import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Represents an instance of a Security Health Analytics custom module, including * its full module name, display name, enablement state, and last updated time. * You can create a custom module at the organization, folder, or project level. * Custom modules that you create at the organization or folder level are inherited * by the child folders and projects. * * To get more information about OrganizationCustomModule, see: * * * [API documentation](https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.securityHealthAnalyticsSettings.customModules) * * How-to Guides * * [Overview of custom modules for Security Health Analytics](https://cloud.google.com/security-command-center/docs/custom-modules-sha-overview) * * ## Example Usage * * ### Scc Organization Custom Module Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const example = new gcp.securitycenter.OrganizationCustomModule("example", { * organization: "123456789", * displayName: "basic_custom_module", * enablementState: "ENABLED", * customConfig: { * predicate: { * expression: "resource.rotationPeriod > duration(\"2592000s\")", * }, * resourceSelector: { * resourceTypes: ["cloudkms.googleapis.com/CryptoKey"], * }, * description: "The rotation period of the identified cryptokey resource exceeds 30 days.", * recommendation: "Set the rotation period to at most 30 days.", * severity: "MEDIUM", * }, * }); * ``` * ### Scc Organization Custom Module Full * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const example = new gcp.securitycenter.OrganizationCustomModule("example", { * organization: "123456789", * displayName: "full_custom_module", * enablementState: "ENABLED", * customConfig: { * predicate: { * expression: "resource.rotationPeriod > duration(\"2592000s\")", * title: "Purpose of the expression", * description: "description of the expression", * location: "location of the expression", * }, * customOutput: { * properties: [{ * name: "duration", * valueExpression: { * expression: "resource.rotationPeriod", * title: "Purpose of the expression", * description: "description of the expression", * location: "location of the expression", * }, * }], * }, * resourceSelector: { * resourceTypes: ["cloudkms.googleapis.com/CryptoKey"], * }, * severity: "LOW", * description: "Description of the custom module", * recommendation: "Steps to resolve violation", * }, * }); * ``` * * ## Import * * OrganizationCustomModule can be imported using any of these accepted formats: * * * `organizations/{{organization}}/securityHealthAnalyticsSettings/customModules/{{name}}` * * * `{{organization}}/{{name}}` * * When using the `pulumi import` command, OrganizationCustomModule can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:securitycenter/organizationCustomModule:OrganizationCustomModule default organizations/{{organization}}/securityHealthAnalyticsSettings/customModules/{{name}} * ``` * * ```sh * $ pulumi import gcp:securitycenter/organizationCustomModule:OrganizationCustomModule default {{organization}}/{{name}} * ``` */ export declare class OrganizationCustomModule extends pulumi.CustomResource { /** * Get an existing OrganizationCustomModule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: OrganizationCustomModuleState, opts?: pulumi.CustomResourceOptions): OrganizationCustomModule; /** * Returns true if the given object is an instance of OrganizationCustomModule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is OrganizationCustomModule; /** * If empty, indicates that the custom module was created in the organization, folder, * or project in which you are viewing the custom module. Otherwise, ancestorModule * specifies the organization or folder from which the custom module is inherited. */ readonly ancestorModule: pulumi.Output; /** * The user specified custom configuration for the module. * Structure is documented below. */ readonly customConfig: pulumi.Output; /** * The display name of the Security Health Analytics custom module. This * display name becomes the finding category for all findings that are * returned by this custom module. The display name must be between 1 and * 128 characters, start with a lowercase letter, and contain alphanumeric * characters or underscores only. */ readonly displayName: pulumi.Output; /** * The enablement state of the custom module. * Possible values are: `ENABLED`, `DISABLED`. */ readonly enablementState: pulumi.Output; /** * The editor that last updated the custom module. */ readonly lastEditor: pulumi.Output; /** * The resource name of the custom module. Its format is "organizations/{org_id}/securityHealthAnalyticsSettings/customModules/{customModule}". * The id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits. */ readonly name: pulumi.Output; /** * Numerical ID of the parent organization. */ readonly organization: pulumi.Output; /** * The time at which the custom module was last updated. * A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and * up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". */ readonly updateTime: pulumi.Output; /** * Create a OrganizationCustomModule resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: OrganizationCustomModuleArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering OrganizationCustomModule resources. */ export interface OrganizationCustomModuleState { /** * If empty, indicates that the custom module was created in the organization, folder, * or project in which you are viewing the custom module. Otherwise, ancestorModule * specifies the organization or folder from which the custom module is inherited. */ ancestorModule?: pulumi.Input; /** * The user specified custom configuration for the module. * Structure is documented below. */ customConfig?: pulumi.Input; /** * The display name of the Security Health Analytics custom module. This * display name becomes the finding category for all findings that are * returned by this custom module. The display name must be between 1 and * 128 characters, start with a lowercase letter, and contain alphanumeric * characters or underscores only. */ displayName?: pulumi.Input; /** * The enablement state of the custom module. * Possible values are: `ENABLED`, `DISABLED`. */ enablementState?: pulumi.Input; /** * The editor that last updated the custom module. */ lastEditor?: pulumi.Input; /** * The resource name of the custom module. Its format is "organizations/{org_id}/securityHealthAnalyticsSettings/customModules/{customModule}". * The id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits. */ name?: pulumi.Input; /** * Numerical ID of the parent organization. */ organization?: pulumi.Input; /** * The time at which the custom module was last updated. * A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and * up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". */ updateTime?: pulumi.Input; } /** * The set of arguments for constructing a OrganizationCustomModule resource. */ export interface OrganizationCustomModuleArgs { /** * The user specified custom configuration for the module. * Structure is documented below. */ customConfig: pulumi.Input; /** * The display name of the Security Health Analytics custom module. This * display name becomes the finding category for all findings that are * returned by this custom module. The display name must be between 1 and * 128 characters, start with a lowercase letter, and contain alphanumeric * characters or underscores only. */ displayName: pulumi.Input; /** * The enablement state of the custom module. * Possible values are: `ENABLED`, `DISABLED`. */ enablementState: pulumi.Input; /** * Numerical ID of the parent organization. */ organization: pulumi.Input; }