import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Allows management of Organization Policies for a Google Cloud Folder. * * > **Warning:** This resource has been superseded by `gcp.orgpolicy.Policy`. `gcp.orgpolicy.Policy` uses Organization Policy API V2 instead of Cloud Resource Manager API V1 and it supports additional features such as tags and conditions. * * To get more information about Organization Policies, see: * * * [API documentation](https://docs.cloud.google.com/resource-manager/reference/rest/v1/folders/setOrgPolicy) * * How-to Guides * * [Introduction to the Organization Policy Service](https://docs.cloud.google.com/resource-manager/docs/organization-policy/overview) * * ## Example Usage * * To set policy with a [boolean constraint](https://docs.cloud.google.com/resource-manager/docs/organization-policy/quickstart-boolean-constraints): * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const serialPortPolicy = new gcp.folder.OrganizationPolicy("serial_port_policy", { * folder: "folders/123456789", * constraint: "compute.disableSerialPortAccess", * booleanPolicy: { * enforced: true, * }, * }); * ``` * * To set a policy with a [list constraint](https://docs.cloud.google.com/resource-manager/docs/organization-policy/quickstart-list-constraints): * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const servicesPolicy = new gcp.folder.OrganizationPolicy("services_policy", { * folder: "folders/123456789", * constraint: "serviceuser.services", * listPolicy: { * allow: { * all: true, * }, * }, * }); * ``` * * Or to deny some services, use the following instead: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const servicesPolicy = new gcp.folder.OrganizationPolicy("services_policy", { * folder: "folders/123456789", * constraint: "serviceuser.services", * listPolicy: { * suggestedValue: "compute.googleapis.com", * deny: { * values: ["cloudresourcemanager.googleapis.com"], * }, * }, * }); * ``` * * To restore the default folder organization policy, use the following instead: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const servicesPolicy = new gcp.folder.OrganizationPolicy("services_policy", { * folder: "folders/123456789", * constraint: "serviceuser.services", * restorePolicy: { * "default": true, * }, * }); * ``` * * ## Import * * Folder organization policies can be imported using any of the follow formats: * * * `folders/{{folder_id}}/constraints/serviceuser.services` * * `{{folder_id}}/serviceuser.services` * * When using the `pulumi import` command, folder organization policies can be imported using one of the formats above. For example: * * ```sh * * `$ terraform import google_folder_organization_policy.default folders/* ``{{folder_id}}/constraints/serviceuser.services` * * `* `$ terraform import google_folder_organization_policy.default {{folder_id}}/``serviceuser.services * ``` */ export declare class OrganizationPolicy extends pulumi.CustomResource { /** * Get an existing OrganizationPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: OrganizationPolicyState, opts?: pulumi.CustomResourceOptions): OrganizationPolicy; /** * Returns true if the given object is an instance of OrganizationPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is OrganizationPolicy; /** * A boolean policy is a constraint that is either enforced or not. Structure is documented below. */ readonly booleanPolicy: pulumi.Output; /** * The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://docs.cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints). * * - - - */ readonly constraint: pulumi.Output; /** * (Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. */ readonly etag: pulumi.Output; /** * The resource name of the folder to set the policy for. Its format is folders/{folder_id}. */ readonly folder: pulumi.Output; /** * A policy that can define specific values that are allowed or denied for the given constraint. It * can also be used to allow or deny all values. Structure is documented below. */ readonly listPolicy: pulumi.Output; /** * A restore policy is a constraint to restore the default policy. Structure is documented below. * * > **Note:** If none of [`booleanPolicy`, `listPolicy`, `restorePolicy`] are defined the policy for a given constraint will * effectively be unset. This is represented in the UI as the constraint being 'Inherited'. * * - - - */ readonly restorePolicy: pulumi.Output; /** * (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z". */ readonly updateTime: pulumi.Output; /** * Version of the Policy. Default version is 0. */ readonly version: pulumi.Output; /** * Create a OrganizationPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: OrganizationPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering OrganizationPolicy resources. */ export interface OrganizationPolicyState { /** * A boolean policy is a constraint that is either enforced or not. Structure is documented below. */ booleanPolicy?: pulumi.Input; /** * The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://docs.cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints). * * - - - */ constraint?: pulumi.Input; /** * (Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. */ etag?: pulumi.Input; /** * The resource name of the folder to set the policy for. Its format is folders/{folder_id}. */ folder?: pulumi.Input; /** * A policy that can define specific values that are allowed or denied for the given constraint. It * can also be used to allow or deny all values. Structure is documented below. */ listPolicy?: pulumi.Input; /** * A restore policy is a constraint to restore the default policy. Structure is documented below. * * > **Note:** If none of [`booleanPolicy`, `listPolicy`, `restorePolicy`] are defined the policy for a given constraint will * effectively be unset. This is represented in the UI as the constraint being 'Inherited'. * * - - - */ restorePolicy?: pulumi.Input; /** * (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z". */ updateTime?: pulumi.Input; /** * Version of the Policy. Default version is 0. */ version?: pulumi.Input; } /** * The set of arguments for constructing a OrganizationPolicy resource. */ export interface OrganizationPolicyArgs { /** * A boolean policy is a constraint that is either enforced or not. Structure is documented below. */ booleanPolicy?: pulumi.Input; /** * The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://docs.cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints). * * - - - */ constraint: pulumi.Input; /** * The resource name of the folder to set the policy for. Its format is folders/{folder_id}. */ folder: pulumi.Input; /** * A policy that can define specific values that are allowed or denied for the given constraint. It * can also be used to allow or deny all values. Structure is documented below. */ listPolicy?: pulumi.Input; /** * A restore policy is a constraint to restore the default policy. Structure is documented below. * * > **Note:** If none of [`booleanPolicy`, `listPolicy`, `restorePolicy`] are defined the policy for a given constraint will * effectively be unset. This is represented in the UI as the constraint being 'Inherited'. * * - - - */ restorePolicy?: pulumi.Input; /** * Version of the Policy. Default version is 0. */ version?: pulumi.Input; }