orgpolicy

package
v7.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 24, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CustomConstraint 

type CustomConstraint struct {
	pulumi.CustomResourceState

	// The action to take if the condition is met.
	// Possible values are: `ALLOW`, `DENY`.
	ActionType pulumi.StringOutput `pulumi:"actionType"`
	// A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).
	Condition pulumi.StringOutput `pulumi:"condition"`
	// A human-friendly description of the constraint to display as an error message when the policy is violated.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// A human-friendly name for the constraint.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).
	MethodTypes pulumi.StringArrayOutput `pulumi:"methodTypes"`
	// Immutable. The name of the custom constraint. This is unique within the organization.
	Name pulumi.StringOutput `pulumi:"name"`
	// The parent of the resource, an organization. Format should be `organizations/{organization_id}`.
	//
	// ***
	Parent pulumi.StringOutput `pulumi:"parent"`
	// Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`.
	ResourceTypes pulumi.StringArrayOutput `pulumi:"resourceTypes"`
	// Output only. The timestamp representing when the constraint was last updated.
	UpdateTime pulumi.StringOutput `pulumi:"updateTime"`
}

Custom constraints are created by administrators to provide more granular and customizable control over the specific fields that are restricted by your organization policies.

To get more information about CustomConstraint, see:

* [API documentation](https://cloud.google.com/resource-manager/docs/reference/orgpolicy/rest/v2/organizations.constraints) * How-to Guides

## Example Usage

### Org Policy Custom Constraint Basic

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := orgpolicy.NewCustomConstraint(ctx, "constraint", &orgpolicy.CustomConstraintArgs{
			Name:       pulumi.String("custom.disableGkeAutoUpgrade"),
			Parent:     pulumi.String("organizations/123456789"),
			ActionType: pulumi.String("ALLOW"),
			Condition:  pulumi.String("resource.management.autoUpgrade == false"),
			MethodTypes: pulumi.StringArray{
				pulumi.String("CREATE"),
				pulumi.String("UPDATE"),
			},
			ResourceTypes: pulumi.StringArray{
				pulumi.String("container.googleapis.com/NodePool"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Org Policy Custom Constraint Full

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		constraint, err := orgpolicy.NewCustomConstraint(ctx, "constraint", &orgpolicy.CustomConstraintArgs{
			Name:        pulumi.String("custom.disableGkeAutoUpgrade"),
			Parent:      pulumi.String("organizations/123456789"),
			DisplayName: pulumi.String("Disable GKE auto upgrade"),
			Description: pulumi.String("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced."),
			ActionType:  pulumi.String("ALLOW"),
			Condition:   pulumi.String("resource.management.autoUpgrade == false"),
			MethodTypes: pulumi.StringArray{
				pulumi.String("CREATE"),
				pulumi.String("UPDATE"),
			},
			ResourceTypes: pulumi.StringArray{
				pulumi.String("container.googleapis.com/NodePool"),
			},
		})
		if err != nil {
			return err
		}
		_, err = orgpolicy.NewPolicy(ctx, "bool", &orgpolicy.PolicyArgs{
			Name: constraint.Name.ApplyT(func(name string) (string, error) {
				return fmt.Sprintf("organizations/123456789/policies/%v", name), nil
			}).(pulumi.StringOutput),
			Parent: pulumi.String("organizations/123456789"),
			Spec: &orgpolicy.PolicySpecArgs{
				Rules: orgpolicy.PolicySpecRuleArray{
					&orgpolicy.PolicySpecRuleArgs{
						Enforce: pulumi.String("TRUE"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

CustomConstraint can be imported using any of these accepted formats:

* `{{parent}}/customConstraints/{{name}}`

When using the `pulumi import` command, CustomConstraint can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:orgpolicy/customConstraint:CustomConstraint default {{parent}}/customConstraints/{{name}} ```

func GetCustomConstraint 

func GetCustomConstraint(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *CustomConstraintState, opts ...pulumi.ResourceOption) (*CustomConstraint, error)

GetCustomConstraint gets an existing CustomConstraint resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCustomConstraint 

func NewCustomConstraint(ctx *pulumi.Context,
	name string, args *CustomConstraintArgs, opts ...pulumi.ResourceOption) (*CustomConstraint, error)

NewCustomConstraint registers a new resource with the given unique name, arguments, and options.

func (*CustomConstraint) ElementType 

func (*CustomConstraint) ElementType() reflect.Type

func (*CustomConstraint) ToCustomConstraintOutput 

func (i *CustomConstraint) ToCustomConstraintOutput() CustomConstraintOutput

func (*CustomConstraint) ToCustomConstraintOutputWithContext 

func (i *CustomConstraint) ToCustomConstraintOutputWithContext(ctx context.Context) CustomConstraintOutput

type CustomConstraintArgs 

type CustomConstraintArgs struct {
	// The action to take if the condition is met.
	// Possible values are: `ALLOW`, `DENY`.
	ActionType pulumi.StringInput
	// A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).
	Condition pulumi.StringInput
	// A human-friendly description of the constraint to display as an error message when the policy is violated.
	Description pulumi.StringPtrInput
	// A human-friendly name for the constraint.
	DisplayName pulumi.StringPtrInput
	// A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).
	MethodTypes pulumi.StringArrayInput
	// Immutable. The name of the custom constraint. This is unique within the organization.
	Name pulumi.StringPtrInput
	// The parent of the resource, an organization. Format should be `organizations/{organization_id}`.
	//
	// ***
	Parent pulumi.StringInput
	// Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`.
	ResourceTypes pulumi.StringArrayInput
}

The set of arguments for constructing a CustomConstraint resource.

func (CustomConstraintArgs) ElementType 

func (CustomConstraintArgs) ElementType() reflect.Type

type CustomConstraintArray 

type CustomConstraintArray []CustomConstraintInput

func (CustomConstraintArray) ElementType 

func (CustomConstraintArray) ElementType() reflect.Type

func (CustomConstraintArray) ToCustomConstraintArrayOutput 

func (i CustomConstraintArray) ToCustomConstraintArrayOutput() CustomConstraintArrayOutput

func (CustomConstraintArray) ToCustomConstraintArrayOutputWithContext 

func (i CustomConstraintArray) ToCustomConstraintArrayOutputWithContext(ctx context.Context) CustomConstraintArrayOutput

type CustomConstraintArrayInput 

type CustomConstraintArrayInput interface {
	pulumi.Input

	ToCustomConstraintArrayOutput() CustomConstraintArrayOutput
	ToCustomConstraintArrayOutputWithContext(context.Context) CustomConstraintArrayOutput
}

CustomConstraintArrayInput is an input type that accepts CustomConstraintArray and CustomConstraintArrayOutput values. You can construct a concrete instance of `CustomConstraintArrayInput` via: 

CustomConstraintArray{ CustomConstraintArgs{...} }

type CustomConstraintArrayOutput 

type CustomConstraintArrayOutput struct{ *pulumi.OutputState }

func (CustomConstraintArrayOutput) ElementType 

func (CustomConstraintArrayOutput) ElementType() reflect.Type

func (CustomConstraintArrayOutput) Index 

func (o CustomConstraintArrayOutput) Index(i pulumi.IntInput) CustomConstraintOutput

func (CustomConstraintArrayOutput) ToCustomConstraintArrayOutput 

func (o CustomConstraintArrayOutput) ToCustomConstraintArrayOutput() CustomConstraintArrayOutput

func (CustomConstraintArrayOutput) ToCustomConstraintArrayOutputWithContext 

func (o CustomConstraintArrayOutput) ToCustomConstraintArrayOutputWithContext(ctx context.Context) CustomConstraintArrayOutput

type CustomConstraintInput 

type CustomConstraintInput interface {
	pulumi.Input

	ToCustomConstraintOutput() CustomConstraintOutput
	ToCustomConstraintOutputWithContext(ctx context.Context) CustomConstraintOutput
}

type CustomConstraintMap 

type CustomConstraintMap map[string]CustomConstraintInput

func (CustomConstraintMap) ElementType 

func (CustomConstraintMap) ElementType() reflect.Type

func (CustomConstraintMap) ToCustomConstraintMapOutput 

func (i CustomConstraintMap) ToCustomConstraintMapOutput() CustomConstraintMapOutput

func (CustomConstraintMap) ToCustomConstraintMapOutputWithContext 

func (i CustomConstraintMap) ToCustomConstraintMapOutputWithContext(ctx context.Context) CustomConstraintMapOutput

type CustomConstraintMapInput 

type CustomConstraintMapInput interface {
	pulumi.Input

	ToCustomConstraintMapOutput() CustomConstraintMapOutput
	ToCustomConstraintMapOutputWithContext(context.Context) CustomConstraintMapOutput
}

CustomConstraintMapInput is an input type that accepts CustomConstraintMap and CustomConstraintMapOutput values. You can construct a concrete instance of `CustomConstraintMapInput` via: 

CustomConstraintMap{ "key": CustomConstraintArgs{...} }

type CustomConstraintMapOutput 

type CustomConstraintMapOutput struct{ *pulumi.OutputState }

func (CustomConstraintMapOutput) ElementType 

func (CustomConstraintMapOutput) ElementType() reflect.Type

func (CustomConstraintMapOutput) MapIndex 

func (o CustomConstraintMapOutput) MapIndex(k pulumi.StringInput) CustomConstraintOutput

func (CustomConstraintMapOutput) ToCustomConstraintMapOutput 

func (o CustomConstraintMapOutput) ToCustomConstraintMapOutput() CustomConstraintMapOutput

func (CustomConstraintMapOutput) ToCustomConstraintMapOutputWithContext 

func (o CustomConstraintMapOutput) ToCustomConstraintMapOutputWithContext(ctx context.Context) CustomConstraintMapOutput

type CustomConstraintOutput 

type CustomConstraintOutput struct{ *pulumi.OutputState }

func (CustomConstraintOutput) ActionType 

func (o CustomConstraintOutput) ActionType() pulumi.StringOutput

The action to take if the condition is met. Possible values are: `ALLOW`, `DENY`.

func (CustomConstraintOutput) Condition 

func (o CustomConstraintOutput) Condition() pulumi.StringOutput

A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).

func (CustomConstraintOutput) Description 

func (o CustomConstraintOutput) Description() pulumi.StringPtrOutput

A human-friendly description of the constraint to display as an error message when the policy is violated.

func (CustomConstraintOutput) DisplayName 

func (o CustomConstraintOutput) DisplayName() pulumi.StringPtrOutput

A human-friendly name for the constraint.

func (CustomConstraintOutput) ElementType 

func (CustomConstraintOutput) ElementType() reflect.Type

func (CustomConstraintOutput) MethodTypes 

func (o CustomConstraintOutput) MethodTypes() pulumi.StringArrayOutput

A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).

func (CustomConstraintOutput) Name 

func (o CustomConstraintOutput) Name() pulumi.StringOutput

Immutable. The name of the custom constraint. This is unique within the organization.

func (CustomConstraintOutput) Parent 

func (o CustomConstraintOutput) Parent() pulumi.StringOutput

The parent of the resource, an organization. Format should be `organizations/{organization_id}`.

***

func (CustomConstraintOutput) ResourceTypes 

func (o CustomConstraintOutput) ResourceTypes() pulumi.StringArrayOutput

Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`.

func (CustomConstraintOutput) ToCustomConstraintOutput 

func (o CustomConstraintOutput) ToCustomConstraintOutput() CustomConstraintOutput

func (CustomConstraintOutput) ToCustomConstraintOutputWithContext 

func (o CustomConstraintOutput) ToCustomConstraintOutputWithContext(ctx context.Context) CustomConstraintOutput

func (CustomConstraintOutput) UpdateTime 

func (o CustomConstraintOutput) UpdateTime() pulumi.StringOutput

Output only. The timestamp representing when the constraint was last updated.

type CustomConstraintState 

type CustomConstraintState struct {
	// The action to take if the condition is met.
	// Possible values are: `ALLOW`, `DENY`.
	ActionType pulumi.StringPtrInput
	// A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).
	Condition pulumi.StringPtrInput
	// A human-friendly description of the constraint to display as an error message when the policy is violated.
	Description pulumi.StringPtrInput
	// A human-friendly name for the constraint.
	DisplayName pulumi.StringPtrInput
	// A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).
	MethodTypes pulumi.StringArrayInput
	// Immutable. The name of the custom constraint. This is unique within the organization.
	Name pulumi.StringPtrInput
	// The parent of the resource, an organization. Format should be `organizations/{organization_id}`.
	//
	// ***
	Parent pulumi.StringPtrInput
	// Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`.
	ResourceTypes pulumi.StringArrayInput
	// Output only. The timestamp representing when the constraint was last updated.
	UpdateTime pulumi.StringPtrInput
}

func (CustomConstraintState) ElementType 

func (CustomConstraintState) ElementType() reflect.Type

type Policy 

type Policy struct {
	pulumi.CustomResourceState

	// Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.
	DryRunSpec PolicyDryRunSpecPtrOutput `pulumi:"dryRunSpec"`
	// Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Immutable. The resource name of the Policy. Must be one of the following forms, where constraintName is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
	Name pulumi.StringOutput `pulumi:"name"`
	// The parent of the resource.
	//
	// ***
	Parent pulumi.StringOutput `pulumi:"parent"`
	// Basic information about the Organization Policy.
	Spec PolicySpecPtrOutput `pulumi:"spec"`
}

An organization policy gives you programmatic control over your organization's cloud resources. Using Organization Policies, you will be able to configure constraints across your entire resource hierarchy.

For more information, see: * [Understanding Org Policy concepts](https://cloud.google.com/resource-manager/docs/organization-policy/overview) * [The resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy) * [All valid constraints](https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints) ## Example Usage

### Enforce_policy A test of an enforce orgpolicy policy for a project ```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		basic, err := organizations.NewProject(ctx, "basic", &organizations.ProjectArgs{
			ProjectId: pulumi.String("id"),
			Name:      pulumi.String("id"),
			OrgId:     pulumi.String("123456789"),
		})
		if err != nil {
			return err
		}
		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
			Name: basic.Name.ApplyT(func(name string) (string, error) {
				return fmt.Sprintf("projects/%v/policies/iam.disableServiceAccountKeyUpload", name), nil
			}).(pulumi.StringOutput),
			Parent: basic.Name.ApplyT(func(name string) (string, error) {
				return fmt.Sprintf("projects/%v", name), nil
			}).(pulumi.StringOutput),
			Spec: &orgpolicy.PolicySpecArgs{
				Rules: orgpolicy.PolicySpecRuleArray{
					&orgpolicy.PolicySpecRuleArgs{
						Enforce: pulumi.String("FALSE"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Folder_policy A test of an orgpolicy policy for a folder ```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		basic, err := organizations.NewFolder(ctx, "basic", &organizations.FolderArgs{
			Parent:      pulumi.String("organizations/123456789"),
			DisplayName: pulumi.String("folder"),
		})
		if err != nil {
			return err
		}
		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
			Name: basic.Name.ApplyT(func(name string) (string, error) {
				return fmt.Sprintf("%v/policies/gcp.resourceLocations", name), nil
			}).(pulumi.StringOutput),
			Parent: basic.Name,
			Spec: &orgpolicy.PolicySpecArgs{
				InheritFromParent: pulumi.Bool(true),
				Rules: orgpolicy.PolicySpecRuleArray{
					&orgpolicy.PolicySpecRuleArgs{
						DenyAll: pulumi.String("TRUE"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Organization_policy A test of an orgpolicy policy for an organization ```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
			Name:   pulumi.String("organizations/123456789/policies/gcp.detailedAuditLoggingMode"),
			Parent: pulumi.String("organizations/123456789"),
			Spec: &orgpolicy.PolicySpecArgs{
				Reset: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Project_policy A test of an orgpolicy policy for a project ```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		basic, err := organizations.NewProject(ctx, "basic", &organizations.ProjectArgs{
			ProjectId: pulumi.String("id"),
			Name:      pulumi.String("id"),
			OrgId:     pulumi.String("123456789"),
		})
		if err != nil {
			return err
		}
		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
			Name: basic.Name.ApplyT(func(name string) (string, error) {
				return fmt.Sprintf("projects/%v/policies/gcp.resourceLocations", name), nil
			}).(pulumi.StringOutput),
			Parent: basic.Name.ApplyT(func(name string) (string, error) {
				return fmt.Sprintf("projects/%v", name), nil
			}).(pulumi.StringOutput),
			Spec: &orgpolicy.PolicySpecArgs{
				Rules: orgpolicy.PolicySpecRuleArray{
					&orgpolicy.PolicySpecRuleArgs{
						Condition: &orgpolicy.PolicySpecRuleConditionArgs{
							Description: pulumi.String("A sample condition for the policy"),
							Expression:  pulumi.String("resource.matchLabels('labelKeys/123', 'labelValues/345')"),
							Location:    pulumi.String("sample-location.log"),
							Title:       pulumi.String("sample-condition"),
						},
						Values: &orgpolicy.PolicySpecRuleValuesArgs{
							AllowedValues: pulumi.StringArray{
								pulumi.String("projects/allowed-project"),
							},
							DeniedValues: pulumi.StringArray{
								pulumi.String("projects/denied-project"),
							},
						},
					},
					&orgpolicy.PolicySpecRuleArgs{
						AllowAll: pulumi.String("TRUE"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Dry_run_spec ```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/orgpolicy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		constraint, err := orgpolicy.NewCustomConstraint(ctx, "constraint", &orgpolicy.CustomConstraintArgs{
			Name:        pulumi.String("custom.disableGkeAutoUpgrade_75092"),
			Parent:      pulumi.String("organizations/123456789"),
			DisplayName: pulumi.String("Disable GKE auto upgrade"),
			Description: pulumi.String("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced."),
			ActionType:  pulumi.String("ALLOW"),
			Condition:   pulumi.String("resource.management.autoUpgrade == false"),
			MethodTypes: pulumi.StringArray{
				pulumi.String("CREATE"),
			},
			ResourceTypes: pulumi.StringArray{
				pulumi.String("container.googleapis.com/NodePool"),
			},
		})
		if err != nil {
			return err
		}
		_, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{
			Name: constraint.Name.ApplyT(func(name string) (string, error) {
				return fmt.Sprintf("organizations/123456789/policies/%v", name), nil
			}).(pulumi.StringOutput),
			Parent: pulumi.String("organizations/123456789"),
			Spec: &orgpolicy.PolicySpecArgs{
				Rules: orgpolicy.PolicySpecRuleArray{
					&orgpolicy.PolicySpecRuleArgs{
						Enforce: pulumi.String("FALSE"),
					},
				},
			},
			DryRunSpec: &orgpolicy.PolicyDryRunSpecArgs{
				InheritFromParent: pulumi.Bool(false),
				Reset:             pulumi.Bool(false),
				Rules: orgpolicy.PolicyDryRunSpecRuleArray{
					&orgpolicy.PolicyDryRunSpecRuleArgs{
						Enforce: pulumi.String("FALSE"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Policy can be imported using any of these accepted formats: * `{{parent}}/policies/{{name}}`

When using the `pulumi import` command, Policy can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:orgpolicy/policy:Policy default {{parent}}/policies/{{name}} ```

func GetPolicy 

func GetPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *PolicyState, opts ...pulumi.ResourceOption) (*Policy, error)

GetPolicy gets an existing Policy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewPolicy 

func NewPolicy(ctx *pulumi.Context,
	name string, args *PolicyArgs, opts ...pulumi.ResourceOption) (*Policy, error)

NewPolicy registers a new resource with the given unique name, arguments, and options.

func (*Policy) ElementType 

func (*Policy) ElementType() reflect.Type

func (*Policy) ToPolicyOutput 

func (i *Policy) ToPolicyOutput() PolicyOutput

func (*Policy) ToPolicyOutputWithContext 

func (i *Policy) ToPolicyOutputWithContext(ctx context.Context) PolicyOutput

type PolicyArgs 

type PolicyArgs struct {
	// Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.
	DryRunSpec PolicyDryRunSpecPtrInput
	// Immutable. The resource name of the Policy. Must be one of the following forms, where constraintName is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
	Name pulumi.StringPtrInput
	// The parent of the resource.
	//
	// ***
	Parent pulumi.StringInput
	// Basic information about the Organization Policy.
	Spec PolicySpecPtrInput
}

The set of arguments for constructing a Policy resource.

func (PolicyArgs) ElementType 

func (PolicyArgs) ElementType() reflect.Type

type PolicyArray 

type PolicyArray []PolicyInput

func (PolicyArray) ElementType 

func (PolicyArray) ElementType() reflect.Type

func (PolicyArray) ToPolicyArrayOutput 

func (i PolicyArray) ToPolicyArrayOutput() PolicyArrayOutput

func (PolicyArray) ToPolicyArrayOutputWithContext 

func (i PolicyArray) ToPolicyArrayOutputWithContext(ctx context.Context) PolicyArrayOutput

type PolicyArrayInput 

type PolicyArrayInput interface {
	pulumi.Input

	ToPolicyArrayOutput() PolicyArrayOutput
	ToPolicyArrayOutputWithContext(context.Context) PolicyArrayOutput
}

PolicyArrayInput is an input type that accepts PolicyArray and PolicyArrayOutput values. You can construct a concrete instance of `PolicyArrayInput` via: 

PolicyArray{ PolicyArgs{...} }

type PolicyArrayOutput 

type PolicyArrayOutput struct{ *pulumi.OutputState }

func (PolicyArrayOutput) ElementType 

func (PolicyArrayOutput) ElementType() reflect.Type

func (PolicyArrayOutput) Index 

func (o PolicyArrayOutput) Index(i pulumi.IntInput) PolicyOutput

func (PolicyArrayOutput) ToPolicyArrayOutput 

func (o PolicyArrayOutput) ToPolicyArrayOutput() PolicyArrayOutput

func (PolicyArrayOutput) ToPolicyArrayOutputWithContext 

func (o PolicyArrayOutput) ToPolicyArrayOutputWithContext(ctx context.Context) PolicyArrayOutput

type PolicyDryRunSpec added in v7.4.0 

type PolicyDryRunSpec struct {
	// An opaque tag indicating the current version of the policy, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy`is returned from either a`GetPolicy`or a`ListPolicies`request, this`etag`indicates the version of the current policy to use when executing a read-modify-write loop. When the policy is returned from a`GetEffectivePolicy`request, the`etag` will be unset.
	Etag *string `pulumi:"etag"`
	// Determines the inheritance behavior for this policy. If `inheritFromParent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints.
	InheritFromParent *bool `pulumi:"inheritFromParent"`
	// Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.
	Reset *bool `pulumi:"reset"`
	// In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence.
	Rules []PolicyDryRunSpecRule `pulumi:"rules"`
	// Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy.
	UpdateTime *string `pulumi:"updateTime"`
}

type PolicyDryRunSpecArgs added in v7.4.0 

type PolicyDryRunSpecArgs struct {
	// An opaque tag indicating the current version of the policy, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy`is returned from either a`GetPolicy`or a`ListPolicies`request, this`etag`indicates the version of the current policy to use when executing a read-modify-write loop. When the policy is returned from a`GetEffectivePolicy`request, the`etag` will be unset.
	Etag pulumi.StringPtrInput `pulumi:"etag"`
	// Determines the inheritance behavior for this policy. If `inheritFromParent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints.
	InheritFromParent pulumi.BoolPtrInput `pulumi:"inheritFromParent"`
	// Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.
	Reset pulumi.BoolPtrInput `pulumi:"reset"`
	// In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence.
	Rules PolicyDryRunSpecRuleArrayInput `pulumi:"rules"`
	// Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy.
	UpdateTime pulumi.StringPtrInput `pulumi:"updateTime"`
}

func (PolicyDryRunSpecArgs) ElementType added in v7.4.0 

func (PolicyDryRunSpecArgs) ElementType() reflect.Type

func (PolicyDryRunSpecArgs) ToPolicyDryRunSpecOutput added in v7.4.0 

func (i PolicyDryRunSpecArgs) ToPolicyDryRunSpecOutput() PolicyDryRunSpecOutput

func (PolicyDryRunSpecArgs) ToPolicyDryRunSpecOutputWithContext added in v7.4.0 

func (i PolicyDryRunSpecArgs) ToPolicyDryRunSpecOutputWithContext(ctx context.Context) PolicyDryRunSpecOutput

func (PolicyDryRunSpecArgs) ToPolicyDryRunSpecPtrOutput added in v7.4.0 

func (i PolicyDryRunSpecArgs) ToPolicyDryRunSpecPtrOutput() PolicyDryRunSpecPtrOutput

func (PolicyDryRunSpecArgs) ToPolicyDryRunSpecPtrOutputWithContext added in v7.4.0 

func (i PolicyDryRunSpecArgs) ToPolicyDryRunSpecPtrOutputWithContext(ctx context.Context) PolicyDryRunSpecPtrOutput

type PolicyDryRunSpecInput added in v7.4.0 

type PolicyDryRunSpecInput interface {
	pulumi.Input

	ToPolicyDryRunSpecOutput() PolicyDryRunSpecOutput
	ToPolicyDryRunSpecOutputWithContext(context.Context) PolicyDryRunSpecOutput
}

PolicyDryRunSpecInput is an input type that accepts PolicyDryRunSpecArgs and PolicyDryRunSpecOutput values. You can construct a concrete instance of `PolicyDryRunSpecInput` via: 

PolicyDryRunSpecArgs{...}

type PolicyDryRunSpecOutput added in v7.4.0 

type PolicyDryRunSpecOutput struct{ *pulumi.OutputState }

func (PolicyDryRunSpecOutput) ElementType added in v7.4.0 

func (PolicyDryRunSpecOutput) ElementType() reflect.Type

func (PolicyDryRunSpecOutput) Etag added in v7.4.0 

func (o PolicyDryRunSpecOutput) Etag() pulumi.StringPtrOutput

An opaque tag indicating the current version of the policy, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy`is returned from either a`GetPolicy`or a`ListPolicies`request, this`etag`indicates the version of the current policy to use when executing a read-modify-write loop. When the policy is returned from a`GetEffectivePolicy`request, the`etag` will be unset.

func (PolicyDryRunSpecOutput) InheritFromParent added in v7.4.0 

func (o PolicyDryRunSpecOutput) InheritFromParent() pulumi.BoolPtrOutput

Determines the inheritance behavior for this policy. If `inheritFromParent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints.

func (PolicyDryRunSpecOutput) Reset added in v7.4.0 

func (o PolicyDryRunSpecOutput) Reset() pulumi.BoolPtrOutput

Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.

func (PolicyDryRunSpecOutput) Rules added in v7.4.0 

func (o PolicyDryRunSpecOutput) Rules() PolicyDryRunSpecRuleArrayOutput

In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence.

func (PolicyDryRunSpecOutput) ToPolicyDryRunSpecOutput added in v7.4.0 

func (o PolicyDryRunSpecOutput) ToPolicyDryRunSpecOutput() PolicyDryRunSpecOutput

func (PolicyDryRunSpecOutput) ToPolicyDryRunSpecOutputWithContext added in v7.4.0 

func (o PolicyDryRunSpecOutput) ToPolicyDryRunSpecOutputWithContext(ctx context.Context) PolicyDryRunSpecOutput

func (PolicyDryRunSpecOutput) ToPolicyDryRunSpecPtrOutput added in v7.4.0 

func (o PolicyDryRunSpecOutput) ToPolicyDryRunSpecPtrOutput() PolicyDryRunSpecPtrOutput

func (PolicyDryRunSpecOutput) ToPolicyDryRunSpecPtrOutputWithContext added in v7.4.0 

func (o PolicyDryRunSpecOutput) ToPolicyDryRunSpecPtrOutputWithContext(ctx context.Context) PolicyDryRunSpecPtrOutput

func (PolicyDryRunSpecOutput) UpdateTime added in v7.4.0 

func (o PolicyDryRunSpecOutput) UpdateTime() pulumi.StringPtrOutput

Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy.

type PolicyDryRunSpecPtrInput added in v7.4.0 

type PolicyDryRunSpecPtrInput interface {
	pulumi.Input

	ToPolicyDryRunSpecPtrOutput() PolicyDryRunSpecPtrOutput
	ToPolicyDryRunSpecPtrOutputWithContext(context.Context) PolicyDryRunSpecPtrOutput
}

PolicyDryRunSpecPtrInput is an input type that accepts PolicyDryRunSpecArgs, PolicyDryRunSpecPtr and PolicyDryRunSpecPtrOutput values. You can construct a concrete instance of `PolicyDryRunSpecPtrInput` via: 

        PolicyDryRunSpecArgs{...}

or:

        nil

func PolicyDryRunSpecPtr added in v7.4.0 

func PolicyDryRunSpecPtr(v *PolicyDryRunSpecArgs) PolicyDryRunSpecPtrInput

type PolicyDryRunSpecPtrOutput added in v7.4.0 

type PolicyDryRunSpecPtrOutput struct{ *pulumi.OutputState }

func (PolicyDryRunSpecPtrOutput) Elem added in v7.4.0 

func (o PolicyDryRunSpecPtrOutput) Elem() PolicyDryRunSpecOutput

func (PolicyDryRunSpecPtrOutput) ElementType added in v7.4.0 

func (PolicyDryRunSpecPtrOutput) ElementType() reflect.Type

func (PolicyDryRunSpecPtrOutput) Etag added in v7.4.0 

func (o PolicyDryRunSpecPtrOutput) Etag() pulumi.StringPtrOutput

An opaque tag indicating the current version of the policy, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy`is returned from either a`GetPolicy`or a`ListPolicies`request, this`etag`indicates the version of the current policy to use when executing a read-modify-write loop. When the policy is returned from a`GetEffectivePolicy`request, the`etag` will be unset.

func (PolicyDryRunSpecPtrOutput) InheritFromParent added in v7.4.0 

func (o PolicyDryRunSpecPtrOutput) InheritFromParent() pulumi.BoolPtrOutput

Determines the inheritance behavior for this policy. If `inheritFromParent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints.

func (PolicyDryRunSpecPtrOutput) Reset added in v7.4.0 

func (o PolicyDryRunSpecPtrOutput) Reset() pulumi.BoolPtrOutput

Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.

func (PolicyDryRunSpecPtrOutput) Rules added in v7.4.0 

func (o PolicyDryRunSpecPtrOutput) Rules() PolicyDryRunSpecRuleArrayOutput

In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence.

func (PolicyDryRunSpecPtrOutput) ToPolicyDryRunSpecPtrOutput added in v7.4.0 

func (o PolicyDryRunSpecPtrOutput) ToPolicyDryRunSpecPtrOutput() PolicyDryRunSpecPtrOutput

func (PolicyDryRunSpecPtrOutput) ToPolicyDryRunSpecPtrOutputWithContext added in v7.4.0 

func (o PolicyDryRunSpecPtrOutput) ToPolicyDryRunSpecPtrOutputWithContext(ctx context.Context) PolicyDryRunSpecPtrOutput

func (PolicyDryRunSpecPtrOutput) UpdateTime added in v7.4.0 

func (o PolicyDryRunSpecPtrOutput) UpdateTime() pulumi.StringPtrOutput

Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy.

type PolicyDryRunSpecRule added in v7.4.0 

type PolicyDryRunSpecRule struct {
	// Setting this to `"TRUE"` means that all values are allowed. This field can be set only in Policies for list constraints.
	AllowAll *string `pulumi:"allowAll"`
	// A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where keyName and valueName are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".
	Condition *PolicyDryRunSpecRuleCondition `pulumi:"condition"`
	// Setting this to `"TRUE"` means that all values are denied. This field can be set only in Policies for list constraints.
	DenyAll *string `pulumi:"denyAll"`
	// If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.
	Enforce *string `pulumi:"enforce"`
	// List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints.
	Values *PolicyDryRunSpecRuleValues `pulumi:"values"`
}

type PolicyDryRunSpecRuleArgs added in v7.4.0 

type PolicyDryRunSpecRuleArgs struct {
	// Setting this to `"TRUE"` means that all values are allowed. This field can be set only in Policies for list constraints.
	AllowAll pulumi.StringPtrInput `pulumi:"allowAll"`
	// A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where keyName and valueName are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".
	Condition PolicyDryRunSpecRuleConditionPtrInput `pulumi:"condition"`
	// Setting this to `"TRUE"` means that all values are denied. This field can be set only in Policies for list constraints.
	DenyAll pulumi.StringPtrInput `pulumi:"denyAll"`
	// If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.
	Enforce pulumi.StringPtrInput `pulumi:"enforce"`
	// List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints.
	Values PolicyDryRunSpecRuleValuesPtrInput `pulumi:"values"`
}

func (PolicyDryRunSpecRuleArgs) ElementType added in v7.4.0 

func (PolicyDryRunSpecRuleArgs) ElementType() reflect.Type

func (PolicyDryRunSpecRuleArgs) ToPolicyDryRunSpecRuleOutput added in v7.4.0 

func (i PolicyDryRunSpecRuleArgs) ToPolicyDryRunSpecRuleOutput() PolicyDryRunSpecRuleOutput

func (PolicyDryRunSpecRuleArgs) ToPolicyDryRunSpecRuleOutputWithContext added in v7.4.0 

func (i PolicyDryRunSpecRuleArgs) ToPolicyDryRunSpecRuleOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleOutput

type PolicyDryRunSpecRuleArray added in v7.4.0 

type PolicyDryRunSpecRuleArray []PolicyDryRunSpecRuleInput

func (PolicyDryRunSpecRuleArray) ElementType added in v7.4.0 

func (PolicyDryRunSpecRuleArray) ElementType() reflect.Type

func (PolicyDryRunSpecRuleArray) ToPolicyDryRunSpecRuleArrayOutput added in v7.4.0 

func (i PolicyDryRunSpecRuleArray) ToPolicyDryRunSpecRuleArrayOutput() PolicyDryRunSpecRuleArrayOutput

func (PolicyDryRunSpecRuleArray) ToPolicyDryRunSpecRuleArrayOutputWithContext added in v7.4.0 

func (i PolicyDryRunSpecRuleArray) ToPolicyDryRunSpecRuleArrayOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleArrayOutput

type PolicyDryRunSpecRuleArrayInput added in v7.4.0 

type PolicyDryRunSpecRuleArrayInput interface {
	pulumi.Input

	ToPolicyDryRunSpecRuleArrayOutput() PolicyDryRunSpecRuleArrayOutput
	ToPolicyDryRunSpecRuleArrayOutputWithContext(context.Context) PolicyDryRunSpecRuleArrayOutput
}

PolicyDryRunSpecRuleArrayInput is an input type that accepts PolicyDryRunSpecRuleArray and PolicyDryRunSpecRuleArrayOutput values. You can construct a concrete instance of `PolicyDryRunSpecRuleArrayInput` via: 

PolicyDryRunSpecRuleArray{ PolicyDryRunSpecRuleArgs{...} }

type PolicyDryRunSpecRuleArrayOutput added in v7.4.0 

type PolicyDryRunSpecRuleArrayOutput struct{ *pulumi.OutputState }

func (PolicyDryRunSpecRuleArrayOutput) ElementType added in v7.4.0 

func (PolicyDryRunSpecRuleArrayOutput) ElementType() reflect.Type

func (PolicyDryRunSpecRuleArrayOutput) Index added in v7.4.0 

func (o PolicyDryRunSpecRuleArrayOutput) Index(i pulumi.IntInput) PolicyDryRunSpecRuleOutput

func (PolicyDryRunSpecRuleArrayOutput) ToPolicyDryRunSpecRuleArrayOutput added in v7.4.0 

func (o PolicyDryRunSpecRuleArrayOutput) ToPolicyDryRunSpecRuleArrayOutput() PolicyDryRunSpecRuleArrayOutput

func (PolicyDryRunSpecRuleArrayOutput) ToPolicyDryRunSpecRuleArrayOutputWithContext added in v7.4.0 

func (o PolicyDryRunSpecRuleArrayOutput) ToPolicyDryRunSpecRuleArrayOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleArrayOutput

type PolicyDryRunSpecRuleCondition added in v7.4.0 

type PolicyDryRunSpecRuleCondition struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression *string `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location *string `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title *string `pulumi:"title"`
}

type PolicyDryRunSpecRuleConditionArgs added in v7.4.0 

type PolicyDryRunSpecRuleConditionArgs struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringPtrInput `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location pulumi.StringPtrInput `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title pulumi.StringPtrInput `pulumi:"title"`
}

func (PolicyDryRunSpecRuleConditionArgs) ElementType added in v7.4.0 

func (PolicyDryRunSpecRuleConditionArgs) ElementType() reflect.Type

func (PolicyDryRunSpecRuleConditionArgs) ToPolicyDryRunSpecRuleConditionOutput added in v7.4.0 

func (i PolicyDryRunSpecRuleConditionArgs) ToPolicyDryRunSpecRuleConditionOutput() PolicyDryRunSpecRuleConditionOutput

func (PolicyDryRunSpecRuleConditionArgs) ToPolicyDryRunSpecRuleConditionOutputWithContext added in v7.4.0 

func (i PolicyDryRunSpecRuleConditionArgs) ToPolicyDryRunSpecRuleConditionOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleConditionOutput

func (PolicyDryRunSpecRuleConditionArgs) ToPolicyDryRunSpecRuleConditionPtrOutput added in v7.4.0 

func (i PolicyDryRunSpecRuleConditionArgs) ToPolicyDryRunSpecRuleConditionPtrOutput() PolicyDryRunSpecRuleConditionPtrOutput

func (PolicyDryRunSpecRuleConditionArgs) ToPolicyDryRunSpecRuleConditionPtrOutputWithContext added in v7.4.0 

func (i PolicyDryRunSpecRuleConditionArgs) ToPolicyDryRunSpecRuleConditionPtrOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleConditionPtrOutput

type PolicyDryRunSpecRuleConditionInput added in v7.4.0 

type PolicyDryRunSpecRuleConditionInput interface {
	pulumi.Input

	ToPolicyDryRunSpecRuleConditionOutput() PolicyDryRunSpecRuleConditionOutput
	ToPolicyDryRunSpecRuleConditionOutputWithContext(context.Context) PolicyDryRunSpecRuleConditionOutput
}

PolicyDryRunSpecRuleConditionInput is an input type that accepts PolicyDryRunSpecRuleConditionArgs and PolicyDryRunSpecRuleConditionOutput values. You can construct a concrete instance of `PolicyDryRunSpecRuleConditionInput` via: 

PolicyDryRunSpecRuleConditionArgs{...}

type PolicyDryRunSpecRuleConditionOutput added in v7.4.0 

type PolicyDryRunSpecRuleConditionOutput struct{ *pulumi.OutputState }

func (PolicyDryRunSpecRuleConditionOutput) Description added in v7.4.0 

func (o PolicyDryRunSpecRuleConditionOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (PolicyDryRunSpecRuleConditionOutput) ElementType added in v7.4.0 

func (PolicyDryRunSpecRuleConditionOutput) ElementType() reflect.Type

func (PolicyDryRunSpecRuleConditionOutput) Expression added in v7.4.0 

func (o PolicyDryRunSpecRuleConditionOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (PolicyDryRunSpecRuleConditionOutput) Location added in v7.4.0 

func (o PolicyDryRunSpecRuleConditionOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (PolicyDryRunSpecRuleConditionOutput) Title added in v7.4.0 

func (o PolicyDryRunSpecRuleConditionOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (PolicyDryRunSpecRuleConditionOutput) ToPolicyDryRunSpecRuleConditionOutput added in v7.4.0 

func (o PolicyDryRunSpecRuleConditionOutput) ToPolicyDryRunSpecRuleConditionOutput() PolicyDryRunSpecRuleConditionOutput

func (PolicyDryRunSpecRuleConditionOutput) ToPolicyDryRunSpecRuleConditionOutputWithContext added in v7.4.0 

func (o PolicyDryRunSpecRuleConditionOutput) ToPolicyDryRunSpecRuleConditionOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleConditionOutput

func (PolicyDryRunSpecRuleConditionOutput) ToPolicyDryRunSpecRuleConditionPtrOutput added in v7.4.0 

func (o PolicyDryRunSpecRuleConditionOutput) ToPolicyDryRunSpecRuleConditionPtrOutput() PolicyDryRunSpecRuleConditionPtrOutput

func (PolicyDryRunSpecRuleConditionOutput) ToPolicyDryRunSpecRuleConditionPtrOutputWithContext added in v7.4.0 

func (o PolicyDryRunSpecRuleConditionOutput) ToPolicyDryRunSpecRuleConditionPtrOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleConditionPtrOutput

type PolicyDryRunSpecRuleConditionPtrInput added in v7.4.0 

type PolicyDryRunSpecRuleConditionPtrInput interface {
	pulumi.Input

	ToPolicyDryRunSpecRuleConditionPtrOutput() PolicyDryRunSpecRuleConditionPtrOutput
	ToPolicyDryRunSpecRuleConditionPtrOutputWithContext(context.Context) PolicyDryRunSpecRuleConditionPtrOutput
}

PolicyDryRunSpecRuleConditionPtrInput is an input type that accepts PolicyDryRunSpecRuleConditionArgs, PolicyDryRunSpecRuleConditionPtr and PolicyDryRunSpecRuleConditionPtrOutput values. You can construct a concrete instance of `PolicyDryRunSpecRuleConditionPtrInput` via: 

        PolicyDryRunSpecRuleConditionArgs{...}

or:

        nil

func PolicyDryRunSpecRuleConditionPtr added in v7.4.0 

func PolicyDryRunSpecRuleConditionPtr(v *PolicyDryRunSpecRuleConditionArgs) PolicyDryRunSpecRuleConditionPtrInput

type PolicyDryRunSpecRuleConditionPtrOutput added in v7.4.0 

type PolicyDryRunSpecRuleConditionPtrOutput struct{ *pulumi.OutputState }

func (PolicyDryRunSpecRuleConditionPtrOutput) Description added in v7.4.0 

func (o PolicyDryRunSpecRuleConditionPtrOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (PolicyDryRunSpecRuleConditionPtrOutput) Elem added in v7.4.0 

func (o PolicyDryRunSpecRuleConditionPtrOutput) Elem() PolicyDryRunSpecRuleConditionOutput

func (PolicyDryRunSpecRuleConditionPtrOutput) ElementType added in v7.4.0 

func (PolicyDryRunSpecRuleConditionPtrOutput) ElementType() reflect.Type

func (PolicyDryRunSpecRuleConditionPtrOutput) Expression added in v7.4.0 

func (o PolicyDryRunSpecRuleConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (PolicyDryRunSpecRuleConditionPtrOutput) Location added in v7.4.0 

func (o PolicyDryRunSpecRuleConditionPtrOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (PolicyDryRunSpecRuleConditionPtrOutput) Title added in v7.4.0 

func (o PolicyDryRunSpecRuleConditionPtrOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (PolicyDryRunSpecRuleConditionPtrOutput) ToPolicyDryRunSpecRuleConditionPtrOutput added in v7.4.0 

func (o PolicyDryRunSpecRuleConditionPtrOutput) ToPolicyDryRunSpecRuleConditionPtrOutput() PolicyDryRunSpecRuleConditionPtrOutput

func (PolicyDryRunSpecRuleConditionPtrOutput) ToPolicyDryRunSpecRuleConditionPtrOutputWithContext added in v7.4.0 

func (o PolicyDryRunSpecRuleConditionPtrOutput) ToPolicyDryRunSpecRuleConditionPtrOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleConditionPtrOutput

type PolicyDryRunSpecRuleInput added in v7.4.0 

type PolicyDryRunSpecRuleInput interface {
	pulumi.Input

	ToPolicyDryRunSpecRuleOutput() PolicyDryRunSpecRuleOutput
	ToPolicyDryRunSpecRuleOutputWithContext(context.Context) PolicyDryRunSpecRuleOutput
}

PolicyDryRunSpecRuleInput is an input type that accepts PolicyDryRunSpecRuleArgs and PolicyDryRunSpecRuleOutput values. You can construct a concrete instance of `PolicyDryRunSpecRuleInput` via: 

PolicyDryRunSpecRuleArgs{...}

type PolicyDryRunSpecRuleOutput added in v7.4.0 

type PolicyDryRunSpecRuleOutput struct{ *pulumi.OutputState }

func (PolicyDryRunSpecRuleOutput) AllowAll added in v7.4.0 

func (o PolicyDryRunSpecRuleOutput) AllowAll() pulumi.StringPtrOutput

Setting this to `"TRUE"` means that all values are allowed. This field can be set only in Policies for list constraints.

func (PolicyDryRunSpecRuleOutput) Condition added in v7.4.0 

func (o PolicyDryRunSpecRuleOutput) Condition() PolicyDryRunSpecRuleConditionPtrOutput

A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where keyName and valueName are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".

func (PolicyDryRunSpecRuleOutput) DenyAll added in v7.4.0 

func (o PolicyDryRunSpecRuleOutput) DenyAll() pulumi.StringPtrOutput

Setting this to `"TRUE"` means that all values are denied. This field can be set only in Policies for list constraints.

func (PolicyDryRunSpecRuleOutput) ElementType added in v7.4.0 

func (PolicyDryRunSpecRuleOutput) ElementType() reflect.Type

func (PolicyDryRunSpecRuleOutput) Enforce added in v7.4.0 

func (o PolicyDryRunSpecRuleOutput) Enforce() pulumi.StringPtrOutput

If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.

func (PolicyDryRunSpecRuleOutput) ToPolicyDryRunSpecRuleOutput added in v7.4.0 

func (o PolicyDryRunSpecRuleOutput) ToPolicyDryRunSpecRuleOutput() PolicyDryRunSpecRuleOutput

func (PolicyDryRunSpecRuleOutput) ToPolicyDryRunSpecRuleOutputWithContext added in v7.4.0 

func (o PolicyDryRunSpecRuleOutput) ToPolicyDryRunSpecRuleOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleOutput

func (PolicyDryRunSpecRuleOutput) Values added in v7.4.0 

func (o PolicyDryRunSpecRuleOutput) Values() PolicyDryRunSpecRuleValuesPtrOutput

List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints.

type PolicyDryRunSpecRuleValues added in v7.4.0 

type PolicyDryRunSpecRuleValues struct {
	// List of values allowed at this resource.
	AllowedValues []string `pulumi:"allowedValues"`
	// List of values denied at this resource.
	DeniedValues []string `pulumi:"deniedValues"`
}

type PolicyDryRunSpecRuleValuesArgs added in v7.4.0 

type PolicyDryRunSpecRuleValuesArgs struct {
	// List of values allowed at this resource.
	AllowedValues pulumi.StringArrayInput `pulumi:"allowedValues"`
	// List of values denied at this resource.
	DeniedValues pulumi.StringArrayInput `pulumi:"deniedValues"`
}

func (PolicyDryRunSpecRuleValuesArgs) ElementType added in v7.4.0 

func (PolicyDryRunSpecRuleValuesArgs) ElementType() reflect.Type

func (PolicyDryRunSpecRuleValuesArgs) ToPolicyDryRunSpecRuleValuesOutput added in v7.4.0 

func (i PolicyDryRunSpecRuleValuesArgs) ToPolicyDryRunSpecRuleValuesOutput() PolicyDryRunSpecRuleValuesOutput

func (PolicyDryRunSpecRuleValuesArgs) ToPolicyDryRunSpecRuleValuesOutputWithContext added in v7.4.0 

func (i PolicyDryRunSpecRuleValuesArgs) ToPolicyDryRunSpecRuleValuesOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleValuesOutput

func (PolicyDryRunSpecRuleValuesArgs) ToPolicyDryRunSpecRuleValuesPtrOutput added in v7.4.0 

func (i PolicyDryRunSpecRuleValuesArgs) ToPolicyDryRunSpecRuleValuesPtrOutput() PolicyDryRunSpecRuleValuesPtrOutput

func (PolicyDryRunSpecRuleValuesArgs) ToPolicyDryRunSpecRuleValuesPtrOutputWithContext added in v7.4.0 

func (i PolicyDryRunSpecRuleValuesArgs) ToPolicyDryRunSpecRuleValuesPtrOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleValuesPtrOutput

type PolicyDryRunSpecRuleValuesInput added in v7.4.0 

type PolicyDryRunSpecRuleValuesInput interface {
	pulumi.Input

	ToPolicyDryRunSpecRuleValuesOutput() PolicyDryRunSpecRuleValuesOutput
	ToPolicyDryRunSpecRuleValuesOutputWithContext(context.Context) PolicyDryRunSpecRuleValuesOutput
}

PolicyDryRunSpecRuleValuesInput is an input type that accepts PolicyDryRunSpecRuleValuesArgs and PolicyDryRunSpecRuleValuesOutput values. You can construct a concrete instance of `PolicyDryRunSpecRuleValuesInput` via: 

PolicyDryRunSpecRuleValuesArgs{...}

type PolicyDryRunSpecRuleValuesOutput added in v7.4.0 

type PolicyDryRunSpecRuleValuesOutput struct{ *pulumi.OutputState }

func (PolicyDryRunSpecRuleValuesOutput) AllowedValues added in v7.4.0 

func (o PolicyDryRunSpecRuleValuesOutput) AllowedValues() pulumi.StringArrayOutput

List of values allowed at this resource.

func (PolicyDryRunSpecRuleValuesOutput) DeniedValues added in v7.4.0 

func (o PolicyDryRunSpecRuleValuesOutput) DeniedValues() pulumi.StringArrayOutput

List of values denied at this resource.

func (PolicyDryRunSpecRuleValuesOutput) ElementType added in v7.4.0 

func (PolicyDryRunSpecRuleValuesOutput) ElementType() reflect.Type

func (PolicyDryRunSpecRuleValuesOutput) ToPolicyDryRunSpecRuleValuesOutput added in v7.4.0 

func (o PolicyDryRunSpecRuleValuesOutput) ToPolicyDryRunSpecRuleValuesOutput() PolicyDryRunSpecRuleValuesOutput

func (PolicyDryRunSpecRuleValuesOutput) ToPolicyDryRunSpecRuleValuesOutputWithContext added in v7.4.0 

func (o PolicyDryRunSpecRuleValuesOutput) ToPolicyDryRunSpecRuleValuesOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleValuesOutput

func (PolicyDryRunSpecRuleValuesOutput) ToPolicyDryRunSpecRuleValuesPtrOutput added in v7.4.0 

func (o PolicyDryRunSpecRuleValuesOutput) ToPolicyDryRunSpecRuleValuesPtrOutput() PolicyDryRunSpecRuleValuesPtrOutput

func (PolicyDryRunSpecRuleValuesOutput) ToPolicyDryRunSpecRuleValuesPtrOutputWithContext added in v7.4.0 

func (o PolicyDryRunSpecRuleValuesOutput) ToPolicyDryRunSpecRuleValuesPtrOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleValuesPtrOutput

type PolicyDryRunSpecRuleValuesPtrInput added in v7.4.0 

type PolicyDryRunSpecRuleValuesPtrInput interface {
	pulumi.Input

	ToPolicyDryRunSpecRuleValuesPtrOutput() PolicyDryRunSpecRuleValuesPtrOutput
	ToPolicyDryRunSpecRuleValuesPtrOutputWithContext(context.Context) PolicyDryRunSpecRuleValuesPtrOutput
}

PolicyDryRunSpecRuleValuesPtrInput is an input type that accepts PolicyDryRunSpecRuleValuesArgs, PolicyDryRunSpecRuleValuesPtr and PolicyDryRunSpecRuleValuesPtrOutput values. You can construct a concrete instance of `PolicyDryRunSpecRuleValuesPtrInput` via: 

        PolicyDryRunSpecRuleValuesArgs{...}

or:

        nil

func PolicyDryRunSpecRuleValuesPtr added in v7.4.0 

func PolicyDryRunSpecRuleValuesPtr(v *PolicyDryRunSpecRuleValuesArgs) PolicyDryRunSpecRuleValuesPtrInput

type PolicyDryRunSpecRuleValuesPtrOutput added in v7.4.0 

type PolicyDryRunSpecRuleValuesPtrOutput struct{ *pulumi.OutputState }

func (PolicyDryRunSpecRuleValuesPtrOutput) AllowedValues added in v7.4.0 

func (o PolicyDryRunSpecRuleValuesPtrOutput) AllowedValues() pulumi.StringArrayOutput

List of values allowed at this resource.

func (PolicyDryRunSpecRuleValuesPtrOutput) DeniedValues added in v7.4.0 

func (o PolicyDryRunSpecRuleValuesPtrOutput) DeniedValues() pulumi.StringArrayOutput

List of values denied at this resource.

func (PolicyDryRunSpecRuleValuesPtrOutput) Elem added in v7.4.0 

func (o PolicyDryRunSpecRuleValuesPtrOutput) Elem() PolicyDryRunSpecRuleValuesOutput

func (PolicyDryRunSpecRuleValuesPtrOutput) ElementType added in v7.4.0 

func (PolicyDryRunSpecRuleValuesPtrOutput) ElementType() reflect.Type

func (PolicyDryRunSpecRuleValuesPtrOutput) ToPolicyDryRunSpecRuleValuesPtrOutput added in v7.4.0 

func (o PolicyDryRunSpecRuleValuesPtrOutput) ToPolicyDryRunSpecRuleValuesPtrOutput() PolicyDryRunSpecRuleValuesPtrOutput

func (PolicyDryRunSpecRuleValuesPtrOutput) ToPolicyDryRunSpecRuleValuesPtrOutputWithContext added in v7.4.0 

func (o PolicyDryRunSpecRuleValuesPtrOutput) ToPolicyDryRunSpecRuleValuesPtrOutputWithContext(ctx context.Context) PolicyDryRunSpecRuleValuesPtrOutput

type PolicyInput 

type PolicyInput interface {
	pulumi.Input

	ToPolicyOutput() PolicyOutput
	ToPolicyOutputWithContext(ctx context.Context) PolicyOutput
}

type PolicyMap 

type PolicyMap map[string]PolicyInput

func (PolicyMap) ElementType 

func (PolicyMap) ElementType() reflect.Type

func (PolicyMap) ToPolicyMapOutput 

func (i PolicyMap) ToPolicyMapOutput() PolicyMapOutput

func (PolicyMap) ToPolicyMapOutputWithContext 

func (i PolicyMap) ToPolicyMapOutputWithContext(ctx context.Context) PolicyMapOutput

type PolicyMapInput 

type PolicyMapInput interface {
	pulumi.Input

	ToPolicyMapOutput() PolicyMapOutput
	ToPolicyMapOutputWithContext(context.Context) PolicyMapOutput
}

PolicyMapInput is an input type that accepts PolicyMap and PolicyMapOutput values. You can construct a concrete instance of `PolicyMapInput` via: 

PolicyMap{ "key": PolicyArgs{...} }

type PolicyMapOutput 

type PolicyMapOutput struct{ *pulumi.OutputState }

func (PolicyMapOutput) ElementType 

func (PolicyMapOutput) ElementType() reflect.Type

func (PolicyMapOutput) MapIndex 

func (o PolicyMapOutput) MapIndex(k pulumi.StringInput) PolicyOutput

func (PolicyMapOutput) ToPolicyMapOutput 

func (o PolicyMapOutput) ToPolicyMapOutput() PolicyMapOutput

func (PolicyMapOutput) ToPolicyMapOutputWithContext 

func (o PolicyMapOutput) ToPolicyMapOutputWithContext(ctx context.Context) PolicyMapOutput

type PolicyOutput 

type PolicyOutput struct{ *pulumi.OutputState }

func (PolicyOutput) DryRunSpec added in v7.4.0 

func (o PolicyOutput) DryRunSpec() PolicyDryRunSpecPtrOutput

Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.

func (PolicyOutput) ElementType 

func (PolicyOutput) ElementType() reflect.Type

func (PolicyOutput) Etag added in v7.6.0 

func (o PolicyOutput) Etag() pulumi.StringOutput

Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.

func (PolicyOutput) Name 

func (o PolicyOutput) Name() pulumi.StringOutput

Immutable. The resource name of the Policy. Must be one of the following forms, where constraintName is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.

func (PolicyOutput) Parent 

func (o PolicyOutput) Parent() pulumi.StringOutput

The parent of the resource.

***

func (PolicyOutput) Spec 

func (o PolicyOutput) Spec() PolicySpecPtrOutput

Basic information about the Organization Policy.

func (PolicyOutput) ToPolicyOutput 

func (o PolicyOutput) ToPolicyOutput() PolicyOutput

func (PolicyOutput) ToPolicyOutputWithContext 

func (o PolicyOutput) ToPolicyOutputWithContext(ctx context.Context) PolicyOutput

type PolicySpec 

type PolicySpec struct {
	// An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.
	Etag *string `pulumi:"etag"`
	// Determines the inheritance behavior for this `Policy`. If `inheritFromParent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.
	InheritFromParent *bool `pulumi:"inheritFromParent"`
	// Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.
	Reset *bool `pulumi:"reset"`
	// Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.
	Rules []PolicySpecRule `pulumi:"rules"`
	// Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.
	UpdateTime *string `pulumi:"updateTime"`
}

type PolicySpecArgs 

type PolicySpecArgs struct {
	// An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.
	Etag pulumi.StringPtrInput `pulumi:"etag"`
	// Determines the inheritance behavior for this `Policy`. If `inheritFromParent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.
	InheritFromParent pulumi.BoolPtrInput `pulumi:"inheritFromParent"`
	// Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.
	Reset pulumi.BoolPtrInput `pulumi:"reset"`
	// Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.
	Rules PolicySpecRuleArrayInput `pulumi:"rules"`
	// Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.
	UpdateTime pulumi.StringPtrInput `pulumi:"updateTime"`
}

func (PolicySpecArgs) ElementType 

func (PolicySpecArgs) ElementType() reflect.Type

func (PolicySpecArgs) ToPolicySpecOutput 

func (i PolicySpecArgs) ToPolicySpecOutput() PolicySpecOutput

func (PolicySpecArgs) ToPolicySpecOutputWithContext 

func (i PolicySpecArgs) ToPolicySpecOutputWithContext(ctx context.Context) PolicySpecOutput

func (PolicySpecArgs) ToPolicySpecPtrOutput 

func (i PolicySpecArgs) ToPolicySpecPtrOutput() PolicySpecPtrOutput

func (PolicySpecArgs) ToPolicySpecPtrOutputWithContext 

func (i PolicySpecArgs) ToPolicySpecPtrOutputWithContext(ctx context.Context) PolicySpecPtrOutput

type PolicySpecInput 

type PolicySpecInput interface {
	pulumi.Input

	ToPolicySpecOutput() PolicySpecOutput
	ToPolicySpecOutputWithContext(context.Context) PolicySpecOutput
}

PolicySpecInput is an input type that accepts PolicySpecArgs and PolicySpecOutput values. You can construct a concrete instance of `PolicySpecInput` via: 

PolicySpecArgs{...}

type PolicySpecOutput 

type PolicySpecOutput struct{ *pulumi.OutputState }

func (PolicySpecOutput) ElementType 

func (PolicySpecOutput) ElementType() reflect.Type

func (PolicySpecOutput) Etag 

func (o PolicySpecOutput) Etag() pulumi.StringPtrOutput

An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.

func (PolicySpecOutput) InheritFromParent 

func (o PolicySpecOutput) InheritFromParent() pulumi.BoolPtrOutput

Determines the inheritance behavior for this `Policy`. If `inheritFromParent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.

func (PolicySpecOutput) Reset 

func (o PolicySpecOutput) Reset() pulumi.BoolPtrOutput

Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.

func (PolicySpecOutput) Rules 

func (o PolicySpecOutput) Rules() PolicySpecRuleArrayOutput

Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.

func (PolicySpecOutput) ToPolicySpecOutput 

func (o PolicySpecOutput) ToPolicySpecOutput() PolicySpecOutput

func (PolicySpecOutput) ToPolicySpecOutputWithContext 

func (o PolicySpecOutput) ToPolicySpecOutputWithContext(ctx context.Context) PolicySpecOutput

func (PolicySpecOutput) ToPolicySpecPtrOutput 

func (o PolicySpecOutput) ToPolicySpecPtrOutput() PolicySpecPtrOutput

func (PolicySpecOutput) ToPolicySpecPtrOutputWithContext 

func (o PolicySpecOutput) ToPolicySpecPtrOutputWithContext(ctx context.Context) PolicySpecPtrOutput

func (PolicySpecOutput) UpdateTime 

func (o PolicySpecOutput) UpdateTime() pulumi.StringPtrOutput

Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.

type PolicySpecPtrInput 

type PolicySpecPtrInput interface {
	pulumi.Input

	ToPolicySpecPtrOutput() PolicySpecPtrOutput
	ToPolicySpecPtrOutputWithContext(context.Context) PolicySpecPtrOutput
}

PolicySpecPtrInput is an input type that accepts PolicySpecArgs, PolicySpecPtr and PolicySpecPtrOutput values. You can construct a concrete instance of `PolicySpecPtrInput` via: 

        PolicySpecArgs{...}

or:

        nil

func PolicySpecPtr 

func PolicySpecPtr(v *PolicySpecArgs) PolicySpecPtrInput

type PolicySpecPtrOutput 

type PolicySpecPtrOutput struct{ *pulumi.OutputState }

func (PolicySpecPtrOutput) Elem 

func (o PolicySpecPtrOutput) Elem() PolicySpecOutput

func (PolicySpecPtrOutput) ElementType 

func (PolicySpecPtrOutput) ElementType() reflect.Type

func (PolicySpecPtrOutput) Etag 

func (o PolicySpecPtrOutput) Etag() pulumi.StringPtrOutput

An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.

func (PolicySpecPtrOutput) InheritFromParent 

func (o PolicySpecPtrOutput) InheritFromParent() pulumi.BoolPtrOutput

Determines the inheritance behavior for this `Policy`. If `inheritFromParent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.

func (PolicySpecPtrOutput) Reset 

func (o PolicySpecPtrOutput) Reset() pulumi.BoolPtrOutput

Ignores policies set above this resource and restores the `constraintDefault` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inheritFromParent` must be set to false.

func (PolicySpecPtrOutput) Rules 

func (o PolicySpecPtrOutput) Rules() PolicySpecRuleArrayOutput

Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.

func (PolicySpecPtrOutput) ToPolicySpecPtrOutput 

func (o PolicySpecPtrOutput) ToPolicySpecPtrOutput() PolicySpecPtrOutput

func (PolicySpecPtrOutput) ToPolicySpecPtrOutputWithContext 

func (o PolicySpecPtrOutput) ToPolicySpecPtrOutputWithContext(ctx context.Context) PolicySpecPtrOutput

func (PolicySpecPtrOutput) UpdateTime 

func (o PolicySpecPtrOutput) UpdateTime() pulumi.StringPtrOutput

Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.

type PolicySpecRule 

type PolicySpecRule struct {
	// Setting this to `"TRUE"` means that all values are allowed. This field can be set only in Policies for list constraints.
	AllowAll *string `pulumi:"allowAll"`
	// A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where keyName and valueName are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".
	Condition *PolicySpecRuleCondition `pulumi:"condition"`
	// Setting this to `"TRUE"` means that all values are denied. This field can be set only in Policies for list constraints.
	DenyAll *string `pulumi:"denyAll"`
	// If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.
	Enforce *string `pulumi:"enforce"`
	// List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints.
	Values *PolicySpecRuleValues `pulumi:"values"`
}

type PolicySpecRuleArgs 

type PolicySpecRuleArgs struct {
	// Setting this to `"TRUE"` means that all values are allowed. This field can be set only in Policies for list constraints.
	AllowAll pulumi.StringPtrInput `pulumi:"allowAll"`
	// A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where keyName and valueName are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".
	Condition PolicySpecRuleConditionPtrInput `pulumi:"condition"`
	// Setting this to `"TRUE"` means that all values are denied. This field can be set only in Policies for list constraints.
	DenyAll pulumi.StringPtrInput `pulumi:"denyAll"`
	// If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.
	Enforce pulumi.StringPtrInput `pulumi:"enforce"`
	// List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints.
	Values PolicySpecRuleValuesPtrInput `pulumi:"values"`
}

func (PolicySpecRuleArgs) ElementType 

func (PolicySpecRuleArgs) ElementType() reflect.Type

func (PolicySpecRuleArgs) ToPolicySpecRuleOutput 

func (i PolicySpecRuleArgs) ToPolicySpecRuleOutput() PolicySpecRuleOutput

func (PolicySpecRuleArgs) ToPolicySpecRuleOutputWithContext 

func (i PolicySpecRuleArgs) ToPolicySpecRuleOutputWithContext(ctx context.Context) PolicySpecRuleOutput

type PolicySpecRuleArray 

type PolicySpecRuleArray []PolicySpecRuleInput

func (PolicySpecRuleArray) ElementType 

func (PolicySpecRuleArray) ElementType() reflect.Type

func (PolicySpecRuleArray) ToPolicySpecRuleArrayOutput 

func (i PolicySpecRuleArray) ToPolicySpecRuleArrayOutput() PolicySpecRuleArrayOutput

func (PolicySpecRuleArray) ToPolicySpecRuleArrayOutputWithContext 

func (i PolicySpecRuleArray) ToPolicySpecRuleArrayOutputWithContext(ctx context.Context) PolicySpecRuleArrayOutput

type PolicySpecRuleArrayInput 

type PolicySpecRuleArrayInput interface {
	pulumi.Input

	ToPolicySpecRuleArrayOutput() PolicySpecRuleArrayOutput
	ToPolicySpecRuleArrayOutputWithContext(context.Context) PolicySpecRuleArrayOutput
}

PolicySpecRuleArrayInput is an input type that accepts PolicySpecRuleArray and PolicySpecRuleArrayOutput values. You can construct a concrete instance of `PolicySpecRuleArrayInput` via: 

PolicySpecRuleArray{ PolicySpecRuleArgs{...} }

type PolicySpecRuleArrayOutput 

type PolicySpecRuleArrayOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleArrayOutput) ElementType 

func (PolicySpecRuleArrayOutput) ElementType() reflect.Type

func (PolicySpecRuleArrayOutput) Index 

func (o PolicySpecRuleArrayOutput) Index(i pulumi.IntInput) PolicySpecRuleOutput

func (PolicySpecRuleArrayOutput) ToPolicySpecRuleArrayOutput 

func (o PolicySpecRuleArrayOutput) ToPolicySpecRuleArrayOutput() PolicySpecRuleArrayOutput

func (PolicySpecRuleArrayOutput) ToPolicySpecRuleArrayOutputWithContext 

func (o PolicySpecRuleArrayOutput) ToPolicySpecRuleArrayOutputWithContext(ctx context.Context) PolicySpecRuleArrayOutput

type PolicySpecRuleCondition 

type PolicySpecRuleCondition struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression *string `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location *string `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title *string `pulumi:"title"`
}

type PolicySpecRuleConditionArgs 

type PolicySpecRuleConditionArgs struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringPtrInput `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location pulumi.StringPtrInput `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title pulumi.StringPtrInput `pulumi:"title"`
}

func (PolicySpecRuleConditionArgs) ElementType 

func (PolicySpecRuleConditionArgs) ElementType() reflect.Type

func (PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionOutput 

func (i PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionOutput() PolicySpecRuleConditionOutput

func (PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionOutputWithContext 

func (i PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionOutputWithContext(ctx context.Context) PolicySpecRuleConditionOutput

func (PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionPtrOutput 

func (i PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionPtrOutput() PolicySpecRuleConditionPtrOutput

func (PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionPtrOutputWithContext 

func (i PolicySpecRuleConditionArgs) ToPolicySpecRuleConditionPtrOutputWithContext(ctx context.Context) PolicySpecRuleConditionPtrOutput

type PolicySpecRuleConditionInput 

type PolicySpecRuleConditionInput interface {
	pulumi.Input

	ToPolicySpecRuleConditionOutput() PolicySpecRuleConditionOutput
	ToPolicySpecRuleConditionOutputWithContext(context.Context) PolicySpecRuleConditionOutput
}

PolicySpecRuleConditionInput is an input type that accepts PolicySpecRuleConditionArgs and PolicySpecRuleConditionOutput values. You can construct a concrete instance of `PolicySpecRuleConditionInput` via: 

PolicySpecRuleConditionArgs{...}

type PolicySpecRuleConditionOutput 

type PolicySpecRuleConditionOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleConditionOutput) Description 

func (o PolicySpecRuleConditionOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (PolicySpecRuleConditionOutput) ElementType 

func (PolicySpecRuleConditionOutput) ElementType() reflect.Type

func (PolicySpecRuleConditionOutput) Expression 

func (o PolicySpecRuleConditionOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (PolicySpecRuleConditionOutput) Location 

func (o PolicySpecRuleConditionOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (PolicySpecRuleConditionOutput) Title 

func (o PolicySpecRuleConditionOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionOutput 

func (o PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionOutput() PolicySpecRuleConditionOutput

func (PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionOutputWithContext 

func (o PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionOutputWithContext(ctx context.Context) PolicySpecRuleConditionOutput

func (PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionPtrOutput 

func (o PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionPtrOutput() PolicySpecRuleConditionPtrOutput

func (PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionPtrOutputWithContext 

func (o PolicySpecRuleConditionOutput) ToPolicySpecRuleConditionPtrOutputWithContext(ctx context.Context) PolicySpecRuleConditionPtrOutput

type PolicySpecRuleConditionPtrInput 

type PolicySpecRuleConditionPtrInput interface {
	pulumi.Input

	ToPolicySpecRuleConditionPtrOutput() PolicySpecRuleConditionPtrOutput
	ToPolicySpecRuleConditionPtrOutputWithContext(context.Context) PolicySpecRuleConditionPtrOutput
}

PolicySpecRuleConditionPtrInput is an input type that accepts PolicySpecRuleConditionArgs, PolicySpecRuleConditionPtr and PolicySpecRuleConditionPtrOutput values. You can construct a concrete instance of `PolicySpecRuleConditionPtrInput` via: 

        PolicySpecRuleConditionArgs{...}

or:

        nil

func PolicySpecRuleConditionPtr 

func PolicySpecRuleConditionPtr(v *PolicySpecRuleConditionArgs) PolicySpecRuleConditionPtrInput

type PolicySpecRuleConditionPtrOutput 

type PolicySpecRuleConditionPtrOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleConditionPtrOutput) Description 

func (o PolicySpecRuleConditionPtrOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (PolicySpecRuleConditionPtrOutput) Elem 

func (o PolicySpecRuleConditionPtrOutput) Elem() PolicySpecRuleConditionOutput

func (PolicySpecRuleConditionPtrOutput) ElementType 

func (PolicySpecRuleConditionPtrOutput) ElementType() reflect.Type

func (PolicySpecRuleConditionPtrOutput) Expression 

func (o PolicySpecRuleConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (PolicySpecRuleConditionPtrOutput) Location 

func (o PolicySpecRuleConditionPtrOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (PolicySpecRuleConditionPtrOutput) Title 

func (o PolicySpecRuleConditionPtrOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (PolicySpecRuleConditionPtrOutput) ToPolicySpecRuleConditionPtrOutput 

func (o PolicySpecRuleConditionPtrOutput) ToPolicySpecRuleConditionPtrOutput() PolicySpecRuleConditionPtrOutput

func (PolicySpecRuleConditionPtrOutput) ToPolicySpecRuleConditionPtrOutputWithContext 

func (o PolicySpecRuleConditionPtrOutput) ToPolicySpecRuleConditionPtrOutputWithContext(ctx context.Context) PolicySpecRuleConditionPtrOutput

type PolicySpecRuleInput 

type PolicySpecRuleInput interface {
	pulumi.Input

	ToPolicySpecRuleOutput() PolicySpecRuleOutput
	ToPolicySpecRuleOutputWithContext(context.Context) PolicySpecRuleOutput
}

PolicySpecRuleInput is an input type that accepts PolicySpecRuleArgs and PolicySpecRuleOutput values. You can construct a concrete instance of `PolicySpecRuleInput` via: 

PolicySpecRuleArgs{...}

type PolicySpecRuleOutput 

type PolicySpecRuleOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleOutput) AllowAll 

func (o PolicySpecRuleOutput) AllowAll() pulumi.StringPtrOutput

Setting this to `"TRUE"` means that all values are allowed. This field can be set only in Policies for list constraints.

func (PolicySpecRuleOutput) Condition 

func (o PolicySpecRuleOutput) Condition() PolicySpecRuleConditionPtrOutput

A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the "||" or "&&" operators. Each subexpression must be of the form "resource.matchTag('/tag_key_short_name, 'tag_value_short_name')". or "resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')". where keyName and valueName are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: "resource.matchTag('123456789/environment, 'prod')". or "resource.matchTagId('tagKeys/123', 'tagValues/456')".

func (PolicySpecRuleOutput) DenyAll 

func (o PolicySpecRuleOutput) DenyAll() pulumi.StringPtrOutput

Setting this to `"TRUE"` means that all values are denied. This field can be set only in Policies for list constraints.

func (PolicySpecRuleOutput) ElementType 

func (PolicySpecRuleOutput) ElementType() reflect.Type

func (PolicySpecRuleOutput) Enforce 

func (o PolicySpecRuleOutput) Enforce() pulumi.StringPtrOutput

If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.

func (PolicySpecRuleOutput) ToPolicySpecRuleOutput 

func (o PolicySpecRuleOutput) ToPolicySpecRuleOutput() PolicySpecRuleOutput

func (PolicySpecRuleOutput) ToPolicySpecRuleOutputWithContext 

func (o PolicySpecRuleOutput) ToPolicySpecRuleOutputWithContext(ctx context.Context) PolicySpecRuleOutput

func (PolicySpecRuleOutput) Values 

func (o PolicySpecRuleOutput) Values() PolicySpecRuleValuesPtrOutput

List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints.

type PolicySpecRuleValues 

type PolicySpecRuleValues struct {
	// List of values allowed at this resource.
	AllowedValues []string `pulumi:"allowedValues"`
	// List of values denied at this resource.
	DeniedValues []string `pulumi:"deniedValues"`
}

type PolicySpecRuleValuesArgs 

type PolicySpecRuleValuesArgs struct {
	// List of values allowed at this resource.
	AllowedValues pulumi.StringArrayInput `pulumi:"allowedValues"`
	// List of values denied at this resource.
	DeniedValues pulumi.StringArrayInput `pulumi:"deniedValues"`
}

func (PolicySpecRuleValuesArgs) ElementType 

func (PolicySpecRuleValuesArgs) ElementType() reflect.Type

func (PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesOutput 

func (i PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesOutput() PolicySpecRuleValuesOutput

func (PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesOutputWithContext 

func (i PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesOutputWithContext(ctx context.Context) PolicySpecRuleValuesOutput

func (PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesPtrOutput 

func (i PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesPtrOutput() PolicySpecRuleValuesPtrOutput

func (PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesPtrOutputWithContext 

func (i PolicySpecRuleValuesArgs) ToPolicySpecRuleValuesPtrOutputWithContext(ctx context.Context) PolicySpecRuleValuesPtrOutput

type PolicySpecRuleValuesInput 

type PolicySpecRuleValuesInput interface {
	pulumi.Input

	ToPolicySpecRuleValuesOutput() PolicySpecRuleValuesOutput
	ToPolicySpecRuleValuesOutputWithContext(context.Context) PolicySpecRuleValuesOutput
}

PolicySpecRuleValuesInput is an input type that accepts PolicySpecRuleValuesArgs and PolicySpecRuleValuesOutput values. You can construct a concrete instance of `PolicySpecRuleValuesInput` via: 

PolicySpecRuleValuesArgs{...}

type PolicySpecRuleValuesOutput 

type PolicySpecRuleValuesOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleValuesOutput) AllowedValues 

func (o PolicySpecRuleValuesOutput) AllowedValues() pulumi.StringArrayOutput

List of values allowed at this resource.

func (PolicySpecRuleValuesOutput) DeniedValues 

func (o PolicySpecRuleValuesOutput) DeniedValues() pulumi.StringArrayOutput

List of values denied at this resource.

func (PolicySpecRuleValuesOutput) ElementType 

func (PolicySpecRuleValuesOutput) ElementType() reflect.Type

func (PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesOutput 

func (o PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesOutput() PolicySpecRuleValuesOutput

func (PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesOutputWithContext 

func (o PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesOutputWithContext(ctx context.Context) PolicySpecRuleValuesOutput

func (PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesPtrOutput 

func (o PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesPtrOutput() PolicySpecRuleValuesPtrOutput

func (PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesPtrOutputWithContext 

func (o PolicySpecRuleValuesOutput) ToPolicySpecRuleValuesPtrOutputWithContext(ctx context.Context) PolicySpecRuleValuesPtrOutput

type PolicySpecRuleValuesPtrInput 

type PolicySpecRuleValuesPtrInput interface {
	pulumi.Input

	ToPolicySpecRuleValuesPtrOutput() PolicySpecRuleValuesPtrOutput
	ToPolicySpecRuleValuesPtrOutputWithContext(context.Context) PolicySpecRuleValuesPtrOutput
}

PolicySpecRuleValuesPtrInput is an input type that accepts PolicySpecRuleValuesArgs, PolicySpecRuleValuesPtr and PolicySpecRuleValuesPtrOutput values. You can construct a concrete instance of `PolicySpecRuleValuesPtrInput` via: 

        PolicySpecRuleValuesArgs{...}

or:

        nil

func PolicySpecRuleValuesPtr 

func PolicySpecRuleValuesPtr(v *PolicySpecRuleValuesArgs) PolicySpecRuleValuesPtrInput

type PolicySpecRuleValuesPtrOutput 

type PolicySpecRuleValuesPtrOutput struct{ *pulumi.OutputState }

func (PolicySpecRuleValuesPtrOutput) AllowedValues 

func (o PolicySpecRuleValuesPtrOutput) AllowedValues() pulumi.StringArrayOutput

List of values allowed at this resource.

func (PolicySpecRuleValuesPtrOutput) DeniedValues 

func (o PolicySpecRuleValuesPtrOutput) DeniedValues() pulumi.StringArrayOutput

List of values denied at this resource.

func (PolicySpecRuleValuesPtrOutput) Elem 

func (o PolicySpecRuleValuesPtrOutput) Elem() PolicySpecRuleValuesOutput

func (PolicySpecRuleValuesPtrOutput) ElementType 

func (PolicySpecRuleValuesPtrOutput) ElementType() reflect.Type

func (PolicySpecRuleValuesPtrOutput) ToPolicySpecRuleValuesPtrOutput 

func (o PolicySpecRuleValuesPtrOutput) ToPolicySpecRuleValuesPtrOutput() PolicySpecRuleValuesPtrOutput

func (PolicySpecRuleValuesPtrOutput) ToPolicySpecRuleValuesPtrOutputWithContext 

func (o PolicySpecRuleValuesPtrOutput) ToPolicySpecRuleValuesPtrOutputWithContext(ctx context.Context) PolicySpecRuleValuesPtrOutput

type PolicyState 

type PolicyState struct {
	// Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.
	DryRunSpec PolicyDryRunSpecPtrInput
	// Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.
	Etag pulumi.StringPtrInput
	// Immutable. The resource name of the Policy. Must be one of the following forms, where constraintName is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, "projects/123/policies/compute.disableSerialPortAccess". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.
	Name pulumi.StringPtrInput
	// The parent of the resource.
	//
	// ***
	Parent pulumi.StringPtrInput
	// Basic information about the Organization Policy.
	Spec PolicySpecPtrInput
}

func (PolicyState) ElementType 

func (PolicyState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.