import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Represents an instance of a Security Health Analytics custom module, including * its full module name, display name, enablement state, and last updated time. * You can create a custom module at the organization, folder, or project level. * Custom modules that you create at the organization or folder level are inherited * by the child folders and projects. * * To get more information about FolderCustomModule, see: * * * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v1/folders.securityHealthAnalyticsSettings.customModules) * * How-to Guides * * [Overview of custom modules for Security Health Analytics](https://cloud.google.com/security-command-center/docs/custom-modules-sha-overview) * * ## Example Usage * * ### Scc Folder Custom Module Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const folder = new gcp.organizations.Folder("folder", { * parent: "organizations/123456789", * displayName: "folder-name", * deletionProtection: false, * }); * const example = new gcp.securitycenter.FolderCustomModule("example", { * folder: folder.folderId, * displayName: "basic_custom_module", * enablementState: "ENABLED", * customConfig: { * predicate: { * expression: "resource.rotationPeriod > duration(\"2592000s\")", * }, * resourceSelector: { * resourceTypes: ["cloudkms.googleapis.com/CryptoKey"], * }, * description: "The rotation period of the identified cryptokey resource exceeds 30 days.", * recommendation: "Set the rotation period to at most 30 days.", * severity: "MEDIUM", * }, * }); * ``` * ### Scc Folder Custom Module Full * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const folder = new gcp.organizations.Folder("folder", { * parent: "organizations/123456789", * displayName: "folder-name", * deletionProtection: false, * }); * const example = new gcp.securitycenter.FolderCustomModule("example", { * folder: folder.folderId, * displayName: "full_custom_module", * enablementState: "ENABLED", * customConfig: { * predicate: { * expression: "resource.rotationPeriod > duration(\"2592000s\")", * title: "Purpose of the expression", * description: "description of the expression", * location: "location of the expression", * }, * customOutput: { * properties: [{ * name: "duration", * valueExpression: { * expression: "resource.rotationPeriod", * title: "Purpose of the expression", * description: "description of the expression", * location: "location of the expression", * }, * }], * }, * resourceSelector: { * resourceTypes: ["cloudkms.googleapis.com/CryptoKey"], * }, * severity: "LOW", * description: "Description of the custom module", * recommendation: "Steps to resolve violation", * }, * }); * ``` * * ## Import * * FolderCustomModule can be imported using any of these accepted formats: * * * `folders/{{folder}}/securityHealthAnalyticsSettings/customModules/{{name}}` * * * `{{folder}}/{{name}}` * * When using the `pulumi import` command, FolderCustomModule can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:securitycenter/folderCustomModule:FolderCustomModule default folders/{{folder}}/securityHealthAnalyticsSettings/customModules/{{name}} * ``` * * ```sh * $ pulumi import gcp:securitycenter/folderCustomModule:FolderCustomModule default {{folder}}/{{name}} * ``` */ export declare class FolderCustomModule extends pulumi.CustomResource { /** * Get an existing FolderCustomModule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: FolderCustomModuleState, opts?: pulumi.CustomResourceOptions): FolderCustomModule; /** * Returns true if the given object is an instance of FolderCustomModule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is FolderCustomModule; /** * If empty, indicates that the custom module was created in the organization, folder, * or project in which you are viewing the custom module. Otherwise, ancestorModule * specifies the organization or folder from which the custom module is inherited. */ readonly ancestorModule: pulumi.Output; /** * The user specified custom configuration for the module. * Structure is documented below. */ readonly customConfig: pulumi.Output; /** * The display name of the Security Health Analytics custom module. This * display name becomes the finding category for all findings that are * returned by this custom module. The display name must be between 1 and * 128 characters, start with a lowercase letter, and contain alphanumeric * characters or underscores only. */ readonly displayName: pulumi.Output; /** * The enablement state of the custom module. * Possible values are: `ENABLED`, `DISABLED`. */ readonly enablementState: pulumi.Output; /** * Numerical ID of the parent folder. */ readonly folder: pulumi.Output; /** * The editor that last updated the custom module. */ readonly lastEditor: pulumi.Output; /** * The resource name of the custom module. Its format is "folders/{folder_id}/securityHealthAnalyticsSettings/customModules/{customModule}". * The id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits. */ readonly name: pulumi.Output; /** * The time at which the custom module was last updated. * A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and * up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". */ readonly updateTime: pulumi.Output; /** * Create a FolderCustomModule resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: FolderCustomModuleArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering FolderCustomModule resources. */ export interface FolderCustomModuleState { /** * If empty, indicates that the custom module was created in the organization, folder, * or project in which you are viewing the custom module. Otherwise, ancestorModule * specifies the organization or folder from which the custom module is inherited. */ ancestorModule?: pulumi.Input; /** * The user specified custom configuration for the module. * Structure is documented below. */ customConfig?: pulumi.Input; /** * The display name of the Security Health Analytics custom module. This * display name becomes the finding category for all findings that are * returned by this custom module. The display name must be between 1 and * 128 characters, start with a lowercase letter, and contain alphanumeric * characters or underscores only. */ displayName?: pulumi.Input; /** * The enablement state of the custom module. * Possible values are: `ENABLED`, `DISABLED`. */ enablementState?: pulumi.Input; /** * Numerical ID of the parent folder. */ folder?: pulumi.Input; /** * The editor that last updated the custom module. */ lastEditor?: pulumi.Input; /** * The resource name of the custom module. Its format is "folders/{folder_id}/securityHealthAnalyticsSettings/customModules/{customModule}". * The id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits. */ name?: pulumi.Input; /** * The time at which the custom module was last updated. * A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and * up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". */ updateTime?: pulumi.Input; } /** * The set of arguments for constructing a FolderCustomModule resource. */ export interface FolderCustomModuleArgs { /** * The user specified custom configuration for the module. * Structure is documented below. */ customConfig: pulumi.Input; /** * The display name of the Security Health Analytics custom module. This * display name becomes the finding category for all findings that are * returned by this custom module. The display name must be between 1 and * 128 characters, start with a lowercase letter, and contain alphanumeric * characters or underscores only. */ displayName: pulumi.Input; /** * The enablement state of the custom module. * Possible values are: `ENABLED`, `DISABLED`. */ enablementState: pulumi.Input; /** * Numerical ID of the parent folder. */ folder: pulumi.Input; }