Docs Home
Packages
Google Cloud Classic v8.3.1 published on Wednesday, Sep 25, 2024 by Pulumi
gcp.organizations.Policy
Explore with Pulumi AI
Allows management of Organization Policies for a Google Cloud Organization.
Warning: This resource has been superseded by
gcp.orgpolicy.Policy.gcp.orgpolicy.Policyuses Organization Policy API V2 instead of Cloud Resource Manager API V1 and it supports additional features such as tags and conditions.
To get more information about Organization Policies, see:
Example Usage
To set policy with a boolean constraint:
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const serialPortPolicy = new gcp.organizations.Policy("serial_port_policy", {
orgId: "123456789",
constraint: "compute.disableSerialPortAccess",
booleanPolicy: {
enforced: true,
},
});
import pulumi
import pulumi_gcp as gcp
serial_port_policy = gcp.organizations.Policy("serial_port_policy",
org_id="123456789",
constraint="compute.disableSerialPortAccess",
boolean_policy={
"enforced": True,
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := organizations.NewPolicy(ctx, "serial_port_policy", &organizations.PolicyArgs{
OrgId: pulumi.String("123456789"),
Constraint: pulumi.String("compute.disableSerialPortAccess"),
BooleanPolicy: &organizations.PolicyBooleanPolicyArgs{
Enforced: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var serialPortPolicy = new Gcp.Organizations.Policy("serial_port_policy", new()
{
OrgId = "123456789",
Constraint = "compute.disableSerialPortAccess",
BooleanPolicy = new Gcp.Organizations.Inputs.PolicyBooleanPolicyArgs
{
Enforced = true,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.Policy;
import com.pulumi.gcp.organizations.PolicyArgs;
import com.pulumi.gcp.organizations.inputs.PolicyBooleanPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var serialPortPolicy = new Policy("serialPortPolicy", PolicyArgs.builder()
.orgId("123456789")
.constraint("compute.disableSerialPortAccess")
.booleanPolicy(PolicyBooleanPolicyArgs.builder()
.enforced(true)
.build())
.build());
}
}
resources:
serialPortPolicy:
type: gcp:organizations:Policy
name: serial_port_policy
properties:
orgId: '123456789'
constraint: compute.disableSerialPortAccess
booleanPolicy:
enforced: true
To set a policy with a list constraint:
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const servicesPolicy = new gcp.organizations.Policy("services_policy", {
orgId: "123456789",
constraint: "serviceuser.services",
listPolicy: {
allow: {
all: true,
},
},
});
import pulumi
import pulumi_gcp as gcp
services_policy = gcp.organizations.Policy("services_policy",
org_id="123456789",
constraint="serviceuser.services",
list_policy={
"allow": {
"all": True,
},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := organizations.NewPolicy(ctx, "services_policy", &organizations.PolicyArgs{
OrgId: pulumi.String("123456789"),
Constraint: pulumi.String("serviceuser.services"),
ListPolicy: &organizations.PolicyListPolicyArgs{
Allow: &organizations.PolicyListPolicyAllowArgs{
All: pulumi.Bool(true),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var servicesPolicy = new Gcp.Organizations.Policy("services_policy", new()
{
OrgId = "123456789",
Constraint = "serviceuser.services",
ListPolicy = new Gcp.Organizations.Inputs.PolicyListPolicyArgs
{
Allow = new Gcp.Organizations.Inputs.PolicyListPolicyAllowArgs
{
All = true,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.Policy;
import com.pulumi.gcp.organizations.PolicyArgs;
import com.pulumi.gcp.organizations.inputs.PolicyListPolicyArgs;
import com.pulumi.gcp.organizations.inputs.PolicyListPolicyAllowArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var servicesPolicy = new Policy("servicesPolicy", PolicyArgs.builder()
.orgId("123456789")
.constraint("serviceuser.services")
.listPolicy(PolicyListPolicyArgs.builder()
.allow(PolicyListPolicyAllowArgs.builder()
.all(true)
.build())
.build())
.build());
}
}
resources:
servicesPolicy:
type: gcp:organizations:Policy
name: services_policy
properties:
orgId: '123456789'
constraint: serviceuser.services
listPolicy:
allow:
all: true
Or to deny some services, use the following instead:
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const servicesPolicy = new gcp.organizations.Policy("services_policy", {
orgId: "123456789",
constraint: "serviceuser.services",
listPolicy: {
suggestedValue: "compute.googleapis.com",
deny: {
values: ["cloudresourcemanager.googleapis.com"],
},
},
});
import pulumi
import pulumi_gcp as gcp
services_policy = gcp.organizations.Policy("services_policy",
org_id="123456789",
constraint="serviceuser.services",
list_policy={
"suggested_value": "compute.googleapis.com",
"deny": {
"values": ["cloudresourcemanager.googleapis.com"],
},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := organizations.NewPolicy(ctx, "services_policy", &organizations.PolicyArgs{
OrgId: pulumi.String("123456789"),
Constraint: pulumi.String("serviceuser.services"),
ListPolicy: &organizations.PolicyListPolicyArgs{
SuggestedValue: pulumi.String("compute.googleapis.com"),
Deny: &organizations.PolicyListPolicyDenyArgs{
Values: pulumi.StringArray{
pulumi.String("cloudresourcemanager.googleapis.com"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var servicesPolicy = new Gcp.Organizations.Policy("services_policy", new()
{
OrgId = "123456789",
Constraint = "serviceuser.services",
ListPolicy = new Gcp.Organizations.Inputs.PolicyListPolicyArgs
{
SuggestedValue = "compute.googleapis.com",
Deny = new Gcp.Organizations.Inputs.PolicyListPolicyDenyArgs
{
Values = new[]
{
"cloudresourcemanager.googleapis.com",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.Policy;
import com.pulumi.gcp.organizations.PolicyArgs;
import com.pulumi.gcp.organizations.inputs.PolicyListPolicyArgs;
import com.pulumi.gcp.organizations.inputs.PolicyListPolicyDenyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var servicesPolicy = new Policy("servicesPolicy", PolicyArgs.builder()
.orgId("123456789")
.constraint("serviceuser.services")
.listPolicy(PolicyListPolicyArgs.builder()
.suggestedValue("compute.googleapis.com")
.deny(PolicyListPolicyDenyArgs.builder()
.values("cloudresourcemanager.googleapis.com")
.build())
.build())
.build());
}
}
resources:
servicesPolicy:
type: gcp:organizations:Policy
name: services_policy
properties:
orgId: '123456789'
constraint: serviceuser.services
listPolicy:
suggestedValue: compute.googleapis.com
deny:
values:
- cloudresourcemanager.googleapis.com
To restore the default organization policy, use the following instead:
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const servicesPolicy = new gcp.organizations.Policy("services_policy", {
orgId: "123456789",
constraint: "serviceuser.services",
restorePolicy: {
"default": true,
},
});
import pulumi
import pulumi_gcp as gcp
services_policy = gcp.organizations.Policy("services_policy",
org_id="123456789",
constraint="serviceuser.services",
restore_policy={
"default": True,
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := organizations.NewPolicy(ctx, "services_policy", &organizations.PolicyArgs{
OrgId: pulumi.String("123456789"),
Constraint: pulumi.String("serviceuser.services"),
RestorePolicy: &organizations.PolicyRestorePolicyArgs{
Default: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var servicesPolicy = new Gcp.Organizations.Policy("services_policy", new()
{
OrgId = "123456789",
Constraint = "serviceuser.services",
RestorePolicy = new Gcp.Organizations.Inputs.PolicyRestorePolicyArgs
{
Default = true,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.Policy;
import com.pulumi.gcp.organizations.PolicyArgs;
import com.pulumi.gcp.organizations.inputs.PolicyRestorePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var servicesPolicy = new Policy("servicesPolicy", PolicyArgs.builder()
.orgId("123456789")
.constraint("serviceuser.services")
.restorePolicy(PolicyRestorePolicyArgs.builder()
.default_(true)
.build())
.build());
}
}
resources:
servicesPolicy:
type: gcp:organizations:Policy
name: services_policy
properties:
orgId: '123456789'
constraint: serviceuser.services
restorePolicy:
default: true
Create Policy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Policy(name: string, args: PolicyArgs, opts?: CustomResourceOptions);@overload
def Policy(resource_name: str,
args: PolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Policy(resource_name: str,
opts: Optional[ResourceOptions] = None,
constraint: Optional[str] = None,
org_id: Optional[str] = None,
boolean_policy: Optional[PolicyBooleanPolicyArgs] = None,
list_policy: Optional[PolicyListPolicyArgs] = None,
restore_policy: Optional[PolicyRestorePolicyArgs] = None,
version: Optional[int] = None)func NewPolicy(ctx *Context, name string, args PolicyArgs, opts ...ResourceOption) (*Policy, error)public Policy(string name, PolicyArgs args, CustomResourceOptions? opts = null)
public Policy(String name, PolicyArgs args)
public Policy(String name, PolicyArgs args, CustomResourceOptions options)
type: gcp:organizations:Policy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var examplepolicyResourceResourceFromOrganizationspolicy = new Gcp.Organizations.Policy("examplepolicyResourceResourceFromOrganizationspolicy", new()
{
Constraint = "string",
OrgId = "string",
BooleanPolicy = new Gcp.Organizations.Inputs.PolicyBooleanPolicyArgs
{
Enforced = false,
},
ListPolicy = new Gcp.Organizations.Inputs.PolicyListPolicyArgs
{
Allow = new Gcp.Organizations.Inputs.PolicyListPolicyAllowArgs
{
All = false,
Values = new[]
{
"string",
},
},
Deny = new Gcp.Organizations.Inputs.PolicyListPolicyDenyArgs
{
All = false,
Values = new[]
{
"string",
},
},
InheritFromParent = false,
SuggestedValue = "string",
},
RestorePolicy = new Gcp.Organizations.Inputs.PolicyRestorePolicyArgs
{
Default = false,
},
Version = 0,
});
example, err := organizations.NewPolicy(ctx, "examplepolicyResourceResourceFromOrganizationspolicy", &organizations.PolicyArgs{
Constraint: pulumi.String("string"),
OrgId: pulumi.String("string"),
BooleanPolicy: &organizations.PolicyBooleanPolicyArgs{
Enforced: pulumi.Bool(false),
},
ListPolicy: &organizations.PolicyListPolicyArgs{
Allow: &organizations.PolicyListPolicyAllowArgs{
All: pulumi.Bool(false),
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
Deny: &organizations.PolicyListPolicyDenyArgs{
All: pulumi.Bool(false),
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
InheritFromParent: pulumi.Bool(false),
SuggestedValue: pulumi.String("string"),
},
RestorePolicy: &organizations.PolicyRestorePolicyArgs{
Default: pulumi.Bool(false),
},
Version: pulumi.Int(0),
})
var examplepolicyResourceResourceFromOrganizationspolicy = new Policy("examplepolicyResourceResourceFromOrganizationspolicy", PolicyArgs.builder()
.constraint("string")
.orgId("string")
.booleanPolicy(PolicyBooleanPolicyArgs.builder()
.enforced(false)
.build())
.listPolicy(PolicyListPolicyArgs.builder()
.allow(PolicyListPolicyAllowArgs.builder()
.all(false)
.values("string")
.build())
.deny(PolicyListPolicyDenyArgs.builder()
.all(false)
.values("string")
.build())
.inheritFromParent(false)
.suggestedValue("string")
.build())
.restorePolicy(PolicyRestorePolicyArgs.builder()
.default_(false)
.build())
.version(0)
.build());
examplepolicy_resource_resource_from_organizationspolicy = gcp.organizations.Policy("examplepolicyResourceResourceFromOrganizationspolicy",
constraint="string",
org_id="string",
boolean_policy={
"enforced": False,
},
list_policy={
"allow": {
"all": False,
"values": ["string"],
},
"deny": {
"all": False,
"values": ["string"],
},
"inheritFromParent": False,
"suggestedValue": "string",
},
restore_policy={
"default": False,
},
version=0)
const examplepolicyResourceResourceFromOrganizationspolicy = new gcp.organizations.Policy("examplepolicyResourceResourceFromOrganizationspolicy", {
constraint: "string",
orgId: "string",
booleanPolicy: {
enforced: false,
},
listPolicy: {
allow: {
all: false,
values: ["string"],
},
deny: {
all: false,
values: ["string"],
},
inheritFromParent: false,
suggestedValue: "string",
},
restorePolicy: {
"default": false,
},
version: 0,
});
type: gcp:organizations:Policy
properties:
booleanPolicy:
enforced: false
constraint: string
listPolicy:
allow:
all: false
values:
- string
deny:
all: false
values:
- string
inheritFromParent: false
suggestedValue: string
orgId: string
restorePolicy:
default: false
version: 0
Policy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Policy resource accepts the following input properties:
- Constraint string
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - Org
Id string - The numeric ID of the organization to set the policy for.
- Boolean
Policy PolicyBoolean Policy - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- List
Policy PolicyList Policy - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- Restore
Policy PolicyRestore Policy A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- Version int
- Version of the Policy. Default version is 0.
- Constraint string
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - Org
Id string - The numeric ID of the organization to set the policy for.
- Boolean
Policy PolicyBoolean Policy Args - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- List
Policy PolicyList Policy Args - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- Restore
Policy PolicyRestore Policy Args A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- Version int
- Version of the Policy. Default version is 0.
- constraint String
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - org
Id String - The numeric ID of the organization to set the policy for.
- boolean
Policy PolicyBoolean Policy - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- list
Policy PolicyList Policy - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- restore
Policy PolicyRestore Policy A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- version Integer
- Version of the Policy. Default version is 0.
- constraint string
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - org
Id string - The numeric ID of the organization to set the policy for.
- boolean
Policy PolicyBoolean Policy - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- list
Policy PolicyList Policy - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- restore
Policy PolicyRestore Policy A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- version number
- Version of the Policy. Default version is 0.
- constraint str
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - org_
id str - The numeric ID of the organization to set the policy for.
- boolean_
policy PolicyBoolean Policy Args - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- list_
policy PolicyList Policy Args - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- restore_
policy PolicyRestore Policy Args A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- version int
- Version of the Policy. Default version is 0.
- constraint String
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - org
Id String - The numeric ID of the organization to set the policy for.
- boolean
Policy Property Map - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- list
Policy Property Map - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- restore
Policy Property Map A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- version Number
- Version of the Policy. Default version is 0.
Outputs
All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:
- Etag string
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - Id string
- The provider-assigned unique ID for this managed resource.
- Update
Time string - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- Etag string
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - Id string
- The provider-assigned unique ID for this managed resource.
- Update
Time string - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- etag String
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - id String
- The provider-assigned unique ID for this managed resource.
- update
Time String - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- etag string
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - id string
- The provider-assigned unique ID for this managed resource.
- update
Time string - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- etag str
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - id str
- The provider-assigned unique ID for this managed resource.
- update_
time str - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- etag String
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - id String
- The provider-assigned unique ID for this managed resource.
- update
Time String - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
Look up Existing Policy Resource
Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyState, opts?: CustomResourceOptions): Policy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
boolean_policy: Optional[PolicyBooleanPolicyArgs] = None,
constraint: Optional[str] = None,
etag: Optional[str] = None,
list_policy: Optional[PolicyListPolicyArgs] = None,
org_id: Optional[str] = None,
restore_policy: Optional[PolicyRestorePolicyArgs] = None,
update_time: Optional[str] = None,
version: Optional[int] = None) -> Policyfunc GetPolicy(ctx *Context, name string, id IDInput, state *PolicyState, opts ...ResourceOption) (*Policy, error)public static Policy Get(string name, Input<string> id, PolicyState? state, CustomResourceOptions? opts = null)public static Policy get(String name, Output<String> id, PolicyState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Boolean
Policy PolicyBoolean Policy - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- Constraint string
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - Etag string
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - List
Policy PolicyList Policy - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- Org
Id string - The numeric ID of the organization to set the policy for.
- Restore
Policy PolicyRestore Policy A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- Update
Time string - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- Version int
- Version of the Policy. Default version is 0.
- Boolean
Policy PolicyBoolean Policy Args - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- Constraint string
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - Etag string
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - List
Policy PolicyList Policy Args - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- Org
Id string - The numeric ID of the organization to set the policy for.
- Restore
Policy PolicyRestore Policy Args A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- Update
Time string - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- Version int
- Version of the Policy. Default version is 0.
- boolean
Policy PolicyBoolean Policy - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- constraint String
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - etag String
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - list
Policy PolicyList Policy - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- org
Id String - The numeric ID of the organization to set the policy for.
- restore
Policy PolicyRestore Policy A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- update
Time String - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- version Integer
- Version of the Policy. Default version is 0.
- boolean
Policy PolicyBoolean Policy - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- constraint string
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - etag string
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - list
Policy PolicyList Policy - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- org
Id string - The numeric ID of the organization to set the policy for.
- restore
Policy PolicyRestore Policy A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- update
Time string - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- version number
- Version of the Policy. Default version is 0.
- boolean_
policy PolicyBoolean Policy Args - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- constraint str
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - etag str
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - list_
policy PolicyList Policy Args - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- org_
id str - The numeric ID of the organization to set the policy for.
- restore_
policy PolicyRestore Policy Args A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- update_
time str - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- version int
- Version of the Policy. Default version is 0.
- boolean
Policy Property Map - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- constraint String
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - etag String
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - list
Policy Property Map - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- org
Id String - The numeric ID of the organization to set the policy for.
- restore
Policy Property Map A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- update
Time String - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- version Number
- Version of the Policy. Default version is 0.
Supporting Types
PolicyBooleanPolicy, PolicyBooleanPolicyArgs
- Enforced bool
- If true, then the Policy is enforced. If false, then any configuration is acceptable.
- Enforced bool
- If true, then the Policy is enforced. If false, then any configuration is acceptable.
- enforced Boolean
- If true, then the Policy is enforced. If false, then any configuration is acceptable.
- enforced boolean
- If true, then the Policy is enforced. If false, then any configuration is acceptable.
- enforced bool
- If true, then the Policy is enforced. If false, then any configuration is acceptable.
- enforced Boolean
- If true, then the Policy is enforced. If false, then any configuration is acceptable.
PolicyListPolicy, PolicyListPolicyArgs
- Allow
Policy
List Policy Allow - or
deny- (Optional) One or the other must be set. - Deny
Policy
List Policy Deny - One or the other must be set.
- Inherit
From boolParent If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
The
allowordenyblocks support:- Suggested
Value string - The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
- Allow
Policy
List Policy Allow - or
deny- (Optional) One or the other must be set. - Deny
Policy
List Policy Deny - One or the other must be set.
- Inherit
From boolParent If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
The
allowordenyblocks support:- Suggested
Value string - The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
- allow
Policy
List Policy Allow - or
deny- (Optional) One or the other must be set. - deny
Policy
List Policy Deny - One or the other must be set.
- inherit
From BooleanParent If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
The
allowordenyblocks support:- suggested
Value String - The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
- allow
Policy
List Policy Allow - or
deny- (Optional) One or the other must be set. - deny
Policy
List Policy Deny - One or the other must be set.
- inherit
From booleanParent If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
The
allowordenyblocks support:- suggested
Value string - The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
- allow
Policy
List Policy Allow - or
deny- (Optional) One or the other must be set. - deny
Policy
List Policy Deny - One or the other must be set.
- inherit_
from_ boolparent If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
The
allowordenyblocks support:- suggested_
value str - The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
- allow Property Map
- or
deny- (Optional) One or the other must be set. - deny Property Map
- One or the other must be set.
- inherit
From BooleanParent If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
The
allowordenyblocks support:- suggested
Value String - The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
PolicyListPolicyAllow, PolicyListPolicyAllowArgs
PolicyListPolicyDeny, PolicyListPolicyDenyArgs
PolicyRestorePolicy, PolicyRestorePolicyArgs
- Default bool
- May only be set to true. If set, then the default Policy is restored.
- Default bool
- May only be set to true. If set, then the default Policy is restored.
- default_ Boolean
- May only be set to true. If set, then the default Policy is restored.
- default boolean
- May only be set to true. If set, then the default Policy is restored.
- default bool
- May only be set to true. If set, then the default Policy is restored.
- default Boolean
- May only be set to true. If set, then the default Policy is restored.
Import
Organization Policies can be imported using the org_id and the constraint, e.g.
{{org_id}}/constraints/{{constraint}}
When using the pulumi import command, Organization Policies can be imported using one of the formats above. For example:
$ pulumi import gcp:organizations/policy:Policy default {{org_id}}/constraints/{{constraint}}
It is all right if the constraint contains a slash, as in the example above.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.