import * as pulumi from "@pulumi/pulumi"; /** * Allows configuring a single GCP resource that should be inside the `status` block of a service perimeter. * This resource is intended to be used in cases where it is not possible to compile a full list * of projects to include in a `gcp.accesscontextmanager.ServicePerimeter` resource, * to enable them to be added separately. * If your perimeter is in dry-run mode use `gcp.accesscontextmanager.ServicePerimeterDryRunResource` instead. * * > **Note:** If this resource is used alongside a `gcp.accesscontextmanager.ServicePerimeter` resource, * the service perimeter resource must have a `lifecycle` block with `ignoreChanges = [status[0].resources]` so * they don't fight over which resources should be in the policy. * * To get more information about ServicePerimeterResource, see: * * * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters) * * How-to Guides * * [Service Perimeter Quickstart](https://cloud.google.com/vpc-service-controls/docs/quickstart) * * > **Warning:** If you are using User ADCs (Application Default Credentials) with this resource, * you must specify a `billingProject` and set `userProjectOverride` to true * in the provider configuration. Otherwise the ACM API will return a 403 error. * Your account must have the `serviceusage.services.use` permission on the * `billingProject` you defined. * * ## Example Usage * * ### Access Context Manager Service Perimeter Resource Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const access_policy = new gcp.accesscontextmanager.AccessPolicy("access-policy", { * parent: "organizations/123456789", * title: "my policy", * }); * const service_perimeter_resourceServicePerimeter = new gcp.accesscontextmanager.ServicePerimeter("service-perimeter-resource", { * parent: pulumi.interpolate`accessPolicies/${access_policy.name}`, * name: pulumi.interpolate`accessPolicies/${access_policy.name}/servicePerimeters/restrict_all`, * title: "restrict_all", * status: { * restrictedServices: ["storage.googleapis.com"], * }, * }); * const service_perimeter_resource = new gcp.accesscontextmanager.ServicePerimeterResource("service-perimeter-resource", { * perimeterName: service_perimeter_resourceServicePerimeter.name, * resource: "projects/987654321", * }); * ``` * * ## Import * * ServicePerimeterResource can be imported using any of these accepted formats: * * * `{{perimeter_name}}/{{resource}}` * * When using the `pulumi import` command, ServicePerimeterResource can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:accesscontextmanager/servicePerimeterResource:ServicePerimeterResource default {{perimeter_name}}/{{resource}} * ``` */ export declare class ServicePerimeterResource extends pulumi.CustomResource { /** * Get an existing ServicePerimeterResource resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ServicePerimeterResourceState, opts?: pulumi.CustomResourceOptions): ServicePerimeterResource; /** * Returns true if the given object is an instance of ServicePerimeterResource. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ServicePerimeterResource; /** * The name of the Access Policy this resource belongs to. */ readonly accessPolicyId: pulumi.Output; /** * The perimeter etag is internally used to prevent overwriting the list of perimeter resources on PATCH calls. It is retrieved from the same GET perimeter API call that's used to get the current list of resources. The resource to add or remove is merged into that list and then this etag is sent with the PATCH call along with the updated resource list. */ readonly etag: pulumi.Output; /** * The name of the Service Perimeter to add this resource to. */ readonly perimeterName: pulumi.Output; /** * A GCP resource that is inside of the service perimeter. * Currently only projects are allowed. * Format: projects/{project_number} */ readonly resource: pulumi.Output; /** * Create a ServicePerimeterResource resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ServicePerimeterResourceArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ServicePerimeterResource resources. */ export interface ServicePerimeterResourceState { /** * The name of the Access Policy this resource belongs to. */ accessPolicyId?: pulumi.Input; /** * The perimeter etag is internally used to prevent overwriting the list of perimeter resources on PATCH calls. It is retrieved from the same GET perimeter API call that's used to get the current list of resources. The resource to add or remove is merged into that list and then this etag is sent with the PATCH call along with the updated resource list. */ etag?: pulumi.Input; /** * The name of the Service Perimeter to add this resource to. */ perimeterName?: pulumi.Input; /** * A GCP resource that is inside of the service perimeter. * Currently only projects are allowed. * Format: projects/{project_number} */ resource?: pulumi.Input; } /** * The set of arguments for constructing a ServicePerimeterResource resource. */ export interface ServicePerimeterResourceArgs { /** * The name of the Service Perimeter to add this resource to. */ perimeterName: pulumi.Input; /** * A GCP resource that is inside of the service perimeter. * Currently only projects are allowed. * Format: projects/{project_number} */ resource: pulumi.Input; }