState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as V2FolderMuteConfigState | undefined; + resourceInputs["createTime"] = state ? state.createTime : undefined; + resourceInputs["description"] = state ? state.description : undefined; + resourceInputs["filter"] = state ? state.filter : undefined; + resourceInputs["folder"] = state ? state.folder : undefined; + resourceInputs["location"] = state ? state.location : undefined; + resourceInputs["mostRecentEditor"] = state ? state.mostRecentEditor : undefined; + resourceInputs["muteConfigId"] = state ? state.muteConfigId : undefined; + resourceInputs["name"] = state ? state.name : undefined; + resourceInputs["type"] = state ? state.type : undefined; + resourceInputs["updateTime"] = state ? state.updateTime : undefined; + } else { + const args = argsOrState as V2FolderMuteConfigArgs | undefined; + if ((!args || args.filter === undefined) && !opts.urn) { + throw new Error("Missing required property 'filter'"); + } + if ((!args || args.folder === undefined) && !opts.urn) { + throw new Error("Missing required property 'folder'"); + } + if ((!args || args.muteConfigId === undefined) && !opts.urn) { + throw new Error("Missing required property 'muteConfigId'"); + } + if ((!args || args.type === undefined) && !opts.urn) { + throw new Error("Missing required property 'type'"); + } + resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["filter"] = args ? args.filter : undefined; + resourceInputs["folder"] = args ? args.folder : undefined; + resourceInputs["location"] = args ? args.location : undefined; + resourceInputs["muteConfigId"] = args ? args.muteConfigId : undefined; + resourceInputs["type"] = args ? args.type : undefined; + resourceInputs["createTime"] = undefined /*out*/; + resourceInputs["mostRecentEditor"] = undefined /*out*/; + resourceInputs["name"] = undefined /*out*/; + resourceInputs["updateTime"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(V2FolderMuteConfig.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering V2FolderMuteConfig resources. + */ +export interface V2FolderMuteConfigState { + /** + * The time at which the mute config was created. This field is set by + * the server and will be ignored if provided on config creation. + */ + createTime?: pulumi.Input; + /** + * A description of the mute config. + */ + description?: pulumi.Input; + /** + * An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + */ + filter?: pulumi.Input; + /** + * The folder whose Cloud Security Command Center the Mute + * Config lives in. + */ + folder?: pulumi.Input; + /** + * location Id is provided by folder. If not provided, Use global as default. + */ + location?: pulumi.Input; + /** + * Email address of the user who last edited the mute config. This + * field is set by the server and will be ignored if provided on + * config creation or update. + */ + mostRecentEditor?: pulumi.Input; + /** + * Unique identifier provided by the client within the parent scope. + * + * + * - - - + */ + muteConfigId?: pulumi.Input; + /** + * Name of the mute config. Its format is + * organizations/{organization}/locations/global/muteConfigs/{configId}, + * folders/{folder}/locations/global/muteConfigs/{configId}, + * or projects/{project}/locations/global/muteConfigs/{configId} + */ + name?: pulumi.Input; + /** + * The type of the mute config. + */ + type?: pulumi.Input; + /** + * Output only. The most recent time at which the mute config was + * updated. This field is set by the server and will be ignored if + * provided on config creation or update. + */ + updateTime?: pulumi.Input; +} + +/** + * The set of arguments for constructing a V2FolderMuteConfig resource. + */ +export interface V2FolderMuteConfigArgs { + /** + * A description of the mute config. + */ + description?: pulumi.Input; + /** + * An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + */ + filter: pulumi.Input; + /** + * The folder whose Cloud Security Command Center the Mute + * Config lives in. + */ + folder: pulumi.Input; + /** + * location Id is provided by folder. If not provided, Use global as default. + */ + location?: pulumi.Input; + /** + * Unique identifier provided by the client within the parent scope. + * + * + * - - - + */ + muteConfigId: pulumi.Input; + /** + * The type of the mute config. + */ + type: pulumi.Input; +} diff --git a/sdk/nodejs/securitycenter/v2organizationSource.ts b/sdk/nodejs/securitycenter/v2organizationSource.ts new file mode 100644 index 0000000000..b06c07cb08 --- /dev/null +++ b/sdk/nodejs/securitycenter/v2organizationSource.ts @@ -0,0 +1,196 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "../utilities"; + +/** + * A Cloud Security Command Center's (Cloud SCC) finding source. A finding + * source is an entity or a mechanism that can produce a finding. A source is + * like a container of findings that come from the same scanner, logger, + * monitor, etc. + * + * To get more information about OrganizationSource, see: + * + * * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/organizations.sources) + * * How-to Guides + * * [Official Documentation](https://cloud.google.com/security-command-center/docs) + * + * ## Example Usage + * + * ### Scc Source Basic + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const customSource = new gcp.securitycenter.Source("custom_source", { + * displayName: "My Source", + * organization: "123456789", + * description: "My custom Cloud Security Command Center Finding Source", + * }); + * ``` + * + * ## Import + * + * OrganizationSource can be imported using any of these accepted formats: + * + * * `organizations/{{organization}}/sources/{{name}}` + * + * * `{{organization}}/{{name}}` + * + * When using the `pulumi import` command, OrganizationSource can be imported using one of the formats above. For example: + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSource:V2OrganizationSource default organizations/{{organization}}/sources/{{name}} + * ``` + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSource:V2OrganizationSource default {{organization}}/{{name}} + * ``` + */ +export class V2OrganizationSource extends pulumi.CustomResource { + /** + * Get an existing V2OrganizationSource resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: V2OrganizationSourceState, opts?: pulumi.CustomResourceOptions): V2OrganizationSource { + return new V2OrganizationSource(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'gcp:securitycenter/v2OrganizationSource:V2OrganizationSource'; + + /** + * Returns true if the given object is an instance of V2OrganizationSource. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is V2OrganizationSource { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === V2OrganizationSource.__pulumiType; + } + + /** + * The description of the source (max of 1024 characters). + */ + public readonly description!: pulumi.Output; + /** + * The source’s display name. A source’s display name must be unique + * amongst its siblings, for example, two sources with the same parent + * can't share the same display name. The display name must start and end + * with a letter or digit, may contain letters, digits, spaces, hyphens, + * and underscores, and can be no longer than 32 characters. + */ + public readonly displayName!: pulumi.Output; + /** + * The resource name of this source, in the format + * `organizations/{{organization}}/sources/{{source}}`. + */ + public /*out*/ readonly name!: pulumi.Output; + /** + * The organization whose Cloud Security Command Center the Source + * lives in. + * + * + * - - - + */ + public readonly organization!: pulumi.Output; + + /** + * Create a V2OrganizationSource resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: V2OrganizationSourceArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: V2OrganizationSourceArgs | V2OrganizationSourceState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as V2OrganizationSourceState | undefined; + resourceInputs["description"] = state ? state.description : undefined; + resourceInputs["displayName"] = state ? state.displayName : undefined; + resourceInputs["name"] = state ? state.name : undefined; + resourceInputs["organization"] = state ? state.organization : undefined; + } else { + const args = argsOrState as V2OrganizationSourceArgs | undefined; + if ((!args || args.displayName === undefined) && !opts.urn) { + throw new Error("Missing required property 'displayName'"); + } + if ((!args || args.organization === undefined) && !opts.urn) { + throw new Error("Missing required property 'organization'"); + } + resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["displayName"] = args ? args.displayName : undefined; + resourceInputs["organization"] = args ? args.organization : undefined; + resourceInputs["name"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(V2OrganizationSource.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering V2OrganizationSource resources. + */ +export interface V2OrganizationSourceState { + /** + * The description of the source (max of 1024 characters). + */ + description?: pulumi.Input; + /** + * The source’s display name. A source’s display name must be unique + * amongst its siblings, for example, two sources with the same parent + * can't share the same display name. The display name must start and end + * with a letter or digit, may contain letters, digits, spaces, hyphens, + * and underscores, and can be no longer than 32 characters. + */ + displayName?: pulumi.Input; + /** + * The resource name of this source, in the format + * `organizations/{{organization}}/sources/{{source}}`. + */ + name?: pulumi.Input; + /** + * The organization whose Cloud Security Command Center the Source + * lives in. + * + * + * - - - + */ + organization?: pulumi.Input; +} + +/** + * The set of arguments for constructing a V2OrganizationSource resource. + */ +export interface V2OrganizationSourceArgs { + /** + * The description of the source (max of 1024 characters). + */ + description?: pulumi.Input; + /** + * The source’s display name. A source’s display name must be unique + * amongst its siblings, for example, two sources with the same parent + * can't share the same display name. The display name must start and end + * with a letter or digit, may contain letters, digits, spaces, hyphens, + * and underscores, and can be no longer than 32 characters. + */ + displayName: pulumi.Input; + /** + * The organization whose Cloud Security Command Center the Source + * lives in. + * + * + * - - - + */ + organization: pulumi.Input; +} diff --git a/sdk/nodejs/securitycenter/v2organizationSourceIamBinding.ts b/sdk/nodejs/securitycenter/v2organizationSourceIamBinding.ts new file mode 100644 index 0000000000..57ebca0b32 --- /dev/null +++ b/sdk/nodejs/securitycenter/v2organizationSourceIamBinding.ts @@ -0,0 +1,338 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../types/input"; +import * as outputs from "../types/output"; +import * as utilities from "../utilities"; + +/** + * Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * * `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * * `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + * + * ## gcp.securitycenter.V2OrganizationSourceIamPolicy + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy("policy", { + * source: customSource.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## gcp.securitycenter.V2OrganizationSourceIamBinding + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.securitycenter.V2OrganizationSourceIamBinding("binding", { + * source: customSource.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * ## gcp.securitycenter.V2OrganizationSourceIamMember + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.securitycenter.V2OrganizationSourceIamMember("member", { + * source: customSource.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + * + * full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + * --- + * + * # IAM policy for Security Command Center (SCC)v2 API OrganizationSource + * Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * * `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * * `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + * + * ## gcp.securitycenter.V2OrganizationSourceIamPolicy + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy("policy", { + * source: customSource.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## gcp.securitycenter.V2OrganizationSourceIamBinding + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.securitycenter.V2OrganizationSourceIamBinding("binding", { + * source: customSource.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * ## gcp.securitycenter.V2OrganizationSourceIamMember + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.securitycenter.V2OrganizationSourceIamMember("member", { + * source: customSource.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * ## Import + * + * For all import syntaxes, the "resource in question" can take any of the following forms: + * + * * organizations/{{organization}}/sources/{{source}} + * + * * {{organization}}/{{source}} + * + * * {{source}} + * + * Any variables not passed in the import command will be taken from the provider configuration. + * + * Security Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member. + * + * IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor "organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com" + * ``` + * + * IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor "organizations/{{organization}}/sources/{{source}} roles/viewer" + * ``` + * + * IAM policy imports use the identifier of the resource in question, e.g. + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor organizations/{{organization}}/sources/{{source}} + * ``` + * + * -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + * + * full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + */ +export class V2OrganizationSourceIamBinding extends pulumi.CustomResource { + /** + * Get an existing V2OrganizationSourceIamBinding resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: V2OrganizationSourceIamBindingState, opts?: pulumi.CustomResourceOptions): V2OrganizationSourceIamBinding { + return new V2OrganizationSourceIamBinding(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding'; + + /** + * Returns true if the given object is an instance of V2OrganizationSourceIamBinding. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is V2OrganizationSourceIamBinding { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === V2OrganizationSourceIamBinding.__pulumiType; + } + + public readonly condition!: pulumi.Output; + /** + * (Computed) The etag of the IAM policy. + */ + public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ + public readonly members!: pulumi.Output; + public readonly organization!: pulumi.Output; + /** + * The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + */ + public readonly role!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly source!: pulumi.Output; + + /** + * Create a V2OrganizationSourceIamBinding resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: V2OrganizationSourceIamBindingArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: V2OrganizationSourceIamBindingArgs | V2OrganizationSourceIamBindingState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as V2OrganizationSourceIamBindingState | undefined; + resourceInputs["condition"] = state ? state.condition : undefined; + resourceInputs["etag"] = state ? state.etag : undefined; + resourceInputs["members"] = state ? state.members : undefined; + resourceInputs["organization"] = state ? state.organization : undefined; + resourceInputs["role"] = state ? state.role : undefined; + resourceInputs["source"] = state ? state.source : undefined; + } else { + const args = argsOrState as V2OrganizationSourceIamBindingArgs | undefined; + if ((!args || args.members === undefined) && !opts.urn) { + throw new Error("Missing required property 'members'"); + } + if ((!args || args.organization === undefined) && !opts.urn) { + throw new Error("Missing required property 'organization'"); + } + if ((!args || args.role === undefined) && !opts.urn) { + throw new Error("Missing required property 'role'"); + } + if ((!args || args.source === undefined) && !opts.urn) { + throw new Error("Missing required property 'source'"); + } + resourceInputs["condition"] = args ? args.condition : undefined; + resourceInputs["members"] = args ? args.members : undefined; + resourceInputs["organization"] = args ? args.organization : undefined; + resourceInputs["role"] = args ? args.role : undefined; + resourceInputs["source"] = args ? args.source : undefined; + resourceInputs["etag"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(V2OrganizationSourceIamBinding.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering V2OrganizationSourceIamBinding resources. + */ +export interface V2OrganizationSourceIamBindingState { + condition?: pulumi.Input; + /** + * (Computed) The etag of the IAM policy. + */ + etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ + members?: pulumi.Input[]>; + organization?: pulumi.Input; + /** + * The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + */ + role?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + source?: pulumi.Input; +} + +/** + * The set of arguments for constructing a V2OrganizationSourceIamBinding resource. + */ +export interface V2OrganizationSourceIamBindingArgs { + condition?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ + members: pulumi.Input[]>; + organization: pulumi.Input; + /** + * The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + */ + role: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + source: pulumi.Input; +} diff --git a/sdk/nodejs/securitycenter/v2organizationSourceIamMember.ts b/sdk/nodejs/securitycenter/v2organizationSourceIamMember.ts new file mode 100644 index 0000000000..74fb151d54 --- /dev/null +++ b/sdk/nodejs/securitycenter/v2organizationSourceIamMember.ts @@ -0,0 +1,338 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../types/input"; +import * as outputs from "../types/output"; +import * as utilities from "../utilities"; + +/** + * Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * * `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * * `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + * + * ## gcp.securitycenter.V2OrganizationSourceIamPolicy + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy("policy", { + * source: customSource.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## gcp.securitycenter.V2OrganizationSourceIamBinding + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.securitycenter.V2OrganizationSourceIamBinding("binding", { + * source: customSource.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * ## gcp.securitycenter.V2OrganizationSourceIamMember + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.securitycenter.V2OrganizationSourceIamMember("member", { + * source: customSource.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + * + * full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + * --- + * + * # IAM policy for Security Command Center (SCC)v2 API OrganizationSource + * Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * * `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * * `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + * + * ## gcp.securitycenter.V2OrganizationSourceIamPolicy + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy("policy", { + * source: customSource.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## gcp.securitycenter.V2OrganizationSourceIamBinding + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.securitycenter.V2OrganizationSourceIamBinding("binding", { + * source: customSource.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * ## gcp.securitycenter.V2OrganizationSourceIamMember + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.securitycenter.V2OrganizationSourceIamMember("member", { + * source: customSource.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * ## Import + * + * For all import syntaxes, the "resource in question" can take any of the following forms: + * + * * organizations/{{organization}}/sources/{{source}} + * + * * {{organization}}/{{source}} + * + * * {{source}} + * + * Any variables not passed in the import command will be taken from the provider configuration. + * + * Security Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member. + * + * IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor "organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com" + * ``` + * + * IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor "organizations/{{organization}}/sources/{{source}} roles/viewer" + * ``` + * + * IAM policy imports use the identifier of the resource in question, e.g. + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor organizations/{{organization}}/sources/{{source}} + * ``` + * + * -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + * + * full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + */ +export class V2OrganizationSourceIamMember extends pulumi.CustomResource { + /** + * Get an existing V2OrganizationSourceIamMember resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: V2OrganizationSourceIamMemberState, opts?: pulumi.CustomResourceOptions): V2OrganizationSourceIamMember { + return new V2OrganizationSourceIamMember(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember'; + + /** + * Returns true if the given object is an instance of V2OrganizationSourceIamMember. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is V2OrganizationSourceIamMember { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === V2OrganizationSourceIamMember.__pulumiType; + } + + public readonly condition!: pulumi.Output; + /** + * (Computed) The etag of the IAM policy. + */ + public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ + public readonly member!: pulumi.Output; + public readonly organization!: pulumi.Output; + /** + * The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + */ + public readonly role!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly source!: pulumi.Output; + + /** + * Create a V2OrganizationSourceIamMember resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: V2OrganizationSourceIamMemberArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: V2OrganizationSourceIamMemberArgs | V2OrganizationSourceIamMemberState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as V2OrganizationSourceIamMemberState | undefined; + resourceInputs["condition"] = state ? state.condition : undefined; + resourceInputs["etag"] = state ? state.etag : undefined; + resourceInputs["member"] = state ? state.member : undefined; + resourceInputs["organization"] = state ? state.organization : undefined; + resourceInputs["role"] = state ? state.role : undefined; + resourceInputs["source"] = state ? state.source : undefined; + } else { + const args = argsOrState as V2OrganizationSourceIamMemberArgs | undefined; + if ((!args || args.member === undefined) && !opts.urn) { + throw new Error("Missing required property 'member'"); + } + if ((!args || args.organization === undefined) && !opts.urn) { + throw new Error("Missing required property 'organization'"); + } + if ((!args || args.role === undefined) && !opts.urn) { + throw new Error("Missing required property 'role'"); + } + if ((!args || args.source === undefined) && !opts.urn) { + throw new Error("Missing required property 'source'"); + } + resourceInputs["condition"] = args ? args.condition : undefined; + resourceInputs["member"] = args ? args.member : undefined; + resourceInputs["organization"] = args ? args.organization : undefined; + resourceInputs["role"] = args ? args.role : undefined; + resourceInputs["source"] = args ? args.source : undefined; + resourceInputs["etag"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(V2OrganizationSourceIamMember.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering V2OrganizationSourceIamMember resources. + */ +export interface V2OrganizationSourceIamMemberState { + condition?: pulumi.Input; + /** + * (Computed) The etag of the IAM policy. + */ + etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ + member?: pulumi.Input; + organization?: pulumi.Input; + /** + * The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + */ + role?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + source?: pulumi.Input; +} + +/** + * The set of arguments for constructing a V2OrganizationSourceIamMember resource. + */ +export interface V2OrganizationSourceIamMemberArgs { + condition?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ + member: pulumi.Input; + organization: pulumi.Input; + /** + * The role that should be applied. Only one + * `gcp.securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + */ + role: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + source: pulumi.Input; +} diff --git a/sdk/nodejs/securitycenter/v2organizationSourceIamPolicy.ts b/sdk/nodejs/securitycenter/v2organizationSourceIamPolicy.ts new file mode 100644 index 0000000000..8e1bee1817 --- /dev/null +++ b/sdk/nodejs/securitycenter/v2organizationSourceIamPolicy.ts @@ -0,0 +1,281 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "../utilities"; + +/** + * Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * * `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * * `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + * + * ## gcp.securitycenter.V2OrganizationSourceIamPolicy + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy("policy", { + * source: customSource.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## gcp.securitycenter.V2OrganizationSourceIamBinding + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.securitycenter.V2OrganizationSourceIamBinding("binding", { + * source: customSource.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * ## gcp.securitycenter.V2OrganizationSourceIamMember + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.securitycenter.V2OrganizationSourceIamMember("member", { + * source: customSource.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + * + * full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + * --- + * + * # IAM policy for Security Command Center (SCC)v2 API OrganizationSource + * Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * * `gcp.securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * * `gcp.securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + * + * A data source can be used to retrieve policy data in advent you do not need creation + * + * * `gcp.securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamBinding` and `gcp.securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + * + * > **Note:** `gcp.securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `gcp.securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + * + * ## gcp.securitycenter.V2OrganizationSourceIamPolicy + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.securitycenter.V2OrganizationSourceIamPolicy("policy", { + * source: customSource.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## gcp.securitycenter.V2OrganizationSourceIamBinding + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.securitycenter.V2OrganizationSourceIamBinding("binding", { + * source: customSource.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * ## gcp.securitycenter.V2OrganizationSourceIamMember + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.securitycenter.V2OrganizationSourceIamMember("member", { + * source: customSource.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * ## Import + * + * For all import syntaxes, the "resource in question" can take any of the following forms: + * + * * organizations/{{organization}}/sources/{{source}} + * + * * {{organization}}/{{source}} + * + * * {{source}} + * + * Any variables not passed in the import command will be taken from the provider configuration. + * + * Security Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member. + * + * IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor "organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com" + * ``` + * + * IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor "organizations/{{organization}}/sources/{{source}} roles/viewer" + * ``` + * + * IAM policy imports use the identifier of the resource in question, e.g. + * + * ```sh + * $ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor organizations/{{organization}}/sources/{{source}} + * ``` + * + * -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + * + * full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + */ +export class V2OrganizationSourceIamPolicy extends pulumi.CustomResource { + /** + * Get an existing V2OrganizationSourceIamPolicy resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: V2OrganizationSourceIamPolicyState, opts?: pulumi.CustomResourceOptions): V2OrganizationSourceIamPolicy { + return new V2OrganizationSourceIamPolicy(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy'; + + /** + * Returns true if the given object is an instance of V2OrganizationSourceIamPolicy. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is V2OrganizationSourceIamPolicy { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === V2OrganizationSourceIamPolicy.__pulumiType; + } + + /** + * (Computed) The etag of the IAM policy. + */ + public /*out*/ readonly etag!: pulumi.Output; + public readonly organization!: pulumi.Output; + /** + * The policy data generated by + * a `gcp.organizations.getIAMPolicy` data source. + */ + public readonly policyData!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly source!: pulumi.Output; + + /** + * Create a V2OrganizationSourceIamPolicy resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: V2OrganizationSourceIamPolicyArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: V2OrganizationSourceIamPolicyArgs | V2OrganizationSourceIamPolicyState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as V2OrganizationSourceIamPolicyState | undefined; + resourceInputs["etag"] = state ? state.etag : undefined; + resourceInputs["organization"] = state ? state.organization : undefined; + resourceInputs["policyData"] = state ? state.policyData : undefined; + resourceInputs["source"] = state ? state.source : undefined; + } else { + const args = argsOrState as V2OrganizationSourceIamPolicyArgs | undefined; + if ((!args || args.organization === undefined) && !opts.urn) { + throw new Error("Missing required property 'organization'"); + } + if ((!args || args.policyData === undefined) && !opts.urn) { + throw new Error("Missing required property 'policyData'"); + } + if ((!args || args.source === undefined) && !opts.urn) { + throw new Error("Missing required property 'source'"); + } + resourceInputs["organization"] = args ? args.organization : undefined; + resourceInputs["policyData"] = args ? args.policyData : undefined; + resourceInputs["source"] = args ? args.source : undefined; + resourceInputs["etag"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(V2OrganizationSourceIamPolicy.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering V2OrganizationSourceIamPolicy resources. + */ +export interface V2OrganizationSourceIamPolicyState { + /** + * (Computed) The etag of the IAM policy. + */ + etag?: pulumi.Input; + organization?: pulumi.Input; + /** + * The policy data generated by + * a `gcp.organizations.getIAMPolicy` data source. + */ + policyData?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + source?: pulumi.Input; +} + +/** + * The set of arguments for constructing a V2OrganizationSourceIamPolicy resource. + */ +export interface V2OrganizationSourceIamPolicyArgs { + organization: pulumi.Input; + /** + * The policy data generated by + * a `gcp.organizations.getIAMPolicy` data source. + */ + policyData: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + source: pulumi.Input; +} diff --git a/sdk/nodejs/securitycenter/v2projectMuteConfig.ts b/sdk/nodejs/securitycenter/v2projectMuteConfig.ts new file mode 100644 index 0000000000..917564923e --- /dev/null +++ b/sdk/nodejs/securitycenter/v2projectMuteConfig.ts @@ -0,0 +1,292 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "../utilities"; + +/** + * Mute Findings is a volume management feature in Security Command Center + * that lets you manually or programmatically hide irrelevant findings, + * and create filters to automatically silence existing and future + * findings based on criteria you specify. + * + * To get more information about ProjectMuteConfig, see: + * + * * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/projects.muteConfigs) + * + * ## Example Usage + * + * ### Scc V2 Project Mute Config Basic + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const _default = new gcp.securitycenter.V2ProjectMuteConfig("default", { + * muteConfigId: "my-config", + * project: "", + * location: "global", + * description: "My custom Cloud Security Command Center Finding Project mute Configuration", + * filter: "severity = \"HIGH\"", + * type: "STATIC", + * }); + * ``` + * + * ## Import + * + * ProjectMuteConfig can be imported using any of these accepted formats: + * + * * `projects/{{project}}/locations/{{location}}/muteConfigs/{{mute_config_id}}` + * + * * `{{project}}/{{location}}/{{mute_config_id}}` + * + * * `{{location}}/{{mute_config_id}}` + * + * When using the `pulumi import` command, ProjectMuteConfig can be imported using one of the formats above. For example: + * + * ```sh + * $ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default projects/{{project}}/locations/{{location}}/muteConfigs/{{mute_config_id}} + * ``` + * + * ```sh + * $ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default {{project}}/{{location}}/{{mute_config_id}} + * ``` + * + * ```sh + * $ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default {{location}}/{{mute_config_id}} + * ``` + */ +export class V2ProjectMuteConfig extends pulumi.CustomResource { + /** + * Get an existing V2ProjectMuteConfig resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: V2ProjectMuteConfigState, opts?: pulumi.CustomResourceOptions): V2ProjectMuteConfig { + return new V2ProjectMuteConfig(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig'; + + /** + * Returns true if the given object is an instance of V2ProjectMuteConfig. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is V2ProjectMuteConfig { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === V2ProjectMuteConfig.__pulumiType; + } + + /** + * The time at which the mute config was created. This field is set by + * the server and will be ignored if provided on config creation. + */ + public /*out*/ readonly createTime!: pulumi.Output; + /** + * A description of the mute config. + */ + public readonly description!: pulumi.Output; + /** + * An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + */ + public readonly filter!: pulumi.Output; + /** + * location Id is provided by project. If not provided, Use global as default. + */ + public readonly location!: pulumi.Output; + /** + * Email address of the user who last edited the mute config. This + * field is set by the server and will be ignored if provided on + * config creation or update. + */ + public /*out*/ readonly mostRecentEditor!: pulumi.Output; + /** + * Unique identifier provided by the client within the parent scope. + * + * + * - - - + */ + public readonly muteConfigId!: pulumi.Output; + /** + * Name of the mute config. Its format is + * projects/{project}/locations/global/muteConfigs/{configId}, + * folders/{folder}/locations/global/muteConfigs/{configId}, + * or organizations/{organization}/locations/global/muteConfigs/{configId} + */ + public /*out*/ readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + */ + public readonly project!: pulumi.Output; + /** + * The type of the mute config. + */ + public readonly type!: pulumi.Output; + /** + * Output only. The most recent time at which the mute config was + * updated. This field is set by the server and will be ignored if + * provided on config creation or update. + */ + public /*out*/ readonly updateTime!: pulumi.Output; + + /** + * Create a V2ProjectMuteConfig resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: V2ProjectMuteConfigArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: V2ProjectMuteConfigArgs | V2ProjectMuteConfigState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as V2ProjectMuteConfigState | undefined; + resourceInputs["createTime"] = state ? state.createTime : undefined; + resourceInputs["description"] = state ? state.description : undefined; + resourceInputs["filter"] = state ? state.filter : undefined; + resourceInputs["location"] = state ? state.location : undefined; + resourceInputs["mostRecentEditor"] = state ? state.mostRecentEditor : undefined; + resourceInputs["muteConfigId"] = state ? state.muteConfigId : undefined; + resourceInputs["name"] = state ? state.name : undefined; + resourceInputs["project"] = state ? state.project : undefined; + resourceInputs["type"] = state ? state.type : undefined; + resourceInputs["updateTime"] = state ? state.updateTime : undefined; + } else { + const args = argsOrState as V2ProjectMuteConfigArgs | undefined; + if ((!args || args.filter === undefined) && !opts.urn) { + throw new Error("Missing required property 'filter'"); + } + if ((!args || args.muteConfigId === undefined) && !opts.urn) { + throw new Error("Missing required property 'muteConfigId'"); + } + if ((!args || args.type === undefined) && !opts.urn) { + throw new Error("Missing required property 'type'"); + } + resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["filter"] = args ? args.filter : undefined; + resourceInputs["location"] = args ? args.location : undefined; + resourceInputs["muteConfigId"] = args ? args.muteConfigId : undefined; + resourceInputs["project"] = args ? args.project : undefined; + resourceInputs["type"] = args ? args.type : undefined; + resourceInputs["createTime"] = undefined /*out*/; + resourceInputs["mostRecentEditor"] = undefined /*out*/; + resourceInputs["name"] = undefined /*out*/; + resourceInputs["updateTime"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(V2ProjectMuteConfig.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering V2ProjectMuteConfig resources. + */ +export interface V2ProjectMuteConfigState { + /** + * The time at which the mute config was created. This field is set by + * the server and will be ignored if provided on config creation. + */ + createTime?: pulumi.Input; + /** + * A description of the mute config. + */ + description?: pulumi.Input; + /** + * An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + */ + filter?: pulumi.Input; + /** + * location Id is provided by project. If not provided, Use global as default. + */ + location?: pulumi.Input; + /** + * Email address of the user who last edited the mute config. This + * field is set by the server and will be ignored if provided on + * config creation or update. + */ + mostRecentEditor?: pulumi.Input; + /** + * Unique identifier provided by the client within the parent scope. + * + * + * - - - + */ + muteConfigId?: pulumi.Input; + /** + * Name of the mute config. Its format is + * projects/{project}/locations/global/muteConfigs/{configId}, + * folders/{folder}/locations/global/muteConfigs/{configId}, + * or organizations/{organization}/locations/global/muteConfigs/{configId} + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + */ + project?: pulumi.Input; + /** + * The type of the mute config. + */ + type?: pulumi.Input; + /** + * Output only. The most recent time at which the mute config was + * updated. This field is set by the server and will be ignored if + * provided on config creation or update. + */ + updateTime?: pulumi.Input; +} + +/** + * The set of arguments for constructing a V2ProjectMuteConfig resource. + */ +export interface V2ProjectMuteConfigArgs { + /** + * A description of the mute config. + */ + description?: pulumi.Input; + /** + * An expression that defines the filter to apply across create/update + * events of findings. While creating a filter string, be mindful of + * the scope in which the mute configuration is being created. E.g., + * If a filter contains project = X but is created under the + * project = Y scope, it might not match any findings. + */ + filter: pulumi.Input; + /** + * location Id is provided by project. If not provided, Use global as default. + */ + location?: pulumi.Input; + /** + * Unique identifier provided by the client within the parent scope. + * + * + * - - - + */ + muteConfigId: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + */ + project?: pulumi.Input; + /** + * The type of the mute config. + */ + type: pulumi.Input; +} diff --git a/sdk/nodejs/securitycenter/v2projectNotificationConfig.ts b/sdk/nodejs/securitycenter/v2projectNotificationConfig.ts new file mode 100644 index 0000000000..06f9e092a1 --- /dev/null +++ b/sdk/nodejs/securitycenter/v2projectNotificationConfig.ts @@ -0,0 +1,237 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../types/input"; +import * as outputs from "../types/output"; +import * as utilities from "../utilities"; + +/** + * A Cloud Security Command Center (Cloud SCC) notification configs. A + * notification config is a Cloud SCC resource that contains the + * configuration to send notifications for create/update events of + * findings, assets and etc. + * > **Note:** In order to use Cloud SCC resources, your organization must be enrolled + * in [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center). + * Without doing so, you may run into errors during resource creation. + * + * To get more information about ProjectNotificationConfig, see: + * + * * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/projects.locations.notificationConfigs) + * * How-to Guides + * * [Official Documentation](https://cloud.google.com/security-command-center/docs) + * + * ## Example Usage + * + * ### Scc V2 Project Notification Config Basic + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const sccV2ProjectNotification = new gcp.pubsub.Topic("scc_v2_project_notification", {name: "my-topic"}); + * const customNotificationConfig = new gcp.securitycenter.V2ProjectNotificationConfig("custom_notification_config", { + * configId: "my-config", + * project: "my-project-name", + * location: "global", + * description: "My custom Cloud Security Command Center Finding Notification Configuration", + * pubsubTopic: sccV2ProjectNotification.id, + * streamingConfig: { + * filter: "category = \"OPEN_FIREWALL\" AND state = \"ACTIVE\"", + * }, + * }); + * ``` + * + * ## Import + * + * ProjectNotificationConfig can be imported using any of these accepted formats: + * + * * `projects/{{project}}/locations/{{location}}/notificationConfigs/{{config_id}}` + * + * * `{{project}}/{{location}}/{{config_id}}` + * + * * `{{location}}/{{config_id}}` + * + * When using the `pulumi import` command, ProjectNotificationConfig can be imported using one of the formats above. For example: + * + * ```sh + * $ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default projects/{{project}}/locations/{{location}}/notificationConfigs/{{config_id}} + * ``` + * + * ```sh + * $ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default {{project}}/{{location}}/{{config_id}} + * ``` + * + * ```sh + * $ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default {{location}}/{{config_id}} + * ``` + */ +export class V2ProjectNotificationConfig extends pulumi.CustomResource { + /** + * Get an existing V2ProjectNotificationConfig resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: V2ProjectNotificationConfigState, opts?: pulumi.CustomResourceOptions): V2ProjectNotificationConfig { + return new V2ProjectNotificationConfig(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig'; + + /** + * Returns true if the given object is an instance of V2ProjectNotificationConfig. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is V2ProjectNotificationConfig { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === V2ProjectNotificationConfig.__pulumiType; + } + + /** + * This must be unique within the project. + */ + public readonly configId!: pulumi.Output; + /** + * The description of the notification config (max of 1024 characters). + */ + public readonly description!: pulumi.Output; + /** + * Location ID of the parent organization. Only global is supported at the moment. + */ + public readonly location!: pulumi.Output; + /** + * The resource name of this notification config, in the format + * `projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}`. + */ + public /*out*/ readonly name!: pulumi.Output; + public readonly project!: pulumi.Output; + /** + * The Pub/Sub topic to send notifications to. Its format is "projects/[projectId]/topics/[topic]". + */ + public readonly pubsubTopic!: pulumi.Output; + /** + * The service account that needs "pubsub.topics.publish" permission to + * publish to the Pub/Sub topic. + */ + public /*out*/ readonly serviceAccount!: pulumi.Output; + /** + * The config for triggering streaming-based notifications. + * Structure is documented below. + */ + public readonly streamingConfig!: pulumi.Output; + + /** + * Create a V2ProjectNotificationConfig resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: V2ProjectNotificationConfigArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: V2ProjectNotificationConfigArgs | V2ProjectNotificationConfigState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as V2ProjectNotificationConfigState | undefined; + resourceInputs["configId"] = state ? state.configId : undefined; + resourceInputs["description"] = state ? state.description : undefined; + resourceInputs["location"] = state ? state.location : undefined; + resourceInputs["name"] = state ? state.name : undefined; + resourceInputs["project"] = state ? state.project : undefined; + resourceInputs["pubsubTopic"] = state ? state.pubsubTopic : undefined; + resourceInputs["serviceAccount"] = state ? state.serviceAccount : undefined; + resourceInputs["streamingConfig"] = state ? state.streamingConfig : undefined; + } else { + const args = argsOrState as V2ProjectNotificationConfigArgs | undefined; + if ((!args || args.configId === undefined) && !opts.urn) { + throw new Error("Missing required property 'configId'"); + } + if ((!args || args.streamingConfig === undefined) && !opts.urn) { + throw new Error("Missing required property 'streamingConfig'"); + } + resourceInputs["configId"] = args ? args.configId : undefined; + resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["location"] = args ? args.location : undefined; + resourceInputs["project"] = args ? args.project : undefined; + resourceInputs["pubsubTopic"] = args ? args.pubsubTopic : undefined; + resourceInputs["streamingConfig"] = args ? args.streamingConfig : undefined; + resourceInputs["name"] = undefined /*out*/; + resourceInputs["serviceAccount"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(V2ProjectNotificationConfig.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering V2ProjectNotificationConfig resources. + */ +export interface V2ProjectNotificationConfigState { + /** + * This must be unique within the project. + */ + configId?: pulumi.Input; + /** + * The description of the notification config (max of 1024 characters). + */ + description?: pulumi.Input; + /** + * Location ID of the parent organization. Only global is supported at the moment. + */ + location?: pulumi.Input; + /** + * The resource name of this notification config, in the format + * `projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}`. + */ + name?: pulumi.Input; + project?: pulumi.Input; + /** + * The Pub/Sub topic to send notifications to. Its format is "projects/[projectId]/topics/[topic]". + */ + pubsubTopic?: pulumi.Input; + /** + * The service account that needs "pubsub.topics.publish" permission to + * publish to the Pub/Sub topic. + */ + serviceAccount?: pulumi.Input; + /** + * The config for triggering streaming-based notifications. + * Structure is documented below. + */ + streamingConfig?: pulumi.Input; +} + +/** + * The set of arguments for constructing a V2ProjectNotificationConfig resource. + */ +export interface V2ProjectNotificationConfigArgs { + /** + * This must be unique within the project. + */ + configId: pulumi.Input; + /** + * The description of the notification config (max of 1024 characters). + */ + description?: pulumi.Input; + /** + * Location ID of the parent organization. Only global is supported at the moment. + */ + location?: pulumi.Input; + project?: pulumi.Input; + /** + * The Pub/Sub topic to send notifications to. Its format is "projects/[projectId]/topics/[topic]". + */ + pubsubTopic?: pulumi.Input; + /** + * The config for triggering streaming-based notifications. + * Structure is documented below. + */ + streamingConfig: pulumi.Input; +} diff --git a/sdk/nodejs/spanner/instance.ts b/sdk/nodejs/spanner/instance.ts index c4793d8529..518f9e8c2b 100644 --- a/sdk/nodejs/spanner/instance.ts +++ b/sdk/nodejs/spanner/instance.ts @@ -186,7 +186,6 @@ export class Instance extends pulumi.CustomResource { * A unique identifier for the instance, which cannot be changed after * the instance is created. The name must be between 6 and 30 characters * in length. - * * If not provided, a random string starting with `tf-` will be selected. */ public readonly name!: pulumi.Output; @@ -310,7 +309,6 @@ export interface InstanceState { * A unique identifier for the instance, which cannot be changed after * the instance is created. The name must be between 6 and 30 characters * in length. - * * If not provided, a random string starting with `tf-` will be selected. */ name?: pulumi.Input; @@ -378,7 +376,6 @@ export interface InstanceArgs { * A unique identifier for the instance, which cannot be changed after * the instance is created. The name must be between 6 and 30 characters * in length. - * * If not provided, a random string starting with `tf-` will be selected. */ name?: pulumi.Input; diff --git a/sdk/nodejs/storage/bucketObject.ts b/sdk/nodejs/storage/bucketObject.ts index 1ca896b490..ae685122b6 100644 --- a/sdk/nodejs/storage/bucketObject.ts +++ b/sdk/nodejs/storage/bucketObject.ts @@ -117,6 +117,10 @@ export class BucketObject extends pulumi.CustomResource { * Whether an object is under [event-based hold](https://cloud.google.com/storage/docs/object-holds#hold-types). Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). */ public readonly eventBasedHold!: pulumi.Output; + /** + * (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + */ + public /*out*/ readonly generation!: pulumi.Output; /** * The resource name of the Cloud KMS key that will be used to [encrypt](https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys) the object. */ @@ -194,6 +198,7 @@ export class BucketObject extends pulumi.CustomResource { resourceInputs["customerEncryption"] = state ? state.customerEncryption : undefined; resourceInputs["detectMd5hash"] = state ? state.detectMd5hash : undefined; resourceInputs["eventBasedHold"] = state ? state.eventBasedHold : undefined; + resourceInputs["generation"] = state ? state.generation : undefined; resourceInputs["kmsKeyName"] = state ? state.kmsKeyName : undefined; resourceInputs["md5hash"] = state ? state.md5hash : undefined; resourceInputs["mediaLink"] = state ? state.mediaLink : undefined; @@ -228,6 +233,7 @@ export class BucketObject extends pulumi.CustomResource { resourceInputs["storageClass"] = args ? args.storageClass : undefined; resourceInputs["temporaryHold"] = args ? args.temporaryHold : undefined; resourceInputs["crc32c"] = undefined /*out*/; + resourceInputs["generation"] = undefined /*out*/; resourceInputs["md5hash"] = undefined /*out*/; resourceInputs["mediaLink"] = undefined /*out*/; resourceInputs["outputName"] = undefined /*out*/; @@ -287,6 +293,10 @@ export interface BucketObjectState { * Whether an object is under [event-based hold](https://cloud.google.com/storage/docs/object-holds#hold-types). Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). */ eventBasedHold?: pulumi.Input; + /** + * (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + */ + generation?: pulumi.Input; /** * The resource name of the Cloud KMS key that will be used to [encrypt](https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys) the object. */ diff --git a/sdk/nodejs/storage/getBucketObject.ts b/sdk/nodejs/storage/getBucketObject.ts index cc084265c1..e59bb16e43 100644 --- a/sdk/nodejs/storage/getBucketObject.ts +++ b/sdk/nodejs/storage/getBucketObject.ts @@ -87,6 +87,10 @@ export interface GetBucketObjectResult { * (Computed) Whether an object is under [event-based hold](https://cloud.google.com/storage/docs/object-holds#hold-types). Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). */ readonly eventBasedHold: boolean; + /** + * (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + */ + readonly generation: number; /** * The provider-assigned unique ID for this managed resource. */ diff --git a/sdk/nodejs/storage/getBucketObjectContent.ts b/sdk/nodejs/storage/getBucketObjectContent.ts index 95a8ef6e86..57acedf27b 100644 --- a/sdk/nodejs/storage/getBucketObjectContent.ts +++ b/sdk/nodejs/storage/getBucketObjectContent.ts @@ -75,6 +75,7 @@ export interface GetBucketObjectContentResult { readonly customerEncryptions: outputs.storage.GetBucketObjectContentCustomerEncryption[]; readonly detectMd5hash: string; readonly eventBasedHold: boolean; + readonly generation: number; /** * The provider-assigned unique ID for this managed resource. */ diff --git a/sdk/nodejs/storage/managedFolder.ts b/sdk/nodejs/storage/managedFolder.ts index 4d5efe77c2..ad3b9bdf70 100644 --- a/sdk/nodejs/storage/managedFolder.ts +++ b/sdk/nodejs/storage/managedFolder.ts @@ -39,6 +39,7 @@ import * as utilities from "../utilities"; * const folder = new gcp.storage.ManagedFolder("folder", { * bucket: bucket.name, * name: "managed/folder/name/", + * forceDestroy: true, * }); * ``` * @@ -96,6 +97,13 @@ export class ManagedFolder extends pulumi.CustomResource { * The timestamp at which this managed folder was created. */ public /*out*/ readonly createTime!: pulumi.Output; + /** + * Allows the deletion of a managed folder even if contains + * objects. If a non-empty managed folder is deleted, any objects + * within the folder will remain in a simulated folder with the + * same name. + */ + public readonly forceDestroy!: pulumi.Output; /** * The metadata generation of the managed folder. */ @@ -132,6 +140,7 @@ export class ManagedFolder extends pulumi.CustomResource { const state = argsOrState as ManagedFolderState | undefined; resourceInputs["bucket"] = state ? state.bucket : undefined; resourceInputs["createTime"] = state ? state.createTime : undefined; + resourceInputs["forceDestroy"] = state ? state.forceDestroy : undefined; resourceInputs["metageneration"] = state ? state.metageneration : undefined; resourceInputs["name"] = state ? state.name : undefined; resourceInputs["selfLink"] = state ? state.selfLink : undefined; @@ -142,6 +151,7 @@ export class ManagedFolder extends pulumi.CustomResource { throw new Error("Missing required property 'bucket'"); } resourceInputs["bucket"] = args ? args.bucket : undefined; + resourceInputs["forceDestroy"] = args ? args.forceDestroy : undefined; resourceInputs["name"] = args ? args.name : undefined; resourceInputs["createTime"] = undefined /*out*/; resourceInputs["metageneration"] = undefined /*out*/; @@ -165,6 +175,13 @@ export interface ManagedFolderState { * The timestamp at which this managed folder was created. */ createTime?: pulumi.Input; + /** + * Allows the deletion of a managed folder even if contains + * objects. If a non-empty managed folder is deleted, any objects + * within the folder will remain in a simulated folder with the + * same name. + */ + forceDestroy?: pulumi.Input; /** * The metadata generation of the managed folder. */ @@ -195,6 +212,13 @@ export interface ManagedFolderArgs { * The name of the bucket that contains the managed folder. */ bucket: pulumi.Input; + /** + * Allows the deletion of a managed folder even if contains + * objects. If a non-empty managed folder is deleted, any objects + * within the folder will remain in a simulated folder with the + * same name. + */ + forceDestroy?: pulumi.Input; /** * The name of the managed folder expressed as a path. Must include * trailing '/'. For example, `example_dir/example_dir2/`. diff --git a/sdk/nodejs/tsconfig.json b/sdk/nodejs/tsconfig.json index 1a78fec439..8c5ddbb004 100644 --- a/sdk/nodejs/tsconfig.json +++ b/sdk/nodejs/tsconfig.json @@ -31,6 +31,8 @@ "accesscontextmanager/index.ts", "accesscontextmanager/ingressPolicy.ts", "accesscontextmanager/servicePerimeter.ts", + "accesscontextmanager/servicePerimeterDryRunEgressPolicy.ts", + "accesscontextmanager/servicePerimeterDryRunIngressPolicy.ts", "accesscontextmanager/servicePerimeterDryRunResource.ts", "accesscontextmanager/servicePerimeterEgressPolicy.ts", "accesscontextmanager/servicePerimeterIngressPolicy.ts", @@ -1195,6 +1197,7 @@ "securitycenter/eventThreatDetectionCustomModule.ts", "securitycenter/folderCustomModule.ts", "securitycenter/getSourceIamPolicy.ts", + "securitycenter/getV2OrganizationSourceIamPolicy.ts", "securitycenter/index.ts", "securitycenter/instanceIamBinding.ts", "securitycenter/instanceIamMember.ts", @@ -1212,8 +1215,15 @@ "securitycenter/sourceIamBinding.ts", "securitycenter/sourceIamMember.ts", "securitycenter/sourceIamPolicy.ts", + "securitycenter/v2folderMuteConfig.ts", "securitycenter/v2organizationMuteConfig.ts", "securitycenter/v2organizationNotificationConfig.ts", + "securitycenter/v2organizationSource.ts", + "securitycenter/v2organizationSourceIamBinding.ts", + "securitycenter/v2organizationSourceIamMember.ts", + "securitycenter/v2organizationSourceIamPolicy.ts", + "securitycenter/v2projectMuteConfig.ts", + "securitycenter/v2projectNotificationConfig.ts", "securityposture/index.ts", "securityposture/posture.ts", "securityposture/postureDeployment.ts", diff --git a/sdk/nodejs/types/input.ts b/sdk/nodejs/types/input.ts index 460b92d018..595612ca01 100644 --- a/sdk/nodejs/types/input.ts +++ b/sdk/nodejs/types/input.ts @@ -465,6 +465,188 @@ export namespace accesscontextmanager { title: pulumi.Input; } + export interface ServicePerimeterDryRunEgressPolicyEgressFrom { + /** + * A list of identities that are allowed access through this `EgressPolicy`. + * Should be in the format of email address. The email address should + * represent individual user or service account only. + */ + identities?: pulumi.Input[]>; + /** + * Specifies the type of identities that are allowed access to outside the + * perimeter. If left unspecified, then members of `identities` field will + * be allowed access. + * Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + */ + identityType?: pulumi.Input; + /** + * Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. + * Possible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`. + */ + sourceRestriction?: pulumi.Input; + /** + * Sources that this EgressPolicy authorizes access from. + * Structure is documented below. + */ + sources?: pulumi.Input[]>; + } + + export interface ServicePerimeterDryRunEgressPolicyEgressFromSource { + /** + * An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside. + */ + accessLevel?: pulumi.Input; + } + + export interface ServicePerimeterDryRunEgressPolicyEgressTo { + /** + * A list of external resources that are allowed to be accessed. A request + * matches if it contains an external resource in this list (Example: + * s3://bucket/path). Currently '*' is not allowed. + */ + externalResources?: pulumi.Input[]>; + /** + * A list of `ApiOperations` that this egress rule applies to. A request matches + * if it contains an operation/service in this list. + * Structure is documented below. + */ + operations?: pulumi.Input[]>; + /** + * A list of resources, currently only projects in the form + * `projects/`, that match this to stanza. A request matches + * if it contains a resource in this list. If * is specified for resources, + * then this `EgressTo` rule will authorize access to all resources outside + * the perimeter. + */ + resources?: pulumi.Input[]>; + } + + export interface ServicePerimeterDryRunEgressPolicyEgressToOperation { + /** + * API methods or permissions to allow. Method or permission must belong + * to the service specified by `serviceName` field. A single MethodSelector + * entry with `*` specified for the `method` field will allow all methods + * AND permissions for the service specified in `serviceName`. + * Structure is documented below. + */ + methodSelectors?: pulumi.Input[]>; + /** + * The name of the API whose methods or permissions the `IngressPolicy` or + * `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + * field set to `*` will allow all methods AND permissions for all services. + */ + serviceName?: pulumi.Input; + } + + export interface ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector { + /** + * Value for `method` should be a valid method name for the corresponding + * `serviceName` in `ApiOperation`. If `*` used as value for method, + * then ALL methods and permissions are allowed. + */ + method?: pulumi.Input; + /** + * Value for permission should be a valid Cloud IAM permission for the + * corresponding `serviceName` in `ApiOperation`. + */ + permission?: pulumi.Input; + } + + export interface ServicePerimeterDryRunIngressPolicyIngressFrom { + /** + * A list of identities that are allowed access through this ingress policy. + * Should be in the format of email address. The email address should represent + * individual user or service account only. + */ + identities?: pulumi.Input[]>; + /** + * Specifies the type of identities that are allowed access from outside the + * perimeter. If left unspecified, then members of `identities` field will be + * allowed access. + * Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + */ + identityType?: pulumi.Input; + /** + * Sources that this `IngressPolicy` authorizes access from. + * Structure is documented below. + */ + sources?: pulumi.Input[]>; + } + + export interface ServicePerimeterDryRunIngressPolicyIngressFromSource { + /** + * An `AccessLevel` resource name that allow resources within the + * `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + * must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + * `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + * resources within the perimeter can only be accessed via Google Cloud calls + * with request origins within the perimeter. + * Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + * If * is specified, then all IngressSources will be allowed. + */ + accessLevel?: pulumi.Input; + /** + * A Google Cloud resource that is allowed to ingress the perimeter. + * Requests from these resources will be allowed to access perimeter data. + * Currently only projects are allowed. Format `projects/{project_number}` + * The project may be in any Google Cloud organization, not just the + * organization that the perimeter is defined in. `*` is not allowed, the case + * of allowing all Google Cloud resources only is not supported. + */ + resource?: pulumi.Input; + } + + export interface ServicePerimeterDryRunIngressPolicyIngressTo { + /** + * A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + * are allowed to perform in this `ServicePerimeter`. + * Structure is documented below. + */ + operations?: pulumi.Input[]>; + /** + * A list of resources, currently only projects in the form + * `projects/`, protected by this `ServicePerimeter` + * that are allowed to be accessed by sources defined in the + * corresponding `IngressFrom`. A request matches if it contains + * a resource in this list. If `*` is specified for resources, + * then this `IngressTo` rule will authorize access to all + * resources inside the perimeter, provided that the request + * also matches the `operations` field. + */ + resources?: pulumi.Input[]>; + } + + export interface ServicePerimeterDryRunIngressPolicyIngressToOperation { + /** + * API methods or permissions to allow. Method or permission must belong to + * the service specified by serviceName field. A single `MethodSelector` entry + * with `*` specified for the method field will allow all methods AND + * permissions for the service specified in `serviceName`. + * Structure is documented below. + */ + methodSelectors?: pulumi.Input[]>; + /** + * The name of the API whose methods or permissions the `IngressPolicy` or + * `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + * field set to `*` will allow all methods AND permissions for all services. + */ + serviceName?: pulumi.Input; + } + + export interface ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector { + /** + * Value for method should be a valid method name for the corresponding + * serviceName in `ApiOperation`. If `*` used as value for `method`, then + * ALL methods and permissions are allowed. + */ + method?: pulumi.Input; + /** + * Value for permission should be a valid Cloud IAM permission for the + * corresponding `serviceName` in `ApiOperation`. + */ + permission?: pulumi.Input; + } + export interface ServicePerimeterEgressPolicyEgressFrom { /** * A list of identities that are allowed access through this `EgressPolicy`. @@ -11120,6 +11302,10 @@ export namespace clouddeploy { * Optional. If true, `cluster` is accessed using the private IP address of the control plane endpoint. Otherwise, the default IP address of the control plane endpoint is used. The default IP address is the private IP address for clusters with private control-plane endpoints and the public IP address otherwise. Only specify this option when `cluster` is a [private GKE cluster](https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept). */ internalIp?: pulumi.Input; + /** + * Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server. + */ + proxyUrl?: pulumi.Input; } export interface TargetIamBindingCondition { @@ -13141,6 +13327,10 @@ export namespace cloudrunv2 { * If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass */ breakglassJustification?: pulumi.Input; + /** + * The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + */ + policy?: pulumi.Input; /** * If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. */ @@ -13597,6 +13787,10 @@ export namespace cloudrunv2 { * If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass */ breakglassJustification?: pulumi.Input; + /** + * The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + */ + policy?: pulumi.Input; /** * If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. */ @@ -28464,6 +28658,12 @@ export namespace container { * Structure is documented below. */ autoProvisioningDefaults?: pulumi.Input; + /** + * The list of Google Compute Engine + * [zones](https://cloud.google.com/compute/docs/zones#available) in which the + * NodePool's nodes can be created by NAP. + */ + autoProvisioningLocations?: pulumi.Input[]>; /** * Configuration * options for the [Autoscaling profile](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler#autoscaling_profiles) @@ -48496,6 +48696,11 @@ export namespace gkehub { * Structure is documented below. */ configSync?: pulumi.Input; + /** + * Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + * Possible values are: `MANAGEMENT_UNSPECIFIED`, `MANAGEMENT_AUTOMATIC`, `MANAGEMENT_MANUAL`. + */ + management?: pulumi.Input; /** * Version of ACM installed */ @@ -48806,6 +49011,10 @@ export namespace gkehub { * Hierarchy Controller configuration for the cluster. Structure is documented below. */ hierarchyController?: pulumi.Input; + /** + * Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + */ + management?: pulumi.Input; /** * Policy Controller configuration for the cluster. Structure is documented below. */ @@ -48824,6 +49033,10 @@ export namespace gkehub { } export interface FeatureMembershipConfigmanagementConfigSync { + /** + * Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. + */ + enabled?: pulumi.Input; /** * (Optional) Structure is documented below. */ @@ -56381,12 +56594,12 @@ export namespace netapp { lastTransferError?: pulumi.Input; /** * (Output) - * Total time taken so far during current transfer. + * Cumulative time taken across all transfers for the replication relationship. */ totalTransferDuration?: pulumi.Input; /** * (Output) - * Number of bytes transferred so far in current transfer. + * Cumulative bytes transferred so far for the replication relationship. */ transferBytes?: pulumi.Input; /** @@ -63447,6 +63660,45 @@ export namespace securitycenter { */ filter: pulumi.Input; } + + export interface V2OrganizationSourceIamBindingCondition { + description?: pulumi.Input; + expression: pulumi.Input; + title: pulumi.Input; + } + + export interface V2OrganizationSourceIamMemberCondition { + description?: pulumi.Input; + expression: pulumi.Input; + title: pulumi.Input; + } + + export interface V2ProjectNotificationConfigStreamingConfig { + /** + * Expression that defines the filter to apply across create/update + * events of assets or findings as specified by the event type. The + * expression is a list of zero or more restrictions combined via + * logical operators AND and OR. Parentheses are supported, and OR + * has higher precedence than AND. + * Restrictions have the form and may have + * a - character in front of them to indicate negation. The fields + * map to those defined in the corresponding resource. + * The supported operators are: + * * = for all value types. + * * >, <, >=, <= for integer values. + * * :, meaning substring matching, for strings. + * The supported value types are: + * * string literals in quotes. + * * integer literals without quotes. + * * boolean literals true and false without quotes. + * See + * [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + * for information on how to write a filter. + * + * - - - + */ + filter: pulumi.Input; + } } export namespace securityposture { @@ -64226,7 +64478,7 @@ export namespace sql { */ collation?: pulumi.Input; /** - * Specifies if connections must use Cloud SQL connectors. + * Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. */ connectorEnforcement?: pulumi.Input; /** diff --git a/sdk/nodejs/types/output.ts b/sdk/nodejs/types/output.ts index 13e7054dab..abcde05582 100644 --- a/sdk/nodejs/types/output.ts +++ b/sdk/nodejs/types/output.ts @@ -461,6 +461,188 @@ export namespace accesscontextmanager { title: string; } + export interface ServicePerimeterDryRunEgressPolicyEgressFrom { + /** + * A list of identities that are allowed access through this `EgressPolicy`. + * Should be in the format of email address. The email address should + * represent individual user or service account only. + */ + identities?: string[]; + /** + * Specifies the type of identities that are allowed access to outside the + * perimeter. If left unspecified, then members of `identities` field will + * be allowed access. + * Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + */ + identityType?: string; + /** + * Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. + * Possible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`. + */ + sourceRestriction?: string; + /** + * Sources that this EgressPolicy authorizes access from. + * Structure is documented below. + */ + sources?: outputs.accesscontextmanager.ServicePerimeterDryRunEgressPolicyEgressFromSource[]; + } + + export interface ServicePerimeterDryRunEgressPolicyEgressFromSource { + /** + * An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside. + */ + accessLevel?: string; + } + + export interface ServicePerimeterDryRunEgressPolicyEgressTo { + /** + * A list of external resources that are allowed to be accessed. A request + * matches if it contains an external resource in this list (Example: + * s3://bucket/path). Currently '*' is not allowed. + */ + externalResources?: string[]; + /** + * A list of `ApiOperations` that this egress rule applies to. A request matches + * if it contains an operation/service in this list. + * Structure is documented below. + */ + operations?: outputs.accesscontextmanager.ServicePerimeterDryRunEgressPolicyEgressToOperation[]; + /** + * A list of resources, currently only projects in the form + * `projects/`, that match this to stanza. A request matches + * if it contains a resource in this list. If * is specified for resources, + * then this `EgressTo` rule will authorize access to all resources outside + * the perimeter. + */ + resources?: string[]; + } + + export interface ServicePerimeterDryRunEgressPolicyEgressToOperation { + /** + * API methods or permissions to allow. Method or permission must belong + * to the service specified by `serviceName` field. A single MethodSelector + * entry with `*` specified for the `method` field will allow all methods + * AND permissions for the service specified in `serviceName`. + * Structure is documented below. + */ + methodSelectors?: outputs.accesscontextmanager.ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector[]; + /** + * The name of the API whose methods or permissions the `IngressPolicy` or + * `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + * field set to `*` will allow all methods AND permissions for all services. + */ + serviceName?: string; + } + + export interface ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector { + /** + * Value for `method` should be a valid method name for the corresponding + * `serviceName` in `ApiOperation`. If `*` used as value for method, + * then ALL methods and permissions are allowed. + */ + method?: string; + /** + * Value for permission should be a valid Cloud IAM permission for the + * corresponding `serviceName` in `ApiOperation`. + */ + permission?: string; + } + + export interface ServicePerimeterDryRunIngressPolicyIngressFrom { + /** + * A list of identities that are allowed access through this ingress policy. + * Should be in the format of email address. The email address should represent + * individual user or service account only. + */ + identities?: string[]; + /** + * Specifies the type of identities that are allowed access from outside the + * perimeter. If left unspecified, then members of `identities` field will be + * allowed access. + * Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + */ + identityType?: string; + /** + * Sources that this `IngressPolicy` authorizes access from. + * Structure is documented below. + */ + sources?: outputs.accesscontextmanager.ServicePerimeterDryRunIngressPolicyIngressFromSource[]; + } + + export interface ServicePerimeterDryRunIngressPolicyIngressFromSource { + /** + * An `AccessLevel` resource name that allow resources within the + * `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + * must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + * `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + * resources within the perimeter can only be accessed via Google Cloud calls + * with request origins within the perimeter. + * Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + * If * is specified, then all IngressSources will be allowed. + */ + accessLevel?: string; + /** + * A Google Cloud resource that is allowed to ingress the perimeter. + * Requests from these resources will be allowed to access perimeter data. + * Currently only projects are allowed. Format `projects/{project_number}` + * The project may be in any Google Cloud organization, not just the + * organization that the perimeter is defined in. `*` is not allowed, the case + * of allowing all Google Cloud resources only is not supported. + */ + resource?: string; + } + + export interface ServicePerimeterDryRunIngressPolicyIngressTo { + /** + * A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + * are allowed to perform in this `ServicePerimeter`. + * Structure is documented below. + */ + operations?: outputs.accesscontextmanager.ServicePerimeterDryRunIngressPolicyIngressToOperation[]; + /** + * A list of resources, currently only projects in the form + * `projects/`, protected by this `ServicePerimeter` + * that are allowed to be accessed by sources defined in the + * corresponding `IngressFrom`. A request matches if it contains + * a resource in this list. If `*` is specified for resources, + * then this `IngressTo` rule will authorize access to all + * resources inside the perimeter, provided that the request + * also matches the `operations` field. + */ + resources?: string[]; + } + + export interface ServicePerimeterDryRunIngressPolicyIngressToOperation { + /** + * API methods or permissions to allow. Method or permission must belong to + * the service specified by serviceName field. A single `MethodSelector` entry + * with `*` specified for the method field will allow all methods AND + * permissions for the service specified in `serviceName`. + * Structure is documented below. + */ + methodSelectors?: outputs.accesscontextmanager.ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector[]; + /** + * The name of the API whose methods or permissions the `IngressPolicy` or + * `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + * field set to `*` will allow all methods AND permissions for all services. + */ + serviceName?: string; + } + + export interface ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector { + /** + * Value for method should be a valid method name for the corresponding + * serviceName in `ApiOperation`. If `*` used as value for `method`, then + * ALL methods and permissions are allowed. + */ + method?: string; + /** + * Value for permission should be a valid Cloud IAM permission for the + * corresponding `serviceName` in `ApiOperation`. + */ + permission?: string; + } + export interface ServicePerimeterEgressPolicyEgressFrom { /** * A list of identities that are allowed access through this `EgressPolicy`. @@ -13172,6 +13354,10 @@ export namespace clouddeploy { * Optional. If true, `cluster` is accessed using the private IP address of the control plane endpoint. Otherwise, the default IP address of the control plane endpoint is used. The default IP address is the private IP address for clusters with private control-plane endpoints and the public IP address otherwise. Only specify this option when `cluster` is a [private GKE cluster](https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept). */ internalIp?: boolean; + /** + * Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server. + */ + proxyUrl?: string; } export interface TargetIamBindingCondition { @@ -16604,6 +16790,10 @@ export namespace cloudrunv2 { * If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass */ breakglassJustification: string; + /** + * The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + */ + policy: string; /** * If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. */ @@ -17016,6 +17206,10 @@ export namespace cloudrunv2 { * If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass */ breakglassJustification: string; + /** + * The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + */ + policy: string; /** * If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. */ @@ -17646,6 +17840,10 @@ export namespace cloudrunv2 { * If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass */ breakglassJustification?: string; + /** + * The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + */ + policy?: string; /** * If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. */ @@ -18102,6 +18300,10 @@ export namespace cloudrunv2 { * If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass */ breakglassJustification?: string; + /** + * The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + */ + policy?: string; /** * If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. */ @@ -38081,6 +38283,12 @@ export namespace container { * Structure is documented below. */ autoProvisioningDefaults: outputs.container.ClusterClusterAutoscalingAutoProvisioningDefaults; + /** + * The list of Google Compute Engine + * [zones](https://cloud.google.com/compute/docs/zones#available) in which the + * NodePool's nodes can be created by NAP. + */ + autoProvisioningLocations: string[]; /** * Configuration * options for the [Autoscaling profile](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler#autoscaling_profiles) @@ -40477,6 +40685,10 @@ export namespace container { * Contains defaults for a node pool created by NAP. */ autoProvisioningDefaults: outputs.container.GetClusterClusterAutoscalingAutoProvisioningDefault[]; + /** + * The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP. + */ + autoProvisioningLocations: string[]; /** * Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED. */ @@ -60589,6 +60801,11 @@ export namespace gkehub { * Structure is documented below. */ configSync?: outputs.gkehub.FeatureFleetDefaultMemberConfigConfigmanagementConfigSync; + /** + * Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + * Possible values are: `MANAGEMENT_UNSPECIFIED`, `MANAGEMENT_AUTOMATIC`, `MANAGEMENT_MANUAL`. + */ + management?: string; /** * Version of ACM installed */ @@ -60899,6 +61116,10 @@ export namespace gkehub { * Hierarchy Controller configuration for the cluster. Structure is documented below. */ hierarchyController?: outputs.gkehub.FeatureMembershipConfigmanagementHierarchyController; + /** + * Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + */ + management: string; /** * Policy Controller configuration for the cluster. Structure is documented below. */ @@ -60917,6 +61138,10 @@ export namespace gkehub { } export interface FeatureMembershipConfigmanagementConfigSync { + /** + * Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. + */ + enabled?: boolean; /** * (Optional) Structure is documented below. */ @@ -68838,12 +69063,12 @@ export namespace netapp { lastTransferError: string; /** * (Output) - * Total time taken so far during current transfer. + * Cumulative time taken across all transfers for the replication relationship. */ totalTransferDuration: string; /** * (Output) - * Number of bytes transferred so far in current transfer. + * Cumulative bytes transferred so far for the replication relationship. */ transferBytes: string; /** @@ -76638,6 +76863,45 @@ export namespace securitycenter { filter: string; } + export interface V2OrganizationSourceIamBindingCondition { + description?: string; + expression: string; + title: string; + } + + export interface V2OrganizationSourceIamMemberCondition { + description?: string; + expression: string; + title: string; + } + + export interface V2ProjectNotificationConfigStreamingConfig { + /** + * Expression that defines the filter to apply across create/update + * events of assets or findings as specified by the event type. The + * expression is a list of zero or more restrictions combined via + * logical operators AND and OR. Parentheses are supported, and OR + * has higher precedence than AND. + * Restrictions have the form and may have + * a - character in front of them to indicate negation. The fields + * map to those defined in the corresponding resource. + * The supported operators are: + * * = for all value types. + * * >, <, >=, <= for integer values. + * * :, meaning substring matching, for strings. + * The supported value types are: + * * string literals in quotes. + * * integer literals without quotes. + * * boolean literals true and false without quotes. + * See + * [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + * for information on how to write a filter. + * + * - - - + */ + filter: string; + } + } export namespace securityposture { @@ -77495,7 +77759,7 @@ export namespace sql { */ collation?: string; /** - * Specifies if connections must use Cloud SQL connectors. + * Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. */ connectorEnforcement: string; /** @@ -77994,7 +78258,7 @@ export namespace sql { */ collation: string; /** - * Specifies if connections must use Cloud SQL connectors. + * Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. */ connectorEnforcement: string; /** @@ -78514,7 +78778,7 @@ export namespace sql { */ collation: string; /** - * Specifies if connections must use Cloud SQL connectors. + * Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. */ connectorEnforcement: string; /** diff --git a/sdk/nodejs/vmwareengine/networkPolicy.ts b/sdk/nodejs/vmwareengine/networkPolicy.ts index 7ef8ebb406..84d6a0c42a 100644 --- a/sdk/nodejs/vmwareengine/networkPolicy.ts +++ b/sdk/nodejs/vmwareengine/networkPolicy.ts @@ -22,7 +22,7 @@ import * as utilities from "../utilities"; * import * as gcp from "@pulumi/gcp"; * * const network_policy_nw = new gcp.vmwareengine.Network("network-policy-nw", { - * name: "standard-nw", + * name: "sample-network", * location: "global", * type: "STANDARD", * description: "VMwareEngine standard network sample", @@ -41,14 +41,14 @@ import * as utilities from "../utilities"; * import * as gcp from "@pulumi/gcp"; * * const network_policy_nw = new gcp.vmwareengine.Network("network-policy-nw", { - * name: "standard-full-nw", + * name: "sample-network", * location: "global", * type: "STANDARD", * description: "VMwareEngine standard network sample", * }); * const vmw_engine_network_policy = new gcp.vmwareengine.NetworkPolicy("vmw-engine-network-policy", { * location: "us-west1", - * name: "sample-network-policy-full", + * name: "sample-network-policy", * edgeServicesCidr: "192.168.30.0/26", * vmwareEngineNetwork: network_policy_nw.id, * description: "Sample Network Policy", diff --git a/sdk/python/pulumi_gcp/__init__.py b/sdk/python/pulumi_gcp/__init__.py index 730a16e5dc..20ba1ea61a 100644 --- a/sdk/python/pulumi_gcp/__init__.py +++ b/sdk/python/pulumi_gcp/__init__.py @@ -474,6 +474,22 @@ "gcp:accesscontextmanager/servicePerimeter:ServicePerimeter": "ServicePerimeter" } }, + { + "pkg": "gcp", + "mod": "accesscontextmanager/servicePerimeterDryRunEgressPolicy", + "fqn": "pulumi_gcp.accesscontextmanager", + "classes": { + "gcp:accesscontextmanager/servicePerimeterDryRunEgressPolicy:ServicePerimeterDryRunEgressPolicy": "ServicePerimeterDryRunEgressPolicy" + } + }, + { + "pkg": "gcp", + "mod": "accesscontextmanager/servicePerimeterDryRunIngressPolicy", + "fqn": "pulumi_gcp.accesscontextmanager", + "classes": { + "gcp:accesscontextmanager/servicePerimeterDryRunIngressPolicy:ServicePerimeterDryRunIngressPolicy": "ServicePerimeterDryRunIngressPolicy" + } + }, { "pkg": "gcp", "mod": "accesscontextmanager/servicePerimeterDryRunResource", @@ -7106,6 +7122,14 @@ "gcp:securitycenter/sourceIamPolicy:SourceIamPolicy": "SourceIamPolicy" } }, + { + "pkg": "gcp", + "mod": "securitycenter/v2FolderMuteConfig", + "fqn": "pulumi_gcp.securitycenter", + "classes": { + "gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig": "V2FolderMuteConfig" + } + }, { "pkg": "gcp", "mod": "securitycenter/v2OrganizationMuteConfig", @@ -7122,6 +7146,54 @@ "gcp:securitycenter/v2OrganizationNotificationConfig:V2OrganizationNotificationConfig": "V2OrganizationNotificationConfig" } }, + { + "pkg": "gcp", + "mod": "securitycenter/v2OrganizationSource", + "fqn": "pulumi_gcp.securitycenter", + "classes": { + "gcp:securitycenter/v2OrganizationSource:V2OrganizationSource": "V2OrganizationSource" + } + }, + { + "pkg": "gcp", + "mod": "securitycenter/v2OrganizationSourceIamBinding", + "fqn": "pulumi_gcp.securitycenter", + "classes": { + "gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding": "V2OrganizationSourceIamBinding" + } + }, + { + "pkg": "gcp", + "mod": "securitycenter/v2OrganizationSourceIamMember", + "fqn": "pulumi_gcp.securitycenter", + "classes": { + "gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember": "V2OrganizationSourceIamMember" + } + }, + { + "pkg": "gcp", + "mod": "securitycenter/v2OrganizationSourceIamPolicy", + "fqn": "pulumi_gcp.securitycenter", + "classes": { + "gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy": "V2OrganizationSourceIamPolicy" + } + }, + { + "pkg": "gcp", + "mod": "securitycenter/v2ProjectMuteConfig", + "fqn": "pulumi_gcp.securitycenter", + "classes": { + "gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig": "V2ProjectMuteConfig" + } + }, + { + "pkg": "gcp", + "mod": "securitycenter/v2ProjectNotificationConfig", + "fqn": "pulumi_gcp.securitycenter", + "classes": { + "gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig": "V2ProjectNotificationConfig" + } + }, { "pkg": "gcp", "mod": "securityposture/posture", diff --git a/sdk/python/pulumi_gcp/accesscontextmanager/__init__.py b/sdk/python/pulumi_gcp/accesscontextmanager/__init__.py index 1a4bade126..2268d256aa 100644 --- a/sdk/python/pulumi_gcp/accesscontextmanager/__init__.py +++ b/sdk/python/pulumi_gcp/accesscontextmanager/__init__.py @@ -18,6 +18,8 @@ from .get_access_policy_iam_policy import * from .ingress_policy import * from .service_perimeter import * +from .service_perimeter_dry_run_egress_policy import * +from .service_perimeter_dry_run_ingress_policy import * from .service_perimeter_dry_run_resource import * from .service_perimeter_egress_policy import * from .service_perimeter_ingress_policy import * diff --git a/sdk/python/pulumi_gcp/accesscontextmanager/_inputs.py b/sdk/python/pulumi_gcp/accesscontextmanager/_inputs.py index 2e32d2a722..47940e6199 100644 --- a/sdk/python/pulumi_gcp/accesscontextmanager/_inputs.py +++ b/sdk/python/pulumi_gcp/accesscontextmanager/_inputs.py @@ -61,6 +61,26 @@ 'AccessPolicyIamBindingConditionArgsDict', 'AccessPolicyIamMemberConditionArgs', 'AccessPolicyIamMemberConditionArgsDict', + 'ServicePerimeterDryRunEgressPolicyEgressFromArgs', + 'ServicePerimeterDryRunEgressPolicyEgressFromArgsDict', + 'ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs', + 'ServicePerimeterDryRunEgressPolicyEgressFromSourceArgsDict', + 'ServicePerimeterDryRunEgressPolicyEgressToArgs', + 'ServicePerimeterDryRunEgressPolicyEgressToArgsDict', + 'ServicePerimeterDryRunEgressPolicyEgressToOperationArgs', + 'ServicePerimeterDryRunEgressPolicyEgressToOperationArgsDict', + 'ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs', + 'ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgsDict', + 'ServicePerimeterDryRunIngressPolicyIngressFromArgs', + 'ServicePerimeterDryRunIngressPolicyIngressFromArgsDict', + 'ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs', + 'ServicePerimeterDryRunIngressPolicyIngressFromSourceArgsDict', + 'ServicePerimeterDryRunIngressPolicyIngressToArgs', + 'ServicePerimeterDryRunIngressPolicyIngressToArgsDict', + 'ServicePerimeterDryRunIngressPolicyIngressToOperationArgs', + 'ServicePerimeterDryRunIngressPolicyIngressToOperationArgsDict', + 'ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs', + 'ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgsDict', 'ServicePerimeterEgressPolicyEgressFromArgs', 'ServicePerimeterEgressPolicyEgressFromArgsDict', 'ServicePerimeterEgressPolicyEgressFromSourceArgs', @@ -2207,6 +2227,766 @@ def description(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "description", value) +if not MYPY: + class ServicePerimeterDryRunEgressPolicyEgressFromArgsDict(TypedDict): + identities: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + A list of identities that are allowed access through this `EgressPolicy`. + Should be in the format of email address. The email address should + represent individual user or service account only. + """ + identity_type: NotRequired[pulumi.Input[str]] + """ + Specifies the type of identities that are allowed access to outside the + perimeter. If left unspecified, then members of `identities` field will + be allowed access. + Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + """ + source_restriction: NotRequired[pulumi.Input[str]] + """ + Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. + Possible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`. + """ + sources: NotRequired[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressFromSourceArgsDict']]]] + """ + Sources that this EgressPolicy authorizes access from. + Structure is documented below. + """ +elif False: + ServicePerimeterDryRunEgressPolicyEgressFromArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class ServicePerimeterDryRunEgressPolicyEgressFromArgs: + def __init__(__self__, *, + identities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + identity_type: Optional[pulumi.Input[str]] = None, + source_restriction: Optional[pulumi.Input[str]] = None, + sources: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs']]]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input[str]]] identities: A list of identities that are allowed access through this `EgressPolicy`. + Should be in the format of email address. The email address should + represent individual user or service account only. + :param pulumi.Input[str] identity_type: Specifies the type of identities that are allowed access to outside the + perimeter. If left unspecified, then members of `identities` field will + be allowed access. + Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + :param pulumi.Input[str] source_restriction: Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. + Possible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`. + :param pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs']]] sources: Sources that this EgressPolicy authorizes access from. + Structure is documented below. + """ + if identities is not None: + pulumi.set(__self__, "identities", identities) + if identity_type is not None: + pulumi.set(__self__, "identity_type", identity_type) + if source_restriction is not None: + pulumi.set(__self__, "source_restriction", source_restriction) + if sources is not None: + pulumi.set(__self__, "sources", sources) + + @property + @pulumi.getter + def identities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + A list of identities that are allowed access through this `EgressPolicy`. + Should be in the format of email address. The email address should + represent individual user or service account only. + """ + return pulumi.get(self, "identities") + + @identities.setter + def identities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "identities", value) + + @property + @pulumi.getter(name="identityType") + def identity_type(self) -> Optional[pulumi.Input[str]]: + """ + Specifies the type of identities that are allowed access to outside the + perimeter. If left unspecified, then members of `identities` field will + be allowed access. + Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + """ + return pulumi.get(self, "identity_type") + + @identity_type.setter + def identity_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "identity_type", value) + + @property + @pulumi.getter(name="sourceRestriction") + def source_restriction(self) -> Optional[pulumi.Input[str]]: + """ + Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. + Possible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`. + """ + return pulumi.get(self, "source_restriction") + + @source_restriction.setter + def source_restriction(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "source_restriction", value) + + @property + @pulumi.getter + def sources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs']]]]: + """ + Sources that this EgressPolicy authorizes access from. + Structure is documented below. + """ + return pulumi.get(self, "sources") + + @sources.setter + def sources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs']]]]): + pulumi.set(self, "sources", value) + + +if not MYPY: + class ServicePerimeterDryRunEgressPolicyEgressFromSourceArgsDict(TypedDict): + access_level: NotRequired[pulumi.Input[str]] + """ + An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside. + """ +elif False: + ServicePerimeterDryRunEgressPolicyEgressFromSourceArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs: + def __init__(__self__, *, + access_level: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] access_level: An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside. + """ + if access_level is not None: + pulumi.set(__self__, "access_level", access_level) + + @property + @pulumi.getter(name="accessLevel") + def access_level(self) -> Optional[pulumi.Input[str]]: + """ + An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside. + """ + return pulumi.get(self, "access_level") + + @access_level.setter + def access_level(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "access_level", value) + + +if not MYPY: + class ServicePerimeterDryRunEgressPolicyEgressToArgsDict(TypedDict): + external_resources: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + """ + operations: NotRequired[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressToOperationArgsDict']]]] + """ + A list of `ApiOperations` that this egress rule applies to. A request matches + if it contains an operation/service in this list. + Structure is documented below. + """ + resources: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + A list of resources, currently only projects in the form + `projects/`, that match this to stanza. A request matches + if it contains a resource in this list. If * is specified for resources, + then this `EgressTo` rule will authorize access to all resources outside + the perimeter. + """ +elif False: + ServicePerimeterDryRunEgressPolicyEgressToArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class ServicePerimeterDryRunEgressPolicyEgressToArgs: + def __init__(__self__, *, + external_resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + operations: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressToOperationArgs']]]] = None, + resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input[str]]] external_resources: A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + :param pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressToOperationArgs']]] operations: A list of `ApiOperations` that this egress rule applies to. A request matches + if it contains an operation/service in this list. + Structure is documented below. + :param pulumi.Input[Sequence[pulumi.Input[str]]] resources: A list of resources, currently only projects in the form + `projects/`, that match this to stanza. A request matches + if it contains a resource in this list. If * is specified for resources, + then this `EgressTo` rule will authorize access to all resources outside + the perimeter. + """ + if external_resources is not None: + pulumi.set(__self__, "external_resources", external_resources) + if operations is not None: + pulumi.set(__self__, "operations", operations) + if resources is not None: + pulumi.set(__self__, "resources", resources) + + @property + @pulumi.getter(name="externalResources") + def external_resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + """ + return pulumi.get(self, "external_resources") + + @external_resources.setter + def external_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "external_resources", value) + + @property + @pulumi.getter + def operations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressToOperationArgs']]]]: + """ + A list of `ApiOperations` that this egress rule applies to. A request matches + if it contains an operation/service in this list. + Structure is documented below. + """ + return pulumi.get(self, "operations") + + @operations.setter + def operations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressToOperationArgs']]]]): + pulumi.set(self, "operations", value) + + @property + @pulumi.getter + def resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + A list of resources, currently only projects in the form + `projects/`, that match this to stanza. A request matches + if it contains a resource in this list. If * is specified for resources, + then this `EgressTo` rule will authorize access to all resources outside + the perimeter. + """ + return pulumi.get(self, "resources") + + @resources.setter + def resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "resources", value) + + +if not MYPY: + class ServicePerimeterDryRunEgressPolicyEgressToOperationArgsDict(TypedDict): + method_selectors: NotRequired[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgsDict']]]] + """ + API methods or permissions to allow. Method or permission must belong + to the service specified by `serviceName` field. A single MethodSelector + entry with `*` specified for the `method` field will allow all methods + AND permissions for the service specified in `serviceName`. + Structure is documented below. + """ + service_name: NotRequired[pulumi.Input[str]] + """ + The name of the API whose methods or permissions the `IngressPolicy` or + `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + field set to `*` will allow all methods AND permissions for all services. + """ +elif False: + ServicePerimeterDryRunEgressPolicyEgressToOperationArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class ServicePerimeterDryRunEgressPolicyEgressToOperationArgs: + def __init__(__self__, *, + method_selectors: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs']]]] = None, + service_name: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs']]] method_selectors: API methods or permissions to allow. Method or permission must belong + to the service specified by `serviceName` field. A single MethodSelector + entry with `*` specified for the `method` field will allow all methods + AND permissions for the service specified in `serviceName`. + Structure is documented below. + :param pulumi.Input[str] service_name: The name of the API whose methods or permissions the `IngressPolicy` or + `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + field set to `*` will allow all methods AND permissions for all services. + """ + if method_selectors is not None: + pulumi.set(__self__, "method_selectors", method_selectors) + if service_name is not None: + pulumi.set(__self__, "service_name", service_name) + + @property + @pulumi.getter(name="methodSelectors") + def method_selectors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs']]]]: + """ + API methods or permissions to allow. Method or permission must belong + to the service specified by `serviceName` field. A single MethodSelector + entry with `*` specified for the `method` field will allow all methods + AND permissions for the service specified in `serviceName`. + Structure is documented below. + """ + return pulumi.get(self, "method_selectors") + + @method_selectors.setter + def method_selectors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs']]]]): + pulumi.set(self, "method_selectors", value) + + @property + @pulumi.getter(name="serviceName") + def service_name(self) -> Optional[pulumi.Input[str]]: + """ + The name of the API whose methods or permissions the `IngressPolicy` or + `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + field set to `*` will allow all methods AND permissions for all services. + """ + return pulumi.get(self, "service_name") + + @service_name.setter + def service_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "service_name", value) + + +if not MYPY: + class ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgsDict(TypedDict): + method: NotRequired[pulumi.Input[str]] + """ + Value for `method` should be a valid method name for the corresponding + `serviceName` in `ApiOperation`. If `*` used as value for method, + then ALL methods and permissions are allowed. + """ + permission: NotRequired[pulumi.Input[str]] + """ + Value for permission should be a valid Cloud IAM permission for the + corresponding `serviceName` in `ApiOperation`. + """ +elif False: + ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs: + def __init__(__self__, *, + method: Optional[pulumi.Input[str]] = None, + permission: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] method: Value for `method` should be a valid method name for the corresponding + `serviceName` in `ApiOperation`. If `*` used as value for method, + then ALL methods and permissions are allowed. + :param pulumi.Input[str] permission: Value for permission should be a valid Cloud IAM permission for the + corresponding `serviceName` in `ApiOperation`. + """ + if method is not None: + pulumi.set(__self__, "method", method) + if permission is not None: + pulumi.set(__self__, "permission", permission) + + @property + @pulumi.getter + def method(self) -> Optional[pulumi.Input[str]]: + """ + Value for `method` should be a valid method name for the corresponding + `serviceName` in `ApiOperation`. If `*` used as value for method, + then ALL methods and permissions are allowed. + """ + return pulumi.get(self, "method") + + @method.setter + def method(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "method", value) + + @property + @pulumi.getter + def permission(self) -> Optional[pulumi.Input[str]]: + """ + Value for permission should be a valid Cloud IAM permission for the + corresponding `serviceName` in `ApiOperation`. + """ + return pulumi.get(self, "permission") + + @permission.setter + def permission(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "permission", value) + + +if not MYPY: + class ServicePerimeterDryRunIngressPolicyIngressFromArgsDict(TypedDict): + identities: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + A list of identities that are allowed access through this ingress policy. + Should be in the format of email address. The email address should represent + individual user or service account only. + """ + identity_type: NotRequired[pulumi.Input[str]] + """ + Specifies the type of identities that are allowed access from outside the + perimeter. If left unspecified, then members of `identities` field will be + allowed access. + Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + """ + sources: NotRequired[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressFromSourceArgsDict']]]] + """ + Sources that this `IngressPolicy` authorizes access from. + Structure is documented below. + """ +elif False: + ServicePerimeterDryRunIngressPolicyIngressFromArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class ServicePerimeterDryRunIngressPolicyIngressFromArgs: + def __init__(__self__, *, + identities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + identity_type: Optional[pulumi.Input[str]] = None, + sources: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs']]]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input[str]]] identities: A list of identities that are allowed access through this ingress policy. + Should be in the format of email address. The email address should represent + individual user or service account only. + :param pulumi.Input[str] identity_type: Specifies the type of identities that are allowed access from outside the + perimeter. If left unspecified, then members of `identities` field will be + allowed access. + Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + :param pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs']]] sources: Sources that this `IngressPolicy` authorizes access from. + Structure is documented below. + """ + if identities is not None: + pulumi.set(__self__, "identities", identities) + if identity_type is not None: + pulumi.set(__self__, "identity_type", identity_type) + if sources is not None: + pulumi.set(__self__, "sources", sources) + + @property + @pulumi.getter + def identities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + A list of identities that are allowed access through this ingress policy. + Should be in the format of email address. The email address should represent + individual user or service account only. + """ + return pulumi.get(self, "identities") + + @identities.setter + def identities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "identities", value) + + @property + @pulumi.getter(name="identityType") + def identity_type(self) -> Optional[pulumi.Input[str]]: + """ + Specifies the type of identities that are allowed access from outside the + perimeter. If left unspecified, then members of `identities` field will be + allowed access. + Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + """ + return pulumi.get(self, "identity_type") + + @identity_type.setter + def identity_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "identity_type", value) + + @property + @pulumi.getter + def sources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs']]]]: + """ + Sources that this `IngressPolicy` authorizes access from. + Structure is documented below. + """ + return pulumi.get(self, "sources") + + @sources.setter + def sources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs']]]]): + pulumi.set(self, "sources", value) + + +if not MYPY: + class ServicePerimeterDryRunIngressPolicyIngressFromSourceArgsDict(TypedDict): + access_level: NotRequired[pulumi.Input[str]] + """ + An `AccessLevel` resource name that allow resources within the + `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + resources within the perimeter can only be accessed via Google Cloud calls + with request origins within the perimeter. + Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + If * is specified, then all IngressSources will be allowed. + """ + resource: NotRequired[pulumi.Input[str]] + """ + A Google Cloud resource that is allowed to ingress the perimeter. + Requests from these resources will be allowed to access perimeter data. + Currently only projects are allowed. Format `projects/{project_number}` + The project may be in any Google Cloud organization, not just the + organization that the perimeter is defined in. `*` is not allowed, the case + of allowing all Google Cloud resources only is not supported. + """ +elif False: + ServicePerimeterDryRunIngressPolicyIngressFromSourceArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs: + def __init__(__self__, *, + access_level: Optional[pulumi.Input[str]] = None, + resource: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] access_level: An `AccessLevel` resource name that allow resources within the + `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + resources within the perimeter can only be accessed via Google Cloud calls + with request origins within the perimeter. + Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + If * is specified, then all IngressSources will be allowed. + :param pulumi.Input[str] resource: A Google Cloud resource that is allowed to ingress the perimeter. + Requests from these resources will be allowed to access perimeter data. + Currently only projects are allowed. Format `projects/{project_number}` + The project may be in any Google Cloud organization, not just the + organization that the perimeter is defined in. `*` is not allowed, the case + of allowing all Google Cloud resources only is not supported. + """ + if access_level is not None: + pulumi.set(__self__, "access_level", access_level) + if resource is not None: + pulumi.set(__self__, "resource", resource) + + @property + @pulumi.getter(name="accessLevel") + def access_level(self) -> Optional[pulumi.Input[str]]: + """ + An `AccessLevel` resource name that allow resources within the + `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + resources within the perimeter can only be accessed via Google Cloud calls + with request origins within the perimeter. + Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + If * is specified, then all IngressSources will be allowed. + """ + return pulumi.get(self, "access_level") + + @access_level.setter + def access_level(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "access_level", value) + + @property + @pulumi.getter + def resource(self) -> Optional[pulumi.Input[str]]: + """ + A Google Cloud resource that is allowed to ingress the perimeter. + Requests from these resources will be allowed to access perimeter data. + Currently only projects are allowed. Format `projects/{project_number}` + The project may be in any Google Cloud organization, not just the + organization that the perimeter is defined in. `*` is not allowed, the case + of allowing all Google Cloud resources only is not supported. + """ + return pulumi.get(self, "resource") + + @resource.setter + def resource(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "resource", value) + + +if not MYPY: + class ServicePerimeterDryRunIngressPolicyIngressToArgsDict(TypedDict): + operations: NotRequired[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressToOperationArgsDict']]]] + """ + A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + are allowed to perform in this `ServicePerimeter`. + Structure is documented below. + """ + resources: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + A list of resources, currently only projects in the form + `projects/`, protected by this `ServicePerimeter` + that are allowed to be accessed by sources defined in the + corresponding `IngressFrom`. A request matches if it contains + a resource in this list. If `*` is specified for resources, + then this `IngressTo` rule will authorize access to all + resources inside the perimeter, provided that the request + also matches the `operations` field. + """ +elif False: + ServicePerimeterDryRunIngressPolicyIngressToArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class ServicePerimeterDryRunIngressPolicyIngressToArgs: + def __init__(__self__, *, + operations: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressToOperationArgs']]]] = None, + resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressToOperationArgs']]] operations: A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + are allowed to perform in this `ServicePerimeter`. + Structure is documented below. + :param pulumi.Input[Sequence[pulumi.Input[str]]] resources: A list of resources, currently only projects in the form + `projects/`, protected by this `ServicePerimeter` + that are allowed to be accessed by sources defined in the + corresponding `IngressFrom`. A request matches if it contains + a resource in this list. If `*` is specified for resources, + then this `IngressTo` rule will authorize access to all + resources inside the perimeter, provided that the request + also matches the `operations` field. + """ + if operations is not None: + pulumi.set(__self__, "operations", operations) + if resources is not None: + pulumi.set(__self__, "resources", resources) + + @property + @pulumi.getter + def operations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressToOperationArgs']]]]: + """ + A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + are allowed to perform in this `ServicePerimeter`. + Structure is documented below. + """ + return pulumi.get(self, "operations") + + @operations.setter + def operations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressToOperationArgs']]]]): + pulumi.set(self, "operations", value) + + @property + @pulumi.getter + def resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + A list of resources, currently only projects in the form + `projects/`, protected by this `ServicePerimeter` + that are allowed to be accessed by sources defined in the + corresponding `IngressFrom`. A request matches if it contains + a resource in this list. If `*` is specified for resources, + then this `IngressTo` rule will authorize access to all + resources inside the perimeter, provided that the request + also matches the `operations` field. + """ + return pulumi.get(self, "resources") + + @resources.setter + def resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "resources", value) + + +if not MYPY: + class ServicePerimeterDryRunIngressPolicyIngressToOperationArgsDict(TypedDict): + method_selectors: NotRequired[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgsDict']]]] + """ + API methods or permissions to allow. Method or permission must belong to + the service specified by serviceName field. A single `MethodSelector` entry + with `*` specified for the method field will allow all methods AND + permissions for the service specified in `serviceName`. + Structure is documented below. + """ + service_name: NotRequired[pulumi.Input[str]] + """ + The name of the API whose methods or permissions the `IngressPolicy` or + `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + field set to `*` will allow all methods AND permissions for all services. + """ +elif False: + ServicePerimeterDryRunIngressPolicyIngressToOperationArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class ServicePerimeterDryRunIngressPolicyIngressToOperationArgs: + def __init__(__self__, *, + method_selectors: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs']]]] = None, + service_name: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs']]] method_selectors: API methods or permissions to allow. Method or permission must belong to + the service specified by serviceName field. A single `MethodSelector` entry + with `*` specified for the method field will allow all methods AND + permissions for the service specified in `serviceName`. + Structure is documented below. + :param pulumi.Input[str] service_name: The name of the API whose methods or permissions the `IngressPolicy` or + `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + field set to `*` will allow all methods AND permissions for all services. + """ + if method_selectors is not None: + pulumi.set(__self__, "method_selectors", method_selectors) + if service_name is not None: + pulumi.set(__self__, "service_name", service_name) + + @property + @pulumi.getter(name="methodSelectors") + def method_selectors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs']]]]: + """ + API methods or permissions to allow. Method or permission must belong to + the service specified by serviceName field. A single `MethodSelector` entry + with `*` specified for the method field will allow all methods AND + permissions for the service specified in `serviceName`. + Structure is documented below. + """ + return pulumi.get(self, "method_selectors") + + @method_selectors.setter + def method_selectors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs']]]]): + pulumi.set(self, "method_selectors", value) + + @property + @pulumi.getter(name="serviceName") + def service_name(self) -> Optional[pulumi.Input[str]]: + """ + The name of the API whose methods or permissions the `IngressPolicy` or + `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + field set to `*` will allow all methods AND permissions for all services. + """ + return pulumi.get(self, "service_name") + + @service_name.setter + def service_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "service_name", value) + + +if not MYPY: + class ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgsDict(TypedDict): + method: NotRequired[pulumi.Input[str]] + """ + Value for method should be a valid method name for the corresponding + serviceName in `ApiOperation`. If `*` used as value for `method`, then + ALL methods and permissions are allowed. + """ + permission: NotRequired[pulumi.Input[str]] + """ + Value for permission should be a valid Cloud IAM permission for the + corresponding `serviceName` in `ApiOperation`. + """ +elif False: + ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs: + def __init__(__self__, *, + method: Optional[pulumi.Input[str]] = None, + permission: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] method: Value for method should be a valid method name for the corresponding + serviceName in `ApiOperation`. If `*` used as value for `method`, then + ALL methods and permissions are allowed. + :param pulumi.Input[str] permission: Value for permission should be a valid Cloud IAM permission for the + corresponding `serviceName` in `ApiOperation`. + """ + if method is not None: + pulumi.set(__self__, "method", method) + if permission is not None: + pulumi.set(__self__, "permission", permission) + + @property + @pulumi.getter + def method(self) -> Optional[pulumi.Input[str]]: + """ + Value for method should be a valid method name for the corresponding + serviceName in `ApiOperation`. If `*` used as value for `method`, then + ALL methods and permissions are allowed. + """ + return pulumi.get(self, "method") + + @method.setter + def method(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "method", value) + + @property + @pulumi.getter + def permission(self) -> Optional[pulumi.Input[str]]: + """ + Value for permission should be a valid Cloud IAM permission for the + corresponding `serviceName` in `ApiOperation`. + """ + return pulumi.get(self, "permission") + + @permission.setter + def permission(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "permission", value) + + if not MYPY: class ServicePerimeterEgressPolicyEgressFromArgsDict(TypedDict): identities: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] diff --git a/sdk/python/pulumi_gcp/accesscontextmanager/outputs.py b/sdk/python/pulumi_gcp/accesscontextmanager/outputs.py index af17a0a5e5..2b437ed6de 100644 --- a/sdk/python/pulumi_gcp/accesscontextmanager/outputs.py +++ b/sdk/python/pulumi_gcp/accesscontextmanager/outputs.py @@ -39,6 +39,16 @@ 'AccessLevelsAccessLevelCustomExpr', 'AccessPolicyIamBindingCondition', 'AccessPolicyIamMemberCondition', + 'ServicePerimeterDryRunEgressPolicyEgressFrom', + 'ServicePerimeterDryRunEgressPolicyEgressFromSource', + 'ServicePerimeterDryRunEgressPolicyEgressTo', + 'ServicePerimeterDryRunEgressPolicyEgressToOperation', + 'ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector', + 'ServicePerimeterDryRunIngressPolicyIngressFrom', + 'ServicePerimeterDryRunIngressPolicyIngressFromSource', + 'ServicePerimeterDryRunIngressPolicyIngressTo', + 'ServicePerimeterDryRunIngressPolicyIngressToOperation', + 'ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector', 'ServicePerimeterEgressPolicyEgressFrom', 'ServicePerimeterEgressPolicyEgressFromSource', 'ServicePerimeterEgressPolicyEgressTo', @@ -1645,6 +1655,597 @@ def description(self) -> Optional[str]: return pulumi.get(self, "description") +@pulumi.output_type +class ServicePerimeterDryRunEgressPolicyEgressFrom(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "identityType": + suggest = "identity_type" + elif key == "sourceRestriction": + suggest = "source_restriction" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ServicePerimeterDryRunEgressPolicyEgressFrom. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ServicePerimeterDryRunEgressPolicyEgressFrom.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ServicePerimeterDryRunEgressPolicyEgressFrom.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + identities: Optional[Sequence[str]] = None, + identity_type: Optional[str] = None, + source_restriction: Optional[str] = None, + sources: Optional[Sequence['outputs.ServicePerimeterDryRunEgressPolicyEgressFromSource']] = None): + """ + :param Sequence[str] identities: A list of identities that are allowed access through this `EgressPolicy`. + Should be in the format of email address. The email address should + represent individual user or service account only. + :param str identity_type: Specifies the type of identities that are allowed access to outside the + perimeter. If left unspecified, then members of `identities` field will + be allowed access. + Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + :param str source_restriction: Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. + Possible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`. + :param Sequence['ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs'] sources: Sources that this EgressPolicy authorizes access from. + Structure is documented below. + """ + if identities is not None: + pulumi.set(__self__, "identities", identities) + if identity_type is not None: + pulumi.set(__self__, "identity_type", identity_type) + if source_restriction is not None: + pulumi.set(__self__, "source_restriction", source_restriction) + if sources is not None: + pulumi.set(__self__, "sources", sources) + + @property + @pulumi.getter + def identities(self) -> Optional[Sequence[str]]: + """ + A list of identities that are allowed access through this `EgressPolicy`. + Should be in the format of email address. The email address should + represent individual user or service account only. + """ + return pulumi.get(self, "identities") + + @property + @pulumi.getter(name="identityType") + def identity_type(self) -> Optional[str]: + """ + Specifies the type of identities that are allowed access to outside the + perimeter. If left unspecified, then members of `identities` field will + be allowed access. + Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + """ + return pulumi.get(self, "identity_type") + + @property + @pulumi.getter(name="sourceRestriction") + def source_restriction(self) -> Optional[str]: + """ + Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. + Possible values are: `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`. + """ + return pulumi.get(self, "source_restriction") + + @property + @pulumi.getter + def sources(self) -> Optional[Sequence['outputs.ServicePerimeterDryRunEgressPolicyEgressFromSource']]: + """ + Sources that this EgressPolicy authorizes access from. + Structure is documented below. + """ + return pulumi.get(self, "sources") + + +@pulumi.output_type +class ServicePerimeterDryRunEgressPolicyEgressFromSource(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "accessLevel": + suggest = "access_level" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ServicePerimeterDryRunEgressPolicyEgressFromSource. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ServicePerimeterDryRunEgressPolicyEgressFromSource.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ServicePerimeterDryRunEgressPolicyEgressFromSource.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + access_level: Optional[str] = None): + """ + :param str access_level: An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside. + """ + if access_level is not None: + pulumi.set(__self__, "access_level", access_level) + + @property + @pulumi.getter(name="accessLevel") + def access_level(self) -> Optional[str]: + """ + An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside. + """ + return pulumi.get(self, "access_level") + + +@pulumi.output_type +class ServicePerimeterDryRunEgressPolicyEgressTo(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "externalResources": + suggest = "external_resources" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ServicePerimeterDryRunEgressPolicyEgressTo. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ServicePerimeterDryRunEgressPolicyEgressTo.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ServicePerimeterDryRunEgressPolicyEgressTo.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + external_resources: Optional[Sequence[str]] = None, + operations: Optional[Sequence['outputs.ServicePerimeterDryRunEgressPolicyEgressToOperation']] = None, + resources: Optional[Sequence[str]] = None): + """ + :param Sequence[str] external_resources: A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + :param Sequence['ServicePerimeterDryRunEgressPolicyEgressToOperationArgs'] operations: A list of `ApiOperations` that this egress rule applies to. A request matches + if it contains an operation/service in this list. + Structure is documented below. + :param Sequence[str] resources: A list of resources, currently only projects in the form + `projects/`, that match this to stanza. A request matches + if it contains a resource in this list. If * is specified for resources, + then this `EgressTo` rule will authorize access to all resources outside + the perimeter. + """ + if external_resources is not None: + pulumi.set(__self__, "external_resources", external_resources) + if operations is not None: + pulumi.set(__self__, "operations", operations) + if resources is not None: + pulumi.set(__self__, "resources", resources) + + @property + @pulumi.getter(name="externalResources") + def external_resources(self) -> Optional[Sequence[str]]: + """ + A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + """ + return pulumi.get(self, "external_resources") + + @property + @pulumi.getter + def operations(self) -> Optional[Sequence['outputs.ServicePerimeterDryRunEgressPolicyEgressToOperation']]: + """ + A list of `ApiOperations` that this egress rule applies to. A request matches + if it contains an operation/service in this list. + Structure is documented below. + """ + return pulumi.get(self, "operations") + + @property + @pulumi.getter + def resources(self) -> Optional[Sequence[str]]: + """ + A list of resources, currently only projects in the form + `projects/`, that match this to stanza. A request matches + if it contains a resource in this list. If * is specified for resources, + then this `EgressTo` rule will authorize access to all resources outside + the perimeter. + """ + return pulumi.get(self, "resources") + + +@pulumi.output_type +class ServicePerimeterDryRunEgressPolicyEgressToOperation(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "methodSelectors": + suggest = "method_selectors" + elif key == "serviceName": + suggest = "service_name" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ServicePerimeterDryRunEgressPolicyEgressToOperation. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ServicePerimeterDryRunEgressPolicyEgressToOperation.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ServicePerimeterDryRunEgressPolicyEgressToOperation.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + method_selectors: Optional[Sequence['outputs.ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector']] = None, + service_name: Optional[str] = None): + """ + :param Sequence['ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelectorArgs'] method_selectors: API methods or permissions to allow. Method or permission must belong + to the service specified by `serviceName` field. A single MethodSelector + entry with `*` specified for the `method` field will allow all methods + AND permissions for the service specified in `serviceName`. + Structure is documented below. + :param str service_name: The name of the API whose methods or permissions the `IngressPolicy` or + `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + field set to `*` will allow all methods AND permissions for all services. + """ + if method_selectors is not None: + pulumi.set(__self__, "method_selectors", method_selectors) + if service_name is not None: + pulumi.set(__self__, "service_name", service_name) + + @property + @pulumi.getter(name="methodSelectors") + def method_selectors(self) -> Optional[Sequence['outputs.ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector']]: + """ + API methods or permissions to allow. Method or permission must belong + to the service specified by `serviceName` field. A single MethodSelector + entry with `*` specified for the `method` field will allow all methods + AND permissions for the service specified in `serviceName`. + Structure is documented below. + """ + return pulumi.get(self, "method_selectors") + + @property + @pulumi.getter(name="serviceName") + def service_name(self) -> Optional[str]: + """ + The name of the API whose methods or permissions the `IngressPolicy` or + `EgressPolicy` want to allow. A single `ApiOperation` with serviceName + field set to `*` will allow all methods AND permissions for all services. + """ + return pulumi.get(self, "service_name") + + +@pulumi.output_type +class ServicePerimeterDryRunEgressPolicyEgressToOperationMethodSelector(dict): + def __init__(__self__, *, + method: Optional[str] = None, + permission: Optional[str] = None): + """ + :param str method: Value for `method` should be a valid method name for the corresponding + `serviceName` in `ApiOperation`. If `*` used as value for method, + then ALL methods and permissions are allowed. + :param str permission: Value for permission should be a valid Cloud IAM permission for the + corresponding `serviceName` in `ApiOperation`. + """ + if method is not None: + pulumi.set(__self__, "method", method) + if permission is not None: + pulumi.set(__self__, "permission", permission) + + @property + @pulumi.getter + def method(self) -> Optional[str]: + """ + Value for `method` should be a valid method name for the corresponding + `serviceName` in `ApiOperation`. If `*` used as value for method, + then ALL methods and permissions are allowed. + """ + return pulumi.get(self, "method") + + @property + @pulumi.getter + def permission(self) -> Optional[str]: + """ + Value for permission should be a valid Cloud IAM permission for the + corresponding `serviceName` in `ApiOperation`. + """ + return pulumi.get(self, "permission") + + +@pulumi.output_type +class ServicePerimeterDryRunIngressPolicyIngressFrom(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "identityType": + suggest = "identity_type" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ServicePerimeterDryRunIngressPolicyIngressFrom. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ServicePerimeterDryRunIngressPolicyIngressFrom.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ServicePerimeterDryRunIngressPolicyIngressFrom.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + identities: Optional[Sequence[str]] = None, + identity_type: Optional[str] = None, + sources: Optional[Sequence['outputs.ServicePerimeterDryRunIngressPolicyIngressFromSource']] = None): + """ + :param Sequence[str] identities: A list of identities that are allowed access through this ingress policy. + Should be in the format of email address. The email address should represent + individual user or service account only. + :param str identity_type: Specifies the type of identities that are allowed access from outside the + perimeter. If left unspecified, then members of `identities` field will be + allowed access. + Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + :param Sequence['ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs'] sources: Sources that this `IngressPolicy` authorizes access from. + Structure is documented below. + """ + if identities is not None: + pulumi.set(__self__, "identities", identities) + if identity_type is not None: + pulumi.set(__self__, "identity_type", identity_type) + if sources is not None: + pulumi.set(__self__, "sources", sources) + + @property + @pulumi.getter + def identities(self) -> Optional[Sequence[str]]: + """ + A list of identities that are allowed access through this ingress policy. + Should be in the format of email address. The email address should represent + individual user or service account only. + """ + return pulumi.get(self, "identities") + + @property + @pulumi.getter(name="identityType") + def identity_type(self) -> Optional[str]: + """ + Specifies the type of identities that are allowed access from outside the + perimeter. If left unspecified, then members of `identities` field will be + allowed access. + Possible values are: `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`. + """ + return pulumi.get(self, "identity_type") + + @property + @pulumi.getter + def sources(self) -> Optional[Sequence['outputs.ServicePerimeterDryRunIngressPolicyIngressFromSource']]: + """ + Sources that this `IngressPolicy` authorizes access from. + Structure is documented below. + """ + return pulumi.get(self, "sources") + + +@pulumi.output_type +class ServicePerimeterDryRunIngressPolicyIngressFromSource(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "accessLevel": + suggest = "access_level" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ServicePerimeterDryRunIngressPolicyIngressFromSource. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ServicePerimeterDryRunIngressPolicyIngressFromSource.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ServicePerimeterDryRunIngressPolicyIngressFromSource.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + access_level: Optional[str] = None, + resource: Optional[str] = None): + """ + :param str access_level: An `AccessLevel` resource name that allow resources within the + `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + resources within the perimeter can only be accessed via Google Cloud calls + with request origins within the perimeter. + Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + If * is specified, then all IngressSources will be allowed. + :param str resource: A Google Cloud resource that is allowed to ingress the perimeter. + Requests from these resources will be allowed to access perimeter data. + Currently only projects are allowed. Format `projects/{project_number}` + The project may be in any Google Cloud organization, not just the + organization that the perimeter is defined in. `*` is not allowed, the case + of allowing all Google Cloud resources only is not supported. + """ + if access_level is not None: + pulumi.set(__self__, "access_level", access_level) + if resource is not None: + pulumi.set(__self__, "resource", resource) + + @property + @pulumi.getter(name="accessLevel") + def access_level(self) -> Optional[str]: + """ + An `AccessLevel` resource name that allow resources within the + `ServicePerimeters` to be accessed from the internet. `AccessLevels` listed + must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent + `AccessLevel` will cause an error. If no `AccessLevel` names are listed, + resources within the perimeter can only be accessed via Google Cloud calls + with request origins within the perimeter. + Example `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.` + If * is specified, then all IngressSources will be allowed. + """ + return pulumi.get(self, "access_level") + + @property + @pulumi.getter + def resource(self) -> Optional[str]: + """ + A Google Cloud resource that is allowed to ingress the perimeter. + Requests from these resources will be allowed to access perimeter data. + Currently only projects are allowed. Format `projects/{project_number}` + The project may be in any Google Cloud organization, not just the + organization that the perimeter is defined in. `*` is not allowed, the case + of allowing all Google Cloud resources only is not supported. + """ + return pulumi.get(self, "resource") + + +@pulumi.output_type +class ServicePerimeterDryRunIngressPolicyIngressTo(dict): + def __init__(__self__, *, + operations: Optional[Sequence['outputs.ServicePerimeterDryRunIngressPolicyIngressToOperation']] = None, + resources: Optional[Sequence[str]] = None): + """ + :param Sequence['ServicePerimeterDryRunIngressPolicyIngressToOperationArgs'] operations: A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + are allowed to perform in this `ServicePerimeter`. + Structure is documented below. + :param Sequence[str] resources: A list of resources, currently only projects in the form + `projects/`, protected by this `ServicePerimeter` + that are allowed to be accessed by sources defined in the + corresponding `IngressFrom`. A request matches if it contains + a resource in this list. If `*` is specified for resources, + then this `IngressTo` rule will authorize access to all + resources inside the perimeter, provided that the request + also matches the `operations` field. + """ + if operations is not None: + pulumi.set(__self__, "operations", operations) + if resources is not None: + pulumi.set(__self__, "resources", resources) + + @property + @pulumi.getter + def operations(self) -> Optional[Sequence['outputs.ServicePerimeterDryRunIngressPolicyIngressToOperation']]: + """ + A list of `ApiOperations` the sources specified in corresponding `IngressFrom` + are allowed to perform in this `ServicePerimeter`. + Structure is documented below. + """ + return pulumi.get(self, "operations") + + @property + @pulumi.getter + def resources(self) -> Optional[Sequence[str]]: + """ + A list of resources, currently only projects in the form + `projects/`, protected by this `ServicePerimeter` + that are allowed to be accessed by sources defined in the + corresponding `IngressFrom`. A request matches if it contains + a resource in this list. If `*` is specified for resources, + then this `IngressTo` rule will authorize access to all + resources inside the perimeter, provided that the request + also matches the `operations` field. + """ + return pulumi.get(self, "resources") + + +@pulumi.output_type +class ServicePerimeterDryRunIngressPolicyIngressToOperation(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "methodSelectors": + suggest = "method_selectors" + elif key == "serviceName": + suggest = "service_name" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ServicePerimeterDryRunIngressPolicyIngressToOperation. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ServicePerimeterDryRunIngressPolicyIngressToOperation.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ServicePerimeterDryRunIngressPolicyIngressToOperation.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + method_selectors: Optional[Sequence['outputs.ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector']] = None, + service_name: Optional[str] = None): + """ + :param Sequence['ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs'] method_selectors: API methods or permissions to allow. Method or permission must belong to + the service specified by serviceName field. A single `MethodSelector` entry + with `*` specified for the method field will allow all methods AND + permissions for the service specified in `serviceName`. + Structure is documented below. + :param str service_name: The name of the API whose methods or permissions the `IngressPolicy` or + `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + field set to `*` will allow all methods AND permissions for all services. + """ + if method_selectors is not None: + pulumi.set(__self__, "method_selectors", method_selectors) + if service_name is not None: + pulumi.set(__self__, "service_name", service_name) + + @property + @pulumi.getter(name="methodSelectors") + def method_selectors(self) -> Optional[Sequence['outputs.ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector']]: + """ + API methods or permissions to allow. Method or permission must belong to + the service specified by serviceName field. A single `MethodSelector` entry + with `*` specified for the method field will allow all methods AND + permissions for the service specified in `serviceName`. + Structure is documented below. + """ + return pulumi.get(self, "method_selectors") + + @property + @pulumi.getter(name="serviceName") + def service_name(self) -> Optional[str]: + """ + The name of the API whose methods or permissions the `IngressPolicy` or + `EgressPolicy` want to allow. A single `ApiOperation` with `serviceName` + field set to `*` will allow all methods AND permissions for all services. + """ + return pulumi.get(self, "service_name") + + +@pulumi.output_type +class ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector(dict): + def __init__(__self__, *, + method: Optional[str] = None, + permission: Optional[str] = None): + """ + :param str method: Value for method should be a valid method name for the corresponding + serviceName in `ApiOperation`. If `*` used as value for `method`, then + ALL methods and permissions are allowed. + :param str permission: Value for permission should be a valid Cloud IAM permission for the + corresponding `serviceName` in `ApiOperation`. + """ + if method is not None: + pulumi.set(__self__, "method", method) + if permission is not None: + pulumi.set(__self__, "permission", permission) + + @property + @pulumi.getter + def method(self) -> Optional[str]: + """ + Value for method should be a valid method name for the corresponding + serviceName in `ApiOperation`. If `*` used as value for `method`, then + ALL methods and permissions are allowed. + """ + return pulumi.get(self, "method") + + @property + @pulumi.getter + def permission(self) -> Optional[str]: + """ + Value for permission should be a valid Cloud IAM permission for the + corresponding `serviceName` in `ApiOperation`. + """ + return pulumi.get(self, "permission") + + @pulumi.output_type class ServicePerimeterEgressPolicyEgressFrom(dict): @staticmethod diff --git a/sdk/python/pulumi_gcp/accesscontextmanager/service_perimeter_dry_run_egress_policy.py b/sdk/python/pulumi_gcp/accesscontextmanager/service_perimeter_dry_run_egress_policy.py new file mode 100644 index 0000000000..c6509f2be9 --- /dev/null +++ b/sdk/python/pulumi_gcp/accesscontextmanager/service_perimeter_dry_run_egress_policy.py @@ -0,0 +1,323 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities +from . import outputs +from ._inputs import * + +__all__ = ['ServicePerimeterDryRunEgressPolicyArgs', 'ServicePerimeterDryRunEgressPolicy'] + +@pulumi.input_type +class ServicePerimeterDryRunEgressPolicyArgs: + def __init__(__self__, *, + perimeter: pulumi.Input[str], + egress_from: Optional[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressFromArgs']] = None, + egress_to: Optional[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressToArgs']] = None): + """ + The set of arguments for constructing a ServicePerimeterDryRunEgressPolicy resource. + :param pulumi.Input[str] perimeter: The name of the Service Perimeter to add this resource to. + + + - - - + :param pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressFromArgs'] egress_from: Defines conditions on the source of a request causing this `EgressPolicy` to apply. + Structure is documented below. + :param pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressToArgs'] egress_to: Defines the conditions on the `ApiOperation` and destination resources that + cause this `EgressPolicy` to apply. + Structure is documented below. + """ + pulumi.set(__self__, "perimeter", perimeter) + if egress_from is not None: + pulumi.set(__self__, "egress_from", egress_from) + if egress_to is not None: + pulumi.set(__self__, "egress_to", egress_to) + + @property + @pulumi.getter + def perimeter(self) -> pulumi.Input[str]: + """ + The name of the Service Perimeter to add this resource to. + + + - - - + """ + return pulumi.get(self, "perimeter") + + @perimeter.setter + def perimeter(self, value: pulumi.Input[str]): + pulumi.set(self, "perimeter", value) + + @property + @pulumi.getter(name="egressFrom") + def egress_from(self) -> Optional[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressFromArgs']]: + """ + Defines conditions on the source of a request causing this `EgressPolicy` to apply. + Structure is documented below. + """ + return pulumi.get(self, "egress_from") + + @egress_from.setter + def egress_from(self, value: Optional[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressFromArgs']]): + pulumi.set(self, "egress_from", value) + + @property + @pulumi.getter(name="egressTo") + def egress_to(self) -> Optional[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressToArgs']]: + """ + Defines the conditions on the `ApiOperation` and destination resources that + cause this `EgressPolicy` to apply. + Structure is documented below. + """ + return pulumi.get(self, "egress_to") + + @egress_to.setter + def egress_to(self, value: Optional[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressToArgs']]): + pulumi.set(self, "egress_to", value) + + +@pulumi.input_type +class _ServicePerimeterDryRunEgressPolicyState: + def __init__(__self__, *, + egress_from: Optional[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressFromArgs']] = None, + egress_to: Optional[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressToArgs']] = None, + perimeter: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering ServicePerimeterDryRunEgressPolicy resources. + :param pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressFromArgs'] egress_from: Defines conditions on the source of a request causing this `EgressPolicy` to apply. + Structure is documented below. + :param pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressToArgs'] egress_to: Defines the conditions on the `ApiOperation` and destination resources that + cause this `EgressPolicy` to apply. + Structure is documented below. + :param pulumi.Input[str] perimeter: The name of the Service Perimeter to add this resource to. + + + - - - + """ + if egress_from is not None: + pulumi.set(__self__, "egress_from", egress_from) + if egress_to is not None: + pulumi.set(__self__, "egress_to", egress_to) + if perimeter is not None: + pulumi.set(__self__, "perimeter", perimeter) + + @property + @pulumi.getter(name="egressFrom") + def egress_from(self) -> Optional[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressFromArgs']]: + """ + Defines conditions on the source of a request causing this `EgressPolicy` to apply. + Structure is documented below. + """ + return pulumi.get(self, "egress_from") + + @egress_from.setter + def egress_from(self, value: Optional[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressFromArgs']]): + pulumi.set(self, "egress_from", value) + + @property + @pulumi.getter(name="egressTo") + def egress_to(self) -> Optional[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressToArgs']]: + """ + Defines the conditions on the `ApiOperation` and destination resources that + cause this `EgressPolicy` to apply. + Structure is documented below. + """ + return pulumi.get(self, "egress_to") + + @egress_to.setter + def egress_to(self, value: Optional[pulumi.Input['ServicePerimeterDryRunEgressPolicyEgressToArgs']]): + pulumi.set(self, "egress_to", value) + + @property + @pulumi.getter + def perimeter(self) -> Optional[pulumi.Input[str]]: + """ + The name of the Service Perimeter to add this resource to. + + + - - - + """ + return pulumi.get(self, "perimeter") + + @perimeter.setter + def perimeter(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "perimeter", value) + + +class ServicePerimeterDryRunEgressPolicy(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + egress_from: Optional[pulumi.Input[Union['ServicePerimeterDryRunEgressPolicyEgressFromArgs', 'ServicePerimeterDryRunEgressPolicyEgressFromArgsDict']]] = None, + egress_to: Optional[pulumi.Input[Union['ServicePerimeterDryRunEgressPolicyEgressToArgs', 'ServicePerimeterDryRunEgressPolicyEgressToArgsDict']]] = None, + perimeter: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + Manage a single EgressPolicy in the spec (dry-run) configuration for a service perimeter. + EgressPolicies match requests based on egressFrom and egressTo stanzas. + For an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched. + If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter + boundary. For example, an EgressPolicy can be used to allow VMs on networks + within the ServicePerimeter to access a defined set of projects outside the + perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket + or query against a BigQuery dataset). + + > **Note:** By default, updates to this resource will remove the EgressPolicy from the + from the perimeter and add it back in a non-atomic manner. To ensure that the new EgressPolicy + is added before the old one is removed, add a `lifecycle` block with `create_before_destroy = true` to this resource. + + To get more information about ServicePerimeterDryRunEgressPolicy, see: + + * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#egresspolicy) + + ## Example Usage + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Union['ServicePerimeterDryRunEgressPolicyEgressFromArgs', 'ServicePerimeterDryRunEgressPolicyEgressFromArgsDict']] egress_from: Defines conditions on the source of a request causing this `EgressPolicy` to apply. + Structure is documented below. + :param pulumi.Input[Union['ServicePerimeterDryRunEgressPolicyEgressToArgs', 'ServicePerimeterDryRunEgressPolicyEgressToArgsDict']] egress_to: Defines the conditions on the `ApiOperation` and destination resources that + cause this `EgressPolicy` to apply. + Structure is documented below. + :param pulumi.Input[str] perimeter: The name of the Service Perimeter to add this resource to. + + + - - - + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: ServicePerimeterDryRunEgressPolicyArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Manage a single EgressPolicy in the spec (dry-run) configuration for a service perimeter. + EgressPolicies match requests based on egressFrom and egressTo stanzas. + For an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched. + If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter + boundary. For example, an EgressPolicy can be used to allow VMs on networks + within the ServicePerimeter to access a defined set of projects outside the + perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket + or query against a BigQuery dataset). + + > **Note:** By default, updates to this resource will remove the EgressPolicy from the + from the perimeter and add it back in a non-atomic manner. To ensure that the new EgressPolicy + is added before the old one is removed, add a `lifecycle` block with `create_before_destroy = true` to this resource. + + To get more information about ServicePerimeterDryRunEgressPolicy, see: + + * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#egresspolicy) + + ## Example Usage + + :param str resource_name: The name of the resource. + :param ServicePerimeterDryRunEgressPolicyArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(ServicePerimeterDryRunEgressPolicyArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + egress_from: Optional[pulumi.Input[Union['ServicePerimeterDryRunEgressPolicyEgressFromArgs', 'ServicePerimeterDryRunEgressPolicyEgressFromArgsDict']]] = None, + egress_to: Optional[pulumi.Input[Union['ServicePerimeterDryRunEgressPolicyEgressToArgs', 'ServicePerimeterDryRunEgressPolicyEgressToArgsDict']]] = None, + perimeter: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = ServicePerimeterDryRunEgressPolicyArgs.__new__(ServicePerimeterDryRunEgressPolicyArgs) + + __props__.__dict__["egress_from"] = egress_from + __props__.__dict__["egress_to"] = egress_to + if perimeter is None and not opts.urn: + raise TypeError("Missing required property 'perimeter'") + __props__.__dict__["perimeter"] = perimeter + super(ServicePerimeterDryRunEgressPolicy, __self__).__init__( + 'gcp:accesscontextmanager/servicePerimeterDryRunEgressPolicy:ServicePerimeterDryRunEgressPolicy', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + egress_from: Optional[pulumi.Input[Union['ServicePerimeterDryRunEgressPolicyEgressFromArgs', 'ServicePerimeterDryRunEgressPolicyEgressFromArgsDict']]] = None, + egress_to: Optional[pulumi.Input[Union['ServicePerimeterDryRunEgressPolicyEgressToArgs', 'ServicePerimeterDryRunEgressPolicyEgressToArgsDict']]] = None, + perimeter: Optional[pulumi.Input[str]] = None) -> 'ServicePerimeterDryRunEgressPolicy': + """ + Get an existing ServicePerimeterDryRunEgressPolicy resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Union['ServicePerimeterDryRunEgressPolicyEgressFromArgs', 'ServicePerimeterDryRunEgressPolicyEgressFromArgsDict']] egress_from: Defines conditions on the source of a request causing this `EgressPolicy` to apply. + Structure is documented below. + :param pulumi.Input[Union['ServicePerimeterDryRunEgressPolicyEgressToArgs', 'ServicePerimeterDryRunEgressPolicyEgressToArgsDict']] egress_to: Defines the conditions on the `ApiOperation` and destination resources that + cause this `EgressPolicy` to apply. + Structure is documented below. + :param pulumi.Input[str] perimeter: The name of the Service Perimeter to add this resource to. + + + - - - + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _ServicePerimeterDryRunEgressPolicyState.__new__(_ServicePerimeterDryRunEgressPolicyState) + + __props__.__dict__["egress_from"] = egress_from + __props__.__dict__["egress_to"] = egress_to + __props__.__dict__["perimeter"] = perimeter + return ServicePerimeterDryRunEgressPolicy(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="egressFrom") + def egress_from(self) -> pulumi.Output[Optional['outputs.ServicePerimeterDryRunEgressPolicyEgressFrom']]: + """ + Defines conditions on the source of a request causing this `EgressPolicy` to apply. + Structure is documented below. + """ + return pulumi.get(self, "egress_from") + + @property + @pulumi.getter(name="egressTo") + def egress_to(self) -> pulumi.Output[Optional['outputs.ServicePerimeterDryRunEgressPolicyEgressTo']]: + """ + Defines the conditions on the `ApiOperation` and destination resources that + cause this `EgressPolicy` to apply. + Structure is documented below. + """ + return pulumi.get(self, "egress_to") + + @property + @pulumi.getter + def perimeter(self) -> pulumi.Output[str]: + """ + The name of the Service Perimeter to add this resource to. + + + - - - + """ + return pulumi.get(self, "perimeter") + diff --git a/sdk/python/pulumi_gcp/accesscontextmanager/service_perimeter_dry_run_ingress_policy.py b/sdk/python/pulumi_gcp/accesscontextmanager/service_perimeter_dry_run_ingress_policy.py new file mode 100644 index 0000000000..20bd014505 --- /dev/null +++ b/sdk/python/pulumi_gcp/accesscontextmanager/service_perimeter_dry_run_ingress_policy.py @@ -0,0 +1,332 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities +from . import outputs +from ._inputs import * + +__all__ = ['ServicePerimeterDryRunIngressPolicyArgs', 'ServicePerimeterDryRunIngressPolicy'] + +@pulumi.input_type +class ServicePerimeterDryRunIngressPolicyArgs: + def __init__(__self__, *, + perimeter: pulumi.Input[str], + ingress_from: Optional[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressFromArgs']] = None, + ingress_to: Optional[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressToArgs']] = None): + """ + The set of arguments for constructing a ServicePerimeterDryRunIngressPolicy resource. + :param pulumi.Input[str] perimeter: The name of the Service Perimeter to add this resource to. + + + - - - + :param pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressFromArgs'] ingress_from: Defines the conditions on the source of a request causing this `IngressPolicy` + to apply. + Structure is documented below. + :param pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressToArgs'] ingress_to: Defines the conditions on the `ApiOperation` and request destination that cause + this `IngressPolicy` to apply. + Structure is documented below. + """ + pulumi.set(__self__, "perimeter", perimeter) + if ingress_from is not None: + pulumi.set(__self__, "ingress_from", ingress_from) + if ingress_to is not None: + pulumi.set(__self__, "ingress_to", ingress_to) + + @property + @pulumi.getter + def perimeter(self) -> pulumi.Input[str]: + """ + The name of the Service Perimeter to add this resource to. + + + - - - + """ + return pulumi.get(self, "perimeter") + + @perimeter.setter + def perimeter(self, value: pulumi.Input[str]): + pulumi.set(self, "perimeter", value) + + @property + @pulumi.getter(name="ingressFrom") + def ingress_from(self) -> Optional[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressFromArgs']]: + """ + Defines the conditions on the source of a request causing this `IngressPolicy` + to apply. + Structure is documented below. + """ + return pulumi.get(self, "ingress_from") + + @ingress_from.setter + def ingress_from(self, value: Optional[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressFromArgs']]): + pulumi.set(self, "ingress_from", value) + + @property + @pulumi.getter(name="ingressTo") + def ingress_to(self) -> Optional[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressToArgs']]: + """ + Defines the conditions on the `ApiOperation` and request destination that cause + this `IngressPolicy` to apply. + Structure is documented below. + """ + return pulumi.get(self, "ingress_to") + + @ingress_to.setter + def ingress_to(self, value: Optional[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressToArgs']]): + pulumi.set(self, "ingress_to", value) + + +@pulumi.input_type +class _ServicePerimeterDryRunIngressPolicyState: + def __init__(__self__, *, + ingress_from: Optional[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressFromArgs']] = None, + ingress_to: Optional[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressToArgs']] = None, + perimeter: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering ServicePerimeterDryRunIngressPolicy resources. + :param pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressFromArgs'] ingress_from: Defines the conditions on the source of a request causing this `IngressPolicy` + to apply. + Structure is documented below. + :param pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressToArgs'] ingress_to: Defines the conditions on the `ApiOperation` and request destination that cause + this `IngressPolicy` to apply. + Structure is documented below. + :param pulumi.Input[str] perimeter: The name of the Service Perimeter to add this resource to. + + + - - - + """ + if ingress_from is not None: + pulumi.set(__self__, "ingress_from", ingress_from) + if ingress_to is not None: + pulumi.set(__self__, "ingress_to", ingress_to) + if perimeter is not None: + pulumi.set(__self__, "perimeter", perimeter) + + @property + @pulumi.getter(name="ingressFrom") + def ingress_from(self) -> Optional[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressFromArgs']]: + """ + Defines the conditions on the source of a request causing this `IngressPolicy` + to apply. + Structure is documented below. + """ + return pulumi.get(self, "ingress_from") + + @ingress_from.setter + def ingress_from(self, value: Optional[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressFromArgs']]): + pulumi.set(self, "ingress_from", value) + + @property + @pulumi.getter(name="ingressTo") + def ingress_to(self) -> Optional[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressToArgs']]: + """ + Defines the conditions on the `ApiOperation` and request destination that cause + this `IngressPolicy` to apply. + Structure is documented below. + """ + return pulumi.get(self, "ingress_to") + + @ingress_to.setter + def ingress_to(self, value: Optional[pulumi.Input['ServicePerimeterDryRunIngressPolicyIngressToArgs']]): + pulumi.set(self, "ingress_to", value) + + @property + @pulumi.getter + def perimeter(self) -> Optional[pulumi.Input[str]]: + """ + The name of the Service Perimeter to add this resource to. + + + - - - + """ + return pulumi.get(self, "perimeter") + + @perimeter.setter + def perimeter(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "perimeter", value) + + +class ServicePerimeterDryRunIngressPolicy(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + ingress_from: Optional[pulumi.Input[Union['ServicePerimeterDryRunIngressPolicyIngressFromArgs', 'ServicePerimeterDryRunIngressPolicyIngressFromArgsDict']]] = None, + ingress_to: Optional[pulumi.Input[Union['ServicePerimeterDryRunIngressPolicyIngressToArgs', 'ServicePerimeterDryRunIngressPolicyIngressToArgsDict']]] = None, + perimeter: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + Manage a single IngressPolicy in the spec (dry-run) configuration for a service perimeter. + IngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match, + both the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request, + the request is allowed through the perimeter boundary from outside the perimeter. + For example, access from the internet can be allowed either based on an AccessLevel or, + for traffic hosted on Google Cloud, the project of the source network. + For access from private networks, using the project of the hosting network is required. + Individual ingress policies can be limited by restricting which services and/ + or actions they match using the ingressTo field. + + > **Note:** By default, updates to this resource will remove the IngressPolicy from the + from the perimeter and add it back in a non-atomic manner. To ensure that the new IngressPolicy + is added before the old one is removed, add a `lifecycle` block with `create_before_destroy = true` to this resource. + + To get more information about ServicePerimeterDryRunIngressPolicy, see: + + * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#ingresspolicy) + + ## Example Usage + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Union['ServicePerimeterDryRunIngressPolicyIngressFromArgs', 'ServicePerimeterDryRunIngressPolicyIngressFromArgsDict']] ingress_from: Defines the conditions on the source of a request causing this `IngressPolicy` + to apply. + Structure is documented below. + :param pulumi.Input[Union['ServicePerimeterDryRunIngressPolicyIngressToArgs', 'ServicePerimeterDryRunIngressPolicyIngressToArgsDict']] ingress_to: Defines the conditions on the `ApiOperation` and request destination that cause + this `IngressPolicy` to apply. + Structure is documented below. + :param pulumi.Input[str] perimeter: The name of the Service Perimeter to add this resource to. + + + - - - + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: ServicePerimeterDryRunIngressPolicyArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Manage a single IngressPolicy in the spec (dry-run) configuration for a service perimeter. + IngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match, + both the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request, + the request is allowed through the perimeter boundary from outside the perimeter. + For example, access from the internet can be allowed either based on an AccessLevel or, + for traffic hosted on Google Cloud, the project of the source network. + For access from private networks, using the project of the hosting network is required. + Individual ingress policies can be limited by restricting which services and/ + or actions they match using the ingressTo field. + + > **Note:** By default, updates to this resource will remove the IngressPolicy from the + from the perimeter and add it back in a non-atomic manner. To ensure that the new IngressPolicy + is added before the old one is removed, add a `lifecycle` block with `create_before_destroy = true` to this resource. + + To get more information about ServicePerimeterDryRunIngressPolicy, see: + + * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#ingresspolicy) + + ## Example Usage + + :param str resource_name: The name of the resource. + :param ServicePerimeterDryRunIngressPolicyArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(ServicePerimeterDryRunIngressPolicyArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + ingress_from: Optional[pulumi.Input[Union['ServicePerimeterDryRunIngressPolicyIngressFromArgs', 'ServicePerimeterDryRunIngressPolicyIngressFromArgsDict']]] = None, + ingress_to: Optional[pulumi.Input[Union['ServicePerimeterDryRunIngressPolicyIngressToArgs', 'ServicePerimeterDryRunIngressPolicyIngressToArgsDict']]] = None, + perimeter: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = ServicePerimeterDryRunIngressPolicyArgs.__new__(ServicePerimeterDryRunIngressPolicyArgs) + + __props__.__dict__["ingress_from"] = ingress_from + __props__.__dict__["ingress_to"] = ingress_to + if perimeter is None and not opts.urn: + raise TypeError("Missing required property 'perimeter'") + __props__.__dict__["perimeter"] = perimeter + super(ServicePerimeterDryRunIngressPolicy, __self__).__init__( + 'gcp:accesscontextmanager/servicePerimeterDryRunIngressPolicy:ServicePerimeterDryRunIngressPolicy', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + ingress_from: Optional[pulumi.Input[Union['ServicePerimeterDryRunIngressPolicyIngressFromArgs', 'ServicePerimeterDryRunIngressPolicyIngressFromArgsDict']]] = None, + ingress_to: Optional[pulumi.Input[Union['ServicePerimeterDryRunIngressPolicyIngressToArgs', 'ServicePerimeterDryRunIngressPolicyIngressToArgsDict']]] = None, + perimeter: Optional[pulumi.Input[str]] = None) -> 'ServicePerimeterDryRunIngressPolicy': + """ + Get an existing ServicePerimeterDryRunIngressPolicy resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Union['ServicePerimeterDryRunIngressPolicyIngressFromArgs', 'ServicePerimeterDryRunIngressPolicyIngressFromArgsDict']] ingress_from: Defines the conditions on the source of a request causing this `IngressPolicy` + to apply. + Structure is documented below. + :param pulumi.Input[Union['ServicePerimeterDryRunIngressPolicyIngressToArgs', 'ServicePerimeterDryRunIngressPolicyIngressToArgsDict']] ingress_to: Defines the conditions on the `ApiOperation` and request destination that cause + this `IngressPolicy` to apply. + Structure is documented below. + :param pulumi.Input[str] perimeter: The name of the Service Perimeter to add this resource to. + + + - - - + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _ServicePerimeterDryRunIngressPolicyState.__new__(_ServicePerimeterDryRunIngressPolicyState) + + __props__.__dict__["ingress_from"] = ingress_from + __props__.__dict__["ingress_to"] = ingress_to + __props__.__dict__["perimeter"] = perimeter + return ServicePerimeterDryRunIngressPolicy(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="ingressFrom") + def ingress_from(self) -> pulumi.Output[Optional['outputs.ServicePerimeterDryRunIngressPolicyIngressFrom']]: + """ + Defines the conditions on the source of a request causing this `IngressPolicy` + to apply. + Structure is documented below. + """ + return pulumi.get(self, "ingress_from") + + @property + @pulumi.getter(name="ingressTo") + def ingress_to(self) -> pulumi.Output[Optional['outputs.ServicePerimeterDryRunIngressPolicyIngressTo']]: + """ + Defines the conditions on the `ApiOperation` and request destination that cause + this `IngressPolicy` to apply. + Structure is documented below. + """ + return pulumi.get(self, "ingress_to") + + @property + @pulumi.getter + def perimeter(self) -> pulumi.Output[str]: + """ + The name of the Service Perimeter to add this resource to. + + + - - - + """ + return pulumi.get(self, "perimeter") + diff --git a/sdk/python/pulumi_gcp/accesscontextmanager/service_perimeter_egress_policy.py b/sdk/python/pulumi_gcp/accesscontextmanager/service_perimeter_egress_policy.py index ade1fb76e1..51b0d160c6 100644 --- a/sdk/python/pulumi_gcp/accesscontextmanager/service_perimeter_egress_policy.py +++ b/sdk/python/pulumi_gcp/accesscontextmanager/service_perimeter_egress_policy.py @@ -163,6 +163,7 @@ def __init__(__self__, perimeter: Optional[pulumi.Input[str]] = None, __props__=None): """ + Manage a single EgressPolicy in the status (enforced) configuration for a service perimeter. EgressPolicies match requests based on egressFrom and egressTo stanzas. For an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched. If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter @@ -181,18 +182,6 @@ def __init__(__self__, ## Example Usage - ## Import - - ServicePerimeterEgressPolicy can be imported using any of these accepted formats: - - * `{{perimeter}}` - - When using the `pulumi import` command, ServicePerimeterEgressPolicy can be imported using one of the formats above. For example: - - ```sh - $ pulumi import gcp:accesscontextmanager/servicePerimeterEgressPolicy:ServicePerimeterEgressPolicy default {{perimeter}} - ``` - :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[Union['ServicePerimeterEgressPolicyEgressFromArgs', 'ServicePerimeterEgressPolicyEgressFromArgsDict']] egress_from: Defines conditions on the source of a request causing this `EgressPolicy` to apply. @@ -212,6 +201,7 @@ def __init__(__self__, args: ServicePerimeterEgressPolicyArgs, opts: Optional[pulumi.ResourceOptions] = None): """ + Manage a single EgressPolicy in the status (enforced) configuration for a service perimeter. EgressPolicies match requests based on egressFrom and egressTo stanzas. For an EgressPolicy to match, both egressFrom and egressTo stanzas must be matched. If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter @@ -230,18 +220,6 @@ def __init__(__self__, ## Example Usage - ## Import - - ServicePerimeterEgressPolicy can be imported using any of these accepted formats: - - * `{{perimeter}}` - - When using the `pulumi import` command, ServicePerimeterEgressPolicy can be imported using one of the formats above. For example: - - ```sh - $ pulumi import gcp:accesscontextmanager/servicePerimeterEgressPolicy:ServicePerimeterEgressPolicy default {{perimeter}} - ``` - :param str resource_name: The name of the resource. :param ServicePerimeterEgressPolicyArgs args: The arguments to use to populate this resource's properties. :param pulumi.ResourceOptions opts: Options for the resource. diff --git a/sdk/python/pulumi_gcp/accesscontextmanager/service_perimeter_ingress_policy.py b/sdk/python/pulumi_gcp/accesscontextmanager/service_perimeter_ingress_policy.py index 5c4a6799f6..d3613fc93f 100644 --- a/sdk/python/pulumi_gcp/accesscontextmanager/service_perimeter_ingress_policy.py +++ b/sdk/python/pulumi_gcp/accesscontextmanager/service_perimeter_ingress_policy.py @@ -167,6 +167,7 @@ def __init__(__self__, perimeter: Optional[pulumi.Input[str]] = None, __props__=None): """ + Manage a single IngressPolicy in the status (enforced) configuration for a service perimeter. IngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match, both the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request, the request is allowed through the perimeter boundary from outside the perimeter. @@ -186,18 +187,6 @@ def __init__(__self__, ## Example Usage - ## Import - - ServicePerimeterIngressPolicy can be imported using any of these accepted formats: - - * `{{perimeter}}` - - When using the `pulumi import` command, ServicePerimeterIngressPolicy can be imported using one of the formats above. For example: - - ```sh - $ pulumi import gcp:accesscontextmanager/servicePerimeterIngressPolicy:ServicePerimeterIngressPolicy default {{perimeter}} - ``` - :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[Union['ServicePerimeterIngressPolicyIngressFromArgs', 'ServicePerimeterIngressPolicyIngressFromArgsDict']] ingress_from: Defines the conditions on the source of a request causing this `IngressPolicy` @@ -218,6 +207,7 @@ def __init__(__self__, args: ServicePerimeterIngressPolicyArgs, opts: Optional[pulumi.ResourceOptions] = None): """ + Manage a single IngressPolicy in the status (enforced) configuration for a service perimeter. IngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match, both the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request, the request is allowed through the perimeter boundary from outside the perimeter. @@ -237,18 +227,6 @@ def __init__(__self__, ## Example Usage - ## Import - - ServicePerimeterIngressPolicy can be imported using any of these accepted formats: - - * `{{perimeter}}` - - When using the `pulumi import` command, ServicePerimeterIngressPolicy can be imported using one of the formats above. For example: - - ```sh - $ pulumi import gcp:accesscontextmanager/servicePerimeterIngressPolicy:ServicePerimeterIngressPolicy default {{perimeter}} - ``` - :param str resource_name: The name of the resource. :param ServicePerimeterIngressPolicyArgs args: The arguments to use to populate this resource's properties. :param pulumi.ResourceOptions opts: Options for the resource. diff --git a/sdk/python/pulumi_gcp/applicationintegration/client.py b/sdk/python/pulumi_gcp/applicationintegration/client.py index f070815903..e64c2298f1 100644 --- a/sdk/python/pulumi_gcp/applicationintegration/client.py +++ b/sdk/python/pulumi_gcp/applicationintegration/client.py @@ -366,7 +366,7 @@ def __init__(__self__, rotation_period="7776000s") test_key = gcp.kms.CryptoKeyVersion("test_key", crypto_key=cryptokey.id) service_account = gcp.serviceaccount.Account("service_account", - account_id="service-account-id", + account_id="my-service-acc", display_name="Service Account") example = gcp.applicationintegration.Client("example", location="us-east1", @@ -468,7 +468,7 @@ def __init__(__self__, rotation_period="7776000s") test_key = gcp.kms.CryptoKeyVersion("test_key", crypto_key=cryptokey.id) service_account = gcp.serviceaccount.Account("service_account", - account_id="service-account-id", + account_id="my-service-acc", display_name="Service Account") example = gcp.applicationintegration.Client("example", location="us-east1", diff --git a/sdk/python/pulumi_gcp/clouddeploy/_inputs.py b/sdk/python/pulumi_gcp/clouddeploy/_inputs.py index 7a747b0942..b45bfc2b1c 100644 --- a/sdk/python/pulumi_gcp/clouddeploy/_inputs.py +++ b/sdk/python/pulumi_gcp/clouddeploy/_inputs.py @@ -2627,6 +2627,10 @@ class TargetGkeArgsDict(TypedDict): """ Optional. If true, `cluster` is accessed using the private IP address of the control plane endpoint. Otherwise, the default IP address of the control plane endpoint is used. The default IP address is the private IP address for clusters with private control-plane endpoints and the public IP address otherwise. Only specify this option when `cluster` is a [private GKE cluster](https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept). """ + proxy_url: NotRequired[pulumi.Input[str]] + """ + Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server. + """ elif False: TargetGkeArgsDict: TypeAlias = Mapping[str, Any] @@ -2634,15 +2638,19 @@ class TargetGkeArgsDict(TypedDict): class TargetGkeArgs: def __init__(__self__, *, cluster: Optional[pulumi.Input[str]] = None, - internal_ip: Optional[pulumi.Input[bool]] = None): + internal_ip: Optional[pulumi.Input[bool]] = None, + proxy_url: Optional[pulumi.Input[str]] = None): """ :param pulumi.Input[str] cluster: Information specifying a GKE Cluster. Format is `projects/{project_id}/locations/{location_id}/clusters/{cluster_id}. :param pulumi.Input[bool] internal_ip: Optional. If true, `cluster` is accessed using the private IP address of the control plane endpoint. Otherwise, the default IP address of the control plane endpoint is used. The default IP address is the private IP address for clusters with private control-plane endpoints and the public IP address otherwise. Only specify this option when `cluster` is a [private GKE cluster](https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept). + :param pulumi.Input[str] proxy_url: Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server. """ if cluster is not None: pulumi.set(__self__, "cluster", cluster) if internal_ip is not None: pulumi.set(__self__, "internal_ip", internal_ip) + if proxy_url is not None: + pulumi.set(__self__, "proxy_url", proxy_url) @property @pulumi.getter @@ -2668,6 +2676,18 @@ def internal_ip(self) -> Optional[pulumi.Input[bool]]: def internal_ip(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "internal_ip", value) + @property + @pulumi.getter(name="proxyUrl") + def proxy_url(self) -> Optional[pulumi.Input[str]]: + """ + Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server. + """ + return pulumi.get(self, "proxy_url") + + @proxy_url.setter + def proxy_url(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "proxy_url", value) + if not MYPY: class TargetIamBindingConditionArgsDict(TypedDict): diff --git a/sdk/python/pulumi_gcp/clouddeploy/outputs.py b/sdk/python/pulumi_gcp/clouddeploy/outputs.py index 88e02c484a..c5d338c047 100644 --- a/sdk/python/pulumi_gcp/clouddeploy/outputs.py +++ b/sdk/python/pulumi_gcp/clouddeploy/outputs.py @@ -1954,6 +1954,8 @@ def __key_warning(key: str): suggest = None if key == "internalIp": suggest = "internal_ip" + elif key == "proxyUrl": + suggest = "proxy_url" if suggest: pulumi.log.warn(f"Key '{key}' not found in TargetGke. Access the value via the '{suggest}' property getter instead.") @@ -1968,15 +1970,19 @@ def get(self, key: str, default = None) -> Any: def __init__(__self__, *, cluster: Optional[str] = None, - internal_ip: Optional[bool] = None): + internal_ip: Optional[bool] = None, + proxy_url: Optional[str] = None): """ :param str cluster: Information specifying a GKE Cluster. Format is `projects/{project_id}/locations/{location_id}/clusters/{cluster_id}. :param bool internal_ip: Optional. If true, `cluster` is accessed using the private IP address of the control plane endpoint. Otherwise, the default IP address of the control plane endpoint is used. The default IP address is the private IP address for clusters with private control-plane endpoints and the public IP address otherwise. Only specify this option when `cluster` is a [private GKE cluster](https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept). + :param str proxy_url: Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server. """ if cluster is not None: pulumi.set(__self__, "cluster", cluster) if internal_ip is not None: pulumi.set(__self__, "internal_ip", internal_ip) + if proxy_url is not None: + pulumi.set(__self__, "proxy_url", proxy_url) @property @pulumi.getter @@ -1994,6 +2000,14 @@ def internal_ip(self) -> Optional[bool]: """ return pulumi.get(self, "internal_ip") + @property + @pulumi.getter(name="proxyUrl") + def proxy_url(self) -> Optional[str]: + """ + Optional. If set, used to configure a [proxy](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#proxy) to the Kubernetes server. + """ + return pulumi.get(self, "proxy_url") + @pulumi.output_type class TargetIamBindingCondition(dict): diff --git a/sdk/python/pulumi_gcp/cloudrunv2/_inputs.py b/sdk/python/pulumi_gcp/cloudrunv2/_inputs.py index 34c47b49c9..708a73060a 100644 --- a/sdk/python/pulumi_gcp/cloudrunv2/_inputs.py +++ b/sdk/python/pulumi_gcp/cloudrunv2/_inputs.py @@ -145,6 +145,10 @@ class JobBinaryAuthorizationArgsDict(TypedDict): """ If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass """ + policy: NotRequired[pulumi.Input[str]] + """ + The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + """ use_default: NotRequired[pulumi.Input[bool]] """ If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. @@ -156,13 +160,17 @@ class JobBinaryAuthorizationArgsDict(TypedDict): class JobBinaryAuthorizationArgs: def __init__(__self__, *, breakglass_justification: Optional[pulumi.Input[str]] = None, + policy: Optional[pulumi.Input[str]] = None, use_default: Optional[pulumi.Input[bool]] = None): """ :param pulumi.Input[str] breakglass_justification: If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass + :param pulumi.Input[str] policy: The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} :param pulumi.Input[bool] use_default: If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. """ if breakglass_justification is not None: pulumi.set(__self__, "breakglass_justification", breakglass_justification) + if policy is not None: + pulumi.set(__self__, "policy", policy) if use_default is not None: pulumi.set(__self__, "use_default", use_default) @@ -178,6 +186,18 @@ def breakglass_justification(self) -> Optional[pulumi.Input[str]]: def breakglass_justification(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "breakglass_justification", value) + @property + @pulumi.getter + def policy(self) -> Optional[pulumi.Input[str]]: + """ + The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + """ + return pulumi.get(self, "policy") + + @policy.setter + def policy(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "policy", value) + @property @pulumi.getter(name="useDefault") def use_default(self) -> Optional[pulumi.Input[bool]]: @@ -2264,6 +2284,10 @@ class ServiceBinaryAuthorizationArgsDict(TypedDict): """ If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass """ + policy: NotRequired[pulumi.Input[str]] + """ + The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + """ use_default: NotRequired[pulumi.Input[bool]] """ If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. @@ -2275,13 +2299,17 @@ class ServiceBinaryAuthorizationArgsDict(TypedDict): class ServiceBinaryAuthorizationArgs: def __init__(__self__, *, breakglass_justification: Optional[pulumi.Input[str]] = None, + policy: Optional[pulumi.Input[str]] = None, use_default: Optional[pulumi.Input[bool]] = None): """ :param pulumi.Input[str] breakglass_justification: If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass + :param pulumi.Input[str] policy: The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} :param pulumi.Input[bool] use_default: If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. """ if breakglass_justification is not None: pulumi.set(__self__, "breakglass_justification", breakglass_justification) + if policy is not None: + pulumi.set(__self__, "policy", policy) if use_default is not None: pulumi.set(__self__, "use_default", use_default) @@ -2297,6 +2325,18 @@ def breakglass_justification(self) -> Optional[pulumi.Input[str]]: def breakglass_justification(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "breakglass_justification", value) + @property + @pulumi.getter + def policy(self) -> Optional[pulumi.Input[str]]: + """ + The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + """ + return pulumi.get(self, "policy") + + @policy.setter + def policy(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "policy", value) + @property @pulumi.getter(name="useDefault") def use_default(self) -> Optional[pulumi.Input[bool]]: diff --git a/sdk/python/pulumi_gcp/cloudrunv2/outputs.py b/sdk/python/pulumi_gcp/cloudrunv2/outputs.py index 970a9dd28e..b242e88cbb 100644 --- a/sdk/python/pulumi_gcp/cloudrunv2/outputs.py +++ b/sdk/python/pulumi_gcp/cloudrunv2/outputs.py @@ -157,13 +157,17 @@ def get(self, key: str, default = None) -> Any: def __init__(__self__, *, breakglass_justification: Optional[str] = None, + policy: Optional[str] = None, use_default: Optional[bool] = None): """ :param str breakglass_justification: If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass + :param str policy: The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} :param bool use_default: If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. """ if breakglass_justification is not None: pulumi.set(__self__, "breakglass_justification", breakglass_justification) + if policy is not None: + pulumi.set(__self__, "policy", policy) if use_default is not None: pulumi.set(__self__, "use_default", use_default) @@ -175,6 +179,14 @@ def breakglass_justification(self) -> Optional[str]: """ return pulumi.get(self, "breakglass_justification") + @property + @pulumi.getter + def policy(self) -> Optional[str]: + """ + The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + """ + return pulumi.get(self, "policy") + @property @pulumi.getter(name="useDefault") def use_default(self) -> Optional[bool]: @@ -1741,13 +1753,17 @@ def get(self, key: str, default = None) -> Any: def __init__(__self__, *, breakglass_justification: Optional[str] = None, + policy: Optional[str] = None, use_default: Optional[bool] = None): """ :param str breakglass_justification: If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass + :param str policy: The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} :param bool use_default: If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. """ if breakglass_justification is not None: pulumi.set(__self__, "breakglass_justification", breakglass_justification) + if policy is not None: + pulumi.set(__self__, "policy", policy) if use_default is not None: pulumi.set(__self__, "use_default", use_default) @@ -1759,6 +1775,14 @@ def breakglass_justification(self) -> Optional[str]: """ return pulumi.get(self, "breakglass_justification") + @property + @pulumi.getter + def policy(self) -> Optional[str]: + """ + The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + """ + return pulumi.get(self, "policy") + @property @pulumi.getter(name="useDefault") def use_default(self) -> Optional[bool]: @@ -4078,12 +4102,15 @@ def uri(self) -> Optional[str]: class GetJobBinaryAuthorizationResult(dict): def __init__(__self__, *, breakglass_justification: str, + policy: str, use_default: bool): """ :param str breakglass_justification: If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass + :param str policy: The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} :param bool use_default: If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. """ pulumi.set(__self__, "breakglass_justification", breakglass_justification) + pulumi.set(__self__, "policy", policy) pulumi.set(__self__, "use_default", use_default) @property @@ -4094,6 +4121,14 @@ def breakglass_justification(self) -> str: """ return pulumi.get(self, "breakglass_justification") + @property + @pulumi.getter + def policy(self) -> str: + """ + The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + """ + return pulumi.get(self, "policy") + @property @pulumi.getter(name="useDefault") def use_default(self) -> bool: @@ -5164,12 +5199,15 @@ def type(self) -> str: class GetServiceBinaryAuthorizationResult(dict): def __init__(__self__, *, breakglass_justification: str, + policy: str, use_default: bool): """ :param str breakglass_justification: If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass + :param str policy: The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} :param bool use_default: If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. """ pulumi.set(__self__, "breakglass_justification", breakglass_justification) + pulumi.set(__self__, "policy", policy) pulumi.set(__self__, "use_default", use_default) @property @@ -5180,6 +5218,14 @@ def breakglass_justification(self) -> str: """ return pulumi.get(self, "breakglass_justification") + @property + @pulumi.getter + def policy(self) -> str: + """ + The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} + """ + return pulumi.get(self, "policy") + @property @pulumi.getter(name="useDefault") def use_default(self) -> bool: diff --git a/sdk/python/pulumi_gcp/compute/region_target_https_proxy.py b/sdk/python/pulumi_gcp/compute/region_target_https_proxy.py index c9bd255f51..f3732d17aa 100644 --- a/sdk/python/pulumi_gcp/compute/region_target_https_proxy.py +++ b/sdk/python/pulumi_gcp/compute/region_target_https_proxy.py @@ -59,6 +59,10 @@ def __init__(__self__, *, INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. + If you remove this field from your configuration at the same time as + deleting or recreating a referenced ServerTlsPolicy resource, you will + receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + within the ServerTlsPolicy resource to avoid this. :param pulumi.Input[Sequence[pulumi.Input[str]]] ssl_certificates: URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. @@ -183,6 +187,10 @@ def server_tls_policy(self) -> Optional[pulumi.Input[str]]: INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. + If you remove this field from your configuration at the same time as + deleting or recreating a referenced ServerTlsPolicy resource, you will + receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + within the ServerTlsPolicy resource to avoid this. """ return pulumi.get(self, "server_tls_policy") @@ -263,6 +271,10 @@ def __init__(__self__, *, INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. + If you remove this field from your configuration at the same time as + deleting or recreating a referenced ServerTlsPolicy resource, you will + receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + within the ServerTlsPolicy resource to avoid this. :param pulumi.Input[Sequence[pulumi.Input[str]]] ssl_certificates: URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. @@ -419,6 +431,10 @@ def server_tls_policy(self) -> Optional[pulumi.Input[str]]: INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. + If you remove this field from your configuration at the same time as + deleting or recreating a referenced ServerTlsPolicy resource, you will + receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + within the ServerTlsPolicy resource to avoid this. """ return pulumi.get(self, "server_tls_policy") @@ -709,6 +725,10 @@ def __init__(__self__, INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. + If you remove this field from your configuration at the same time as + deleting or recreating a referenced ServerTlsPolicy resource, you will + receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + within the ServerTlsPolicy resource to avoid this. :param pulumi.Input[Sequence[pulumi.Input[str]]] ssl_certificates: URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. @@ -1027,6 +1047,10 @@ def get(resource_name: str, INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. + If you remove this field from your configuration at the same time as + deleting or recreating a referenced ServerTlsPolicy resource, you will + receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + within the ServerTlsPolicy resource to avoid this. :param pulumi.Input[Sequence[pulumi.Input[str]]] ssl_certificates: URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. @@ -1144,6 +1168,10 @@ def server_tls_policy(self) -> pulumi.Output[Optional[str]]: INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. + If you remove this field from your configuration at the same time as + deleting or recreating a referenced ServerTlsPolicy resource, you will + receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy + within the ServerTlsPolicy resource to avoid this. """ return pulumi.get(self, "server_tls_policy") diff --git a/sdk/python/pulumi_gcp/container/_inputs.py b/sdk/python/pulumi_gcp/container/_inputs.py index e360ca0e9c..1e802c9152 100644 --- a/sdk/python/pulumi_gcp/container/_inputs.py +++ b/sdk/python/pulumi_gcp/container/_inputs.py @@ -5424,6 +5424,12 @@ class ClusterClusterAutoscalingArgsDict(TypedDict): GKE Autopilot clusters. Structure is documented below. """ + auto_provisioning_locations: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of Google Compute Engine + [zones](https://cloud.google.com/compute/docs/zones#available) in which the + NodePool's nodes can be created by NAP. + """ autoscaling_profile: NotRequired[pulumi.Input[str]] """ Configuration @@ -5450,6 +5456,7 @@ class ClusterClusterAutoscalingArgsDict(TypedDict): class ClusterClusterAutoscalingArgs: def __init__(__self__, *, auto_provisioning_defaults: Optional[pulumi.Input['ClusterClusterAutoscalingAutoProvisioningDefaultsArgs']] = None, + auto_provisioning_locations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, autoscaling_profile: Optional[pulumi.Input[str]] = None, enabled: Optional[pulumi.Input[bool]] = None, resource_limits: Optional[pulumi.Input[Sequence[pulumi.Input['ClusterClusterAutoscalingResourceLimitArgs']]]] = None): @@ -5457,6 +5464,9 @@ def __init__(__self__, *, :param pulumi.Input['ClusterClusterAutoscalingAutoProvisioningDefaultsArgs'] auto_provisioning_defaults: Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below. + :param pulumi.Input[Sequence[pulumi.Input[str]]] auto_provisioning_locations: The list of Google Compute Engine + [zones](https://cloud.google.com/compute/docs/zones#available) in which the + NodePool's nodes can be created by NAP. :param pulumi.Input[str] autoscaling_profile: Configuration options for the [Autoscaling profile](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler#autoscaling_profiles) feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability @@ -5470,6 +5480,8 @@ def __init__(__self__, *, """ if auto_provisioning_defaults is not None: pulumi.set(__self__, "auto_provisioning_defaults", auto_provisioning_defaults) + if auto_provisioning_locations is not None: + pulumi.set(__self__, "auto_provisioning_locations", auto_provisioning_locations) if autoscaling_profile is not None: pulumi.set(__self__, "autoscaling_profile", autoscaling_profile) if enabled is not None: @@ -5491,6 +5503,20 @@ def auto_provisioning_defaults(self) -> Optional[pulumi.Input['ClusterClusterAut def auto_provisioning_defaults(self, value: Optional[pulumi.Input['ClusterClusterAutoscalingAutoProvisioningDefaultsArgs']]): pulumi.set(self, "auto_provisioning_defaults", value) + @property + @pulumi.getter(name="autoProvisioningLocations") + def auto_provisioning_locations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of Google Compute Engine + [zones](https://cloud.google.com/compute/docs/zones#available) in which the + NodePool's nodes can be created by NAP. + """ + return pulumi.get(self, "auto_provisioning_locations") + + @auto_provisioning_locations.setter + def auto_provisioning_locations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "auto_provisioning_locations", value) + @property @pulumi.getter(name="autoscalingProfile") def autoscaling_profile(self) -> Optional[pulumi.Input[str]]: diff --git a/sdk/python/pulumi_gcp/container/outputs.py b/sdk/python/pulumi_gcp/container/outputs.py index e1dc0eb1ba..49a8ea6807 100644 --- a/sdk/python/pulumi_gcp/container/outputs.py +++ b/sdk/python/pulumi_gcp/container/outputs.py @@ -4462,6 +4462,8 @@ def __key_warning(key: str): suggest = None if key == "autoProvisioningDefaults": suggest = "auto_provisioning_defaults" + elif key == "autoProvisioningLocations": + suggest = "auto_provisioning_locations" elif key == "autoscalingProfile": suggest = "autoscaling_profile" elif key == "resourceLimits": @@ -4480,6 +4482,7 @@ def get(self, key: str, default = None) -> Any: def __init__(__self__, *, auto_provisioning_defaults: Optional['outputs.ClusterClusterAutoscalingAutoProvisioningDefaults'] = None, + auto_provisioning_locations: Optional[Sequence[str]] = None, autoscaling_profile: Optional[str] = None, enabled: Optional[bool] = None, resource_limits: Optional[Sequence['outputs.ClusterClusterAutoscalingResourceLimit']] = None): @@ -4487,6 +4490,9 @@ def __init__(__self__, *, :param 'ClusterClusterAutoscalingAutoProvisioningDefaultsArgs' auto_provisioning_defaults: Contains defaults for a node pool created by NAP. A subset of fields also apply to GKE Autopilot clusters. Structure is documented below. + :param Sequence[str] auto_provisioning_locations: The list of Google Compute Engine + [zones](https://cloud.google.com/compute/docs/zones#available) in which the + NodePool's nodes can be created by NAP. :param str autoscaling_profile: Configuration options for the [Autoscaling profile](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-autoscaler#autoscaling_profiles) feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability @@ -4500,6 +4506,8 @@ def __init__(__self__, *, """ if auto_provisioning_defaults is not None: pulumi.set(__self__, "auto_provisioning_defaults", auto_provisioning_defaults) + if auto_provisioning_locations is not None: + pulumi.set(__self__, "auto_provisioning_locations", auto_provisioning_locations) if autoscaling_profile is not None: pulumi.set(__self__, "autoscaling_profile", autoscaling_profile) if enabled is not None: @@ -4517,6 +4525,16 @@ def auto_provisioning_defaults(self) -> Optional['outputs.ClusterClusterAutoscal """ return pulumi.get(self, "auto_provisioning_defaults") + @property + @pulumi.getter(name="autoProvisioningLocations") + def auto_provisioning_locations(self) -> Optional[Sequence[str]]: + """ + The list of Google Compute Engine + [zones](https://cloud.google.com/compute/docs/zones#available) in which the + NodePool's nodes can be created by NAP. + """ + return pulumi.get(self, "auto_provisioning_locations") + @property @pulumi.getter(name="autoscalingProfile") def autoscaling_profile(self) -> Optional[str]: @@ -15245,16 +15263,19 @@ def evaluation_mode(self) -> str: class GetClusterClusterAutoscalingResult(dict): def __init__(__self__, *, auto_provisioning_defaults: Sequence['outputs.GetClusterClusterAutoscalingAutoProvisioningDefaultResult'], + auto_provisioning_locations: Sequence[str], autoscaling_profile: str, enabled: bool, resource_limits: Sequence['outputs.GetClusterClusterAutoscalingResourceLimitResult']): """ :param Sequence['GetClusterClusterAutoscalingAutoProvisioningDefaultArgs'] auto_provisioning_defaults: Contains defaults for a node pool created by NAP. + :param Sequence[str] auto_provisioning_locations: The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP. :param str autoscaling_profile: Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED. :param bool enabled: Whether node auto-provisioning is enabled. Resource limits for cpu and memory must be defined to enable node auto-provisioning. :param Sequence['GetClusterClusterAutoscalingResourceLimitArgs'] resource_limits: Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning. """ pulumi.set(__self__, "auto_provisioning_defaults", auto_provisioning_defaults) + pulumi.set(__self__, "auto_provisioning_locations", auto_provisioning_locations) pulumi.set(__self__, "autoscaling_profile", autoscaling_profile) pulumi.set(__self__, "enabled", enabled) pulumi.set(__self__, "resource_limits", resource_limits) @@ -15267,6 +15288,14 @@ def auto_provisioning_defaults(self) -> Sequence['outputs.GetClusterClusterAutos """ return pulumi.get(self, "auto_provisioning_defaults") + @property + @pulumi.getter(name="autoProvisioningLocations") + def auto_provisioning_locations(self) -> Sequence[str]: + """ + The list of Google Compute Engine zones in which the NodePool's nodes can be created by NAP. + """ + return pulumi.get(self, "auto_provisioning_locations") + @property @pulumi.getter(name="autoscalingProfile") def autoscaling_profile(self) -> str: diff --git a/sdk/python/pulumi_gcp/dataform/repository.py b/sdk/python/pulumi_gcp/dataform/repository.py index 213b47a4e8..2c303a8c9c 100644 --- a/sdk/python/pulumi_gcp/dataform/repository.py +++ b/sdk/python/pulumi_gcp/dataform/repository.py @@ -23,6 +23,7 @@ class RepositoryArgs: def __init__(__self__, *, display_name: Optional[pulumi.Input[str]] = None, git_remote_settings: Optional[pulumi.Input['RepositoryGitRemoteSettingsArgs']] = None, + kms_key_name: Optional[pulumi.Input[str]] = None, labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, npmrc_environment_variables_secret_version: Optional[pulumi.Input[str]] = None, @@ -35,6 +36,8 @@ def __init__(__self__, *, :param pulumi.Input[str] display_name: Optional. The repository's user-friendly name. :param pulumi.Input['RepositoryGitRemoteSettingsArgs'] git_remote_settings: Optional. If set, configures this repository to be linked to a Git remote. Structure is documented below. + :param pulumi.Input[str] kms_key_name: Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + It is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Optional. Repository user labels. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. @@ -56,6 +59,8 @@ def __init__(__self__, *, pulumi.set(__self__, "display_name", display_name) if git_remote_settings is not None: pulumi.set(__self__, "git_remote_settings", git_remote_settings) + if kms_key_name is not None: + pulumi.set(__self__, "kms_key_name", kms_key_name) if labels is not None: pulumi.set(__self__, "labels", labels) if name is not None: @@ -96,6 +101,19 @@ def git_remote_settings(self) -> Optional[pulumi.Input['RepositoryGitRemoteSetti def git_remote_settings(self, value: Optional[pulumi.Input['RepositoryGitRemoteSettingsArgs']]): pulumi.set(self, "git_remote_settings", value) + @property + @pulumi.getter(name="kmsKeyName") + def kms_key_name(self) -> Optional[pulumi.Input[str]]: + """ + Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + It is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] + """ + return pulumi.get(self, "kms_key_name") + + @kms_key_name.setter + def kms_key_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kms_key_name", value) + @property @pulumi.getter def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: @@ -196,6 +214,7 @@ def __init__(__self__, *, display_name: Optional[pulumi.Input[str]] = None, effective_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, git_remote_settings: Optional[pulumi.Input['RepositoryGitRemoteSettingsArgs']] = None, + kms_key_name: Optional[pulumi.Input[str]] = None, labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, npmrc_environment_variables_secret_version: Optional[pulumi.Input[str]] = None, @@ -210,6 +229,8 @@ def __init__(__self__, *, :param pulumi.Input[Mapping[str, pulumi.Input[str]]] effective_labels: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. :param pulumi.Input['RepositoryGitRemoteSettingsArgs'] git_remote_settings: Optional. If set, configures this repository to be linked to a Git remote. Structure is documented below. + :param pulumi.Input[str] kms_key_name: Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + It is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Optional. Repository user labels. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. @@ -235,6 +256,8 @@ def __init__(__self__, *, pulumi.set(__self__, "effective_labels", effective_labels) if git_remote_settings is not None: pulumi.set(__self__, "git_remote_settings", git_remote_settings) + if kms_key_name is not None: + pulumi.set(__self__, "kms_key_name", kms_key_name) if labels is not None: pulumi.set(__self__, "labels", labels) if name is not None: @@ -289,6 +312,19 @@ def git_remote_settings(self) -> Optional[pulumi.Input['RepositoryGitRemoteSetti def git_remote_settings(self, value: Optional[pulumi.Input['RepositoryGitRemoteSettingsArgs']]): pulumi.set(self, "git_remote_settings", value) + @property + @pulumi.getter(name="kmsKeyName") + def kms_key_name(self) -> Optional[pulumi.Input[str]]: + """ + Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + It is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] + """ + return pulumi.get(self, "kms_key_name") + + @kms_key_name.setter + def kms_key_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kms_key_name", value) + @property @pulumi.getter def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: @@ -403,6 +439,7 @@ def __init__(__self__, opts: Optional[pulumi.ResourceOptions] = None, display_name: Optional[pulumi.Input[str]] = None, git_remote_settings: Optional[pulumi.Input[Union['RepositoryGitRemoteSettingsArgs', 'RepositoryGitRemoteSettingsArgsDict']]] = None, + kms_key_name: Optional[pulumi.Input[str]] = None, labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, npmrc_environment_variables_secret_version: Optional[pulumi.Input[str]] = None, @@ -428,10 +465,21 @@ def __init__(__self__, secret_version = gcp.secretmanager.SecretVersion("secret_version", secret=secret.id, secret_data="secret-data") + keyring = gcp.kms.KeyRing("keyring", + name="example-key-ring", + location="us-central1") + example_key = gcp.kms.CryptoKey("example_key", + name="example-crypto-key-name", + key_ring=keyring.id) + crypto_key_binding = gcp.kms.CryptoKeyIAMBinding("crypto_key_binding", + crypto_key_id=example_key.id, + role="roles/cloudkms.cryptoKeyEncrypterDecrypter", + members=[f"serviceAccount:service-{project['number']}@gcp-sa-dataform.iam.gserviceaccount.com"]) dataform_repository = gcp.dataform.Repository("dataform_repository", name="dataform_repository", display_name="dataform_repository", npmrc_environment_variables_secret_version=secret_version.id, + kms_key_name=example_key.id, labels={ "label_foo1": "label-bar1", }, @@ -444,7 +492,8 @@ def __init__(__self__, "default_database": "database", "schema_suffix": "_suffix", "table_prefix": "prefix_", - }) + }, + opts = pulumi.ResourceOptions(depends_on=[crypto_key_binding])) ``` ## Import @@ -482,6 +531,8 @@ def __init__(__self__, :param pulumi.Input[str] display_name: Optional. The repository's user-friendly name. :param pulumi.Input[Union['RepositoryGitRemoteSettingsArgs', 'RepositoryGitRemoteSettingsArgsDict']] git_remote_settings: Optional. If set, configures this repository to be linked to a Git remote. Structure is documented below. + :param pulumi.Input[str] kms_key_name: Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + It is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Optional. Repository user labels. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. @@ -522,10 +573,21 @@ def __init__(__self__, secret_version = gcp.secretmanager.SecretVersion("secret_version", secret=secret.id, secret_data="secret-data") + keyring = gcp.kms.KeyRing("keyring", + name="example-key-ring", + location="us-central1") + example_key = gcp.kms.CryptoKey("example_key", + name="example-crypto-key-name", + key_ring=keyring.id) + crypto_key_binding = gcp.kms.CryptoKeyIAMBinding("crypto_key_binding", + crypto_key_id=example_key.id, + role="roles/cloudkms.cryptoKeyEncrypterDecrypter", + members=[f"serviceAccount:service-{project['number']}@gcp-sa-dataform.iam.gserviceaccount.com"]) dataform_repository = gcp.dataform.Repository("dataform_repository", name="dataform_repository", display_name="dataform_repository", npmrc_environment_variables_secret_version=secret_version.id, + kms_key_name=example_key.id, labels={ "label_foo1": "label-bar1", }, @@ -538,7 +600,8 @@ def __init__(__self__, "default_database": "database", "schema_suffix": "_suffix", "table_prefix": "prefix_", - }) + }, + opts = pulumi.ResourceOptions(depends_on=[crypto_key_binding])) ``` ## Import @@ -588,6 +651,7 @@ def _internal_init(__self__, opts: Optional[pulumi.ResourceOptions] = None, display_name: Optional[pulumi.Input[str]] = None, git_remote_settings: Optional[pulumi.Input[Union['RepositoryGitRemoteSettingsArgs', 'RepositoryGitRemoteSettingsArgsDict']]] = None, + kms_key_name: Optional[pulumi.Input[str]] = None, labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, npmrc_environment_variables_secret_version: Optional[pulumi.Input[str]] = None, @@ -606,6 +670,7 @@ def _internal_init(__self__, __props__.__dict__["display_name"] = display_name __props__.__dict__["git_remote_settings"] = git_remote_settings + __props__.__dict__["kms_key_name"] = kms_key_name __props__.__dict__["labels"] = labels __props__.__dict__["name"] = name __props__.__dict__["npmrc_environment_variables_secret_version"] = npmrc_environment_variables_secret_version @@ -630,6 +695,7 @@ def get(resource_name: str, display_name: Optional[pulumi.Input[str]] = None, effective_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, git_remote_settings: Optional[pulumi.Input[Union['RepositoryGitRemoteSettingsArgs', 'RepositoryGitRemoteSettingsArgsDict']]] = None, + kms_key_name: Optional[pulumi.Input[str]] = None, labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, npmrc_environment_variables_secret_version: Optional[pulumi.Input[str]] = None, @@ -649,6 +715,8 @@ def get(resource_name: str, :param pulumi.Input[Mapping[str, pulumi.Input[str]]] effective_labels: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. :param pulumi.Input[Union['RepositoryGitRemoteSettingsArgs', 'RepositoryGitRemoteSettingsArgsDict']] git_remote_settings: Optional. If set, configures this repository to be linked to a Git remote. Structure is documented below. + :param pulumi.Input[str] kms_key_name: Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + It is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Optional. Repository user labels. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. @@ -675,6 +743,7 @@ def get(resource_name: str, __props__.__dict__["display_name"] = display_name __props__.__dict__["effective_labels"] = effective_labels __props__.__dict__["git_remote_settings"] = git_remote_settings + __props__.__dict__["kms_key_name"] = kms_key_name __props__.__dict__["labels"] = labels __props__.__dict__["name"] = name __props__.__dict__["npmrc_environment_variables_secret_version"] = npmrc_environment_variables_secret_version @@ -710,6 +779,15 @@ def git_remote_settings(self) -> pulumi.Output[Optional['outputs.RepositoryGitRe """ return pulumi.get(self, "git_remote_settings") + @property + @pulumi.getter(name="kmsKeyName") + def kms_key_name(self) -> pulumi.Output[Optional[str]]: + """ + Optional. The reference to a KMS encryption key. If provided, it will be used to encrypt user data in the repository and all child resources. + It is not possible to add or update the encryption key after the repository is created. Example projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] + """ + return pulumi.get(self, "kms_key_name") + @property @pulumi.getter def labels(self) -> pulumi.Output[Optional[Mapping[str, str]]]: diff --git a/sdk/python/pulumi_gcp/discoveryengine/data_store.py b/sdk/python/pulumi_gcp/discoveryengine/data_store.py index 1d168e1cd0..803c0fce37 100644 --- a/sdk/python/pulumi_gcp/discoveryengine/data_store.py +++ b/sdk/python/pulumi_gcp/discoveryengine/data_store.py @@ -29,6 +29,7 @@ def __init__(__self__, *, create_advanced_site_search: Optional[pulumi.Input[bool]] = None, document_processing_config: Optional[pulumi.Input['DataStoreDocumentProcessingConfigArgs']] = None, project: Optional[pulumi.Input[str]] = None, + skip_default_schema_creation: Optional[pulumi.Input[bool]] = None, solution_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): """ The set of arguments for constructing a DataStore resource. @@ -51,6 +52,13 @@ def __init__(__self__, *, Structure is documented below. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + :param pulumi.Input[bool] skip_default_schema_creation: A boolean flag indicating whether to skip the default schema creation for + the data store. Only enable this flag if you are certain that the default + schema is incompatible with your use case. + If set to true, you must manually create a schema for the data store + before any documents can be ingested. + This flag cannot be specified if `data_store.starting_schema` is + specified. :param pulumi.Input[Sequence[pulumi.Input[str]]] solution_types: The solutions that the data store enrolls. Each value may be one of: `SOLUTION_TYPE_RECOMMENDATION`, `SOLUTION_TYPE_SEARCH`, `SOLUTION_TYPE_CHAT`. """ @@ -65,6 +73,8 @@ def __init__(__self__, *, pulumi.set(__self__, "document_processing_config", document_processing_config) if project is not None: pulumi.set(__self__, "project", project) + if skip_default_schema_creation is not None: + pulumi.set(__self__, "skip_default_schema_creation", skip_default_schema_creation) if solution_types is not None: pulumi.set(__self__, "solution_types", solution_types) @@ -175,6 +185,24 @@ def project(self) -> Optional[pulumi.Input[str]]: def project(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "project", value) + @property + @pulumi.getter(name="skipDefaultSchemaCreation") + def skip_default_schema_creation(self) -> Optional[pulumi.Input[bool]]: + """ + A boolean flag indicating whether to skip the default schema creation for + the data store. Only enable this flag if you are certain that the default + schema is incompatible with your use case. + If set to true, you must manually create a schema for the data store + before any documents can be ingested. + This flag cannot be specified if `data_store.starting_schema` is + specified. + """ + return pulumi.get(self, "skip_default_schema_creation") + + @skip_default_schema_creation.setter + def skip_default_schema_creation(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "skip_default_schema_creation", value) + @property @pulumi.getter(name="solutionTypes") def solution_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -203,6 +231,7 @@ def __init__(__self__, *, location: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[str]] = None, + skip_default_schema_creation: Optional[pulumi.Input[bool]] = None, solution_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): """ Input properties used for looking up and filtering DataStore resources. @@ -231,6 +260,13 @@ def __init__(__self__, *, characters. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + :param pulumi.Input[bool] skip_default_schema_creation: A boolean flag indicating whether to skip the default schema creation for + the data store. Only enable this flag if you are certain that the default + schema is incompatible with your use case. + If set to true, you must manually create a schema for the data store + before any documents can be ingested. + This flag cannot be specified if `data_store.starting_schema` is + specified. :param pulumi.Input[Sequence[pulumi.Input[str]]] solution_types: The solutions that the data store enrolls. Each value may be one of: `SOLUTION_TYPE_RECOMMENDATION`, `SOLUTION_TYPE_SEARCH`, `SOLUTION_TYPE_CHAT`. """ @@ -256,6 +292,8 @@ def __init__(__self__, *, pulumi.set(__self__, "name", name) if project is not None: pulumi.set(__self__, "project", project) + if skip_default_schema_creation is not None: + pulumi.set(__self__, "skip_default_schema_creation", skip_default_schema_creation) if solution_types is not None: pulumi.set(__self__, "solution_types", solution_types) @@ -405,6 +443,24 @@ def project(self) -> Optional[pulumi.Input[str]]: def project(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "project", value) + @property + @pulumi.getter(name="skipDefaultSchemaCreation") + def skip_default_schema_creation(self) -> Optional[pulumi.Input[bool]]: + """ + A boolean flag indicating whether to skip the default schema creation for + the data store. Only enable this flag if you are certain that the default + schema is incompatible with your use case. + If set to true, you must manually create a schema for the data store + before any documents can be ingested. + This flag cannot be specified if `data_store.starting_schema` is + specified. + """ + return pulumi.get(self, "skip_default_schema_creation") + + @skip_default_schema_creation.setter + def skip_default_schema_creation(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "skip_default_schema_creation", value) + @property @pulumi.getter(name="solutionTypes") def solution_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -432,6 +488,7 @@ def __init__(__self__, industry_vertical: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[str]] = None, + skip_default_schema_creation: Optional[pulumi.Input[bool]] = None, solution_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, __props__=None): """ @@ -460,7 +517,8 @@ def __init__(__self__, industry_vertical="GENERIC", content_config="NO_CONTENT", solution_types=["SOLUTION_TYPE_SEARCH"], - create_advanced_site_search=False) + create_advanced_site_search=False, + skip_default_schema_creation=False) ``` ### Discoveryengine Datastore Document Processing Config @@ -534,6 +592,13 @@ def __init__(__self__, only be one of "global", "us" and "eu". :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + :param pulumi.Input[bool] skip_default_schema_creation: A boolean flag indicating whether to skip the default schema creation for + the data store. Only enable this flag if you are certain that the default + schema is incompatible with your use case. + If set to true, you must manually create a schema for the data store + before any documents can be ingested. + This flag cannot be specified if `data_store.starting_schema` is + specified. :param pulumi.Input[Sequence[pulumi.Input[str]]] solution_types: The solutions that the data store enrolls. Each value may be one of: `SOLUTION_TYPE_RECOMMENDATION`, `SOLUTION_TYPE_SEARCH`, `SOLUTION_TYPE_CHAT`. """ @@ -569,7 +634,8 @@ def __init__(__self__, industry_vertical="GENERIC", content_config="NO_CONTENT", solution_types=["SOLUTION_TYPE_SEARCH"], - create_advanced_site_search=False) + create_advanced_site_search=False, + skip_default_schema_creation=False) ``` ### Discoveryengine Datastore Document Processing Config @@ -645,6 +711,7 @@ def _internal_init(__self__, industry_vertical: Optional[pulumi.Input[str]] = None, location: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[str]] = None, + skip_default_schema_creation: Optional[pulumi.Input[bool]] = None, solution_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, __props__=None): opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) @@ -673,6 +740,7 @@ def _internal_init(__self__, raise TypeError("Missing required property 'location'") __props__.__dict__["location"] = location __props__.__dict__["project"] = project + __props__.__dict__["skip_default_schema_creation"] = skip_default_schema_creation __props__.__dict__["solution_types"] = solution_types __props__.__dict__["create_time"] = None __props__.__dict__["default_schema_id"] = None @@ -698,6 +766,7 @@ def get(resource_name: str, location: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[str]] = None, + skip_default_schema_creation: Optional[pulumi.Input[bool]] = None, solution_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None) -> 'DataStore': """ Get an existing DataStore resource's state with the given name, id, and optional extra @@ -731,6 +800,13 @@ def get(resource_name: str, characters. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + :param pulumi.Input[bool] skip_default_schema_creation: A boolean flag indicating whether to skip the default schema creation for + the data store. Only enable this flag if you are certain that the default + schema is incompatible with your use case. + If set to true, you must manually create a schema for the data store + before any documents can be ingested. + This flag cannot be specified if `data_store.starting_schema` is + specified. :param pulumi.Input[Sequence[pulumi.Input[str]]] solution_types: The solutions that the data store enrolls. Each value may be one of: `SOLUTION_TYPE_RECOMMENDATION`, `SOLUTION_TYPE_SEARCH`, `SOLUTION_TYPE_CHAT`. """ @@ -749,6 +825,7 @@ def get(resource_name: str, __props__.__dict__["location"] = location __props__.__dict__["name"] = name __props__.__dict__["project"] = project + __props__.__dict__["skip_default_schema_creation"] = skip_default_schema_creation __props__.__dict__["solution_types"] = solution_types return DataStore(resource_name, opts=opts, __props__=__props__) @@ -854,6 +931,20 @@ def project(self) -> pulumi.Output[str]: """ return pulumi.get(self, "project") + @property + @pulumi.getter(name="skipDefaultSchemaCreation") + def skip_default_schema_creation(self) -> pulumi.Output[Optional[bool]]: + """ + A boolean flag indicating whether to skip the default schema creation for + the data store. Only enable this flag if you are certain that the default + schema is incompatible with your use case. + If set to true, you must manually create a schema for the data store + before any documents can be ingested. + This flag cannot be specified if `data_store.starting_schema` is + specified. + """ + return pulumi.get(self, "skip_default_schema_creation") + @property @pulumi.getter(name="solutionTypes") def solution_types(self) -> pulumi.Output[Optional[Sequence[str]]]: diff --git a/sdk/python/pulumi_gcp/gkehub/_inputs.py b/sdk/python/pulumi_gcp/gkehub/_inputs.py index 207ae917e5..449bb8327a 100644 --- a/sdk/python/pulumi_gcp/gkehub/_inputs.py +++ b/sdk/python/pulumi_gcp/gkehub/_inputs.py @@ -251,6 +251,11 @@ class FeatureFleetDefaultMemberConfigConfigmanagementArgsDict(TypedDict): ConfigSync configuration for the cluster Structure is documented below. """ + management: NotRequired[pulumi.Input[str]] + """ + Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + Possible values are: `MANAGEMENT_UNSPECIFIED`, `MANAGEMENT_AUTOMATIC`, `MANAGEMENT_MANUAL`. + """ version: NotRequired[pulumi.Input[str]] """ Version of ACM installed @@ -262,14 +267,19 @@ class FeatureFleetDefaultMemberConfigConfigmanagementArgsDict(TypedDict): class FeatureFleetDefaultMemberConfigConfigmanagementArgs: def __init__(__self__, *, config_sync: Optional[pulumi.Input['FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncArgs']] = None, + management: Optional[pulumi.Input[str]] = None, version: Optional[pulumi.Input[str]] = None): """ :param pulumi.Input['FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncArgs'] config_sync: ConfigSync configuration for the cluster Structure is documented below. + :param pulumi.Input[str] management: Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + Possible values are: `MANAGEMENT_UNSPECIFIED`, `MANAGEMENT_AUTOMATIC`, `MANAGEMENT_MANUAL`. :param pulumi.Input[str] version: Version of ACM installed """ if config_sync is not None: pulumi.set(__self__, "config_sync", config_sync) + if management is not None: + pulumi.set(__self__, "management", management) if version is not None: pulumi.set(__self__, "version", version) @@ -286,6 +296,19 @@ def config_sync(self) -> Optional[pulumi.Input['FeatureFleetDefaultMemberConfigC def config_sync(self, value: Optional[pulumi.Input['FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncArgs']]): pulumi.set(self, "config_sync", value) + @property + @pulumi.getter + def management(self) -> Optional[pulumi.Input[str]]: + """ + Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + Possible values are: `MANAGEMENT_UNSPECIFIED`, `MANAGEMENT_AUTOMATIC`, `MANAGEMENT_MANUAL`. + """ + return pulumi.get(self, "management") + + @management.setter + def management(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "management", value) + @property @pulumi.getter def version(self) -> Optional[pulumi.Input[str]]: @@ -1704,6 +1727,10 @@ class FeatureMembershipConfigmanagementArgsDict(TypedDict): """ Hierarchy Controller configuration for the cluster. Structure is documented below. """ + management: NotRequired[pulumi.Input[str]] + """ + Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + """ policy_controller: NotRequired[pulumi.Input['FeatureMembershipConfigmanagementPolicyControllerArgsDict']] """ Policy Controller configuration for the cluster. Structure is documented below. @@ -1721,12 +1748,14 @@ def __init__(__self__, *, binauthz: Optional[pulumi.Input['FeatureMembershipConfigmanagementBinauthzArgs']] = None, config_sync: Optional[pulumi.Input['FeatureMembershipConfigmanagementConfigSyncArgs']] = None, hierarchy_controller: Optional[pulumi.Input['FeatureMembershipConfigmanagementHierarchyControllerArgs']] = None, + management: Optional[pulumi.Input[str]] = None, policy_controller: Optional[pulumi.Input['FeatureMembershipConfigmanagementPolicyControllerArgs']] = None, version: Optional[pulumi.Input[str]] = None): """ :param pulumi.Input['FeatureMembershipConfigmanagementBinauthzArgs'] binauthz: Binauthz configuration for the cluster. Structure is documented below. :param pulumi.Input['FeatureMembershipConfigmanagementConfigSyncArgs'] config_sync: Config Sync configuration for the cluster. Structure is documented below. :param pulumi.Input['FeatureMembershipConfigmanagementHierarchyControllerArgs'] hierarchy_controller: Hierarchy Controller configuration for the cluster. Structure is documented below. + :param pulumi.Input[str] management: Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. :param pulumi.Input['FeatureMembershipConfigmanagementPolicyControllerArgs'] policy_controller: Policy Controller configuration for the cluster. Structure is documented below. :param pulumi.Input[str] version: Version of ACM installed. """ @@ -1736,6 +1765,8 @@ def __init__(__self__, *, pulumi.set(__self__, "config_sync", config_sync) if hierarchy_controller is not None: pulumi.set(__self__, "hierarchy_controller", hierarchy_controller) + if management is not None: + pulumi.set(__self__, "management", management) if policy_controller is not None: pulumi.set(__self__, "policy_controller", policy_controller) if version is not None: @@ -1777,6 +1808,18 @@ def hierarchy_controller(self) -> Optional[pulumi.Input['FeatureMembershipConfig def hierarchy_controller(self, value: Optional[pulumi.Input['FeatureMembershipConfigmanagementHierarchyControllerArgs']]): pulumi.set(self, "hierarchy_controller", value) + @property + @pulumi.getter + def management(self) -> Optional[pulumi.Input[str]]: + """ + Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + """ + return pulumi.get(self, "management") + + @management.setter + def management(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "management", value) + @property @pulumi.getter(name="policyController") def policy_controller(self) -> Optional[pulumi.Input['FeatureMembershipConfigmanagementPolicyControllerArgs']]: @@ -1836,6 +1879,10 @@ def enabled(self, value: Optional[pulumi.Input[bool]]): if not MYPY: class FeatureMembershipConfigmanagementConfigSyncArgsDict(TypedDict): + enabled: NotRequired[pulumi.Input[bool]] + """ + Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. + """ git: NotRequired[pulumi.Input['FeatureMembershipConfigmanagementConfigSyncGitArgsDict']] """ (Optional) Structure is documented below. @@ -1864,12 +1911,14 @@ class FeatureMembershipConfigmanagementConfigSyncArgsDict(TypedDict): @pulumi.input_type class FeatureMembershipConfigmanagementConfigSyncArgs: def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, git: Optional[pulumi.Input['FeatureMembershipConfigmanagementConfigSyncGitArgs']] = None, metrics_gcp_service_account_email: Optional[pulumi.Input[str]] = None, oci: Optional[pulumi.Input['FeatureMembershipConfigmanagementConfigSyncOciArgs']] = None, prevent_drift: Optional[pulumi.Input[bool]] = None, source_format: Optional[pulumi.Input[str]] = None): """ + :param pulumi.Input[bool] enabled: Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. :param pulumi.Input['FeatureMembershipConfigmanagementConfigSyncGitArgs'] git: (Optional) Structure is documented below. :param pulumi.Input[str] metrics_gcp_service_account_email: The Email of the Google Cloud Service Account (GSA) used for exporting Config Sync metrics to Cloud Monitoring. The GSA should have the Monitoring Metric Writer(roles/monitoring.metricWriter) IAM role. The Kubernetes ServiceAccount `default` in the namespace `config-management-monitoring` should be bound to the GSA. :param pulumi.Input['FeatureMembershipConfigmanagementConfigSyncOciArgs'] oci: (Optional) Supported from ACM versions 1.12.0 onwards. Structure is documented below. @@ -1878,6 +1927,8 @@ def __init__(__self__, *, :param pulumi.Input[bool] prevent_drift: Supported from ACM versions 1.10.0 onwards. Set to true to enable the Config Sync admission webhook to prevent drifts. If set to "false", disables the Config Sync admission webhook and does not prevent drifts. :param pulumi.Input[str] source_format: Specifies whether the Config Sync Repo is in "hierarchical" or "unstructured" mode. """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) if git is not None: pulumi.set(__self__, "git", git) if metrics_gcp_service_account_email is not None: @@ -1889,6 +1940,18 @@ def __init__(__self__, *, if source_format is not None: pulumi.set(__self__, "source_format", source_format) + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + @property @pulumi.getter def git(self) -> Optional[pulumi.Input['FeatureMembershipConfigmanagementConfigSyncGitArgs']]: diff --git a/sdk/python/pulumi_gcp/gkehub/outputs.py b/sdk/python/pulumi_gcp/gkehub/outputs.py index 99c48e90eb..08a5551484 100644 --- a/sdk/python/pulumi_gcp/gkehub/outputs.py +++ b/sdk/python/pulumi_gcp/gkehub/outputs.py @@ -161,14 +161,19 @@ def get(self, key: str, default = None) -> Any: def __init__(__self__, *, config_sync: Optional['outputs.FeatureFleetDefaultMemberConfigConfigmanagementConfigSync'] = None, + management: Optional[str] = None, version: Optional[str] = None): """ :param 'FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncArgs' config_sync: ConfigSync configuration for the cluster Structure is documented below. + :param str management: Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + Possible values are: `MANAGEMENT_UNSPECIFIED`, `MANAGEMENT_AUTOMATIC`, `MANAGEMENT_MANUAL`. :param str version: Version of ACM installed """ if config_sync is not None: pulumi.set(__self__, "config_sync", config_sync) + if management is not None: + pulumi.set(__self__, "management", management) if version is not None: pulumi.set(__self__, "version", version) @@ -181,6 +186,15 @@ def config_sync(self) -> Optional['outputs.FeatureFleetDefaultMemberConfigConfig """ return pulumi.get(self, "config_sync") + @property + @pulumi.getter + def management(self) -> Optional[str]: + """ + Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + Possible values are: `MANAGEMENT_UNSPECIFIED`, `MANAGEMENT_AUTOMATIC`, `MANAGEMENT_MANUAL`. + """ + return pulumi.get(self, "management") + @property @pulumi.getter def version(self) -> Optional[str]: @@ -1228,12 +1242,14 @@ def __init__(__self__, *, binauthz: Optional['outputs.FeatureMembershipConfigmanagementBinauthz'] = None, config_sync: Optional['outputs.FeatureMembershipConfigmanagementConfigSync'] = None, hierarchy_controller: Optional['outputs.FeatureMembershipConfigmanagementHierarchyController'] = None, + management: Optional[str] = None, policy_controller: Optional['outputs.FeatureMembershipConfigmanagementPolicyController'] = None, version: Optional[str] = None): """ :param 'FeatureMembershipConfigmanagementBinauthzArgs' binauthz: Binauthz configuration for the cluster. Structure is documented below. :param 'FeatureMembershipConfigmanagementConfigSyncArgs' config_sync: Config Sync configuration for the cluster. Structure is documented below. :param 'FeatureMembershipConfigmanagementHierarchyControllerArgs' hierarchy_controller: Hierarchy Controller configuration for the cluster. Structure is documented below. + :param str management: Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. :param 'FeatureMembershipConfigmanagementPolicyControllerArgs' policy_controller: Policy Controller configuration for the cluster. Structure is documented below. :param str version: Version of ACM installed. """ @@ -1243,6 +1259,8 @@ def __init__(__self__, *, pulumi.set(__self__, "config_sync", config_sync) if hierarchy_controller is not None: pulumi.set(__self__, "hierarchy_controller", hierarchy_controller) + if management is not None: + pulumi.set(__self__, "management", management) if policy_controller is not None: pulumi.set(__self__, "policy_controller", policy_controller) if version is not None: @@ -1272,6 +1290,14 @@ def hierarchy_controller(self) -> Optional['outputs.FeatureMembershipConfigmanag """ return pulumi.get(self, "hierarchy_controller") + @property + @pulumi.getter + def management(self) -> Optional[str]: + """ + Set this field to MANAGEMENT_AUTOMATIC to enable Config Sync auto-upgrades, and set this field to MANAGEMENT_MANUAL or MANAGEMENT_UNSPECIFIED to disable Config Sync auto-upgrades. + """ + return pulumi.get(self, "management") + @property @pulumi.getter(name="policyController") def policy_controller(self) -> Optional['outputs.FeatureMembershipConfigmanagementPolicyController']: @@ -1332,12 +1358,14 @@ def get(self, key: str, default = None) -> Any: return super().get(key, default) def __init__(__self__, *, + enabled: Optional[bool] = None, git: Optional['outputs.FeatureMembershipConfigmanagementConfigSyncGit'] = None, metrics_gcp_service_account_email: Optional[str] = None, oci: Optional['outputs.FeatureMembershipConfigmanagementConfigSyncOci'] = None, prevent_drift: Optional[bool] = None, source_format: Optional[str] = None): """ + :param bool enabled: Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. :param 'FeatureMembershipConfigmanagementConfigSyncGitArgs' git: (Optional) Structure is documented below. :param str metrics_gcp_service_account_email: The Email of the Google Cloud Service Account (GSA) used for exporting Config Sync metrics to Cloud Monitoring. The GSA should have the Monitoring Metric Writer(roles/monitoring.metricWriter) IAM role. The Kubernetes ServiceAccount `default` in the namespace `config-management-monitoring` should be bound to the GSA. :param 'FeatureMembershipConfigmanagementConfigSyncOciArgs' oci: (Optional) Supported from ACM versions 1.12.0 onwards. Structure is documented below. @@ -1346,6 +1374,8 @@ def __init__(__self__, *, :param bool prevent_drift: Supported from ACM versions 1.10.0 onwards. Set to true to enable the Config Sync admission webhook to prevent drifts. If set to "false", disables the Config Sync admission webhook and does not prevent drifts. :param str source_format: Specifies whether the Config Sync Repo is in "hierarchical" or "unstructured" mode. """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) if git is not None: pulumi.set(__self__, "git", git) if metrics_gcp_service_account_email is not None: @@ -1357,6 +1387,14 @@ def __init__(__self__, *, if source_format is not None: pulumi.set(__self__, "source_format", source_format) + @property + @pulumi.getter + def enabled(self) -> Optional[bool]: + """ + Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. + """ + return pulumi.get(self, "enabled") + @property @pulumi.getter def git(self) -> Optional['outputs.FeatureMembershipConfigmanagementConfigSyncGit']: diff --git a/sdk/python/pulumi_gcp/logging/get_log_view_iam_policy.py b/sdk/python/pulumi_gcp/logging/get_log_view_iam_policy.py index 1d6764e1a8..c8979d5434 100644 --- a/sdk/python/pulumi_gcp/logging/get_log_view_iam_policy.py +++ b/sdk/python/pulumi_gcp/logging/get_log_view_iam_policy.py @@ -116,7 +116,20 @@ def get_log_view_iam_policy(bucket: Optional[str] = None, parent: Optional[str] = None, opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetLogViewIamPolicyResult: """ - Use this data source to access information about an existing resource. + Retrieves the current IAM policy data for logview + + ## example + + ```python + import pulumi + import pulumi_gcp as gcp + + policy = gcp.logging.get_log_view_iam_policy(parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"]) + ``` + :param str bucket: The bucket of the resource Used to find the parent resource to bind the IAM policy to :param str location: The location of the resource. The supported locations are: global, us-central1, us-east1, us-west1, asia-east1, europe-west1. Used to find the parent resource to bind the IAM policy to. If not specified, @@ -150,7 +163,20 @@ def get_log_view_iam_policy_output(bucket: Optional[pulumi.Input[str]] = None, parent: Optional[pulumi.Input[str]] = None, opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetLogViewIamPolicyResult]: """ - Use this data source to access information about an existing resource. + Retrieves the current IAM policy data for logview + + ## example + + ```python + import pulumi + import pulumi_gcp as gcp + + policy = gcp.logging.get_log_view_iam_policy(parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"]) + ``` + :param str bucket: The bucket of the resource Used to find the parent resource to bind the IAM policy to :param str location: The location of the resource. The supported locations are: global, us-central1, us-east1, us-west1, asia-east1, europe-west1. Used to find the parent resource to bind the IAM policy to. If not specified, diff --git a/sdk/python/pulumi_gcp/logging/log_view_iam_binding.py b/sdk/python/pulumi_gcp/logging/log_view_iam_binding.py index 0e92679fb1..9d2d9af32c 100644 --- a/sdk/python/pulumi_gcp/logging/log_view_iam_binding.py +++ b/sdk/python/pulumi_gcp/logging/log_view_iam_binding.py @@ -344,6 +344,262 @@ def __init__(__self__, role: Optional[pulumi.Input[str]] = None, __props__=None): """ + Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + + * `logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * `logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * `logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + + > **Note:** `logging.LogViewIamPolicy` **cannot** be used in conjunction with `logging.LogViewIamBinding` and `logging.LogViewIamMember` or they will fight over what your policy should be. + + > **Note:** `logging.LogViewIamBinding` resources **can be** used in conjunction with `logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + + > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + + ## logging.LogViewIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + "condition": { + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }, + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + ## logging.LogViewIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"]) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"], + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + ## logging.LogViewIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com") + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com", + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + + ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + --- + + # IAM policy for Cloud (Stackdriver) Logging LogView + Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + + * `logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * `logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * `logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + + > **Note:** `logging.LogViewIamPolicy` **cannot** be used in conjunction with `logging.LogViewIamBinding` and `logging.LogViewIamMember` or they will fight over what your policy should be. + + > **Note:** `logging.LogViewIamBinding` resources **can be** used in conjunction with `logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + + > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + + ## logging.LogViewIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + "condition": { + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }, + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + ## logging.LogViewIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"]) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"], + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + ## logging.LogViewIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com") + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com", + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -410,6 +666,262 @@ def __init__(__self__, args: LogViewIamBindingArgs, opts: Optional[pulumi.ResourceOptions] = None): """ + Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + + * `logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * `logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * `logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + + > **Note:** `logging.LogViewIamPolicy` **cannot** be used in conjunction with `logging.LogViewIamBinding` and `logging.LogViewIamMember` or they will fight over what your policy should be. + + > **Note:** `logging.LogViewIamBinding` resources **can be** used in conjunction with `logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + + > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + + ## logging.LogViewIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + "condition": { + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }, + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + ## logging.LogViewIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"]) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"], + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + ## logging.LogViewIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com") + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com", + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + + ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + --- + + # IAM policy for Cloud (Stackdriver) Logging LogView + Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + + * `logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * `logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * `logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + + > **Note:** `logging.LogViewIamPolicy` **cannot** be used in conjunction with `logging.LogViewIamBinding` and `logging.LogViewIamMember` or they will fight over what your policy should be. + + > **Note:** `logging.LogViewIamBinding` resources **can be** used in conjunction with `logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + + > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + + ## logging.LogViewIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + "condition": { + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }, + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + ## logging.LogViewIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"]) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"], + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + ## logging.LogViewIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com") + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com", + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: diff --git a/sdk/python/pulumi_gcp/logging/log_view_iam_member.py b/sdk/python/pulumi_gcp/logging/log_view_iam_member.py index 3af00d673b..0c9eb5b203 100644 --- a/sdk/python/pulumi_gcp/logging/log_view_iam_member.py +++ b/sdk/python/pulumi_gcp/logging/log_view_iam_member.py @@ -344,6 +344,262 @@ def __init__(__self__, role: Optional[pulumi.Input[str]] = None, __props__=None): """ + Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + + * `logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * `logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * `logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + + > **Note:** `logging.LogViewIamPolicy` **cannot** be used in conjunction with `logging.LogViewIamBinding` and `logging.LogViewIamMember` or they will fight over what your policy should be. + + > **Note:** `logging.LogViewIamBinding` resources **can be** used in conjunction with `logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + + > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + + ## logging.LogViewIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + "condition": { + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }, + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + ## logging.LogViewIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"]) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"], + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + ## logging.LogViewIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com") + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com", + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + + ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + --- + + # IAM policy for Cloud (Stackdriver) Logging LogView + Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + + * `logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * `logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * `logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + + > **Note:** `logging.LogViewIamPolicy` **cannot** be used in conjunction with `logging.LogViewIamBinding` and `logging.LogViewIamMember` or they will fight over what your policy should be. + + > **Note:** `logging.LogViewIamBinding` resources **can be** used in conjunction with `logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + + > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + + ## logging.LogViewIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + "condition": { + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }, + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + ## logging.LogViewIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"]) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"], + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + ## logging.LogViewIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com") + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com", + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -410,6 +666,262 @@ def __init__(__self__, args: LogViewIamMemberArgs, opts: Optional[pulumi.ResourceOptions] = None): """ + Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + + * `logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * `logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * `logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + + > **Note:** `logging.LogViewIamPolicy` **cannot** be used in conjunction with `logging.LogViewIamBinding` and `logging.LogViewIamMember` or they will fight over what your policy should be. + + > **Note:** `logging.LogViewIamBinding` resources **can be** used in conjunction with `logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + + > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + + ## logging.LogViewIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + "condition": { + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }, + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + ## logging.LogViewIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"]) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"], + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + ## logging.LogViewIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com") + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com", + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + + ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + --- + + # IAM policy for Cloud (Stackdriver) Logging LogView + Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + + * `logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * `logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * `logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + + > **Note:** `logging.LogViewIamPolicy` **cannot** be used in conjunction with `logging.LogViewIamBinding` and `logging.LogViewIamMember` or they will fight over what your policy should be. + + > **Note:** `logging.LogViewIamBinding` resources **can be** used in conjunction with `logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + + > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + + ## logging.LogViewIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + "condition": { + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }, + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + ## logging.LogViewIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"]) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"], + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + ## logging.LogViewIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com") + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com", + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: diff --git a/sdk/python/pulumi_gcp/logging/log_view_iam_policy.py b/sdk/python/pulumi_gcp/logging/log_view_iam_policy.py index 70656f350a..d7c1dca843 100644 --- a/sdk/python/pulumi_gcp/logging/log_view_iam_policy.py +++ b/sdk/python/pulumi_gcp/logging/log_view_iam_policy.py @@ -229,6 +229,262 @@ def __init__(__self__, policy_data: Optional[pulumi.Input[str]] = None, __props__=None): """ + Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + + * `logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * `logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * `logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + + > **Note:** `logging.LogViewIamPolicy` **cannot** be used in conjunction with `logging.LogViewIamBinding` and `logging.LogViewIamMember` or they will fight over what your policy should be. + + > **Note:** `logging.LogViewIamBinding` resources **can be** used in conjunction with `logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + + > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + + ## logging.LogViewIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + "condition": { + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }, + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + ## logging.LogViewIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"]) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"], + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + ## logging.LogViewIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com") + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com", + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + + ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + --- + + # IAM policy for Cloud (Stackdriver) Logging LogView + Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + + * `logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * `logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * `logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + + > **Note:** `logging.LogViewIamPolicy` **cannot** be used in conjunction with `logging.LogViewIamBinding` and `logging.LogViewIamMember` or they will fight over what your policy should be. + + > **Note:** `logging.LogViewIamBinding` resources **can be** used in conjunction with `logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + + > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + + ## logging.LogViewIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + "condition": { + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }, + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + ## logging.LogViewIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"]) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"], + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + ## logging.LogViewIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com") + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com", + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -281,6 +537,262 @@ def __init__(__self__, args: LogViewIamPolicyArgs, opts: Optional[pulumi.ResourceOptions] = None): """ + Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + + * `logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * `logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * `logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + + > **Note:** `logging.LogViewIamPolicy` **cannot** be used in conjunction with `logging.LogViewIamBinding` and `logging.LogViewIamMember` or they will fight over what your policy should be. + + > **Note:** `logging.LogViewIamBinding` resources **can be** used in conjunction with `logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + + > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + + ## logging.LogViewIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + "condition": { + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }, + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + ## logging.LogViewIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"]) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"], + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + ## logging.LogViewIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com") + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com", + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + + ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + --- + + # IAM policy for Cloud (Stackdriver) Logging LogView + Three different resources help you manage your IAM policy for Cloud (Stackdriver) Logging LogView. Each of these resources serves a different use case: + + * `logging.LogViewIamPolicy`: Authoritative. Sets the IAM policy for the logview and replaces any existing policy already attached. + * `logging.LogViewIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the logview are preserved. + * `logging.LogViewIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the logview are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `logging.LogViewIamPolicy`: Retrieves the IAM policy for the logview + + > **Note:** `logging.LogViewIamPolicy` **cannot** be used in conjunction with `logging.LogViewIamBinding` and `logging.LogViewIamMember` or they will fight over what your policy should be. + + > **Note:** `logging.LogViewIamBinding` resources **can be** used in conjunction with `logging.LogViewIamMember` resources **only if** they do not grant privilege to the same role. + + > **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions. + + ## logging.LogViewIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/logging.admin", + "members": ["user:jane@example.com"], + "condition": { + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }, + }]) + policy = gcp.logging.LogViewIamPolicy("policy", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + policy_data=admin.policy_data) + ``` + ## logging.LogViewIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"]) + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.logging.LogViewIamBinding("binding", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + members=["user:jane@example.com"], + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + ## logging.LogViewIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com") + ``` + + With IAM Conditions: + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.logging.LogViewIamMember("member", + parent=logging_log_view["parent"], + location=logging_log_view["location"], + bucket=logging_log_view["bucket"], + name=logging_log_view["name"], + role="roles/logging.admin", + member="user:jane@example.com", + condition={ + "title": "expires_after_2019_12_31", + "description": "Expiring at midnight of 2019-12-31", + "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + }) + ``` + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: diff --git a/sdk/python/pulumi_gcp/netapp/_inputs.py b/sdk/python/pulumi_gcp/netapp/_inputs.py index d93a4029c5..9f7065b4f1 100644 --- a/sdk/python/pulumi_gcp/netapp/_inputs.py +++ b/sdk/python/pulumi_gcp/netapp/_inputs.py @@ -620,12 +620,12 @@ class VolumeReplicationTransferStatArgsDict(TypedDict): total_transfer_duration: NotRequired[pulumi.Input[str]] """ (Output) - Total time taken so far during current transfer. + Cumulative time taken across all transfers for the replication relationship. """ transfer_bytes: NotRequired[pulumi.Input[str]] """ (Output) - Number of bytes transferred so far in current transfer. + Cumulative bytes transferred so far for the replication relationship. """ update_time: NotRequired[pulumi.Input[str]] """ @@ -660,9 +660,9 @@ def __init__(__self__, *, :param pulumi.Input[str] last_transfer_error: (Output) A message describing the cause of the last transfer failure. :param pulumi.Input[str] total_transfer_duration: (Output) - Total time taken so far during current transfer. + Cumulative time taken across all transfers for the replication relationship. :param pulumi.Input[str] transfer_bytes: (Output) - Number of bytes transferred so far in current transfer. + Cumulative bytes transferred so far for the replication relationship. :param pulumi.Input[str] update_time: (Output) Time when progress was updated last. A timestamp in RFC3339 UTC "Zulu" format. Examples: "2023-06-22T09:13:01.617Z". """ @@ -755,7 +755,7 @@ def last_transfer_error(self, value: Optional[pulumi.Input[str]]): def total_transfer_duration(self) -> Optional[pulumi.Input[str]]: """ (Output) - Total time taken so far during current transfer. + Cumulative time taken across all transfers for the replication relationship. """ return pulumi.get(self, "total_transfer_duration") @@ -768,7 +768,7 @@ def total_transfer_duration(self, value: Optional[pulumi.Input[str]]): def transfer_bytes(self) -> Optional[pulumi.Input[str]]: """ (Output) - Number of bytes transferred so far in current transfer. + Cumulative bytes transferred so far for the replication relationship. """ return pulumi.get(self, "transfer_bytes") diff --git a/sdk/python/pulumi_gcp/netapp/outputs.py b/sdk/python/pulumi_gcp/netapp/outputs.py index 9e0901192f..b54a5656e0 100644 --- a/sdk/python/pulumi_gcp/netapp/outputs.py +++ b/sdk/python/pulumi_gcp/netapp/outputs.py @@ -505,9 +505,9 @@ def __init__(__self__, *, :param str last_transfer_error: (Output) A message describing the cause of the last transfer failure. :param str total_transfer_duration: (Output) - Total time taken so far during current transfer. + Cumulative time taken across all transfers for the replication relationship. :param str transfer_bytes: (Output) - Number of bytes transferred so far in current transfer. + Cumulative bytes transferred so far for the replication relationship. :param str update_time: (Output) Time when progress was updated last. A timestamp in RFC3339 UTC "Zulu" format. Examples: "2023-06-22T09:13:01.617Z". """ @@ -580,7 +580,7 @@ def last_transfer_error(self) -> Optional[str]: def total_transfer_duration(self) -> Optional[str]: """ (Output) - Total time taken so far during current transfer. + Cumulative time taken across all transfers for the replication relationship. """ return pulumi.get(self, "total_transfer_duration") @@ -589,7 +589,7 @@ def total_transfer_duration(self) -> Optional[str]: def transfer_bytes(self) -> Optional[str]: """ (Output) - Number of bytes transferred so far in current transfer. + Cumulative bytes transferred so far for the replication relationship. """ return pulumi.get(self, "transfer_bytes") diff --git a/sdk/python/pulumi_gcp/networkconnectivity/regional_endpoint.py b/sdk/python/pulumi_gcp/networkconnectivity/regional_endpoint.py index 25b8984855..1b17dc67cc 100644 --- a/sdk/python/pulumi_gcp/networkconnectivity/regional_endpoint.py +++ b/sdk/python/pulumi_gcp/networkconnectivity/regional_endpoint.py @@ -511,12 +511,12 @@ def __init__(__self__, default = gcp.networkconnectivity.RegionalEndpoint("default", name="my-rep", location="us-central1", - target_google_api="boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com", + target_google_api="storage.us-central1.p.rep.googleapis.com", access_type="REGIONAL", address="192.168.0.5", network=my_network.id, subnetwork=my_subnetwork.id, - description="My RegionalEndpoint targeting Google API boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com", + description="My RegionalEndpoint targeting Google API storage.us-central1.p.rep.googleapis.com", labels={ "env": "default", }) @@ -538,7 +538,7 @@ def __init__(__self__, default = gcp.networkconnectivity.RegionalEndpoint("default", name="my-rep", location="us-central1", - target_google_api="boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com", + target_google_api="storage.us-central1.p.rep.googleapis.com", access_type="GLOBAL", address="192.168.0.4", network=my_network.id, @@ -625,12 +625,12 @@ def __init__(__self__, default = gcp.networkconnectivity.RegionalEndpoint("default", name="my-rep", location="us-central1", - target_google_api="boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com", + target_google_api="storage.us-central1.p.rep.googleapis.com", access_type="REGIONAL", address="192.168.0.5", network=my_network.id, subnetwork=my_subnetwork.id, - description="My RegionalEndpoint targeting Google API boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com", + description="My RegionalEndpoint targeting Google API storage.us-central1.p.rep.googleapis.com", labels={ "env": "default", }) @@ -652,7 +652,7 @@ def __init__(__self__, default = gcp.networkconnectivity.RegionalEndpoint("default", name="my-rep", location="us-central1", - target_google_api="boqcodelabjaimin-pa.us-central1.p.rep.googleapis.com", + target_google_api="storage.us-central1.p.rep.googleapis.com", access_type="GLOBAL", address="192.168.0.4", network=my_network.id, diff --git a/sdk/python/pulumi_gcp/organizations/get_project.py b/sdk/python/pulumi_gcp/organizations/get_project.py index 82a424c45a..09cce1f04b 100644 --- a/sdk/python/pulumi_gcp/organizations/get_project.py +++ b/sdk/python/pulumi_gcp/organizations/get_project.py @@ -26,13 +26,16 @@ class GetProjectResult: """ A collection of values returned by getProject. """ - def __init__(__self__, auto_create_network=None, billing_account=None, effective_labels=None, folder_id=None, id=None, labels=None, name=None, number=None, org_id=None, project_id=None, pulumi_labels=None, skip_delete=None): + def __init__(__self__, auto_create_network=None, billing_account=None, deletion_policy=None, effective_labels=None, folder_id=None, id=None, labels=None, name=None, number=None, org_id=None, project_id=None, pulumi_labels=None, skip_delete=None): if auto_create_network and not isinstance(auto_create_network, bool): raise TypeError("Expected argument 'auto_create_network' to be a bool") pulumi.set(__self__, "auto_create_network", auto_create_network) if billing_account and not isinstance(billing_account, str): raise TypeError("Expected argument 'billing_account' to be a str") pulumi.set(__self__, "billing_account", billing_account) + if deletion_policy and not isinstance(deletion_policy, str): + raise TypeError("Expected argument 'deletion_policy' to be a str") + pulumi.set(__self__, "deletion_policy", deletion_policy) if effective_labels and not isinstance(effective_labels, dict): raise TypeError("Expected argument 'effective_labels' to be a dict") pulumi.set(__self__, "effective_labels", effective_labels) @@ -74,6 +77,11 @@ def auto_create_network(self) -> bool: def billing_account(self) -> str: return pulumi.get(self, "billing_account") + @property + @pulumi.getter(name="deletionPolicy") + def deletion_policy(self) -> str: + return pulumi.get(self, "deletion_policy") + @property @pulumi.getter(name="effectiveLabels") def effective_labels(self) -> Mapping[str, str]: @@ -139,6 +147,7 @@ def __await__(self): return GetProjectResult( auto_create_network=self.auto_create_network, billing_account=self.billing_account, + deletion_policy=self.deletion_policy, effective_labels=self.effective_labels, folder_id=self.folder_id, id=self.id, @@ -179,6 +188,7 @@ def get_project(project_id: Optional[str] = None, return AwaitableGetProjectResult( auto_create_network=pulumi.get(__ret__, 'auto_create_network'), billing_account=pulumi.get(__ret__, 'billing_account'), + deletion_policy=pulumi.get(__ret__, 'deletion_policy'), effective_labels=pulumi.get(__ret__, 'effective_labels'), folder_id=pulumi.get(__ret__, 'folder_id'), id=pulumi.get(__ret__, 'id'), diff --git a/sdk/python/pulumi_gcp/organizations/project.py b/sdk/python/pulumi_gcp/organizations/project.py index 87d040f48e..baa6facf55 100644 --- a/sdk/python/pulumi_gcp/organizations/project.py +++ b/sdk/python/pulumi_gcp/organizations/project.py @@ -21,6 +21,7 @@ class ProjectArgs: def __init__(__self__, *, auto_create_network: Optional[pulumi.Input[bool]] = None, billing_account: Optional[pulumi.Input[str]] = None, + deletion_policy: Optional[pulumi.Input[str]] = None, folder_id: Optional[pulumi.Input[str]] = None, labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, @@ -53,13 +54,18 @@ def __init__(__self__, *, this forces the project to be migrated to the newly specified organization. :param pulumi.Input[str] project_id: The project ID. Changing this forces a new project to be created. - :param pulumi.Input[bool] skip_delete: If true, the resource can be deleted - without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. + :param pulumi.Input[bool] skip_delete: If true, the resource can be deleted without + deleting the Project via the Google API. `skip_delete` is deprecated and will be + removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` + to a `deletion_policy` value of `ABANDON` for equivalent behavior. """ if auto_create_network is not None: pulumi.set(__self__, "auto_create_network", auto_create_network) if billing_account is not None: pulumi.set(__self__, "billing_account", billing_account) + if deletion_policy is not None: + pulumi.set(__self__, "deletion_policy", deletion_policy) if folder_id is not None: pulumi.set(__self__, "folder_id", folder_id) if labels is not None: @@ -71,8 +77,8 @@ def __init__(__self__, *, if project_id is not None: pulumi.set(__self__, "project_id", project_id) if skip_delete is not None: - warnings.warn("""skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead.""", DeprecationWarning) - pulumi.log.warn("""skip_delete is deprecated: skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead.""") + warnings.warn("""skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior.""", DeprecationWarning) + pulumi.log.warn("""skip_delete is deprecated: skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior.""") if skip_delete is not None: pulumi.set(__self__, "skip_delete", skip_delete) @@ -106,6 +112,15 @@ def billing_account(self) -> Optional[pulumi.Input[str]]: def billing_account(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "billing_account", value) + @property + @pulumi.getter(name="deletionPolicy") + def deletion_policy(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "deletion_policy") + + @deletion_policy.setter + def deletion_policy(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "deletion_policy", value) + @property @pulumi.getter(name="folderId") def folder_id(self) -> Optional[pulumi.Input[str]]: @@ -179,11 +194,14 @@ def project_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter(name="skipDelete") - @_utilities.deprecated("""skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead.""") + @_utilities.deprecated("""skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior.""") def skip_delete(self) -> Optional[pulumi.Input[bool]]: """ - If true, the resource can be deleted - without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. + If true, the resource can be deleted without + deleting the Project via the Google API. `skip_delete` is deprecated and will be + removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` + to a `deletion_policy` value of `ABANDON` for equivalent behavior. """ return pulumi.get(self, "skip_delete") @@ -197,6 +215,7 @@ class _ProjectState: def __init__(__self__, *, auto_create_network: Optional[pulumi.Input[bool]] = None, billing_account: Optional[pulumi.Input[str]] = None, + deletion_policy: Optional[pulumi.Input[str]] = None, effective_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, folder_id: Optional[pulumi.Input[str]] = None, labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, @@ -235,13 +254,18 @@ def __init__(__self__, *, organization. :param pulumi.Input[str] project_id: The project ID. Changing this forces a new project to be created. :param pulumi.Input[Mapping[str, pulumi.Input[str]]] pulumi_labels: The combination of labels configured directly on the resource and default labels configured on the provider. - :param pulumi.Input[bool] skip_delete: If true, the resource can be deleted - without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. + :param pulumi.Input[bool] skip_delete: If true, the resource can be deleted without + deleting the Project via the Google API. `skip_delete` is deprecated and will be + removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` + to a `deletion_policy` value of `ABANDON` for equivalent behavior. """ if auto_create_network is not None: pulumi.set(__self__, "auto_create_network", auto_create_network) if billing_account is not None: pulumi.set(__self__, "billing_account", billing_account) + if deletion_policy is not None: + pulumi.set(__self__, "deletion_policy", deletion_policy) if effective_labels is not None: pulumi.set(__self__, "effective_labels", effective_labels) if folder_id is not None: @@ -259,8 +283,8 @@ def __init__(__self__, *, if pulumi_labels is not None: pulumi.set(__self__, "pulumi_labels", pulumi_labels) if skip_delete is not None: - warnings.warn("""skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead.""", DeprecationWarning) - pulumi.log.warn("""skip_delete is deprecated: skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead.""") + warnings.warn("""skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior.""", DeprecationWarning) + pulumi.log.warn("""skip_delete is deprecated: skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior.""") if skip_delete is not None: pulumi.set(__self__, "skip_delete", skip_delete) @@ -294,6 +318,15 @@ def billing_account(self) -> Optional[pulumi.Input[str]]: def billing_account(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "billing_account", value) + @property + @pulumi.getter(name="deletionPolicy") + def deletion_policy(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "deletion_policy") + + @deletion_policy.setter + def deletion_policy(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "deletion_policy", value) + @property @pulumi.getter(name="effectiveLabels") def effective_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: @@ -403,11 +436,14 @@ def pulumi_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[s @property @pulumi.getter(name="skipDelete") - @_utilities.deprecated("""skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead.""") + @_utilities.deprecated("""skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior.""") def skip_delete(self) -> Optional[pulumi.Input[bool]]: """ - If true, the resource can be deleted - without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. + If true, the resource can be deleted without + deleting the Project via the Google API. `skip_delete` is deprecated and will be + removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` + to a `deletion_policy` value of `ABANDON` for equivalent behavior. """ return pulumi.get(self, "skip_delete") @@ -423,6 +459,7 @@ def __init__(__self__, opts: Optional[pulumi.ResourceOptions] = None, auto_create_network: Optional[pulumi.Input[bool]] = None, billing_account: Optional[pulumi.Input[str]] = None, + deletion_policy: Optional[pulumi.Input[str]] = None, folder_id: Optional[pulumi.Input[str]] = None, labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, @@ -514,8 +551,11 @@ def __init__(__self__, this forces the project to be migrated to the newly specified organization. :param pulumi.Input[str] project_id: The project ID. Changing this forces a new project to be created. - :param pulumi.Input[bool] skip_delete: If true, the resource can be deleted - without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. + :param pulumi.Input[bool] skip_delete: If true, the resource can be deleted without + deleting the Project via the Google API. `skip_delete` is deprecated and will be + removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` + to a `deletion_policy` value of `ABANDON` for equivalent behavior. """ ... @overload @@ -598,6 +638,7 @@ def _internal_init(__self__, opts: Optional[pulumi.ResourceOptions] = None, auto_create_network: Optional[pulumi.Input[bool]] = None, billing_account: Optional[pulumi.Input[str]] = None, + deletion_policy: Optional[pulumi.Input[str]] = None, folder_id: Optional[pulumi.Input[str]] = None, labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, @@ -615,6 +656,7 @@ def _internal_init(__self__, __props__.__dict__["auto_create_network"] = auto_create_network __props__.__dict__["billing_account"] = billing_account + __props__.__dict__["deletion_policy"] = deletion_policy __props__.__dict__["folder_id"] = folder_id __props__.__dict__["labels"] = labels __props__.__dict__["name"] = name @@ -638,6 +680,7 @@ def get(resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, auto_create_network: Optional[pulumi.Input[bool]] = None, billing_account: Optional[pulumi.Input[str]] = None, + deletion_policy: Optional[pulumi.Input[str]] = None, effective_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, folder_id: Optional[pulumi.Input[str]] = None, labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, @@ -681,8 +724,11 @@ def get(resource_name: str, organization. :param pulumi.Input[str] project_id: The project ID. Changing this forces a new project to be created. :param pulumi.Input[Mapping[str, pulumi.Input[str]]] pulumi_labels: The combination of labels configured directly on the resource and default labels configured on the provider. - :param pulumi.Input[bool] skip_delete: If true, the resource can be deleted - without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. + :param pulumi.Input[bool] skip_delete: If true, the resource can be deleted without + deleting the Project via the Google API. `skip_delete` is deprecated and will be + removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` + to a `deletion_policy` value of `ABANDON` for equivalent behavior. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -690,6 +736,7 @@ def get(resource_name: str, __props__.__dict__["auto_create_network"] = auto_create_network __props__.__dict__["billing_account"] = billing_account + __props__.__dict__["deletion_policy"] = deletion_policy __props__.__dict__["effective_labels"] = effective_labels __props__.__dict__["folder_id"] = folder_id __props__.__dict__["labels"] = labels @@ -723,6 +770,11 @@ def billing_account(self) -> pulumi.Output[Optional[str]]: """ return pulumi.get(self, "billing_account") + @property + @pulumi.getter(name="deletionPolicy") + def deletion_policy(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "deletion_policy") + @property @pulumi.getter(name="effectiveLabels") def effective_labels(self) -> pulumi.Output[Mapping[str, str]]: @@ -800,11 +852,14 @@ def pulumi_labels(self) -> pulumi.Output[Mapping[str, str]]: @property @pulumi.getter(name="skipDelete") - @_utilities.deprecated("""skip_delete is deprecated and will be removed in a future major release. The new release adds support for deletion_policy instead.""") + @_utilities.deprecated("""skip_delete is deprecated and will be removed in 6.0.0. Please use deletion_policy instead. A skip_delete value of false can be changed to a deletion_policy value of DELETE and a skip_delete value of true to a deletion_policy value of ABANDON for equivalent behavior.""") def skip_delete(self) -> pulumi.Output[bool]: """ - If true, the resource can be deleted - without deleting the Project via the Google API. `skip_delete` is deprecated and will be removed in a future major release. The new release adds support for `deletion_policy` instead. + If true, the resource can be deleted without + deleting the Project via the Google API. `skip_delete` is deprecated and will be + removed in 6.0.0. Please use deletion_policy instead. A `skip_delete` value of `false` + can be changed to a `deletion_policy` value of `DELETE` and a `skip_delete` value of `true` + to a `deletion_policy` value of `ABANDON` for equivalent behavior. """ return pulumi.get(self, "skip_delete") diff --git a/sdk/python/pulumi_gcp/securitycenter/__init__.py b/sdk/python/pulumi_gcp/securitycenter/__init__.py index 54bb62275d..f972d14430 100644 --- a/sdk/python/pulumi_gcp/securitycenter/__init__.py +++ b/sdk/python/pulumi_gcp/securitycenter/__init__.py @@ -8,6 +8,7 @@ from .event_threat_detection_custom_module import * from .folder_custom_module import * from .get_source_iam_policy import * +from .get_v2_organization_source_iam_policy import * from .instance_iam_binding import * from .instance_iam_member import * from .instance_iam_policy import * @@ -24,7 +25,14 @@ from .source_iam_binding import * from .source_iam_member import * from .source_iam_policy import * +from .v2_folder_mute_config import * from .v2_organization_mute_config import * from .v2_organization_notification_config import * +from .v2_organization_source import * +from .v2_organization_source_iam_binding import * +from .v2_organization_source_iam_member import * +from .v2_organization_source_iam_policy import * +from .v2_project_mute_config import * +from .v2_project_notification_config import * from ._inputs import * from . import outputs diff --git a/sdk/python/pulumi_gcp/securitycenter/_inputs.py b/sdk/python/pulumi_gcp/securitycenter/_inputs.py index 9d119cc9e2..85f69cd3eb 100644 --- a/sdk/python/pulumi_gcp/securitycenter/_inputs.py +++ b/sdk/python/pulumi_gcp/securitycenter/_inputs.py @@ -101,6 +101,12 @@ 'SourceIamMemberConditionArgsDict', 'V2OrganizationNotificationConfigStreamingConfigArgs', 'V2OrganizationNotificationConfigStreamingConfigArgsDict', + 'V2OrganizationSourceIamBindingConditionArgs', + 'V2OrganizationSourceIamBindingConditionArgsDict', + 'V2OrganizationSourceIamMemberConditionArgs', + 'V2OrganizationSourceIamMemberConditionArgsDict', + 'V2ProjectNotificationConfigStreamingConfigArgs', + 'V2ProjectNotificationConfigStreamingConfigArgsDict', ] MYPY = False @@ -3516,3 +3522,188 @@ def filter(self, value: pulumi.Input[str]): pulumi.set(self, "filter", value) +if not MYPY: + class V2OrganizationSourceIamBindingConditionArgsDict(TypedDict): + expression: pulumi.Input[str] + title: pulumi.Input[str] + description: NotRequired[pulumi.Input[str]] +elif False: + V2OrganizationSourceIamBindingConditionArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class V2OrganizationSourceIamBindingConditionArgs: + def __init__(__self__, *, + expression: pulumi.Input[str], + title: pulumi.Input[str], + description: Optional[pulumi.Input[str]] = None): + pulumi.set(__self__, "expression", expression) + pulumi.set(__self__, "title", title) + if description is not None: + pulumi.set(__self__, "description", description) + + @property + @pulumi.getter + def expression(self) -> pulumi.Input[str]: + return pulumi.get(self, "expression") + + @expression.setter + def expression(self, value: pulumi.Input[str]): + pulumi.set(self, "expression", value) + + @property + @pulumi.getter + def title(self) -> pulumi.Input[str]: + return pulumi.get(self, "title") + + @title.setter + def title(self, value: pulumi.Input[str]): + pulumi.set(self, "title", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + +if not MYPY: + class V2OrganizationSourceIamMemberConditionArgsDict(TypedDict): + expression: pulumi.Input[str] + title: pulumi.Input[str] + description: NotRequired[pulumi.Input[str]] +elif False: + V2OrganizationSourceIamMemberConditionArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class V2OrganizationSourceIamMemberConditionArgs: + def __init__(__self__, *, + expression: pulumi.Input[str], + title: pulumi.Input[str], + description: Optional[pulumi.Input[str]] = None): + pulumi.set(__self__, "expression", expression) + pulumi.set(__self__, "title", title) + if description is not None: + pulumi.set(__self__, "description", description) + + @property + @pulumi.getter + def expression(self) -> pulumi.Input[str]: + return pulumi.get(self, "expression") + + @expression.setter + def expression(self, value: pulumi.Input[str]): + pulumi.set(self, "expression", value) + + @property + @pulumi.getter + def title(self) -> pulumi.Input[str]: + return pulumi.get(self, "title") + + @title.setter + def title(self, value: pulumi.Input[str]): + pulumi.set(self, "title", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + +if not MYPY: + class V2ProjectNotificationConfigStreamingConfigArgsDict(TypedDict): + filter: pulumi.Input[str] + """ + Expression that defines the filter to apply across create/update + events of assets or findings as specified by the event type. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + The supported operators are: + * = for all value types. + * >, <, >=, <= for integer values. + * :, meaning substring matching, for strings. + The supported value types are: + * string literals in quotes. + * integer literals without quotes. + * boolean literals true and false without quotes. + See + [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + for information on how to write a filter. + + - - - + """ +elif False: + V2ProjectNotificationConfigStreamingConfigArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class V2ProjectNotificationConfigStreamingConfigArgs: + def __init__(__self__, *, + filter: pulumi.Input[str]): + """ + :param pulumi.Input[str] filter: Expression that defines the filter to apply across create/update + events of assets or findings as specified by the event type. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + The supported operators are: + * = for all value types. + * >, <, >=, <= for integer values. + * :, meaning substring matching, for strings. + The supported value types are: + * string literals in quotes. + * integer literals without quotes. + * boolean literals true and false without quotes. + See + [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + for information on how to write a filter. + + - - - + """ + pulumi.set(__self__, "filter", filter) + + @property + @pulumi.getter + def filter(self) -> pulumi.Input[str]: + """ + Expression that defines the filter to apply across create/update + events of assets or findings as specified by the event type. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + The supported operators are: + * = for all value types. + * >, <, >=, <= for integer values. + * :, meaning substring matching, for strings. + The supported value types are: + * string literals in quotes. + * integer literals without quotes. + * boolean literals true and false without quotes. + See + [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + for information on how to write a filter. + + - - - + """ + return pulumi.get(self, "filter") + + @filter.setter + def filter(self, value: pulumi.Input[str]): + pulumi.set(self, "filter", value) + + diff --git a/sdk/python/pulumi_gcp/securitycenter/get_v2_organization_source_iam_policy.py b/sdk/python/pulumi_gcp/securitycenter/get_v2_organization_source_iam_policy.py new file mode 100644 index 0000000000..a64a5a6172 --- /dev/null +++ b/sdk/python/pulumi_gcp/securitycenter/get_v2_organization_source_iam_policy.py @@ -0,0 +1,146 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities + +__all__ = [ + 'GetV2OrganizationSourceIamPolicyResult', + 'AwaitableGetV2OrganizationSourceIamPolicyResult', + 'get_v2_organization_source_iam_policy', + 'get_v2_organization_source_iam_policy_output', +] + +@pulumi.output_type +class GetV2OrganizationSourceIamPolicyResult: + """ + A collection of values returned by getV2OrganizationSourceIamPolicy. + """ + def __init__(__self__, etag=None, id=None, organization=None, policy_data=None, source=None): + if etag and not isinstance(etag, str): + raise TypeError("Expected argument 'etag' to be a str") + pulumi.set(__self__, "etag", etag) + if id and not isinstance(id, str): + raise TypeError("Expected argument 'id' to be a str") + pulumi.set(__self__, "id", id) + if organization and not isinstance(organization, str): + raise TypeError("Expected argument 'organization' to be a str") + pulumi.set(__self__, "organization", organization) + if policy_data and not isinstance(policy_data, str): + raise TypeError("Expected argument 'policy_data' to be a str") + pulumi.set(__self__, "policy_data", policy_data) + if source and not isinstance(source, str): + raise TypeError("Expected argument 'source' to be a str") + pulumi.set(__self__, "source", source) + + @property + @pulumi.getter + def etag(self) -> str: + """ + (Computed) The etag of the IAM policy. + """ + return pulumi.get(self, "etag") + + @property + @pulumi.getter + def id(self) -> str: + """ + The provider-assigned unique ID for this managed resource. + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter + def organization(self) -> str: + return pulumi.get(self, "organization") + + @property + @pulumi.getter(name="policyData") + def policy_data(self) -> str: + """ + (Required only by `securitycenter.V2OrganizationSourceIamPolicy`) The policy data generated by + a `organizations_get_iam_policy` data source. + """ + return pulumi.get(self, "policy_data") + + @property + @pulumi.getter + def source(self) -> str: + return pulumi.get(self, "source") + + +class AwaitableGetV2OrganizationSourceIamPolicyResult(GetV2OrganizationSourceIamPolicyResult): + # pylint: disable=using-constant-test + def __await__(self): + if False: + yield self + return GetV2OrganizationSourceIamPolicyResult( + etag=self.etag, + id=self.id, + organization=self.organization, + policy_data=self.policy_data, + source=self.source) + + +def get_v2_organization_source_iam_policy(organization: Optional[str] = None, + source: Optional[str] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetV2OrganizationSourceIamPolicyResult: + """ + Retrieves the current IAM policy data for organizationsource + + ## example + + ```python + import pulumi + import pulumi_gcp as gcp + + policy = gcp.securitycenter.get_v2_organization_source_iam_policy(source=custom_source["name"]) + ``` + + + :param str source: Used to find the parent resource to bind the IAM policy to + """ + __args__ = dict() + __args__['organization'] = organization + __args__['source'] = source + opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + __ret__ = pulumi.runtime.invoke('gcp:securitycenter/getV2OrganizationSourceIamPolicy:getV2OrganizationSourceIamPolicy', __args__, opts=opts, typ=GetV2OrganizationSourceIamPolicyResult).value + + return AwaitableGetV2OrganizationSourceIamPolicyResult( + etag=pulumi.get(__ret__, 'etag'), + id=pulumi.get(__ret__, 'id'), + organization=pulumi.get(__ret__, 'organization'), + policy_data=pulumi.get(__ret__, 'policy_data'), + source=pulumi.get(__ret__, 'source')) + + +@_utilities.lift_output_func(get_v2_organization_source_iam_policy) +def get_v2_organization_source_iam_policy_output(organization: Optional[pulumi.Input[str]] = None, + source: Optional[pulumi.Input[str]] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetV2OrganizationSourceIamPolicyResult]: + """ + Retrieves the current IAM policy data for organizationsource + + ## example + + ```python + import pulumi + import pulumi_gcp as gcp + + policy = gcp.securitycenter.get_v2_organization_source_iam_policy(source=custom_source["name"]) + ``` + + + :param str source: Used to find the parent resource to bind the IAM policy to + """ + ... diff --git a/sdk/python/pulumi_gcp/securitycenter/outputs.py b/sdk/python/pulumi_gcp/securitycenter/outputs.py index 9f1ce83e5f..76bc830087 100644 --- a/sdk/python/pulumi_gcp/securitycenter/outputs.py +++ b/sdk/python/pulumi_gcp/securitycenter/outputs.py @@ -59,6 +59,9 @@ 'SourceIamBindingCondition', 'SourceIamMemberCondition', 'V2OrganizationNotificationConfigStreamingConfig', + 'V2OrganizationSourceIamBindingCondition', + 'V2OrganizationSourceIamMemberCondition', + 'V2ProjectNotificationConfigStreamingConfig', ] @pulumi.output_type @@ -2435,3 +2438,115 @@ def filter(self) -> str: return pulumi.get(self, "filter") +@pulumi.output_type +class V2OrganizationSourceIamBindingCondition(dict): + def __init__(__self__, *, + expression: str, + title: str, + description: Optional[str] = None): + pulumi.set(__self__, "expression", expression) + pulumi.set(__self__, "title", title) + if description is not None: + pulumi.set(__self__, "description", description) + + @property + @pulumi.getter + def expression(self) -> str: + return pulumi.get(self, "expression") + + @property + @pulumi.getter + def title(self) -> str: + return pulumi.get(self, "title") + + @property + @pulumi.getter + def description(self) -> Optional[str]: + return pulumi.get(self, "description") + + +@pulumi.output_type +class V2OrganizationSourceIamMemberCondition(dict): + def __init__(__self__, *, + expression: str, + title: str, + description: Optional[str] = None): + pulumi.set(__self__, "expression", expression) + pulumi.set(__self__, "title", title) + if description is not None: + pulumi.set(__self__, "description", description) + + @property + @pulumi.getter + def expression(self) -> str: + return pulumi.get(self, "expression") + + @property + @pulumi.getter + def title(self) -> str: + return pulumi.get(self, "title") + + @property + @pulumi.getter + def description(self) -> Optional[str]: + return pulumi.get(self, "description") + + +@pulumi.output_type +class V2ProjectNotificationConfigStreamingConfig(dict): + def __init__(__self__, *, + filter: str): + """ + :param str filter: Expression that defines the filter to apply across create/update + events of assets or findings as specified by the event type. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + The supported operators are: + * = for all value types. + * >, <, >=, <= for integer values. + * :, meaning substring matching, for strings. + The supported value types are: + * string literals in quotes. + * integer literals without quotes. + * boolean literals true and false without quotes. + See + [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + for information on how to write a filter. + + - - - + """ + pulumi.set(__self__, "filter", filter) + + @property + @pulumi.getter + def filter(self) -> str: + """ + Expression that defines the filter to apply across create/update + events of assets or findings as specified by the event type. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + The supported operators are: + * = for all value types. + * >, <, >=, <= for integer values. + * :, meaning substring matching, for strings. + The supported value types are: + * string literals in quotes. + * integer literals without quotes. + * boolean literals true and false without quotes. + See + [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + for information on how to write a filter. + + - - - + """ + return pulumi.get(self, "filter") + + diff --git a/sdk/python/pulumi_gcp/securitycenter/v2_folder_mute_config.py b/sdk/python/pulumi_gcp/securitycenter/v2_folder_mute_config.py new file mode 100644 index 0000000000..a1da14b9b7 --- /dev/null +++ b/sdk/python/pulumi_gcp/securitycenter/v2_folder_mute_config.py @@ -0,0 +1,679 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities + +__all__ = ['V2FolderMuteConfigArgs', 'V2FolderMuteConfig'] + +@pulumi.input_type +class V2FolderMuteConfigArgs: + def __init__(__self__, *, + filter: pulumi.Input[str], + folder: pulumi.Input[str], + mute_config_id: pulumi.Input[str], + type: pulumi.Input[str], + description: Optional[pulumi.Input[str]] = None, + location: Optional[pulumi.Input[str]] = None): + """ + The set of arguments for constructing a V2FolderMuteConfig resource. + :param pulumi.Input[str] filter: An expression that defines the filter to apply across create/update + events of findings. While creating a filter string, be mindful of + the scope in which the mute configuration is being created. E.g., + If a filter contains project = X but is created under the + project = Y scope, it might not match any findings. + :param pulumi.Input[str] folder: The folder whose Cloud Security Command Center the Mute + Config lives in. + :param pulumi.Input[str] mute_config_id: Unique identifier provided by the client within the parent scope. + + + - - - + :param pulumi.Input[str] type: The type of the mute config. + :param pulumi.Input[str] description: A description of the mute config. + :param pulumi.Input[str] location: location Id is provided by folder. If not provided, Use global as default. + """ + pulumi.set(__self__, "filter", filter) + pulumi.set(__self__, "folder", folder) + pulumi.set(__self__, "mute_config_id", mute_config_id) + pulumi.set(__self__, "type", type) + if description is not None: + pulumi.set(__self__, "description", description) + if location is not None: + pulumi.set(__self__, "location", location) + + @property + @pulumi.getter + def filter(self) -> pulumi.Input[str]: + """ + An expression that defines the filter to apply across create/update + events of findings. While creating a filter string, be mindful of + the scope in which the mute configuration is being created. E.g., + If a filter contains project = X but is created under the + project = Y scope, it might not match any findings. + """ + return pulumi.get(self, "filter") + + @filter.setter + def filter(self, value: pulumi.Input[str]): + pulumi.set(self, "filter", value) + + @property + @pulumi.getter + def folder(self) -> pulumi.Input[str]: + """ + The folder whose Cloud Security Command Center the Mute + Config lives in. + """ + return pulumi.get(self, "folder") + + @folder.setter + def folder(self, value: pulumi.Input[str]): + pulumi.set(self, "folder", value) + + @property + @pulumi.getter(name="muteConfigId") + def mute_config_id(self) -> pulumi.Input[str]: + """ + Unique identifier provided by the client within the parent scope. + + + - - - + """ + return pulumi.get(self, "mute_config_id") + + @mute_config_id.setter + def mute_config_id(self, value: pulumi.Input[str]): + pulumi.set(self, "mute_config_id", value) + + @property + @pulumi.getter + def type(self) -> pulumi.Input[str]: + """ + The type of the mute config. + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: pulumi.Input[str]): + pulumi.set(self, "type", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + A description of the mute config. + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def location(self) -> Optional[pulumi.Input[str]]: + """ + location Id is provided by folder. If not provided, Use global as default. + """ + return pulumi.get(self, "location") + + @location.setter + def location(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "location", value) + + +@pulumi.input_type +class _V2FolderMuteConfigState: + def __init__(__self__, *, + create_time: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + filter: Optional[pulumi.Input[str]] = None, + folder: Optional[pulumi.Input[str]] = None, + location: Optional[pulumi.Input[str]] = None, + most_recent_editor: Optional[pulumi.Input[str]] = None, + mute_config_id: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None, + update_time: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering V2FolderMuteConfig resources. + :param pulumi.Input[str] create_time: The time at which the mute config was created. This field is set by + the server and will be ignored if provided on config creation. + :param pulumi.Input[str] description: A description of the mute config. + :param pulumi.Input[str] filter: An expression that defines the filter to apply across create/update + events of findings. While creating a filter string, be mindful of + the scope in which the mute configuration is being created. E.g., + If a filter contains project = X but is created under the + project = Y scope, it might not match any findings. + :param pulumi.Input[str] folder: The folder whose Cloud Security Command Center the Mute + Config lives in. + :param pulumi.Input[str] location: location Id is provided by folder. If not provided, Use global as default. + :param pulumi.Input[str] most_recent_editor: Email address of the user who last edited the mute config. This + field is set by the server and will be ignored if provided on + config creation or update. + :param pulumi.Input[str] mute_config_id: Unique identifier provided by the client within the parent scope. + + + - - - + :param pulumi.Input[str] name: Name of the mute config. Its format is + organizations/{organization}/locations/global/muteConfigs/{configId}, + folders/{folder}/locations/global/muteConfigs/{configId}, + or projects/{project}/locations/global/muteConfigs/{configId} + :param pulumi.Input[str] type: The type of the mute config. + :param pulumi.Input[str] update_time: Output only. The most recent time at which the mute config was + updated. This field is set by the server and will be ignored if + provided on config creation or update. + """ + if create_time is not None: + pulumi.set(__self__, "create_time", create_time) + if description is not None: + pulumi.set(__self__, "description", description) + if filter is not None: + pulumi.set(__self__, "filter", filter) + if folder is not None: + pulumi.set(__self__, "folder", folder) + if location is not None: + pulumi.set(__self__, "location", location) + if most_recent_editor is not None: + pulumi.set(__self__, "most_recent_editor", most_recent_editor) + if mute_config_id is not None: + pulumi.set(__self__, "mute_config_id", mute_config_id) + if name is not None: + pulumi.set(__self__, "name", name) + if type is not None: + pulumi.set(__self__, "type", type) + if update_time is not None: + pulumi.set(__self__, "update_time", update_time) + + @property + @pulumi.getter(name="createTime") + def create_time(self) -> Optional[pulumi.Input[str]]: + """ + The time at which the mute config was created. This field is set by + the server and will be ignored if provided on config creation. + """ + return pulumi.get(self, "create_time") + + @create_time.setter + def create_time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "create_time", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + A description of the mute config. + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def filter(self) -> Optional[pulumi.Input[str]]: + """ + An expression that defines the filter to apply across create/update + events of findings. While creating a filter string, be mindful of + the scope in which the mute configuration is being created. E.g., + If a filter contains project = X but is created under the + project = Y scope, it might not match any findings. + """ + return pulumi.get(self, "filter") + + @filter.setter + def filter(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "filter", value) + + @property + @pulumi.getter + def folder(self) -> Optional[pulumi.Input[str]]: + """ + The folder whose Cloud Security Command Center the Mute + Config lives in. + """ + return pulumi.get(self, "folder") + + @folder.setter + def folder(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "folder", value) + + @property + @pulumi.getter + def location(self) -> Optional[pulumi.Input[str]]: + """ + location Id is provided by folder. If not provided, Use global as default. + """ + return pulumi.get(self, "location") + + @location.setter + def location(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "location", value) + + @property + @pulumi.getter(name="mostRecentEditor") + def most_recent_editor(self) -> Optional[pulumi.Input[str]]: + """ + Email address of the user who last edited the mute config. This + field is set by the server and will be ignored if provided on + config creation or update. + """ + return pulumi.get(self, "most_recent_editor") + + @most_recent_editor.setter + def most_recent_editor(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "most_recent_editor", value) + + @property + @pulumi.getter(name="muteConfigId") + def mute_config_id(self) -> Optional[pulumi.Input[str]]: + """ + Unique identifier provided by the client within the parent scope. + + + - - - + """ + return pulumi.get(self, "mute_config_id") + + @mute_config_id.setter + def mute_config_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "mute_config_id", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Name of the mute config. Its format is + organizations/{organization}/locations/global/muteConfigs/{configId}, + folders/{folder}/locations/global/muteConfigs/{configId}, + or projects/{project}/locations/global/muteConfigs/{configId} + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def type(self) -> Optional[pulumi.Input[str]]: + """ + The type of the mute config. + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "type", value) + + @property + @pulumi.getter(name="updateTime") + def update_time(self) -> Optional[pulumi.Input[str]]: + """ + Output only. The most recent time at which the mute config was + updated. This field is set by the server and will be ignored if + provided on config creation or update. + """ + return pulumi.get(self, "update_time") + + @update_time.setter + def update_time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "update_time", value) + + +class V2FolderMuteConfig(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + description: Optional[pulumi.Input[str]] = None, + filter: Optional[pulumi.Input[str]] = None, + folder: Optional[pulumi.Input[str]] = None, + location: Optional[pulumi.Input[str]] = None, + mute_config_id: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + Mute Findings is a volume management feature in Security Command Center + that lets you manually or programmatically hide irrelevant findings, + and create filters to automatically silence existing and future + findings based on criteria you specify. + + To get more information about FolderMuteConfig, see: + + * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/folders.muteConfigs) + + ## Example Usage + + ### Scc V2 Folder Mute Config Basic + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.organizations.Folder("folder", + parent="organizations/123456789", + display_name="folder-name") + default = gcp.securitycenter.V2FolderMuteConfig("default", + mute_config_id="my-config", + folder=folder.folder_id, + location="global", + description="My custom Cloud Security Command Center Finding Folder mute Configuration", + filter="severity = \\"HIGH\\"", + type="STATIC") + ``` + + ## Import + + FolderMuteConfig can be imported using any of these accepted formats: + + * `folders/{{folder}}/locations/{{location}}/muteConfigs/{{mute_config_id}}` + + * `{{folder}}/{{location}}/{{mute_config_id}}` + + When using the `pulumi import` command, FolderMuteConfig can be imported using one of the formats above. For example: + + ```sh + $ pulumi import gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig default folders/{{folder}}/locations/{{location}}/muteConfigs/{{mute_config_id}} + ``` + + ```sh + $ pulumi import gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig default {{folder}}/{{location}}/{{mute_config_id}} + ``` + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] description: A description of the mute config. + :param pulumi.Input[str] filter: An expression that defines the filter to apply across create/update + events of findings. While creating a filter string, be mindful of + the scope in which the mute configuration is being created. E.g., + If a filter contains project = X but is created under the + project = Y scope, it might not match any findings. + :param pulumi.Input[str] folder: The folder whose Cloud Security Command Center the Mute + Config lives in. + :param pulumi.Input[str] location: location Id is provided by folder. If not provided, Use global as default. + :param pulumi.Input[str] mute_config_id: Unique identifier provided by the client within the parent scope. + + + - - - + :param pulumi.Input[str] type: The type of the mute config. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: V2FolderMuteConfigArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Mute Findings is a volume management feature in Security Command Center + that lets you manually or programmatically hide irrelevant findings, + and create filters to automatically silence existing and future + findings based on criteria you specify. + + To get more information about FolderMuteConfig, see: + + * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/folders.muteConfigs) + + ## Example Usage + + ### Scc V2 Folder Mute Config Basic + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.organizations.Folder("folder", + parent="organizations/123456789", + display_name="folder-name") + default = gcp.securitycenter.V2FolderMuteConfig("default", + mute_config_id="my-config", + folder=folder.folder_id, + location="global", + description="My custom Cloud Security Command Center Finding Folder mute Configuration", + filter="severity = \\"HIGH\\"", + type="STATIC") + ``` + + ## Import + + FolderMuteConfig can be imported using any of these accepted formats: + + * `folders/{{folder}}/locations/{{location}}/muteConfigs/{{mute_config_id}}` + + * `{{folder}}/{{location}}/{{mute_config_id}}` + + When using the `pulumi import` command, FolderMuteConfig can be imported using one of the formats above. For example: + + ```sh + $ pulumi import gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig default folders/{{folder}}/locations/{{location}}/muteConfigs/{{mute_config_id}} + ``` + + ```sh + $ pulumi import gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig default {{folder}}/{{location}}/{{mute_config_id}} + ``` + + :param str resource_name: The name of the resource. + :param V2FolderMuteConfigArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(V2FolderMuteConfigArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + description: Optional[pulumi.Input[str]] = None, + filter: Optional[pulumi.Input[str]] = None, + folder: Optional[pulumi.Input[str]] = None, + location: Optional[pulumi.Input[str]] = None, + mute_config_id: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = V2FolderMuteConfigArgs.__new__(V2FolderMuteConfigArgs) + + __props__.__dict__["description"] = description + if filter is None and not opts.urn: + raise TypeError("Missing required property 'filter'") + __props__.__dict__["filter"] = filter + if folder is None and not opts.urn: + raise TypeError("Missing required property 'folder'") + __props__.__dict__["folder"] = folder + __props__.__dict__["location"] = location + if mute_config_id is None and not opts.urn: + raise TypeError("Missing required property 'mute_config_id'") + __props__.__dict__["mute_config_id"] = mute_config_id + if type is None and not opts.urn: + raise TypeError("Missing required property 'type'") + __props__.__dict__["type"] = type + __props__.__dict__["create_time"] = None + __props__.__dict__["most_recent_editor"] = None + __props__.__dict__["name"] = None + __props__.__dict__["update_time"] = None + super(V2FolderMuteConfig, __self__).__init__( + 'gcp:securitycenter/v2FolderMuteConfig:V2FolderMuteConfig', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + create_time: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + filter: Optional[pulumi.Input[str]] = None, + folder: Optional[pulumi.Input[str]] = None, + location: Optional[pulumi.Input[str]] = None, + most_recent_editor: Optional[pulumi.Input[str]] = None, + mute_config_id: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None, + update_time: Optional[pulumi.Input[str]] = None) -> 'V2FolderMuteConfig': + """ + Get an existing V2FolderMuteConfig resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] create_time: The time at which the mute config was created. This field is set by + the server and will be ignored if provided on config creation. + :param pulumi.Input[str] description: A description of the mute config. + :param pulumi.Input[str] filter: An expression that defines the filter to apply across create/update + events of findings. While creating a filter string, be mindful of + the scope in which the mute configuration is being created. E.g., + If a filter contains project = X but is created under the + project = Y scope, it might not match any findings. + :param pulumi.Input[str] folder: The folder whose Cloud Security Command Center the Mute + Config lives in. + :param pulumi.Input[str] location: location Id is provided by folder. If not provided, Use global as default. + :param pulumi.Input[str] most_recent_editor: Email address of the user who last edited the mute config. This + field is set by the server and will be ignored if provided on + config creation or update. + :param pulumi.Input[str] mute_config_id: Unique identifier provided by the client within the parent scope. + + + - - - + :param pulumi.Input[str] name: Name of the mute config. Its format is + organizations/{organization}/locations/global/muteConfigs/{configId}, + folders/{folder}/locations/global/muteConfigs/{configId}, + or projects/{project}/locations/global/muteConfigs/{configId} + :param pulumi.Input[str] type: The type of the mute config. + :param pulumi.Input[str] update_time: Output only. The most recent time at which the mute config was + updated. This field is set by the server and will be ignored if + provided on config creation or update. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _V2FolderMuteConfigState.__new__(_V2FolderMuteConfigState) + + __props__.__dict__["create_time"] = create_time + __props__.__dict__["description"] = description + __props__.__dict__["filter"] = filter + __props__.__dict__["folder"] = folder + __props__.__dict__["location"] = location + __props__.__dict__["most_recent_editor"] = most_recent_editor + __props__.__dict__["mute_config_id"] = mute_config_id + __props__.__dict__["name"] = name + __props__.__dict__["type"] = type + __props__.__dict__["update_time"] = update_time + return V2FolderMuteConfig(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="createTime") + def create_time(self) -> pulumi.Output[str]: + """ + The time at which the mute config was created. This field is set by + the server and will be ignored if provided on config creation. + """ + return pulumi.get(self, "create_time") + + @property + @pulumi.getter + def description(self) -> pulumi.Output[Optional[str]]: + """ + A description of the mute config. + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter + def filter(self) -> pulumi.Output[str]: + """ + An expression that defines the filter to apply across create/update + events of findings. While creating a filter string, be mindful of + the scope in which the mute configuration is being created. E.g., + If a filter contains project = X but is created under the + project = Y scope, it might not match any findings. + """ + return pulumi.get(self, "filter") + + @property + @pulumi.getter + def folder(self) -> pulumi.Output[str]: + """ + The folder whose Cloud Security Command Center the Mute + Config lives in. + """ + return pulumi.get(self, "folder") + + @property + @pulumi.getter + def location(self) -> pulumi.Output[Optional[str]]: + """ + location Id is provided by folder. If not provided, Use global as default. + """ + return pulumi.get(self, "location") + + @property + @pulumi.getter(name="mostRecentEditor") + def most_recent_editor(self) -> pulumi.Output[str]: + """ + Email address of the user who last edited the mute config. This + field is set by the server and will be ignored if provided on + config creation or update. + """ + return pulumi.get(self, "most_recent_editor") + + @property + @pulumi.getter(name="muteConfigId") + def mute_config_id(self) -> pulumi.Output[str]: + """ + Unique identifier provided by the client within the parent scope. + + + - - - + """ + return pulumi.get(self, "mute_config_id") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + Name of the mute config. Its format is + organizations/{organization}/locations/global/muteConfigs/{configId}, + folders/{folder}/locations/global/muteConfigs/{configId}, + or projects/{project}/locations/global/muteConfigs/{configId} + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def type(self) -> pulumi.Output[str]: + """ + The type of the mute config. + """ + return pulumi.get(self, "type") + + @property + @pulumi.getter(name="updateTime") + def update_time(self) -> pulumi.Output[str]: + """ + Output only. The most recent time at which the mute config was + updated. This field is set by the server and will be ignored if + provided on config creation or update. + """ + return pulumi.get(self, "update_time") + diff --git a/sdk/python/pulumi_gcp/securitycenter/v2_organization_source.py b/sdk/python/pulumi_gcp/securitycenter/v2_organization_source.py new file mode 100644 index 0000000000..3fa1a7cac0 --- /dev/null +++ b/sdk/python/pulumi_gcp/securitycenter/v2_organization_source.py @@ -0,0 +1,416 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities + +__all__ = ['V2OrganizationSourceArgs', 'V2OrganizationSource'] + +@pulumi.input_type +class V2OrganizationSourceArgs: + def __init__(__self__, *, + display_name: pulumi.Input[str], + organization: pulumi.Input[str], + description: Optional[pulumi.Input[str]] = None): + """ + The set of arguments for constructing a V2OrganizationSource resource. + :param pulumi.Input[str] display_name: The source’s display name. A source’s display name must be unique + amongst its siblings, for example, two sources with the same parent + can't share the same display name. The display name must start and end + with a letter or digit, may contain letters, digits, spaces, hyphens, + and underscores, and can be no longer than 32 characters. + :param pulumi.Input[str] organization: The organization whose Cloud Security Command Center the Source + lives in. + + + - - - + :param pulumi.Input[str] description: The description of the source (max of 1024 characters). + """ + pulumi.set(__self__, "display_name", display_name) + pulumi.set(__self__, "organization", organization) + if description is not None: + pulumi.set(__self__, "description", description) + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> pulumi.Input[str]: + """ + The source’s display name. A source’s display name must be unique + amongst its siblings, for example, two sources with the same parent + can't share the same display name. The display name must start and end + with a letter or digit, may contain letters, digits, spaces, hyphens, + and underscores, and can be no longer than 32 characters. + """ + return pulumi.get(self, "display_name") + + @display_name.setter + def display_name(self, value: pulumi.Input[str]): + pulumi.set(self, "display_name", value) + + @property + @pulumi.getter + def organization(self) -> pulumi.Input[str]: + """ + The organization whose Cloud Security Command Center the Source + lives in. + + + - - - + """ + return pulumi.get(self, "organization") + + @organization.setter + def organization(self, value: pulumi.Input[str]): + pulumi.set(self, "organization", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + The description of the source (max of 1024 characters). + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + +@pulumi.input_type +class _V2OrganizationSourceState: + def __init__(__self__, *, + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + organization: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering V2OrganizationSource resources. + :param pulumi.Input[str] description: The description of the source (max of 1024 characters). + :param pulumi.Input[str] display_name: The source’s display name. A source’s display name must be unique + amongst its siblings, for example, two sources with the same parent + can't share the same display name. The display name must start and end + with a letter or digit, may contain letters, digits, spaces, hyphens, + and underscores, and can be no longer than 32 characters. + :param pulumi.Input[str] name: The resource name of this source, in the format + `organizations/{{organization}}/sources/{{source}}`. + :param pulumi.Input[str] organization: The organization whose Cloud Security Command Center the Source + lives in. + + + - - - + """ + if description is not None: + pulumi.set(__self__, "description", description) + if display_name is not None: + pulumi.set(__self__, "display_name", display_name) + if name is not None: + pulumi.set(__self__, "name", name) + if organization is not None: + pulumi.set(__self__, "organization", organization) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + The description of the source (max of 1024 characters). + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[pulumi.Input[str]]: + """ + The source’s display name. A source’s display name must be unique + amongst its siblings, for example, two sources with the same parent + can't share the same display name. The display name must start and end + with a letter or digit, may contain letters, digits, spaces, hyphens, + and underscores, and can be no longer than 32 characters. + """ + return pulumi.get(self, "display_name") + + @display_name.setter + def display_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "display_name", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + The resource name of this source, in the format + `organizations/{{organization}}/sources/{{source}}`. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def organization(self) -> Optional[pulumi.Input[str]]: + """ + The organization whose Cloud Security Command Center the Source + lives in. + + + - - - + """ + return pulumi.get(self, "organization") + + @organization.setter + def organization(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "organization", value) + + +class V2OrganizationSource(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + organization: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + A Cloud Security Command Center's (Cloud SCC) finding source. A finding + source is an entity or a mechanism that can produce a finding. A source is + like a container of findings that come from the same scanner, logger, + monitor, etc. + + To get more information about OrganizationSource, see: + + * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/organizations.sources) + * How-to Guides + * [Official Documentation](https://cloud.google.com/security-command-center/docs) + + ## Example Usage + + ### Scc Source Basic + + ```python + import pulumi + import pulumi_gcp as gcp + + custom_source = gcp.securitycenter.Source("custom_source", + display_name="My Source", + organization="123456789", + description="My custom Cloud Security Command Center Finding Source") + ``` + + ## Import + + OrganizationSource can be imported using any of these accepted formats: + + * `organizations/{{organization}}/sources/{{name}}` + + * `{{organization}}/{{name}}` + + When using the `pulumi import` command, OrganizationSource can be imported using one of the formats above. For example: + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSource:V2OrganizationSource default organizations/{{organization}}/sources/{{name}} + ``` + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSource:V2OrganizationSource default {{organization}}/{{name}} + ``` + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] description: The description of the source (max of 1024 characters). + :param pulumi.Input[str] display_name: The source’s display name. A source’s display name must be unique + amongst its siblings, for example, two sources with the same parent + can't share the same display name. The display name must start and end + with a letter or digit, may contain letters, digits, spaces, hyphens, + and underscores, and can be no longer than 32 characters. + :param pulumi.Input[str] organization: The organization whose Cloud Security Command Center the Source + lives in. + + + - - - + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: V2OrganizationSourceArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + A Cloud Security Command Center's (Cloud SCC) finding source. A finding + source is an entity or a mechanism that can produce a finding. A source is + like a container of findings that come from the same scanner, logger, + monitor, etc. + + To get more information about OrganizationSource, see: + + * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/organizations.sources) + * How-to Guides + * [Official Documentation](https://cloud.google.com/security-command-center/docs) + + ## Example Usage + + ### Scc Source Basic + + ```python + import pulumi + import pulumi_gcp as gcp + + custom_source = gcp.securitycenter.Source("custom_source", + display_name="My Source", + organization="123456789", + description="My custom Cloud Security Command Center Finding Source") + ``` + + ## Import + + OrganizationSource can be imported using any of these accepted formats: + + * `organizations/{{organization}}/sources/{{name}}` + + * `{{organization}}/{{name}}` + + When using the `pulumi import` command, OrganizationSource can be imported using one of the formats above. For example: + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSource:V2OrganizationSource default organizations/{{organization}}/sources/{{name}} + ``` + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSource:V2OrganizationSource default {{organization}}/{{name}} + ``` + + :param str resource_name: The name of the resource. + :param V2OrganizationSourceArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(V2OrganizationSourceArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + organization: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = V2OrganizationSourceArgs.__new__(V2OrganizationSourceArgs) + + __props__.__dict__["description"] = description + if display_name is None and not opts.urn: + raise TypeError("Missing required property 'display_name'") + __props__.__dict__["display_name"] = display_name + if organization is None and not opts.urn: + raise TypeError("Missing required property 'organization'") + __props__.__dict__["organization"] = organization + __props__.__dict__["name"] = None + super(V2OrganizationSource, __self__).__init__( + 'gcp:securitycenter/v2OrganizationSource:V2OrganizationSource', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + organization: Optional[pulumi.Input[str]] = None) -> 'V2OrganizationSource': + """ + Get an existing V2OrganizationSource resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] description: The description of the source (max of 1024 characters). + :param pulumi.Input[str] display_name: The source’s display name. A source’s display name must be unique + amongst its siblings, for example, two sources with the same parent + can't share the same display name. The display name must start and end + with a letter or digit, may contain letters, digits, spaces, hyphens, + and underscores, and can be no longer than 32 characters. + :param pulumi.Input[str] name: The resource name of this source, in the format + `organizations/{{organization}}/sources/{{source}}`. + :param pulumi.Input[str] organization: The organization whose Cloud Security Command Center the Source + lives in. + + + - - - + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _V2OrganizationSourceState.__new__(_V2OrganizationSourceState) + + __props__.__dict__["description"] = description + __props__.__dict__["display_name"] = display_name + __props__.__dict__["name"] = name + __props__.__dict__["organization"] = organization + return V2OrganizationSource(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter + def description(self) -> pulumi.Output[Optional[str]]: + """ + The description of the source (max of 1024 characters). + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> pulumi.Output[str]: + """ + The source’s display name. A source’s display name must be unique + amongst its siblings, for example, two sources with the same parent + can't share the same display name. The display name must start and end + with a letter or digit, may contain letters, digits, spaces, hyphens, + and underscores, and can be no longer than 32 characters. + """ + return pulumi.get(self, "display_name") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + The resource name of this source, in the format + `organizations/{{organization}}/sources/{{source}}`. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def organization(self) -> pulumi.Output[str]: + """ + The organization whose Cloud Security Command Center the Source + lives in. + + + - - - + """ + return pulumi.get(self, "organization") + diff --git a/sdk/python/pulumi_gcp/securitycenter/v2_organization_source_iam_binding.py b/sdk/python/pulumi_gcp/securitycenter/v2_organization_source_iam_binding.py new file mode 100644 index 0000000000..6fada0209f --- /dev/null +++ b/sdk/python/pulumi_gcp/securitycenter/v2_organization_source_iam_binding.py @@ -0,0 +1,722 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities +from . import outputs +from ._inputs import * + +__all__ = ['V2OrganizationSourceIamBindingArgs', 'V2OrganizationSourceIamBinding'] + +@pulumi.input_type +class V2OrganizationSourceIamBindingArgs: + def __init__(__self__, *, + members: pulumi.Input[Sequence[pulumi.Input[str]]], + organization: pulumi.Input[str], + role: pulumi.Input[str], + source: pulumi.Input[str], + condition: Optional[pulumi.Input['V2OrganizationSourceIamBindingConditionArgs']] = None): + """ + The set of arguments for constructing a V2OrganizationSourceIamBinding resource. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] source: Used to find the parent resource to bind the IAM policy to + """ + pulumi.set(__self__, "members", members) + pulumi.set(__self__, "organization", organization) + pulumi.set(__self__, "role", role) + pulumi.set(__self__, "source", source) + if condition is not None: + pulumi.set(__self__, "condition", condition) + + @property + @pulumi.getter + def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ + return pulumi.get(self, "members") + + @members.setter + def members(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]): + pulumi.set(self, "members", value) + + @property + @pulumi.getter + def organization(self) -> pulumi.Input[str]: + return pulumi.get(self, "organization") + + @organization.setter + def organization(self, value: pulumi.Input[str]): + pulumi.set(self, "organization", value) + + @property + @pulumi.getter + def role(self) -> pulumi.Input[str]: + """ + The role that should be applied. Only one + `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + """ + return pulumi.get(self, "role") + + @role.setter + def role(self, value: pulumi.Input[str]): + pulumi.set(self, "role", value) + + @property + @pulumi.getter + def source(self) -> pulumi.Input[str]: + """ + Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "source") + + @source.setter + def source(self, value: pulumi.Input[str]): + pulumi.set(self, "source", value) + + @property + @pulumi.getter + def condition(self) -> Optional[pulumi.Input['V2OrganizationSourceIamBindingConditionArgs']]: + return pulumi.get(self, "condition") + + @condition.setter + def condition(self, value: Optional[pulumi.Input['V2OrganizationSourceIamBindingConditionArgs']]): + pulumi.set(self, "condition", value) + + +@pulumi.input_type +class _V2OrganizationSourceIamBindingState: + def __init__(__self__, *, + condition: Optional[pulumi.Input['V2OrganizationSourceIamBindingConditionArgs']] = None, + etag: Optional[pulumi.Input[str]] = None, + members: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + organization: Optional[pulumi.Input[str]] = None, + role: Optional[pulumi.Input[str]] = None, + source: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering V2OrganizationSourceIamBinding resources. + :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] source: Used to find the parent resource to bind the IAM policy to + """ + if condition is not None: + pulumi.set(__self__, "condition", condition) + if etag is not None: + pulumi.set(__self__, "etag", etag) + if members is not None: + pulumi.set(__self__, "members", members) + if organization is not None: + pulumi.set(__self__, "organization", organization) + if role is not None: + pulumi.set(__self__, "role", role) + if source is not None: + pulumi.set(__self__, "source", source) + + @property + @pulumi.getter + def condition(self) -> Optional[pulumi.Input['V2OrganizationSourceIamBindingConditionArgs']]: + return pulumi.get(self, "condition") + + @condition.setter + def condition(self, value: Optional[pulumi.Input['V2OrganizationSourceIamBindingConditionArgs']]): + pulumi.set(self, "condition", value) + + @property + @pulumi.getter + def etag(self) -> Optional[pulumi.Input[str]]: + """ + (Computed) The etag of the IAM policy. + """ + return pulumi.get(self, "etag") + + @etag.setter + def etag(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "etag", value) + + @property + @pulumi.getter + def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ + return pulumi.get(self, "members") + + @members.setter + def members(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "members", value) + + @property + @pulumi.getter + def organization(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "organization") + + @organization.setter + def organization(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "organization", value) + + @property + @pulumi.getter + def role(self) -> Optional[pulumi.Input[str]]: + """ + The role that should be applied. Only one + `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + """ + return pulumi.get(self, "role") + + @role.setter + def role(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "role", value) + + @property + @pulumi.getter + def source(self) -> Optional[pulumi.Input[str]]: + """ + Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "source") + + @source.setter + def source(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "source", value) + + +class V2OrganizationSourceIamBinding(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + condition: Optional[pulumi.Input[Union['V2OrganizationSourceIamBindingConditionArgs', 'V2OrganizationSourceIamBindingConditionArgsDict']]] = None, + members: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + organization: Optional[pulumi.Input[str]] = None, + role: Optional[pulumi.Input[str]] = None, + source: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + + * `securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * `securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * `securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + + > **Note:** `securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `securitycenter.V2OrganizationSourceIamBinding` and `securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + + > **Note:** `securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + + ## securitycenter.V2OrganizationSourceIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/viewer", + "members": ["user:jane@example.com"], + }]) + policy = gcp.securitycenter.V2OrganizationSourceIamPolicy("policy", + source=custom_source["name"], + policy_data=admin.policy_data) + ``` + + ## securitycenter.V2OrganizationSourceIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.securitycenter.V2OrganizationSourceIamBinding("binding", + source=custom_source["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + ## securitycenter.V2OrganizationSourceIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.securitycenter.V2OrganizationSourceIamMember("member", + source=custom_source["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + --- + + # IAM policy for Security Command Center (SCC)v2 API OrganizationSource + Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + + * `securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * `securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * `securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + + > **Note:** `securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `securitycenter.V2OrganizationSourceIamBinding` and `securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + + > **Note:** `securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + + ## securitycenter.V2OrganizationSourceIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/viewer", + "members": ["user:jane@example.com"], + }]) + policy = gcp.securitycenter.V2OrganizationSourceIamPolicy("policy", + source=custom_source["name"], + policy_data=admin.policy_data) + ``` + + ## securitycenter.V2OrganizationSourceIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.securitycenter.V2OrganizationSourceIamBinding("binding", + source=custom_source["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + ## securitycenter.V2OrganizationSourceIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.securitycenter.V2OrganizationSourceIamMember("member", + source=custom_source["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import + + For all import syntaxes, the "resource in question" can take any of the following forms: + + * organizations/{{organization}}/sources/{{source}} + + * {{organization}}/{{source}} + + * {{source}} + + Any variables not passed in the import command will be taken from the provider configuration. + + Security Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member. + + IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor "organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com" + ``` + + IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor "organizations/{{organization}}/sources/{{source}} roles/viewer" + ``` + + IAM policy imports use the identifier of the resource in question, e.g. + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor organizations/{{organization}}/sources/{{source}} + ``` + + -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] source: Used to find the parent resource to bind the IAM policy to + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: V2OrganizationSourceIamBindingArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + + * `securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * `securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * `securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + + > **Note:** `securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `securitycenter.V2OrganizationSourceIamBinding` and `securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + + > **Note:** `securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + + ## securitycenter.V2OrganizationSourceIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/viewer", + "members": ["user:jane@example.com"], + }]) + policy = gcp.securitycenter.V2OrganizationSourceIamPolicy("policy", + source=custom_source["name"], + policy_data=admin.policy_data) + ``` + + ## securitycenter.V2OrganizationSourceIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.securitycenter.V2OrganizationSourceIamBinding("binding", + source=custom_source["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + ## securitycenter.V2OrganizationSourceIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.securitycenter.V2OrganizationSourceIamMember("member", + source=custom_source["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + --- + + # IAM policy for Security Command Center (SCC)v2 API OrganizationSource + Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + + * `securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * `securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * `securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + + > **Note:** `securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `securitycenter.V2OrganizationSourceIamBinding` and `securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + + > **Note:** `securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + + ## securitycenter.V2OrganizationSourceIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/viewer", + "members": ["user:jane@example.com"], + }]) + policy = gcp.securitycenter.V2OrganizationSourceIamPolicy("policy", + source=custom_source["name"], + policy_data=admin.policy_data) + ``` + + ## securitycenter.V2OrganizationSourceIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.securitycenter.V2OrganizationSourceIamBinding("binding", + source=custom_source["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + ## securitycenter.V2OrganizationSourceIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.securitycenter.V2OrganizationSourceIamMember("member", + source=custom_source["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import + + For all import syntaxes, the "resource in question" can take any of the following forms: + + * organizations/{{organization}}/sources/{{source}} + + * {{organization}}/{{source}} + + * {{source}} + + Any variables not passed in the import command will be taken from the provider configuration. + + Security Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member. + + IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor "organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com" + ``` + + IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor "organizations/{{organization}}/sources/{{source}} roles/viewer" + ``` + + IAM policy imports use the identifier of the resource in question, e.g. + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding editor organizations/{{organization}}/sources/{{source}} + ``` + + -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + + :param str resource_name: The name of the resource. + :param V2OrganizationSourceIamBindingArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(V2OrganizationSourceIamBindingArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + condition: Optional[pulumi.Input[Union['V2OrganizationSourceIamBindingConditionArgs', 'V2OrganizationSourceIamBindingConditionArgsDict']]] = None, + members: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + organization: Optional[pulumi.Input[str]] = None, + role: Optional[pulumi.Input[str]] = None, + source: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = V2OrganizationSourceIamBindingArgs.__new__(V2OrganizationSourceIamBindingArgs) + + __props__.__dict__["condition"] = condition + if members is None and not opts.urn: + raise TypeError("Missing required property 'members'") + __props__.__dict__["members"] = members + if organization is None and not opts.urn: + raise TypeError("Missing required property 'organization'") + __props__.__dict__["organization"] = organization + if role is None and not opts.urn: + raise TypeError("Missing required property 'role'") + __props__.__dict__["role"] = role + if source is None and not opts.urn: + raise TypeError("Missing required property 'source'") + __props__.__dict__["source"] = source + __props__.__dict__["etag"] = None + super(V2OrganizationSourceIamBinding, __self__).__init__( + 'gcp:securitycenter/v2OrganizationSourceIamBinding:V2OrganizationSourceIamBinding', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + condition: Optional[pulumi.Input[Union['V2OrganizationSourceIamBindingConditionArgs', 'V2OrganizationSourceIamBindingConditionArgsDict']]] = None, + etag: Optional[pulumi.Input[str]] = None, + members: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + organization: Optional[pulumi.Input[str]] = None, + role: Optional[pulumi.Input[str]] = None, + source: Optional[pulumi.Input[str]] = None) -> 'V2OrganizationSourceIamBinding': + """ + Get an existing V2OrganizationSourceIamBinding resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] source: Used to find the parent resource to bind the IAM policy to + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _V2OrganizationSourceIamBindingState.__new__(_V2OrganizationSourceIamBindingState) + + __props__.__dict__["condition"] = condition + __props__.__dict__["etag"] = etag + __props__.__dict__["members"] = members + __props__.__dict__["organization"] = organization + __props__.__dict__["role"] = role + __props__.__dict__["source"] = source + return V2OrganizationSourceIamBinding(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter + def condition(self) -> pulumi.Output[Optional['outputs.V2OrganizationSourceIamBindingCondition']]: + return pulumi.get(self, "condition") + + @property + @pulumi.getter + def etag(self) -> pulumi.Output[str]: + """ + (Computed) The etag of the IAM policy. + """ + return pulumi.get(self, "etag") + + @property + @pulumi.getter + def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def organization(self) -> pulumi.Output[str]: + return pulumi.get(self, "organization") + + @property + @pulumi.getter + def role(self) -> pulumi.Output[str]: + """ + The role that should be applied. Only one + `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + """ + return pulumi.get(self, "role") + + @property + @pulumi.getter + def source(self) -> pulumi.Output[str]: + """ + Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "source") + diff --git a/sdk/python/pulumi_gcp/securitycenter/v2_organization_source_iam_member.py b/sdk/python/pulumi_gcp/securitycenter/v2_organization_source_iam_member.py new file mode 100644 index 0000000000..7ab896d668 --- /dev/null +++ b/sdk/python/pulumi_gcp/securitycenter/v2_organization_source_iam_member.py @@ -0,0 +1,722 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities +from . import outputs +from ._inputs import * + +__all__ = ['V2OrganizationSourceIamMemberArgs', 'V2OrganizationSourceIamMember'] + +@pulumi.input_type +class V2OrganizationSourceIamMemberArgs: + def __init__(__self__, *, + member: pulumi.Input[str], + organization: pulumi.Input[str], + role: pulumi.Input[str], + source: pulumi.Input[str], + condition: Optional[pulumi.Input['V2OrganizationSourceIamMemberConditionArgs']] = None): + """ + The set of arguments for constructing a V2OrganizationSourceIamMember resource. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] source: Used to find the parent resource to bind the IAM policy to + """ + pulumi.set(__self__, "member", member) + pulumi.set(__self__, "organization", organization) + pulumi.set(__self__, "role", role) + pulumi.set(__self__, "source", source) + if condition is not None: + pulumi.set(__self__, "condition", condition) + + @property + @pulumi.getter + def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ + return pulumi.get(self, "member") + + @member.setter + def member(self, value: pulumi.Input[str]): + pulumi.set(self, "member", value) + + @property + @pulumi.getter + def organization(self) -> pulumi.Input[str]: + return pulumi.get(self, "organization") + + @organization.setter + def organization(self, value: pulumi.Input[str]): + pulumi.set(self, "organization", value) + + @property + @pulumi.getter + def role(self) -> pulumi.Input[str]: + """ + The role that should be applied. Only one + `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + """ + return pulumi.get(self, "role") + + @role.setter + def role(self, value: pulumi.Input[str]): + pulumi.set(self, "role", value) + + @property + @pulumi.getter + def source(self) -> pulumi.Input[str]: + """ + Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "source") + + @source.setter + def source(self, value: pulumi.Input[str]): + pulumi.set(self, "source", value) + + @property + @pulumi.getter + def condition(self) -> Optional[pulumi.Input['V2OrganizationSourceIamMemberConditionArgs']]: + return pulumi.get(self, "condition") + + @condition.setter + def condition(self, value: Optional[pulumi.Input['V2OrganizationSourceIamMemberConditionArgs']]): + pulumi.set(self, "condition", value) + + +@pulumi.input_type +class _V2OrganizationSourceIamMemberState: + def __init__(__self__, *, + condition: Optional[pulumi.Input['V2OrganizationSourceIamMemberConditionArgs']] = None, + etag: Optional[pulumi.Input[str]] = None, + member: Optional[pulumi.Input[str]] = None, + organization: Optional[pulumi.Input[str]] = None, + role: Optional[pulumi.Input[str]] = None, + source: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering V2OrganizationSourceIamMember resources. + :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] source: Used to find the parent resource to bind the IAM policy to + """ + if condition is not None: + pulumi.set(__self__, "condition", condition) + if etag is not None: + pulumi.set(__self__, "etag", etag) + if member is not None: + pulumi.set(__self__, "member", member) + if organization is not None: + pulumi.set(__self__, "organization", organization) + if role is not None: + pulumi.set(__self__, "role", role) + if source is not None: + pulumi.set(__self__, "source", source) + + @property + @pulumi.getter + def condition(self) -> Optional[pulumi.Input['V2OrganizationSourceIamMemberConditionArgs']]: + return pulumi.get(self, "condition") + + @condition.setter + def condition(self, value: Optional[pulumi.Input['V2OrganizationSourceIamMemberConditionArgs']]): + pulumi.set(self, "condition", value) + + @property + @pulumi.getter + def etag(self) -> Optional[pulumi.Input[str]]: + """ + (Computed) The etag of the IAM policy. + """ + return pulumi.get(self, "etag") + + @etag.setter + def etag(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "etag", value) + + @property + @pulumi.getter + def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ + return pulumi.get(self, "member") + + @member.setter + def member(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "member", value) + + @property + @pulumi.getter + def organization(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "organization") + + @organization.setter + def organization(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "organization", value) + + @property + @pulumi.getter + def role(self) -> Optional[pulumi.Input[str]]: + """ + The role that should be applied. Only one + `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + """ + return pulumi.get(self, "role") + + @role.setter + def role(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "role", value) + + @property + @pulumi.getter + def source(self) -> Optional[pulumi.Input[str]]: + """ + Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "source") + + @source.setter + def source(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "source", value) + + +class V2OrganizationSourceIamMember(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + condition: Optional[pulumi.Input[Union['V2OrganizationSourceIamMemberConditionArgs', 'V2OrganizationSourceIamMemberConditionArgsDict']]] = None, + member: Optional[pulumi.Input[str]] = None, + organization: Optional[pulumi.Input[str]] = None, + role: Optional[pulumi.Input[str]] = None, + source: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + + * `securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * `securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * `securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + + > **Note:** `securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `securitycenter.V2OrganizationSourceIamBinding` and `securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + + > **Note:** `securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + + ## securitycenter.V2OrganizationSourceIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/viewer", + "members": ["user:jane@example.com"], + }]) + policy = gcp.securitycenter.V2OrganizationSourceIamPolicy("policy", + source=custom_source["name"], + policy_data=admin.policy_data) + ``` + + ## securitycenter.V2OrganizationSourceIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.securitycenter.V2OrganizationSourceIamBinding("binding", + source=custom_source["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + ## securitycenter.V2OrganizationSourceIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.securitycenter.V2OrganizationSourceIamMember("member", + source=custom_source["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + --- + + # IAM policy for Security Command Center (SCC)v2 API OrganizationSource + Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + + * `securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * `securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * `securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + + > **Note:** `securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `securitycenter.V2OrganizationSourceIamBinding` and `securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + + > **Note:** `securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + + ## securitycenter.V2OrganizationSourceIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/viewer", + "members": ["user:jane@example.com"], + }]) + policy = gcp.securitycenter.V2OrganizationSourceIamPolicy("policy", + source=custom_source["name"], + policy_data=admin.policy_data) + ``` + + ## securitycenter.V2OrganizationSourceIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.securitycenter.V2OrganizationSourceIamBinding("binding", + source=custom_source["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + ## securitycenter.V2OrganizationSourceIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.securitycenter.V2OrganizationSourceIamMember("member", + source=custom_source["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import + + For all import syntaxes, the "resource in question" can take any of the following forms: + + * organizations/{{organization}}/sources/{{source}} + + * {{organization}}/{{source}} + + * {{source}} + + Any variables not passed in the import command will be taken from the provider configuration. + + Security Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member. + + IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor "organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com" + ``` + + IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor "organizations/{{organization}}/sources/{{source}} roles/viewer" + ``` + + IAM policy imports use the identifier of the resource in question, e.g. + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor organizations/{{organization}}/sources/{{source}} + ``` + + -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] source: Used to find the parent resource to bind the IAM policy to + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: V2OrganizationSourceIamMemberArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + + * `securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * `securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * `securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + + > **Note:** `securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `securitycenter.V2OrganizationSourceIamBinding` and `securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + + > **Note:** `securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + + ## securitycenter.V2OrganizationSourceIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/viewer", + "members": ["user:jane@example.com"], + }]) + policy = gcp.securitycenter.V2OrganizationSourceIamPolicy("policy", + source=custom_source["name"], + policy_data=admin.policy_data) + ``` + + ## securitycenter.V2OrganizationSourceIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.securitycenter.V2OrganizationSourceIamBinding("binding", + source=custom_source["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + ## securitycenter.V2OrganizationSourceIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.securitycenter.V2OrganizationSourceIamMember("member", + source=custom_source["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + --- + + # IAM policy for Security Command Center (SCC)v2 API OrganizationSource + Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + + * `securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * `securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * `securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + + > **Note:** `securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `securitycenter.V2OrganizationSourceIamBinding` and `securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + + > **Note:** `securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + + ## securitycenter.V2OrganizationSourceIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/viewer", + "members": ["user:jane@example.com"], + }]) + policy = gcp.securitycenter.V2OrganizationSourceIamPolicy("policy", + source=custom_source["name"], + policy_data=admin.policy_data) + ``` + + ## securitycenter.V2OrganizationSourceIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.securitycenter.V2OrganizationSourceIamBinding("binding", + source=custom_source["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + ## securitycenter.V2OrganizationSourceIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.securitycenter.V2OrganizationSourceIamMember("member", + source=custom_source["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import + + For all import syntaxes, the "resource in question" can take any of the following forms: + + * organizations/{{organization}}/sources/{{source}} + + * {{organization}}/{{source}} + + * {{source}} + + Any variables not passed in the import command will be taken from the provider configuration. + + Security Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member. + + IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor "organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com" + ``` + + IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor "organizations/{{organization}}/sources/{{source}} roles/viewer" + ``` + + IAM policy imports use the identifier of the resource in question, e.g. + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember editor organizations/{{organization}}/sources/{{source}} + ``` + + -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + + :param str resource_name: The name of the resource. + :param V2OrganizationSourceIamMemberArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(V2OrganizationSourceIamMemberArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + condition: Optional[pulumi.Input[Union['V2OrganizationSourceIamMemberConditionArgs', 'V2OrganizationSourceIamMemberConditionArgsDict']]] = None, + member: Optional[pulumi.Input[str]] = None, + organization: Optional[pulumi.Input[str]] = None, + role: Optional[pulumi.Input[str]] = None, + source: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = V2OrganizationSourceIamMemberArgs.__new__(V2OrganizationSourceIamMemberArgs) + + __props__.__dict__["condition"] = condition + if member is None and not opts.urn: + raise TypeError("Missing required property 'member'") + __props__.__dict__["member"] = member + if organization is None and not opts.urn: + raise TypeError("Missing required property 'organization'") + __props__.__dict__["organization"] = organization + if role is None and not opts.urn: + raise TypeError("Missing required property 'role'") + __props__.__dict__["role"] = role + if source is None and not opts.urn: + raise TypeError("Missing required property 'source'") + __props__.__dict__["source"] = source + __props__.__dict__["etag"] = None + super(V2OrganizationSourceIamMember, __self__).__init__( + 'gcp:securitycenter/v2OrganizationSourceIamMember:V2OrganizationSourceIamMember', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + condition: Optional[pulumi.Input[Union['V2OrganizationSourceIamMemberConditionArgs', 'V2OrganizationSourceIamMemberConditionArgsDict']]] = None, + etag: Optional[pulumi.Input[str]] = None, + member: Optional[pulumi.Input[str]] = None, + organization: Optional[pulumi.Input[str]] = None, + role: Optional[pulumi.Input[str]] = None, + source: Optional[pulumi.Input[str]] = None) -> 'V2OrganizationSourceIamMember': + """ + Get an existing V2OrganizationSourceIamMember resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] source: Used to find the parent resource to bind the IAM policy to + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _V2OrganizationSourceIamMemberState.__new__(_V2OrganizationSourceIamMemberState) + + __props__.__dict__["condition"] = condition + __props__.__dict__["etag"] = etag + __props__.__dict__["member"] = member + __props__.__dict__["organization"] = organization + __props__.__dict__["role"] = role + __props__.__dict__["source"] = source + return V2OrganizationSourceIamMember(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter + def condition(self) -> pulumi.Output[Optional['outputs.V2OrganizationSourceIamMemberCondition']]: + return pulumi.get(self, "condition") + + @property + @pulumi.getter + def etag(self) -> pulumi.Output[str]: + """ + (Computed) The etag of the IAM policy. + """ + return pulumi.get(self, "etag") + + @property + @pulumi.getter + def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def organization(self) -> pulumi.Output[str]: + return pulumi.get(self, "organization") + + @property + @pulumi.getter + def role(self) -> pulumi.Output[str]: + """ + The role that should be applied. Only one + `securitycenter.V2OrganizationSourceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + """ + return pulumi.get(self, "role") + + @property + @pulumi.getter + def source(self) -> pulumi.Output[str]: + """ + Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "source") + diff --git a/sdk/python/pulumi_gcp/securitycenter/v2_organization_source_iam_policy.py b/sdk/python/pulumi_gcp/securitycenter/v2_organization_source_iam_policy.py new file mode 100644 index 0000000000..a8f0c11046 --- /dev/null +++ b/sdk/python/pulumi_gcp/securitycenter/v2_organization_source_iam_policy.py @@ -0,0 +1,561 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities + +__all__ = ['V2OrganizationSourceIamPolicyArgs', 'V2OrganizationSourceIamPolicy'] + +@pulumi.input_type +class V2OrganizationSourceIamPolicyArgs: + def __init__(__self__, *, + organization: pulumi.Input[str], + policy_data: pulumi.Input[str], + source: pulumi.Input[str]): + """ + The set of arguments for constructing a V2OrganizationSourceIamPolicy resource. + :param pulumi.Input[str] policy_data: The policy data generated by + a `organizations_get_iam_policy` data source. + :param pulumi.Input[str] source: Used to find the parent resource to bind the IAM policy to + """ + pulumi.set(__self__, "organization", organization) + pulumi.set(__self__, "policy_data", policy_data) + pulumi.set(__self__, "source", source) + + @property + @pulumi.getter + def organization(self) -> pulumi.Input[str]: + return pulumi.get(self, "organization") + + @organization.setter + def organization(self, value: pulumi.Input[str]): + pulumi.set(self, "organization", value) + + @property + @pulumi.getter(name="policyData") + def policy_data(self) -> pulumi.Input[str]: + """ + The policy data generated by + a `organizations_get_iam_policy` data source. + """ + return pulumi.get(self, "policy_data") + + @policy_data.setter + def policy_data(self, value: pulumi.Input[str]): + pulumi.set(self, "policy_data", value) + + @property + @pulumi.getter + def source(self) -> pulumi.Input[str]: + """ + Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "source") + + @source.setter + def source(self, value: pulumi.Input[str]): + pulumi.set(self, "source", value) + + +@pulumi.input_type +class _V2OrganizationSourceIamPolicyState: + def __init__(__self__, *, + etag: Optional[pulumi.Input[str]] = None, + organization: Optional[pulumi.Input[str]] = None, + policy_data: Optional[pulumi.Input[str]] = None, + source: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering V2OrganizationSourceIamPolicy resources. + :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[str] policy_data: The policy data generated by + a `organizations_get_iam_policy` data source. + :param pulumi.Input[str] source: Used to find the parent resource to bind the IAM policy to + """ + if etag is not None: + pulumi.set(__self__, "etag", etag) + if organization is not None: + pulumi.set(__self__, "organization", organization) + if policy_data is not None: + pulumi.set(__self__, "policy_data", policy_data) + if source is not None: + pulumi.set(__self__, "source", source) + + @property + @pulumi.getter + def etag(self) -> Optional[pulumi.Input[str]]: + """ + (Computed) The etag of the IAM policy. + """ + return pulumi.get(self, "etag") + + @etag.setter + def etag(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "etag", value) + + @property + @pulumi.getter + def organization(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "organization") + + @organization.setter + def organization(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "organization", value) + + @property + @pulumi.getter(name="policyData") + def policy_data(self) -> Optional[pulumi.Input[str]]: + """ + The policy data generated by + a `organizations_get_iam_policy` data source. + """ + return pulumi.get(self, "policy_data") + + @policy_data.setter + def policy_data(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "policy_data", value) + + @property + @pulumi.getter + def source(self) -> Optional[pulumi.Input[str]]: + """ + Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "source") + + @source.setter + def source(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "source", value) + + +class V2OrganizationSourceIamPolicy(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + organization: Optional[pulumi.Input[str]] = None, + policy_data: Optional[pulumi.Input[str]] = None, + source: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + + * `securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * `securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * `securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + + > **Note:** `securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `securitycenter.V2OrganizationSourceIamBinding` and `securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + + > **Note:** `securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + + ## securitycenter.V2OrganizationSourceIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/viewer", + "members": ["user:jane@example.com"], + }]) + policy = gcp.securitycenter.V2OrganizationSourceIamPolicy("policy", + source=custom_source["name"], + policy_data=admin.policy_data) + ``` + + ## securitycenter.V2OrganizationSourceIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.securitycenter.V2OrganizationSourceIamBinding("binding", + source=custom_source["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + ## securitycenter.V2OrganizationSourceIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.securitycenter.V2OrganizationSourceIamMember("member", + source=custom_source["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + --- + + # IAM policy for Security Command Center (SCC)v2 API OrganizationSource + Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + + * `securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * `securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * `securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + + > **Note:** `securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `securitycenter.V2OrganizationSourceIamBinding` and `securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + + > **Note:** `securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + + ## securitycenter.V2OrganizationSourceIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/viewer", + "members": ["user:jane@example.com"], + }]) + policy = gcp.securitycenter.V2OrganizationSourceIamPolicy("policy", + source=custom_source["name"], + policy_data=admin.policy_data) + ``` + + ## securitycenter.V2OrganizationSourceIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.securitycenter.V2OrganizationSourceIamBinding("binding", + source=custom_source["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + ## securitycenter.V2OrganizationSourceIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.securitycenter.V2OrganizationSourceIamMember("member", + source=custom_source["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import + + For all import syntaxes, the "resource in question" can take any of the following forms: + + * organizations/{{organization}}/sources/{{source}} + + * {{organization}}/{{source}} + + * {{source}} + + Any variables not passed in the import command will be taken from the provider configuration. + + Security Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member. + + IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor "organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com" + ``` + + IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor "organizations/{{organization}}/sources/{{source}} roles/viewer" + ``` + + IAM policy imports use the identifier of the resource in question, e.g. + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor organizations/{{organization}}/sources/{{source}} + ``` + + -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] policy_data: The policy data generated by + a `organizations_get_iam_policy` data source. + :param pulumi.Input[str] source: Used to find the parent resource to bind the IAM policy to + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: V2OrganizationSourceIamPolicyArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + + * `securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * `securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * `securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + + > **Note:** `securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `securitycenter.V2OrganizationSourceIamBinding` and `securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + + > **Note:** `securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + + ## securitycenter.V2OrganizationSourceIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/viewer", + "members": ["user:jane@example.com"], + }]) + policy = gcp.securitycenter.V2OrganizationSourceIamPolicy("policy", + source=custom_source["name"], + policy_data=admin.policy_data) + ``` + + ## securitycenter.V2OrganizationSourceIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.securitycenter.V2OrganizationSourceIamBinding("binding", + source=custom_source["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + ## securitycenter.V2OrganizationSourceIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.securitycenter.V2OrganizationSourceIamMember("member", + source=custom_source["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + --- + + # IAM policy for Security Command Center (SCC)v2 API OrganizationSource + Three different resources help you manage your IAM policy for Security Command Center (SCC)v2 API OrganizationSource. Each of these resources serves a different use case: + + * `securitycenter.V2OrganizationSourceIamPolicy`: Authoritative. Sets the IAM policy for the organizationsource and replaces any existing policy already attached. + * `securitycenter.V2OrganizationSourceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organizationsource are preserved. + * `securitycenter.V2OrganizationSourceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organizationsource are preserved. + + A data source can be used to retrieve policy data in advent you do not need creation + + * `securitycenter.V2OrganizationSourceIamPolicy`: Retrieves the IAM policy for the organizationsource + + > **Note:** `securitycenter.V2OrganizationSourceIamPolicy` **cannot** be used in conjunction with `securitycenter.V2OrganizationSourceIamBinding` and `securitycenter.V2OrganizationSourceIamMember` or they will fight over what your policy should be. + + > **Note:** `securitycenter.V2OrganizationSourceIamBinding` resources **can be** used in conjunction with `securitycenter.V2OrganizationSourceIamMember` resources **only if** they do not grant privilege to the same role. + + ## securitycenter.V2OrganizationSourceIamPolicy + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[{ + "role": "roles/viewer", + "members": ["user:jane@example.com"], + }]) + policy = gcp.securitycenter.V2OrganizationSourceIamPolicy("policy", + source=custom_source["name"], + policy_data=admin.policy_data) + ``` + + ## securitycenter.V2OrganizationSourceIamBinding + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.securitycenter.V2OrganizationSourceIamBinding("binding", + source=custom_source["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + ## securitycenter.V2OrganizationSourceIamMember + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.securitycenter.V2OrganizationSourceIamMember("member", + source=custom_source["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import + + For all import syntaxes, the "resource in question" can take any of the following forms: + + * organizations/{{organization}}/sources/{{source}} + + * {{organization}}/{{source}} + + * {{source}} + + Any variables not passed in the import command will be taken from the provider configuration. + + Security Command Center (SCC)v2 API organizationsource IAM resources can be imported using the resource identifiers, role, and member. + + IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor "organizations/{{organization}}/sources/{{source}} roles/viewer user:jane@example.com" + ``` + + IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor "organizations/{{organization}}/sources/{{source}} roles/viewer" + ``` + + IAM policy imports use the identifier of the resource in question, e.g. + + ```sh + $ pulumi import gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy editor organizations/{{organization}}/sources/{{source}} + ``` + + -> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + + :param str resource_name: The name of the resource. + :param V2OrganizationSourceIamPolicyArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(V2OrganizationSourceIamPolicyArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + organization: Optional[pulumi.Input[str]] = None, + policy_data: Optional[pulumi.Input[str]] = None, + source: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = V2OrganizationSourceIamPolicyArgs.__new__(V2OrganizationSourceIamPolicyArgs) + + if organization is None and not opts.urn: + raise TypeError("Missing required property 'organization'") + __props__.__dict__["organization"] = organization + if policy_data is None and not opts.urn: + raise TypeError("Missing required property 'policy_data'") + __props__.__dict__["policy_data"] = policy_data + if source is None and not opts.urn: + raise TypeError("Missing required property 'source'") + __props__.__dict__["source"] = source + __props__.__dict__["etag"] = None + super(V2OrganizationSourceIamPolicy, __self__).__init__( + 'gcp:securitycenter/v2OrganizationSourceIamPolicy:V2OrganizationSourceIamPolicy', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + etag: Optional[pulumi.Input[str]] = None, + organization: Optional[pulumi.Input[str]] = None, + policy_data: Optional[pulumi.Input[str]] = None, + source: Optional[pulumi.Input[str]] = None) -> 'V2OrganizationSourceIamPolicy': + """ + Get an existing V2OrganizationSourceIamPolicy resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[str] policy_data: The policy data generated by + a `organizations_get_iam_policy` data source. + :param pulumi.Input[str] source: Used to find the parent resource to bind the IAM policy to + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _V2OrganizationSourceIamPolicyState.__new__(_V2OrganizationSourceIamPolicyState) + + __props__.__dict__["etag"] = etag + __props__.__dict__["organization"] = organization + __props__.__dict__["policy_data"] = policy_data + __props__.__dict__["source"] = source + return V2OrganizationSourceIamPolicy(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter + def etag(self) -> pulumi.Output[str]: + """ + (Computed) The etag of the IAM policy. + """ + return pulumi.get(self, "etag") + + @property + @pulumi.getter + def organization(self) -> pulumi.Output[str]: + return pulumi.get(self, "organization") + + @property + @pulumi.getter(name="policyData") + def policy_data(self) -> pulumi.Output[str]: + """ + The policy data generated by + a `organizations_get_iam_policy` data source. + """ + return pulumi.get(self, "policy_data") + + @property + @pulumi.getter + def source(self) -> pulumi.Output[str]: + """ + Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "source") + diff --git a/sdk/python/pulumi_gcp/securitycenter/v2_project_mute_config.py b/sdk/python/pulumi_gcp/securitycenter/v2_project_mute_config.py new file mode 100644 index 0000000000..efc08d4d76 --- /dev/null +++ b/sdk/python/pulumi_gcp/securitycenter/v2_project_mute_config.py @@ -0,0 +1,684 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities + +__all__ = ['V2ProjectMuteConfigArgs', 'V2ProjectMuteConfig'] + +@pulumi.input_type +class V2ProjectMuteConfigArgs: + def __init__(__self__, *, + filter: pulumi.Input[str], + mute_config_id: pulumi.Input[str], + type: pulumi.Input[str], + description: Optional[pulumi.Input[str]] = None, + location: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None): + """ + The set of arguments for constructing a V2ProjectMuteConfig resource. + :param pulumi.Input[str] filter: An expression that defines the filter to apply across create/update + events of findings. While creating a filter string, be mindful of + the scope in which the mute configuration is being created. E.g., + If a filter contains project = X but is created under the + project = Y scope, it might not match any findings. + :param pulumi.Input[str] mute_config_id: Unique identifier provided by the client within the parent scope. + + + - - - + :param pulumi.Input[str] type: The type of the mute config. + :param pulumi.Input[str] description: A description of the mute config. + :param pulumi.Input[str] location: location Id is provided by project. If not provided, Use global as default. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + """ + pulumi.set(__self__, "filter", filter) + pulumi.set(__self__, "mute_config_id", mute_config_id) + pulumi.set(__self__, "type", type) + if description is not None: + pulumi.set(__self__, "description", description) + if location is not None: + pulumi.set(__self__, "location", location) + if project is not None: + pulumi.set(__self__, "project", project) + + @property + @pulumi.getter + def filter(self) -> pulumi.Input[str]: + """ + An expression that defines the filter to apply across create/update + events of findings. While creating a filter string, be mindful of + the scope in which the mute configuration is being created. E.g., + If a filter contains project = X but is created under the + project = Y scope, it might not match any findings. + """ + return pulumi.get(self, "filter") + + @filter.setter + def filter(self, value: pulumi.Input[str]): + pulumi.set(self, "filter", value) + + @property + @pulumi.getter(name="muteConfigId") + def mute_config_id(self) -> pulumi.Input[str]: + """ + Unique identifier provided by the client within the parent scope. + + + - - - + """ + return pulumi.get(self, "mute_config_id") + + @mute_config_id.setter + def mute_config_id(self, value: pulumi.Input[str]): + pulumi.set(self, "mute_config_id", value) + + @property + @pulumi.getter + def type(self) -> pulumi.Input[str]: + """ + The type of the mute config. + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: pulumi.Input[str]): + pulumi.set(self, "type", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + A description of the mute config. + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def location(self) -> Optional[pulumi.Input[str]]: + """ + location Id is provided by project. If not provided, Use global as default. + """ + return pulumi.get(self, "location") + + @location.setter + def location(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "location", value) + + @property + @pulumi.getter + def project(self) -> Optional[pulumi.Input[str]]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + """ + return pulumi.get(self, "project") + + @project.setter + def project(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "project", value) + + +@pulumi.input_type +class _V2ProjectMuteConfigState: + def __init__(__self__, *, + create_time: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + filter: Optional[pulumi.Input[str]] = None, + location: Optional[pulumi.Input[str]] = None, + most_recent_editor: Optional[pulumi.Input[str]] = None, + mute_config_id: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None, + update_time: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering V2ProjectMuteConfig resources. + :param pulumi.Input[str] create_time: The time at which the mute config was created. This field is set by + the server and will be ignored if provided on config creation. + :param pulumi.Input[str] description: A description of the mute config. + :param pulumi.Input[str] filter: An expression that defines the filter to apply across create/update + events of findings. While creating a filter string, be mindful of + the scope in which the mute configuration is being created. E.g., + If a filter contains project = X but is created under the + project = Y scope, it might not match any findings. + :param pulumi.Input[str] location: location Id is provided by project. If not provided, Use global as default. + :param pulumi.Input[str] most_recent_editor: Email address of the user who last edited the mute config. This + field is set by the server and will be ignored if provided on + config creation or update. + :param pulumi.Input[str] mute_config_id: Unique identifier provided by the client within the parent scope. + + + - - - + :param pulumi.Input[str] name: Name of the mute config. Its format is + projects/{project}/locations/global/muteConfigs/{configId}, + folders/{folder}/locations/global/muteConfigs/{configId}, + or organizations/{organization}/locations/global/muteConfigs/{configId} + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + :param pulumi.Input[str] type: The type of the mute config. + :param pulumi.Input[str] update_time: Output only. The most recent time at which the mute config was + updated. This field is set by the server and will be ignored if + provided on config creation or update. + """ + if create_time is not None: + pulumi.set(__self__, "create_time", create_time) + if description is not None: + pulumi.set(__self__, "description", description) + if filter is not None: + pulumi.set(__self__, "filter", filter) + if location is not None: + pulumi.set(__self__, "location", location) + if most_recent_editor is not None: + pulumi.set(__self__, "most_recent_editor", most_recent_editor) + if mute_config_id is not None: + pulumi.set(__self__, "mute_config_id", mute_config_id) + if name is not None: + pulumi.set(__self__, "name", name) + if project is not None: + pulumi.set(__self__, "project", project) + if type is not None: + pulumi.set(__self__, "type", type) + if update_time is not None: + pulumi.set(__self__, "update_time", update_time) + + @property + @pulumi.getter(name="createTime") + def create_time(self) -> Optional[pulumi.Input[str]]: + """ + The time at which the mute config was created. This field is set by + the server and will be ignored if provided on config creation. + """ + return pulumi.get(self, "create_time") + + @create_time.setter + def create_time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "create_time", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + A description of the mute config. + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def filter(self) -> Optional[pulumi.Input[str]]: + """ + An expression that defines the filter to apply across create/update + events of findings. While creating a filter string, be mindful of + the scope in which the mute configuration is being created. E.g., + If a filter contains project = X but is created under the + project = Y scope, it might not match any findings. + """ + return pulumi.get(self, "filter") + + @filter.setter + def filter(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "filter", value) + + @property + @pulumi.getter + def location(self) -> Optional[pulumi.Input[str]]: + """ + location Id is provided by project. If not provided, Use global as default. + """ + return pulumi.get(self, "location") + + @location.setter + def location(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "location", value) + + @property + @pulumi.getter(name="mostRecentEditor") + def most_recent_editor(self) -> Optional[pulumi.Input[str]]: + """ + Email address of the user who last edited the mute config. This + field is set by the server and will be ignored if provided on + config creation or update. + """ + return pulumi.get(self, "most_recent_editor") + + @most_recent_editor.setter + def most_recent_editor(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "most_recent_editor", value) + + @property + @pulumi.getter(name="muteConfigId") + def mute_config_id(self) -> Optional[pulumi.Input[str]]: + """ + Unique identifier provided by the client within the parent scope. + + + - - - + """ + return pulumi.get(self, "mute_config_id") + + @mute_config_id.setter + def mute_config_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "mute_config_id", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Name of the mute config. Its format is + projects/{project}/locations/global/muteConfigs/{configId}, + folders/{folder}/locations/global/muteConfigs/{configId}, + or organizations/{organization}/locations/global/muteConfigs/{configId} + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def project(self) -> Optional[pulumi.Input[str]]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + """ + return pulumi.get(self, "project") + + @project.setter + def project(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "project", value) + + @property + @pulumi.getter + def type(self) -> Optional[pulumi.Input[str]]: + """ + The type of the mute config. + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "type", value) + + @property + @pulumi.getter(name="updateTime") + def update_time(self) -> Optional[pulumi.Input[str]]: + """ + Output only. The most recent time at which the mute config was + updated. This field is set by the server and will be ignored if + provided on config creation or update. + """ + return pulumi.get(self, "update_time") + + @update_time.setter + def update_time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "update_time", value) + + +class V2ProjectMuteConfig(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + description: Optional[pulumi.Input[str]] = None, + filter: Optional[pulumi.Input[str]] = None, + location: Optional[pulumi.Input[str]] = None, + mute_config_id: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + Mute Findings is a volume management feature in Security Command Center + that lets you manually or programmatically hide irrelevant findings, + and create filters to automatically silence existing and future + findings based on criteria you specify. + + To get more information about ProjectMuteConfig, see: + + * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/projects.muteConfigs) + + ## Example Usage + + ### Scc V2 Project Mute Config Basic + + ```python + import pulumi + import pulumi_gcp as gcp + + default = gcp.securitycenter.V2ProjectMuteConfig("default", + mute_config_id="my-config", + project="", + location="global", + description="My custom Cloud Security Command Center Finding Project mute Configuration", + filter="severity = \\"HIGH\\"", + type="STATIC") + ``` + + ## Import + + ProjectMuteConfig can be imported using any of these accepted formats: + + * `projects/{{project}}/locations/{{location}}/muteConfigs/{{mute_config_id}}` + + * `{{project}}/{{location}}/{{mute_config_id}}` + + * `{{location}}/{{mute_config_id}}` + + When using the `pulumi import` command, ProjectMuteConfig can be imported using one of the formats above. For example: + + ```sh + $ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default projects/{{project}}/locations/{{location}}/muteConfigs/{{mute_config_id}} + ``` + + ```sh + $ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default {{project}}/{{location}}/{{mute_config_id}} + ``` + + ```sh + $ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default {{location}}/{{mute_config_id}} + ``` + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] description: A description of the mute config. + :param pulumi.Input[str] filter: An expression that defines the filter to apply across create/update + events of findings. While creating a filter string, be mindful of + the scope in which the mute configuration is being created. E.g., + If a filter contains project = X but is created under the + project = Y scope, it might not match any findings. + :param pulumi.Input[str] location: location Id is provided by project. If not provided, Use global as default. + :param pulumi.Input[str] mute_config_id: Unique identifier provided by the client within the parent scope. + + + - - - + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + :param pulumi.Input[str] type: The type of the mute config. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: V2ProjectMuteConfigArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Mute Findings is a volume management feature in Security Command Center + that lets you manually or programmatically hide irrelevant findings, + and create filters to automatically silence existing and future + findings based on criteria you specify. + + To get more information about ProjectMuteConfig, see: + + * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/projects.muteConfigs) + + ## Example Usage + + ### Scc V2 Project Mute Config Basic + + ```python + import pulumi + import pulumi_gcp as gcp + + default = gcp.securitycenter.V2ProjectMuteConfig("default", + mute_config_id="my-config", + project="", + location="global", + description="My custom Cloud Security Command Center Finding Project mute Configuration", + filter="severity = \\"HIGH\\"", + type="STATIC") + ``` + + ## Import + + ProjectMuteConfig can be imported using any of these accepted formats: + + * `projects/{{project}}/locations/{{location}}/muteConfigs/{{mute_config_id}}` + + * `{{project}}/{{location}}/{{mute_config_id}}` + + * `{{location}}/{{mute_config_id}}` + + When using the `pulumi import` command, ProjectMuteConfig can be imported using one of the formats above. For example: + + ```sh + $ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default projects/{{project}}/locations/{{location}}/muteConfigs/{{mute_config_id}} + ``` + + ```sh + $ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default {{project}}/{{location}}/{{mute_config_id}} + ``` + + ```sh + $ pulumi import gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig default {{location}}/{{mute_config_id}} + ``` + + :param str resource_name: The name of the resource. + :param V2ProjectMuteConfigArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(V2ProjectMuteConfigArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + description: Optional[pulumi.Input[str]] = None, + filter: Optional[pulumi.Input[str]] = None, + location: Optional[pulumi.Input[str]] = None, + mute_config_id: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = V2ProjectMuteConfigArgs.__new__(V2ProjectMuteConfigArgs) + + __props__.__dict__["description"] = description + if filter is None and not opts.urn: + raise TypeError("Missing required property 'filter'") + __props__.__dict__["filter"] = filter + __props__.__dict__["location"] = location + if mute_config_id is None and not opts.urn: + raise TypeError("Missing required property 'mute_config_id'") + __props__.__dict__["mute_config_id"] = mute_config_id + __props__.__dict__["project"] = project + if type is None and not opts.urn: + raise TypeError("Missing required property 'type'") + __props__.__dict__["type"] = type + __props__.__dict__["create_time"] = None + __props__.__dict__["most_recent_editor"] = None + __props__.__dict__["name"] = None + __props__.__dict__["update_time"] = None + super(V2ProjectMuteConfig, __self__).__init__( + 'gcp:securitycenter/v2ProjectMuteConfig:V2ProjectMuteConfig', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + create_time: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + filter: Optional[pulumi.Input[str]] = None, + location: Optional[pulumi.Input[str]] = None, + most_recent_editor: Optional[pulumi.Input[str]] = None, + mute_config_id: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[str]] = None, + update_time: Optional[pulumi.Input[str]] = None) -> 'V2ProjectMuteConfig': + """ + Get an existing V2ProjectMuteConfig resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] create_time: The time at which the mute config was created. This field is set by + the server and will be ignored if provided on config creation. + :param pulumi.Input[str] description: A description of the mute config. + :param pulumi.Input[str] filter: An expression that defines the filter to apply across create/update + events of findings. While creating a filter string, be mindful of + the scope in which the mute configuration is being created. E.g., + If a filter contains project = X but is created under the + project = Y scope, it might not match any findings. + :param pulumi.Input[str] location: location Id is provided by project. If not provided, Use global as default. + :param pulumi.Input[str] most_recent_editor: Email address of the user who last edited the mute config. This + field is set by the server and will be ignored if provided on + config creation or update. + :param pulumi.Input[str] mute_config_id: Unique identifier provided by the client within the parent scope. + + + - - - + :param pulumi.Input[str] name: Name of the mute config. Its format is + projects/{project}/locations/global/muteConfigs/{configId}, + folders/{folder}/locations/global/muteConfigs/{configId}, + or organizations/{organization}/locations/global/muteConfigs/{configId} + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + :param pulumi.Input[str] type: The type of the mute config. + :param pulumi.Input[str] update_time: Output only. The most recent time at which the mute config was + updated. This field is set by the server and will be ignored if + provided on config creation or update. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _V2ProjectMuteConfigState.__new__(_V2ProjectMuteConfigState) + + __props__.__dict__["create_time"] = create_time + __props__.__dict__["description"] = description + __props__.__dict__["filter"] = filter + __props__.__dict__["location"] = location + __props__.__dict__["most_recent_editor"] = most_recent_editor + __props__.__dict__["mute_config_id"] = mute_config_id + __props__.__dict__["name"] = name + __props__.__dict__["project"] = project + __props__.__dict__["type"] = type + __props__.__dict__["update_time"] = update_time + return V2ProjectMuteConfig(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="createTime") + def create_time(self) -> pulumi.Output[str]: + """ + The time at which the mute config was created. This field is set by + the server and will be ignored if provided on config creation. + """ + return pulumi.get(self, "create_time") + + @property + @pulumi.getter + def description(self) -> pulumi.Output[Optional[str]]: + """ + A description of the mute config. + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter + def filter(self) -> pulumi.Output[str]: + """ + An expression that defines the filter to apply across create/update + events of findings. While creating a filter string, be mindful of + the scope in which the mute configuration is being created. E.g., + If a filter contains project = X but is created under the + project = Y scope, it might not match any findings. + """ + return pulumi.get(self, "filter") + + @property + @pulumi.getter + def location(self) -> pulumi.Output[Optional[str]]: + """ + location Id is provided by project. If not provided, Use global as default. + """ + return pulumi.get(self, "location") + + @property + @pulumi.getter(name="mostRecentEditor") + def most_recent_editor(self) -> pulumi.Output[str]: + """ + Email address of the user who last edited the mute config. This + field is set by the server and will be ignored if provided on + config creation or update. + """ + return pulumi.get(self, "most_recent_editor") + + @property + @pulumi.getter(name="muteConfigId") + def mute_config_id(self) -> pulumi.Output[str]: + """ + Unique identifier provided by the client within the parent scope. + + + - - - + """ + return pulumi.get(self, "mute_config_id") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + Name of the mute config. Its format is + projects/{project}/locations/global/muteConfigs/{configId}, + folders/{folder}/locations/global/muteConfigs/{configId}, + or organizations/{organization}/locations/global/muteConfigs/{configId} + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + """ + return pulumi.get(self, "project") + + @property + @pulumi.getter + def type(self) -> pulumi.Output[str]: + """ + The type of the mute config. + """ + return pulumi.get(self, "type") + + @property + @pulumi.getter(name="updateTime") + def update_time(self) -> pulumi.Output[str]: + """ + Output only. The most recent time at which the mute config was + updated. This field is set by the server and will be ignored if + provided on config creation or update. + """ + return pulumi.get(self, "update_time") + diff --git a/sdk/python/pulumi_gcp/securitycenter/v2_project_notification_config.py b/sdk/python/pulumi_gcp/securitycenter/v2_project_notification_config.py new file mode 100644 index 0000000000..9dbce42bbc --- /dev/null +++ b/sdk/python/pulumi_gcp/securitycenter/v2_project_notification_config.py @@ -0,0 +1,559 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities +from . import outputs +from ._inputs import * + +__all__ = ['V2ProjectNotificationConfigArgs', 'V2ProjectNotificationConfig'] + +@pulumi.input_type +class V2ProjectNotificationConfigArgs: + def __init__(__self__, *, + config_id: pulumi.Input[str], + streaming_config: pulumi.Input['V2ProjectNotificationConfigStreamingConfigArgs'], + description: Optional[pulumi.Input[str]] = None, + location: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + pubsub_topic: Optional[pulumi.Input[str]] = None): + """ + The set of arguments for constructing a V2ProjectNotificationConfig resource. + :param pulumi.Input[str] config_id: This must be unique within the project. + :param pulumi.Input['V2ProjectNotificationConfigStreamingConfigArgs'] streaming_config: The config for triggering streaming-based notifications. + Structure is documented below. + :param pulumi.Input[str] description: The description of the notification config (max of 1024 characters). + :param pulumi.Input[str] location: Location ID of the parent organization. Only global is supported at the moment. + :param pulumi.Input[str] pubsub_topic: The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". + """ + pulumi.set(__self__, "config_id", config_id) + pulumi.set(__self__, "streaming_config", streaming_config) + if description is not None: + pulumi.set(__self__, "description", description) + if location is not None: + pulumi.set(__self__, "location", location) + if project is not None: + pulumi.set(__self__, "project", project) + if pubsub_topic is not None: + pulumi.set(__self__, "pubsub_topic", pubsub_topic) + + @property + @pulumi.getter(name="configId") + def config_id(self) -> pulumi.Input[str]: + """ + This must be unique within the project. + """ + return pulumi.get(self, "config_id") + + @config_id.setter + def config_id(self, value: pulumi.Input[str]): + pulumi.set(self, "config_id", value) + + @property + @pulumi.getter(name="streamingConfig") + def streaming_config(self) -> pulumi.Input['V2ProjectNotificationConfigStreamingConfigArgs']: + """ + The config for triggering streaming-based notifications. + Structure is documented below. + """ + return pulumi.get(self, "streaming_config") + + @streaming_config.setter + def streaming_config(self, value: pulumi.Input['V2ProjectNotificationConfigStreamingConfigArgs']): + pulumi.set(self, "streaming_config", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + The description of the notification config (max of 1024 characters). + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def location(self) -> Optional[pulumi.Input[str]]: + """ + Location ID of the parent organization. Only global is supported at the moment. + """ + return pulumi.get(self, "location") + + @location.setter + def location(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "location", value) + + @property + @pulumi.getter + def project(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "project") + + @project.setter + def project(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "project", value) + + @property + @pulumi.getter(name="pubsubTopic") + def pubsub_topic(self) -> Optional[pulumi.Input[str]]: + """ + The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". + """ + return pulumi.get(self, "pubsub_topic") + + @pubsub_topic.setter + def pubsub_topic(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "pubsub_topic", value) + + +@pulumi.input_type +class _V2ProjectNotificationConfigState: + def __init__(__self__, *, + config_id: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + location: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + pubsub_topic: Optional[pulumi.Input[str]] = None, + service_account: Optional[pulumi.Input[str]] = None, + streaming_config: Optional[pulumi.Input['V2ProjectNotificationConfigStreamingConfigArgs']] = None): + """ + Input properties used for looking up and filtering V2ProjectNotificationConfig resources. + :param pulumi.Input[str] config_id: This must be unique within the project. + :param pulumi.Input[str] description: The description of the notification config (max of 1024 characters). + :param pulumi.Input[str] location: Location ID of the parent organization. Only global is supported at the moment. + :param pulumi.Input[str] name: The resource name of this notification config, in the format + `projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}`. + :param pulumi.Input[str] pubsub_topic: The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". + :param pulumi.Input[str] service_account: The service account that needs "pubsub.topics.publish" permission to + publish to the Pub/Sub topic. + :param pulumi.Input['V2ProjectNotificationConfigStreamingConfigArgs'] streaming_config: The config for triggering streaming-based notifications. + Structure is documented below. + """ + if config_id is not None: + pulumi.set(__self__, "config_id", config_id) + if description is not None: + pulumi.set(__self__, "description", description) + if location is not None: + pulumi.set(__self__, "location", location) + if name is not None: + pulumi.set(__self__, "name", name) + if project is not None: + pulumi.set(__self__, "project", project) + if pubsub_topic is not None: + pulumi.set(__self__, "pubsub_topic", pubsub_topic) + if service_account is not None: + pulumi.set(__self__, "service_account", service_account) + if streaming_config is not None: + pulumi.set(__self__, "streaming_config", streaming_config) + + @property + @pulumi.getter(name="configId") + def config_id(self) -> Optional[pulumi.Input[str]]: + """ + This must be unique within the project. + """ + return pulumi.get(self, "config_id") + + @config_id.setter + def config_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "config_id", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + The description of the notification config (max of 1024 characters). + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def location(self) -> Optional[pulumi.Input[str]]: + """ + Location ID of the parent organization. Only global is supported at the moment. + """ + return pulumi.get(self, "location") + + @location.setter + def location(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "location", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + The resource name of this notification config, in the format + `projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}`. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def project(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "project") + + @project.setter + def project(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "project", value) + + @property + @pulumi.getter(name="pubsubTopic") + def pubsub_topic(self) -> Optional[pulumi.Input[str]]: + """ + The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". + """ + return pulumi.get(self, "pubsub_topic") + + @pubsub_topic.setter + def pubsub_topic(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "pubsub_topic", value) + + @property + @pulumi.getter(name="serviceAccount") + def service_account(self) -> Optional[pulumi.Input[str]]: + """ + The service account that needs "pubsub.topics.publish" permission to + publish to the Pub/Sub topic. + """ + return pulumi.get(self, "service_account") + + @service_account.setter + def service_account(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "service_account", value) + + @property + @pulumi.getter(name="streamingConfig") + def streaming_config(self) -> Optional[pulumi.Input['V2ProjectNotificationConfigStreamingConfigArgs']]: + """ + The config for triggering streaming-based notifications. + Structure is documented below. + """ + return pulumi.get(self, "streaming_config") + + @streaming_config.setter + def streaming_config(self, value: Optional[pulumi.Input['V2ProjectNotificationConfigStreamingConfigArgs']]): + pulumi.set(self, "streaming_config", value) + + +class V2ProjectNotificationConfig(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + config_id: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + location: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + pubsub_topic: Optional[pulumi.Input[str]] = None, + streaming_config: Optional[pulumi.Input[Union['V2ProjectNotificationConfigStreamingConfigArgs', 'V2ProjectNotificationConfigStreamingConfigArgsDict']]] = None, + __props__=None): + """ + A Cloud Security Command Center (Cloud SCC) notification configs. A + notification config is a Cloud SCC resource that contains the + configuration to send notifications for create/update events of + findings, assets and etc. + > **Note:** In order to use Cloud SCC resources, your organization must be enrolled + in [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center). + Without doing so, you may run into errors during resource creation. + + To get more information about ProjectNotificationConfig, see: + + * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/projects.locations.notificationConfigs) + * How-to Guides + * [Official Documentation](https://cloud.google.com/security-command-center/docs) + + ## Example Usage + + ### Scc V2 Project Notification Config Basic + + ```python + import pulumi + import pulumi_gcp as gcp + + scc_v2_project_notification = gcp.pubsub.Topic("scc_v2_project_notification", name="my-topic") + custom_notification_config = gcp.securitycenter.V2ProjectNotificationConfig("custom_notification_config", + config_id="my-config", + project="my-project-name", + location="global", + description="My custom Cloud Security Command Center Finding Notification Configuration", + pubsub_topic=scc_v2_project_notification.id, + streaming_config={ + "filter": "category = \\"OPEN_FIREWALL\\" AND state = \\"ACTIVE\\"", + }) + ``` + + ## Import + + ProjectNotificationConfig can be imported using any of these accepted formats: + + * `projects/{{project}}/locations/{{location}}/notificationConfigs/{{config_id}}` + + * `{{project}}/{{location}}/{{config_id}}` + + * `{{location}}/{{config_id}}` + + When using the `pulumi import` command, ProjectNotificationConfig can be imported using one of the formats above. For example: + + ```sh + $ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default projects/{{project}}/locations/{{location}}/notificationConfigs/{{config_id}} + ``` + + ```sh + $ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default {{project}}/{{location}}/{{config_id}} + ``` + + ```sh + $ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default {{location}}/{{config_id}} + ``` + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] config_id: This must be unique within the project. + :param pulumi.Input[str] description: The description of the notification config (max of 1024 characters). + :param pulumi.Input[str] location: Location ID of the parent organization. Only global is supported at the moment. + :param pulumi.Input[str] pubsub_topic: The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". + :param pulumi.Input[Union['V2ProjectNotificationConfigStreamingConfigArgs', 'V2ProjectNotificationConfigStreamingConfigArgsDict']] streaming_config: The config for triggering streaming-based notifications. + Structure is documented below. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: V2ProjectNotificationConfigArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + A Cloud Security Command Center (Cloud SCC) notification configs. A + notification config is a Cloud SCC resource that contains the + configuration to send notifications for create/update events of + findings, assets and etc. + > **Note:** In order to use Cloud SCC resources, your organization must be enrolled + in [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center). + Without doing so, you may run into errors during resource creation. + + To get more information about ProjectNotificationConfig, see: + + * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v2/projects.locations.notificationConfigs) + * How-to Guides + * [Official Documentation](https://cloud.google.com/security-command-center/docs) + + ## Example Usage + + ### Scc V2 Project Notification Config Basic + + ```python + import pulumi + import pulumi_gcp as gcp + + scc_v2_project_notification = gcp.pubsub.Topic("scc_v2_project_notification", name="my-topic") + custom_notification_config = gcp.securitycenter.V2ProjectNotificationConfig("custom_notification_config", + config_id="my-config", + project="my-project-name", + location="global", + description="My custom Cloud Security Command Center Finding Notification Configuration", + pubsub_topic=scc_v2_project_notification.id, + streaming_config={ + "filter": "category = \\"OPEN_FIREWALL\\" AND state = \\"ACTIVE\\"", + }) + ``` + + ## Import + + ProjectNotificationConfig can be imported using any of these accepted formats: + + * `projects/{{project}}/locations/{{location}}/notificationConfigs/{{config_id}}` + + * `{{project}}/{{location}}/{{config_id}}` + + * `{{location}}/{{config_id}}` + + When using the `pulumi import` command, ProjectNotificationConfig can be imported using one of the formats above. For example: + + ```sh + $ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default projects/{{project}}/locations/{{location}}/notificationConfigs/{{config_id}} + ``` + + ```sh + $ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default {{project}}/{{location}}/{{config_id}} + ``` + + ```sh + $ pulumi import gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig default {{location}}/{{config_id}} + ``` + + :param str resource_name: The name of the resource. + :param V2ProjectNotificationConfigArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(V2ProjectNotificationConfigArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + config_id: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + location: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + pubsub_topic: Optional[pulumi.Input[str]] = None, + streaming_config: Optional[pulumi.Input[Union['V2ProjectNotificationConfigStreamingConfigArgs', 'V2ProjectNotificationConfigStreamingConfigArgsDict']]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = V2ProjectNotificationConfigArgs.__new__(V2ProjectNotificationConfigArgs) + + if config_id is None and not opts.urn: + raise TypeError("Missing required property 'config_id'") + __props__.__dict__["config_id"] = config_id + __props__.__dict__["description"] = description + __props__.__dict__["location"] = location + __props__.__dict__["project"] = project + __props__.__dict__["pubsub_topic"] = pubsub_topic + if streaming_config is None and not opts.urn: + raise TypeError("Missing required property 'streaming_config'") + __props__.__dict__["streaming_config"] = streaming_config + __props__.__dict__["name"] = None + __props__.__dict__["service_account"] = None + super(V2ProjectNotificationConfig, __self__).__init__( + 'gcp:securitycenter/v2ProjectNotificationConfig:V2ProjectNotificationConfig', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + config_id: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + location: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + pubsub_topic: Optional[pulumi.Input[str]] = None, + service_account: Optional[pulumi.Input[str]] = None, + streaming_config: Optional[pulumi.Input[Union['V2ProjectNotificationConfigStreamingConfigArgs', 'V2ProjectNotificationConfigStreamingConfigArgsDict']]] = None) -> 'V2ProjectNotificationConfig': + """ + Get an existing V2ProjectNotificationConfig resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] config_id: This must be unique within the project. + :param pulumi.Input[str] description: The description of the notification config (max of 1024 characters). + :param pulumi.Input[str] location: Location ID of the parent organization. Only global is supported at the moment. + :param pulumi.Input[str] name: The resource name of this notification config, in the format + `projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}`. + :param pulumi.Input[str] pubsub_topic: The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". + :param pulumi.Input[str] service_account: The service account that needs "pubsub.topics.publish" permission to + publish to the Pub/Sub topic. + :param pulumi.Input[Union['V2ProjectNotificationConfigStreamingConfigArgs', 'V2ProjectNotificationConfigStreamingConfigArgsDict']] streaming_config: The config for triggering streaming-based notifications. + Structure is documented below. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _V2ProjectNotificationConfigState.__new__(_V2ProjectNotificationConfigState) + + __props__.__dict__["config_id"] = config_id + __props__.__dict__["description"] = description + __props__.__dict__["location"] = location + __props__.__dict__["name"] = name + __props__.__dict__["project"] = project + __props__.__dict__["pubsub_topic"] = pubsub_topic + __props__.__dict__["service_account"] = service_account + __props__.__dict__["streaming_config"] = streaming_config + return V2ProjectNotificationConfig(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="configId") + def config_id(self) -> pulumi.Output[str]: + """ + This must be unique within the project. + """ + return pulumi.get(self, "config_id") + + @property + @pulumi.getter + def description(self) -> pulumi.Output[Optional[str]]: + """ + The description of the notification config (max of 1024 characters). + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter + def location(self) -> pulumi.Output[Optional[str]]: + """ + Location ID of the parent organization. Only global is supported at the moment. + """ + return pulumi.get(self, "location") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + The resource name of this notification config, in the format + `projects/{{projectId}}/locations/{{location}}/notificationConfigs/{{config_id}}`. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + return pulumi.get(self, "project") + + @property + @pulumi.getter(name="pubsubTopic") + def pubsub_topic(self) -> pulumi.Output[Optional[str]]: + """ + The Pub/Sub topic to send notifications to. Its format is "projects/[project_id]/topics/[topic]". + """ + return pulumi.get(self, "pubsub_topic") + + @property + @pulumi.getter(name="serviceAccount") + def service_account(self) -> pulumi.Output[str]: + """ + The service account that needs "pubsub.topics.publish" permission to + publish to the Pub/Sub topic. + """ + return pulumi.get(self, "service_account") + + @property + @pulumi.getter(name="streamingConfig") + def streaming_config(self) -> pulumi.Output['outputs.V2ProjectNotificationConfigStreamingConfig']: + """ + The config for triggering streaming-based notifications. + Structure is documented below. + """ + return pulumi.get(self, "streaming_config") + diff --git a/sdk/python/pulumi_gcp/spanner/instance.py b/sdk/python/pulumi_gcp/spanner/instance.py index 24bab652d1..73b6d622dc 100644 --- a/sdk/python/pulumi_gcp/spanner/instance.py +++ b/sdk/python/pulumi_gcp/spanner/instance.py @@ -58,7 +58,6 @@ def __init__(__self__, *, :param pulumi.Input[str] name: A unique identifier for the instance, which cannot be changed after the instance is created. The name must be between 6 and 30 characters in length. - If not provided, a random string starting with `tf-` will be selected. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -165,7 +164,6 @@ def name(self) -> Optional[pulumi.Input[str]]: A unique identifier for the instance, which cannot be changed after the instance is created. The name must be between 6 and 30 characters in length. - If not provided, a random string starting with `tf-` will be selected. """ return pulumi.get(self, "name") @@ -250,7 +248,6 @@ def __init__(__self__, *, :param pulumi.Input[str] name: A unique identifier for the instance, which cannot be changed after the instance is created. The name must be between 6 and 30 characters in length. - If not provided, a random string starting with `tf-` will be selected. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -380,7 +377,6 @@ def name(self) -> Optional[pulumi.Input[str]]: A unique identifier for the instance, which cannot be changed after the instance is created. The name must be between 6 and 30 characters in length. - If not provided, a random string starting with `tf-` will be selected. """ return pulumi.get(self, "name") @@ -591,7 +587,6 @@ def __init__(__self__, :param pulumi.Input[str] name: A unique identifier for the instance, which cannot be changed after the instance is created. The name must be between 6 and 30 characters in length. - If not provided, a random string starting with `tf-` will be selected. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -811,7 +806,6 @@ def get(resource_name: str, :param pulumi.Input[str] name: A unique identifier for the instance, which cannot be changed after the instance is created. The name must be between 6 and 30 characters in length. - If not provided, a random string starting with `tf-` will be selected. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -910,7 +904,6 @@ def name(self) -> pulumi.Output[str]: A unique identifier for the instance, which cannot be changed after the instance is created. The name must be between 6 and 30 characters in length. - If not provided, a random string starting with `tf-` will be selected. """ return pulumi.get(self, "name") diff --git a/sdk/python/pulumi_gcp/sql/_inputs.py b/sdk/python/pulumi_gcp/sql/_inputs.py index a1c8f7d7db..3af9373f79 100644 --- a/sdk/python/pulumi_gcp/sql/_inputs.py +++ b/sdk/python/pulumi_gcp/sql/_inputs.py @@ -741,7 +741,7 @@ class DatabaseInstanceSettingsArgsDict(TypedDict): """ connector_enforcement: NotRequired[pulumi.Input[str]] """ - Specifies if connections must use Cloud SQL connectors. + Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. """ data_cache_config: NotRequired[pulumi.Input['DatabaseInstanceSettingsDataCacheConfigArgsDict']] """ @@ -858,7 +858,7 @@ def __init__(__self__, *, For Postgres and SQL Server instances, ensure that `settings.backup_configuration.point_in_time_recovery_enabled` is set to `true`. Defaults to `ZONAL`. :param pulumi.Input[str] collation: The name of server instance collation. - :param pulumi.Input[str] connector_enforcement: Specifies if connections must use Cloud SQL connectors. + :param pulumi.Input[str] connector_enforcement: Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. :param pulumi.Input['DatabaseInstanceSettingsDataCacheConfigArgs'] data_cache_config: Data cache configurations. :param pulumi.Input[bool] deletion_protection_enabled: Configuration to protect against accidental instance deletion. :param pulumi.Input[bool] disk_autoresize: Enables auto-resizing of the storage size. Defaults to `true`. Note that if `disk_size` is set, future `pulumi up` calls will attempt to delete the instance in order to resize the disk to the value specified in disk_size if it has been resized. To avoid this, ensure that `lifecycle.ignore_changes` is applied to `disk_size`. @@ -1021,7 +1021,7 @@ def collation(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="connectorEnforcement") def connector_enforcement(self) -> Optional[pulumi.Input[str]]: """ - Specifies if connections must use Cloud SQL connectors. + Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. """ return pulumi.get(self, "connector_enforcement") diff --git a/sdk/python/pulumi_gcp/sql/outputs.py b/sdk/python/pulumi_gcp/sql/outputs.py index 40bb3785f5..826c6cf9df 100644 --- a/sdk/python/pulumi_gcp/sql/outputs.py +++ b/sdk/python/pulumi_gcp/sql/outputs.py @@ -704,7 +704,7 @@ def __init__(__self__, *, For Postgres and SQL Server instances, ensure that `settings.backup_configuration.point_in_time_recovery_enabled` is set to `true`. Defaults to `ZONAL`. :param str collation: The name of server instance collation. - :param str connector_enforcement: Specifies if connections must use Cloud SQL connectors. + :param str connector_enforcement: Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. :param 'DatabaseInstanceSettingsDataCacheConfigArgs' data_cache_config: Data cache configurations. :param bool deletion_protection_enabled: Configuration to protect against accidental instance deletion. :param bool disk_autoresize: Enables auto-resizing of the storage size. Defaults to `true`. Note that if `disk_size` is set, future `pulumi up` calls will attempt to delete the instance in order to resize the disk to the value specified in disk_size if it has been resized. To avoid this, ensure that `lifecycle.ignore_changes` is applied to `disk_size`. @@ -839,7 +839,7 @@ def collation(self) -> Optional[str]: @pulumi.getter(name="connectorEnforcement") def connector_enforcement(self) -> Optional[str]: """ - Specifies if connections must use Cloud SQL connectors. + Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. """ return pulumi.get(self, "connector_enforcement") @@ -2596,7 +2596,7 @@ def __init__(__self__, *, For Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled is set to true. Defaults to ZONAL. :param str collation: The name of server instance collation. - :param str connector_enforcement: Specifies if connections must use Cloud SQL connectors. + :param str connector_enforcement: Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. :param Sequence['GetDatabaseInstanceSettingDataCacheConfigArgs'] data_cache_configs: Data cache configurations. :param bool deletion_protection_enabled: Configuration to protect against accidental instance deletion. :param bool disk_autoresize: Enables auto-resizing of the storage size. Defaults to true. @@ -2692,7 +2692,7 @@ def collation(self) -> str: @pulumi.getter(name="connectorEnforcement") def connector_enforcement(self) -> str: """ - Specifies if connections must use Cloud SQL connectors. + Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. """ return pulumi.get(self, "connector_enforcement") @@ -4099,7 +4099,7 @@ def __init__(__self__, *, For Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled is set to true. Defaults to ZONAL. :param str collation: The name of server instance collation. - :param str connector_enforcement: Specifies if connections must use Cloud SQL connectors. + :param str connector_enforcement: Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. :param Sequence['GetDatabaseInstancesInstanceSettingDataCacheConfigArgs'] data_cache_configs: Data cache configurations. :param bool deletion_protection_enabled: Configuration to protect against accidental instance deletion. :param bool disk_autoresize: Enables auto-resizing of the storage size. Defaults to true. @@ -4195,7 +4195,7 @@ def collation(self) -> str: @pulumi.getter(name="connectorEnforcement") def connector_enforcement(self) -> str: """ - Specifies if connections must use Cloud SQL connectors. + Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. """ return pulumi.get(self, "connector_enforcement") diff --git a/sdk/python/pulumi_gcp/storage/bucket_object.py b/sdk/python/pulumi_gcp/storage/bucket_object.py index fc6a105190..68e049b4f1 100644 --- a/sdk/python/pulumi_gcp/storage/bucket_object.py +++ b/sdk/python/pulumi_gcp/storage/bucket_object.py @@ -325,6 +325,7 @@ def __init__(__self__, *, customer_encryption: Optional[pulumi.Input['BucketObjectCustomerEncryptionArgs']] = None, detect_md5hash: Optional[pulumi.Input[str]] = None, event_based_hold: Optional[pulumi.Input[bool]] = None, + generation: Optional[pulumi.Input[int]] = None, kms_key_name: Optional[pulumi.Input[str]] = None, md5hash: Optional[pulumi.Input[str]] = None, media_link: Optional[pulumi.Input[str]] = None, @@ -350,6 +351,7 @@ def __init__(__self__, *, :param pulumi.Input['BucketObjectCustomerEncryptionArgs'] customer_encryption: Enables object encryption with Customer-Supplied Encryption Key (CSEK). Google [documentation about CSEK.](https://cloud.google.com/storage/docs/encryption/customer-supplied-keys) Structure is documented below. :param pulumi.Input[bool] event_based_hold: Whether an object is under [event-based hold](https://cloud.google.com/storage/docs/object-holds#hold-types). Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). + :param pulumi.Input[int] generation: (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). :param pulumi.Input[str] kms_key_name: The resource name of the Cloud KMS key that will be used to [encrypt](https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys) the object. :param pulumi.Input[str] md5hash: (Computed) Base 64 MD5 hash of the uploaded data. :param pulumi.Input[str] media_link: (Computed) A url reference to download this object. @@ -392,6 +394,8 @@ def __init__(__self__, *, pulumi.set(__self__, "detect_md5hash", detect_md5hash) if event_based_hold is not None: pulumi.set(__self__, "event_based_hold", event_based_hold) + if generation is not None: + pulumi.set(__self__, "generation", generation) if kms_key_name is not None: pulumi.set(__self__, "kms_key_name", kms_key_name) if md5hash is not None: @@ -546,6 +550,18 @@ def event_based_hold(self) -> Optional[pulumi.Input[bool]]: def event_based_hold(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "event_based_hold", value) + @property + @pulumi.getter + def generation(self) -> Optional[pulumi.Input[int]]: + """ + (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + """ + return pulumi.get(self, "generation") + + @generation.setter + def generation(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "generation", value) + @property @pulumi.getter(name="kmsKeyName") def kms_key_name(self) -> Optional[pulumi.Input[str]]: @@ -881,6 +897,7 @@ def _internal_init(__self__, __props__.__dict__["storage_class"] = storage_class __props__.__dict__["temporary_hold"] = temporary_hold __props__.__dict__["crc32c"] = None + __props__.__dict__["generation"] = None __props__.__dict__["md5hash"] = None __props__.__dict__["media_link"] = None __props__.__dict__["output_name"] = None @@ -908,6 +925,7 @@ def get(resource_name: str, customer_encryption: Optional[pulumi.Input[Union['BucketObjectCustomerEncryptionArgs', 'BucketObjectCustomerEncryptionArgsDict']]] = None, detect_md5hash: Optional[pulumi.Input[str]] = None, event_based_hold: Optional[pulumi.Input[bool]] = None, + generation: Optional[pulumi.Input[int]] = None, kms_key_name: Optional[pulumi.Input[str]] = None, md5hash: Optional[pulumi.Input[str]] = None, media_link: Optional[pulumi.Input[str]] = None, @@ -938,6 +956,7 @@ def get(resource_name: str, :param pulumi.Input[Union['BucketObjectCustomerEncryptionArgs', 'BucketObjectCustomerEncryptionArgsDict']] customer_encryption: Enables object encryption with Customer-Supplied Encryption Key (CSEK). Google [documentation about CSEK.](https://cloud.google.com/storage/docs/encryption/customer-supplied-keys) Structure is documented below. :param pulumi.Input[bool] event_based_hold: Whether an object is under [event-based hold](https://cloud.google.com/storage/docs/object-holds#hold-types). Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). + :param pulumi.Input[int] generation: (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). :param pulumi.Input[str] kms_key_name: The resource name of the Cloud KMS key that will be used to [encrypt](https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys) the object. :param pulumi.Input[str] md5hash: (Computed) Base 64 MD5 hash of the uploaded data. :param pulumi.Input[str] media_link: (Computed) A url reference to download this object. @@ -973,6 +992,7 @@ def get(resource_name: str, __props__.__dict__["customer_encryption"] = customer_encryption __props__.__dict__["detect_md5hash"] = detect_md5hash __props__.__dict__["event_based_hold"] = event_based_hold + __props__.__dict__["generation"] = generation __props__.__dict__["kms_key_name"] = kms_key_name __props__.__dict__["md5hash"] = md5hash __props__.__dict__["media_link"] = media_link @@ -1073,6 +1093,14 @@ def event_based_hold(self) -> pulumi.Output[Optional[bool]]: """ return pulumi.get(self, "event_based_hold") + @property + @pulumi.getter + def generation(self) -> pulumi.Output[int]: + """ + (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + """ + return pulumi.get(self, "generation") + @property @pulumi.getter(name="kmsKeyName") def kms_key_name(self) -> pulumi.Output[str]: diff --git a/sdk/python/pulumi_gcp/storage/get_bucket_object.py b/sdk/python/pulumi_gcp/storage/get_bucket_object.py index bc25e318a9..ad7f22797d 100644 --- a/sdk/python/pulumi_gcp/storage/get_bucket_object.py +++ b/sdk/python/pulumi_gcp/storage/get_bucket_object.py @@ -27,7 +27,7 @@ class GetBucketObjectResult: """ A collection of values returned by getBucketObject. """ - def __init__(__self__, bucket=None, cache_control=None, content=None, content_disposition=None, content_encoding=None, content_language=None, content_type=None, crc32c=None, customer_encryptions=None, detect_md5hash=None, event_based_hold=None, id=None, kms_key_name=None, md5hash=None, media_link=None, metadata=None, name=None, output_name=None, retentions=None, self_link=None, source=None, storage_class=None, temporary_hold=None): + def __init__(__self__, bucket=None, cache_control=None, content=None, content_disposition=None, content_encoding=None, content_language=None, content_type=None, crc32c=None, customer_encryptions=None, detect_md5hash=None, event_based_hold=None, generation=None, id=None, kms_key_name=None, md5hash=None, media_link=None, metadata=None, name=None, output_name=None, retentions=None, self_link=None, source=None, storage_class=None, temporary_hold=None): if bucket and not isinstance(bucket, str): raise TypeError("Expected argument 'bucket' to be a str") pulumi.set(__self__, "bucket", bucket) @@ -61,6 +61,9 @@ def __init__(__self__, bucket=None, cache_control=None, content=None, content_di if event_based_hold and not isinstance(event_based_hold, bool): raise TypeError("Expected argument 'event_based_hold' to be a bool") pulumi.set(__self__, "event_based_hold", event_based_hold) + if generation and not isinstance(generation, int): + raise TypeError("Expected argument 'generation' to be a int") + pulumi.set(__self__, "generation", generation) if id and not isinstance(id, str): raise TypeError("Expected argument 'id' to be a str") pulumi.set(__self__, "id", id) @@ -175,6 +178,14 @@ def event_based_hold(self) -> bool: """ return pulumi.get(self, "event_based_hold") + @property + @pulumi.getter + def generation(self) -> int: + """ + (Computed) The content generation of this object. Used for object [versioning](https://cloud.google.com/storage/docs/object-versioning) and [soft delete](https://cloud.google.com/storage/docs/soft-delete). + """ + return pulumi.get(self, "generation") + @property @pulumi.getter def id(self) -> str: @@ -273,6 +284,7 @@ def __await__(self): customer_encryptions=self.customer_encryptions, detect_md5hash=self.detect_md5hash, event_based_hold=self.event_based_hold, + generation=self.generation, id=self.id, kms_key_name=self.kms_key_name, md5hash=self.md5hash, @@ -330,6 +342,7 @@ def get_bucket_object(bucket: Optional[str] = None, customer_encryptions=pulumi.get(__ret__, 'customer_encryptions'), detect_md5hash=pulumi.get(__ret__, 'detect_md5hash'), event_based_hold=pulumi.get(__ret__, 'event_based_hold'), + generation=pulumi.get(__ret__, 'generation'), id=pulumi.get(__ret__, 'id'), kms_key_name=pulumi.get(__ret__, 'kms_key_name'), md5hash=pulumi.get(__ret__, 'md5hash'), diff --git a/sdk/python/pulumi_gcp/storage/get_bucket_object_content.py b/sdk/python/pulumi_gcp/storage/get_bucket_object_content.py index 7560e5d3e9..9328e0fd6a 100644 --- a/sdk/python/pulumi_gcp/storage/get_bucket_object_content.py +++ b/sdk/python/pulumi_gcp/storage/get_bucket_object_content.py @@ -27,7 +27,7 @@ class GetBucketObjectContentResult: """ A collection of values returned by getBucketObjectContent. """ - def __init__(__self__, bucket=None, cache_control=None, content=None, content_disposition=None, content_encoding=None, content_language=None, content_type=None, crc32c=None, customer_encryptions=None, detect_md5hash=None, event_based_hold=None, id=None, kms_key_name=None, md5hash=None, media_link=None, metadata=None, name=None, output_name=None, retentions=None, self_link=None, source=None, storage_class=None, temporary_hold=None): + def __init__(__self__, bucket=None, cache_control=None, content=None, content_disposition=None, content_encoding=None, content_language=None, content_type=None, crc32c=None, customer_encryptions=None, detect_md5hash=None, event_based_hold=None, generation=None, id=None, kms_key_name=None, md5hash=None, media_link=None, metadata=None, name=None, output_name=None, retentions=None, self_link=None, source=None, storage_class=None, temporary_hold=None): if bucket and not isinstance(bucket, str): raise TypeError("Expected argument 'bucket' to be a str") pulumi.set(__self__, "bucket", bucket) @@ -61,6 +61,9 @@ def __init__(__self__, bucket=None, cache_control=None, content=None, content_di if event_based_hold and not isinstance(event_based_hold, bool): raise TypeError("Expected argument 'event_based_hold' to be a bool") pulumi.set(__self__, "event_based_hold", event_based_hold) + if generation and not isinstance(generation, int): + raise TypeError("Expected argument 'generation' to be a int") + pulumi.set(__self__, "generation", generation) if id and not isinstance(id, str): raise TypeError("Expected argument 'id' to be a str") pulumi.set(__self__, "id", id) @@ -156,6 +159,11 @@ def detect_md5hash(self) -> str: def event_based_hold(self) -> bool: return pulumi.get(self, "event_based_hold") + @property + @pulumi.getter + def generation(self) -> int: + return pulumi.get(self, "generation") + @property @pulumi.getter def id(self) -> str: @@ -237,6 +245,7 @@ def __await__(self): customer_encryptions=self.customer_encryptions, detect_md5hash=self.detect_md5hash, event_based_hold=self.event_based_hold, + generation=self.generation, id=self.id, kms_key_name=self.kms_key_name, md5hash=self.md5hash, @@ -300,6 +309,7 @@ def get_bucket_object_content(bucket: Optional[str] = None, customer_encryptions=pulumi.get(__ret__, 'customer_encryptions'), detect_md5hash=pulumi.get(__ret__, 'detect_md5hash'), event_based_hold=pulumi.get(__ret__, 'event_based_hold'), + generation=pulumi.get(__ret__, 'generation'), id=pulumi.get(__ret__, 'id'), kms_key_name=pulumi.get(__ret__, 'kms_key_name'), md5hash=pulumi.get(__ret__, 'md5hash'), diff --git a/sdk/python/pulumi_gcp/storage/managed_folder.py b/sdk/python/pulumi_gcp/storage/managed_folder.py index 85311bbb07..0394291509 100644 --- a/sdk/python/pulumi_gcp/storage/managed_folder.py +++ b/sdk/python/pulumi_gcp/storage/managed_folder.py @@ -20,10 +20,15 @@ class ManagedFolderArgs: def __init__(__self__, *, bucket: pulumi.Input[str], + force_destroy: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a ManagedFolder resource. :param pulumi.Input[str] bucket: The name of the bucket that contains the managed folder. + :param pulumi.Input[bool] force_destroy: Allows the deletion of a managed folder even if contains + objects. If a non-empty managed folder is deleted, any objects + within the folder will remain in a simulated folder with the + same name. :param pulumi.Input[str] name: The name of the managed folder expressed as a path. Must include trailing '/'. For example, `example_dir/example_dir2/`. @@ -31,6 +36,8 @@ def __init__(__self__, *, - - - """ pulumi.set(__self__, "bucket", bucket) + if force_destroy is not None: + pulumi.set(__self__, "force_destroy", force_destroy) if name is not None: pulumi.set(__self__, "name", name) @@ -46,6 +53,21 @@ def bucket(self) -> pulumi.Input[str]: def bucket(self, value: pulumi.Input[str]): pulumi.set(self, "bucket", value) + @property + @pulumi.getter(name="forceDestroy") + def force_destroy(self) -> Optional[pulumi.Input[bool]]: + """ + Allows the deletion of a managed folder even if contains + objects. If a non-empty managed folder is deleted, any objects + within the folder will remain in a simulated folder with the + same name. + """ + return pulumi.get(self, "force_destroy") + + @force_destroy.setter + def force_destroy(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "force_destroy", value) + @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: @@ -68,6 +90,7 @@ class _ManagedFolderState: def __init__(__self__, *, bucket: Optional[pulumi.Input[str]] = None, create_time: Optional[pulumi.Input[str]] = None, + force_destroy: Optional[pulumi.Input[bool]] = None, metageneration: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, self_link: Optional[pulumi.Input[str]] = None, @@ -76,6 +99,10 @@ def __init__(__self__, *, Input properties used for looking up and filtering ManagedFolder resources. :param pulumi.Input[str] bucket: The name of the bucket that contains the managed folder. :param pulumi.Input[str] create_time: The timestamp at which this managed folder was created. + :param pulumi.Input[bool] force_destroy: Allows the deletion of a managed folder even if contains + objects. If a non-empty managed folder is deleted, any objects + within the folder will remain in a simulated folder with the + same name. :param pulumi.Input[str] metageneration: The metadata generation of the managed folder. :param pulumi.Input[str] name: The name of the managed folder expressed as a path. Must include trailing '/'. For example, `example_dir/example_dir2/`. @@ -89,6 +116,8 @@ def __init__(__self__, *, pulumi.set(__self__, "bucket", bucket) if create_time is not None: pulumi.set(__self__, "create_time", create_time) + if force_destroy is not None: + pulumi.set(__self__, "force_destroy", force_destroy) if metageneration is not None: pulumi.set(__self__, "metageneration", metageneration) if name is not None: @@ -122,6 +151,21 @@ def create_time(self) -> Optional[pulumi.Input[str]]: def create_time(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "create_time", value) + @property + @pulumi.getter(name="forceDestroy") + def force_destroy(self) -> Optional[pulumi.Input[bool]]: + """ + Allows the deletion of a managed folder even if contains + objects. If a non-empty managed folder is deleted, any objects + within the folder will remain in a simulated folder with the + same name. + """ + return pulumi.get(self, "force_destroy") + + @force_destroy.setter + def force_destroy(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "force_destroy", value) + @property @pulumi.getter def metageneration(self) -> Optional[pulumi.Input[str]]: @@ -181,6 +225,7 @@ def __init__(__self__, resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, bucket: Optional[pulumi.Input[str]] = None, + force_destroy: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None, __props__=None): """ @@ -216,7 +261,8 @@ def __init__(__self__, uniform_bucket_level_access=True) folder = gcp.storage.ManagedFolder("folder", bucket=bucket.name, - name="managed/folder/name/") + name="managed/folder/name/", + force_destroy=True) ``` ## Import @@ -240,6 +286,10 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] bucket: The name of the bucket that contains the managed folder. + :param pulumi.Input[bool] force_destroy: Allows the deletion of a managed folder even if contains + objects. If a non-empty managed folder is deleted, any objects + within the folder will remain in a simulated folder with the + same name. :param pulumi.Input[str] name: The name of the managed folder expressed as a path. Must include trailing '/'. For example, `example_dir/example_dir2/`. @@ -285,7 +335,8 @@ def __init__(__self__, uniform_bucket_level_access=True) folder = gcp.storage.ManagedFolder("folder", bucket=bucket.name, - name="managed/folder/name/") + name="managed/folder/name/", + force_destroy=True) ``` ## Import @@ -322,6 +373,7 @@ def _internal_init(__self__, resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, bucket: Optional[pulumi.Input[str]] = None, + force_destroy: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None, __props__=None): opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) @@ -335,6 +387,7 @@ def _internal_init(__self__, if bucket is None and not opts.urn: raise TypeError("Missing required property 'bucket'") __props__.__dict__["bucket"] = bucket + __props__.__dict__["force_destroy"] = force_destroy __props__.__dict__["name"] = name __props__.__dict__["create_time"] = None __props__.__dict__["metageneration"] = None @@ -352,6 +405,7 @@ def get(resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, bucket: Optional[pulumi.Input[str]] = None, create_time: Optional[pulumi.Input[str]] = None, + force_destroy: Optional[pulumi.Input[bool]] = None, metageneration: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, self_link: Optional[pulumi.Input[str]] = None, @@ -365,6 +419,10 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] bucket: The name of the bucket that contains the managed folder. :param pulumi.Input[str] create_time: The timestamp at which this managed folder was created. + :param pulumi.Input[bool] force_destroy: Allows the deletion of a managed folder even if contains + objects. If a non-empty managed folder is deleted, any objects + within the folder will remain in a simulated folder with the + same name. :param pulumi.Input[str] metageneration: The metadata generation of the managed folder. :param pulumi.Input[str] name: The name of the managed folder expressed as a path. Must include trailing '/'. For example, `example_dir/example_dir2/`. @@ -380,6 +438,7 @@ def get(resource_name: str, __props__.__dict__["bucket"] = bucket __props__.__dict__["create_time"] = create_time + __props__.__dict__["force_destroy"] = force_destroy __props__.__dict__["metageneration"] = metageneration __props__.__dict__["name"] = name __props__.__dict__["self_link"] = self_link @@ -402,6 +461,17 @@ def create_time(self) -> pulumi.Output[str]: """ return pulumi.get(self, "create_time") + @property + @pulumi.getter(name="forceDestroy") + def force_destroy(self) -> pulumi.Output[Optional[bool]]: + """ + Allows the deletion of a managed folder even if contains + objects. If a non-empty managed folder is deleted, any objects + within the folder will remain in a simulated folder with the + same name. + """ + return pulumi.get(self, "force_destroy") + @property @pulumi.getter def metageneration(self) -> pulumi.Output[str]: diff --git a/sdk/python/pulumi_gcp/vmwareengine/network_policy.py b/sdk/python/pulumi_gcp/vmwareengine/network_policy.py index db4ae761c0..707d8faf55 100644 --- a/sdk/python/pulumi_gcp/vmwareengine/network_policy.py +++ b/sdk/python/pulumi_gcp/vmwareengine/network_policy.py @@ -443,7 +443,7 @@ def __init__(__self__, import pulumi_gcp as gcp network_policy_nw = gcp.vmwareengine.Network("network-policy-nw", - name="standard-nw", + name="sample-network", location="global", type="STANDARD", description="VMwareEngine standard network sample") @@ -460,13 +460,13 @@ def __init__(__self__, import pulumi_gcp as gcp network_policy_nw = gcp.vmwareengine.Network("network-policy-nw", - name="standard-full-nw", + name="sample-network", location="global", type="STANDARD", description="VMwareEngine standard network sample") vmw_engine_network_policy = gcp.vmwareengine.NetworkPolicy("vmw-engine-network-policy", location="us-west1", - name="sample-network-policy-full", + name="sample-network-policy", edge_services_cidr="192.168.30.0/26", vmware_engine_network=network_policy_nw.id, description="Sample Network Policy", @@ -548,7 +548,7 @@ def __init__(__self__, import pulumi_gcp as gcp network_policy_nw = gcp.vmwareengine.Network("network-policy-nw", - name="standard-nw", + name="sample-network", location="global", type="STANDARD", description="VMwareEngine standard network sample") @@ -565,13 +565,13 @@ def __init__(__self__, import pulumi_gcp as gcp network_policy_nw = gcp.vmwareengine.Network("network-policy-nw", - name="standard-full-nw", + name="sample-network", location="global", type="STANDARD", description="VMwareEngine standard network sample") vmw_engine_network_policy = gcp.vmwareengine.NetworkPolicy("vmw-engine-network-policy", location="us-west1", - name="sample-network-policy-full", + name="sample-network-policy", edge_services_cidr="192.168.30.0/26", vmware_engine_network=network_policy_nw.id, description="Sample Network Policy", diff --git a/upstream b/upstream index b0acb20005..89e9dd371c 160000 --- a/upstream +++ b/upstream @@ -1 +1 @@ -Subproject commit b0acb20005cb11b71871501e886f8ab1b7126e9a +Subproject commit 89e9dd371c662b53af2568d8318382e00e552813