Package com.pulumi.gcp.organizations
Class Policy
- java.lang.Object
-
- com.pulumi.resources.Resource
-
- com.pulumi.resources.CustomResource
-
- com.pulumi.gcp.organizations.Policy
-
public class Policy extends com.pulumi.resources.CustomResourceAllows management of Organization Policies for a Google Cloud Organization. > **Warning:** This resource has been superseded by `gcp.orgpolicy.Policy`. `gcp.orgpolicy.Policy` uses Organization Policy API V2 instead of Cloud Resource Manager API V1 and it supports additional features such as tags and conditions. To get more information about Organization Policies, see: * [API documentation](https://cloud.google.com/resource-manager/reference/rest/v1/organizations/setOrgPolicy) * How-to Guides * [Introduction to the Organization Policy Service](https://cloud.google.com/resource-manager/docs/organization-policy/overview) ## Example Usage To set policy with a [boolean constraint](https://cloud.google.com/resource-manager/docs/organization-policy/quickstart-boolean-constraints): ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.organizations.Policy; import com.pulumi.gcp.organizations.PolicyArgs; import com.pulumi.gcp.organizations.inputs.PolicyBooleanPolicyArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var serialPortPolicy = new Policy("serialPortPolicy", PolicyArgs.builder() .booleanPolicy(PolicyBooleanPolicyArgs.builder() .enforced(true) .build()) .constraint("compute.disableSerialPortAccess") .orgId("123456789") .build()); } } ``` To set a policy with a [list constraint](https://cloud.google.com/resource-manager/docs/organization-policy/quickstart-list-constraints): ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.organizations.Policy; import com.pulumi.gcp.organizations.PolicyArgs; import com.pulumi.gcp.organizations.inputs.PolicyListPolicyArgs; import com.pulumi.gcp.organizations.inputs.PolicyListPolicyAllowArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var servicesPolicy = new Policy("servicesPolicy", PolicyArgs.builder() .constraint("serviceuser.services") .listPolicy(PolicyListPolicyArgs.builder() .allow(PolicyListPolicyAllowArgs.builder() .all(true) .build()) .build()) .orgId("123456789") .build()); } } ``` Or to deny some services, use the following instead: ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.organizations.Policy; import com.pulumi.gcp.organizations.PolicyArgs; import com.pulumi.gcp.organizations.inputs.PolicyListPolicyArgs; import com.pulumi.gcp.organizations.inputs.PolicyListPolicyDenyArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var servicesPolicy = new Policy("servicesPolicy", PolicyArgs.builder() .constraint("serviceuser.services") .listPolicy(PolicyListPolicyArgs.builder() .deny(PolicyListPolicyDenyArgs.builder() .values("cloudresourcemanager.googleapis.com") .build()) .suggestedValue("compute.googleapis.com") .build()) .orgId("123456789") .build()); } } ``` To restore the default organization policy, use the following instead: ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.organizations.Policy; import com.pulumi.gcp.organizations.PolicyArgs; import com.pulumi.gcp.organizations.inputs.PolicyRestorePolicyArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var servicesPolicy = new Policy("servicesPolicy", PolicyArgs.builder() .constraint("serviceuser.services") .orgId("123456789") .restorePolicy(PolicyRestorePolicyArgs.builder() .default_(true) .build()) .build()); } } ``` ## Import Organization Policies can be imported using the `org_id` and the `constraint`, e.g. * `{{org_id}}/constraints/{{constraint}}` In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Organization Policies using one of the formats above. For exampletf import { id = "{{org_id}}/constraints/{{constraint}}" to = google_organization_policy.default } ```sh $ pulumi import gcp:organizations/policy:Policy When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Organization Policies can be imported using one of the formats above. For example ``` ```sh $ pulumi import gcp:organizations/policy:Policy default {{org_id}}/constraints/{{constraint}} ``` It is all right if the constraint contains a slash, as in the example above.
-
-
Constructor Summary
Constructors Constructor Description Policy(java.lang.String name)Policy(java.lang.String name, PolicyArgs args)Policy(java.lang.String name, PolicyArgs args, com.pulumi.resources.CustomResourceOptions options)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description com.pulumi.core.Output<java.util.Optional<PolicyBooleanPolicy>>booleanPolicy()com.pulumi.core.Output<java.lang.String>constraint()com.pulumi.core.Output<java.lang.String>etag()static Policyget(java.lang.String name, com.pulumi.core.Output<java.lang.String> id, PolicyState state, com.pulumi.resources.CustomResourceOptions options)Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.com.pulumi.core.Output<java.util.Optional<PolicyListPolicy>>listPolicy()com.pulumi.core.Output<java.lang.String>orgId()com.pulumi.core.Output<java.util.Optional<PolicyRestorePolicy>>restorePolicy()com.pulumi.core.Output<java.lang.String>updateTime()com.pulumi.core.Output<java.lang.Integer>version()
-
-
-
Constructor Detail
-
Policy
public Policy(java.lang.String name)
- Parameters:
name- The _unique_ name of the resulting resource.
-
Policy
public Policy(java.lang.String name, PolicyArgs args)- Parameters:
name- The _unique_ name of the resulting resource.args- The arguments to use to populate this resource's properties.
-
Policy
public Policy(java.lang.String name, PolicyArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options)- Parameters:
name- The _unique_ name of the resulting resource.args- The arguments to use to populate this resource's properties.options- A bag of options that control this resource's behavior.
-
-
Method Detail
-
booleanPolicy
public com.pulumi.core.Output<java.util.Optional<PolicyBooleanPolicy>> booleanPolicy()
- Returns:
- A boolean policy is a constraint that is either enforced or not. Structure is documented below.
-
constraint
public com.pulumi.core.Output<java.lang.String> constraint()
- Returns:
- The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints). ***
-
etag
public com.pulumi.core.Output<java.lang.String> etag()
- Returns:
- (Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
-
listPolicy
public com.pulumi.core.Output<java.util.Optional<PolicyListPolicy>> listPolicy()
- Returns:
- A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
-
orgId
public com.pulumi.core.Output<java.lang.String> orgId()
- Returns:
- The numeric ID of the organization to set the policy for.
-
restorePolicy
public com.pulumi.core.Output<java.util.Optional<PolicyRestorePolicy>> restorePolicy()
- Returns:
- A restore policy is a constraint to restore the default policy. Structure is documented below. > **Note:** If none of [`boolean_policy`, `list_policy`, `restore_policy`] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'. ***
-
updateTime
public com.pulumi.core.Output<java.lang.String> updateTime()
- Returns:
- (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
-
version
public com.pulumi.core.Output<java.lang.Integer> version()
- Returns:
- Version of the Policy. Default version is 0.
-
get
public static Policy get(java.lang.String name, com.pulumi.core.Output<java.lang.String> id, @Nullable PolicyState state, @Nullable com.pulumi.resources.CustomResourceOptions options)
Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.- Parameters:
name- The _unique_ name of the resulting resource.id- The _unique_ provider ID of the resource to lookup.state-options- Optional settings to control the behavior of the CustomResource.
-
-