Google Cloud (GCP) Classic

v6.44.0 published on Tuesday, Nov 29, 2022 by Pulumi

AccessPolicy

AccessPolicy is a container for AccessLevels (which define the necessary attributes to use GCP services) and ServicePerimeters (which define regions of services able to freely pass data within a perimeter). An access policy is globally visible within an organization, and the restrictions it specifies apply to all projects within an organization.

To get more information about AccessPolicy, see:

Warning: If you are using User ADCs (Application Default Credentials) with this resource, you must specify a billing_project and set user_project_override to true in the provider configuration. Otherwise the ACM API will return a 403 error. Your account must have the serviceusage.services.use permission on the billing_project you defined.

Example Usage

Access Context Manager Access Policy Basic

using System.Collections.Generic;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var access_policy = new Gcp.AccessContextManager.AccessPolicy("access-policy", new()
    {
        Parent = "organizations/123456789",
        Title = "Org Access Policy",
    });

});
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/accesscontextmanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := accesscontextmanager.NewAccessPolicy(ctx, "access-policy", &accesscontextmanager.AccessPolicyArgs{
			Parent: pulumi.String("organizations/123456789"),
			Title:  pulumi.String("Org Access Policy"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.accesscontextmanager.AccessPolicy;
import com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var access_policy = new AccessPolicy("access-policy", AccessPolicyArgs.builder()        
            .parent("organizations/123456789")
            .title("Org Access Policy")
            .build());

    }
}
import pulumi
import pulumi_gcp as gcp

access_policy = gcp.accesscontextmanager.AccessPolicy("access-policy",
    parent="organizations/123456789",
    title="Org Access Policy")
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const access_policy = new gcp.accesscontextmanager.AccessPolicy("access-policy", {
    parent: "organizations/123456789",
    title: "Org Access Policy",
});
resources:
  access-policy:
    type: gcp:accesscontextmanager:AccessPolicy
    properties:
      parent: organizations/123456789
      title: Org Access Policy

Access Context Manager Access Policy Scoped

using System.Collections.Generic;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var project = new Gcp.Organizations.Project("project", new()
    {
        OrgId = "123456789",
        ProjectId = "acm-test-proj-123",
    });

    var access_policy = new Gcp.AccessContextManager.AccessPolicy("access-policy", new()
    {
        Parent = "organizations/123456789",
        Scopes = project.Number.Apply(number => $"projects/{number}"),
        Title = "Scoped Access Policy",
    });

});
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/accesscontextmanager"
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		project, err := organizations.NewProject(ctx, "project", &organizations.ProjectArgs{
			OrgId:     pulumi.String("123456789"),
			ProjectId: pulumi.String("acm-test-proj-123"),
		})
		if err != nil {
			return err
		}
		_, err = accesscontextmanager.NewAccessPolicy(ctx, "access-policy", &accesscontextmanager.AccessPolicyArgs{
			Parent: pulumi.String("organizations/123456789"),
			Scopes: project.Number.ApplyT(func(number string) (string, error) {
				return fmt.Sprintf("projects/%v", number), nil
			}).(pulumi.StringOutput),
			Title: pulumi.String("Scoped Access Policy"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.Project;
import com.pulumi.gcp.organizations.ProjectArgs;
import com.pulumi.gcp.accesscontextmanager.AccessPolicy;
import com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var project = new Project("project", ProjectArgs.builder()        
            .orgId("123456789")
            .projectId("acm-test-proj-123")
            .build());

        var access_policy = new AccessPolicy("access-policy", AccessPolicyArgs.builder()        
            .parent("organizations/123456789")
            .scopes(project.number().applyValue(number -> String.format("projects/%s", number)))
            .title("Scoped Access Policy")
            .build());

    }
}
import pulumi
import pulumi_gcp as gcp

project = gcp.organizations.Project("project",
    org_id="123456789",
    project_id="acm-test-proj-123")
access_policy = gcp.accesscontextmanager.AccessPolicy("access-policy",
    parent="organizations/123456789",
    scopes=project.number.apply(lambda number: f"projects/{number}"),
    title="Scoped Access Policy")
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const project = new gcp.organizations.Project("project", {
    orgId: "123456789",
    projectId: "acm-test-proj-123",
});
const access_policy = new gcp.accesscontextmanager.AccessPolicy("access-policy", {
    parent: "organizations/123456789",
    scopes: pulumi.interpolate`projects/${project.number}`,
    title: "Scoped Access Policy",
});
resources:
  project:
    type: gcp:organizations:Project
    properties:
      orgId: '123456789'
      projectId: acm-test-proj-123
  access-policy:
    type: gcp:accesscontextmanager:AccessPolicy
    properties:
      parent: organizations/123456789
      scopes: projects/${project.number}
      title: Scoped Access Policy

Create AccessPolicy Resource

new AccessPolicy(name: string, args: AccessPolicyArgs, opts?: CustomResourceOptions);
@overload
def AccessPolicy(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 parent: Optional[str] = None,
                 scopes: Optional[str] = None,
                 title: Optional[str] = None)
@overload
def AccessPolicy(resource_name: str,
                 args: AccessPolicyArgs,
                 opts: Optional[ResourceOptions] = None)
func NewAccessPolicy(ctx *Context, name string, args AccessPolicyArgs, opts ...ResourceOption) (*AccessPolicy, error)
public AccessPolicy(string name, AccessPolicyArgs args, CustomResourceOptions? opts = null)
public AccessPolicy(String name, AccessPolicyArgs args)
public AccessPolicy(String name, AccessPolicyArgs args, CustomResourceOptions options)
type: gcp:accesscontextmanager:AccessPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AccessPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AccessPolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AccessPolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AccessPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AccessPolicyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AccessPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AccessPolicy resource accepts the following input properties:

Parent string

The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id}

Title string

Human readable title. Does not affect behavior.

Scopes string

Folder or project on which this policy is applicable. Format: folders/{{folder_id}} or projects/{{project_id}}

Parent string

The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id}

Title string

Human readable title. Does not affect behavior.

Scopes string

Folder or project on which this policy is applicable. Format: folders/{{folder_id}} or projects/{{project_id}}

parent String

The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id}

title String

Human readable title. Does not affect behavior.

scopes String

Folder or project on which this policy is applicable. Format: folders/{{folder_id}} or projects/{{project_id}}

parent string

The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id}

title string

Human readable title. Does not affect behavior.

scopes string

Folder or project on which this policy is applicable. Format: folders/{{folder_id}} or projects/{{project_id}}

parent str

The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id}

title str

Human readable title. Does not affect behavior.

scopes str

Folder or project on which this policy is applicable. Format: folders/{{folder_id}} or projects/{{project_id}}

parent String

The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id}

title String

Human readable title. Does not affect behavior.

scopes String

Folder or project on which this policy is applicable. Format: folders/{{folder_id}} or projects/{{project_id}}

Outputs

All input properties are implicitly available as output properties. Additionally, the AccessPolicy resource produces the following output properties:

CreateTime string

Time the AccessPolicy was created in UTC.

Id string

The provider-assigned unique ID for this managed resource.

Name string

Resource name of the AccessPolicy. Format: {policy_id}

UpdateTime string

Time the AccessPolicy was updated in UTC.

CreateTime string

Time the AccessPolicy was created in UTC.

Id string

The provider-assigned unique ID for this managed resource.

Name string

Resource name of the AccessPolicy. Format: {policy_id}

UpdateTime string

Time the AccessPolicy was updated in UTC.

createTime String

Time the AccessPolicy was created in UTC.

id String

The provider-assigned unique ID for this managed resource.

name String

Resource name of the AccessPolicy. Format: {policy_id}

updateTime String

Time the AccessPolicy was updated in UTC.

createTime string

Time the AccessPolicy was created in UTC.

id string

The provider-assigned unique ID for this managed resource.

name string

Resource name of the AccessPolicy. Format: {policy_id}

updateTime string

Time the AccessPolicy was updated in UTC.

create_time str

Time the AccessPolicy was created in UTC.

id str

The provider-assigned unique ID for this managed resource.

name str

Resource name of the AccessPolicy. Format: {policy_id}

update_time str

Time the AccessPolicy was updated in UTC.

createTime String

Time the AccessPolicy was created in UTC.

id String

The provider-assigned unique ID for this managed resource.

name String

Resource name of the AccessPolicy. Format: {policy_id}

updateTime String

Time the AccessPolicy was updated in UTC.

Look up Existing AccessPolicy Resource

Get an existing AccessPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AccessPolicyState, opts?: CustomResourceOptions): AccessPolicy
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        create_time: Optional[str] = None,
        name: Optional[str] = None,
        parent: Optional[str] = None,
        scopes: Optional[str] = None,
        title: Optional[str] = None,
        update_time: Optional[str] = None) -> AccessPolicy
func GetAccessPolicy(ctx *Context, name string, id IDInput, state *AccessPolicyState, opts ...ResourceOption) (*AccessPolicy, error)
public static AccessPolicy Get(string name, Input<string> id, AccessPolicyState? state, CustomResourceOptions? opts = null)
public static AccessPolicy get(String name, Output<String> id, AccessPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
CreateTime string

Time the AccessPolicy was created in UTC.

Name string

Resource name of the AccessPolicy. Format: {policy_id}

Parent string

The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id}

Scopes string

Folder or project on which this policy is applicable. Format: folders/{{folder_id}} or projects/{{project_id}}

Title string

Human readable title. Does not affect behavior.

UpdateTime string

Time the AccessPolicy was updated in UTC.

CreateTime string

Time the AccessPolicy was created in UTC.

Name string

Resource name of the AccessPolicy. Format: {policy_id}

Parent string

The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id}

Scopes string

Folder or project on which this policy is applicable. Format: folders/{{folder_id}} or projects/{{project_id}}

Title string

Human readable title. Does not affect behavior.

UpdateTime string

Time the AccessPolicy was updated in UTC.

createTime String

Time the AccessPolicy was created in UTC.

name String

Resource name of the AccessPolicy. Format: {policy_id}

parent String

The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id}

scopes String

Folder or project on which this policy is applicable. Format: folders/{{folder_id}} or projects/{{project_id}}

title String

Human readable title. Does not affect behavior.

updateTime String

Time the AccessPolicy was updated in UTC.

createTime string

Time the AccessPolicy was created in UTC.

name string

Resource name of the AccessPolicy. Format: {policy_id}

parent string

The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id}

scopes string

Folder or project on which this policy is applicable. Format: folders/{{folder_id}} or projects/{{project_id}}

title string

Human readable title. Does not affect behavior.

updateTime string

Time the AccessPolicy was updated in UTC.

create_time str

Time the AccessPolicy was created in UTC.

name str

Resource name of the AccessPolicy. Format: {policy_id}

parent str

The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id}

scopes str

Folder or project on which this policy is applicable. Format: folders/{{folder_id}} or projects/{{project_id}}

title str

Human readable title. Does not affect behavior.

update_time str

Time the AccessPolicy was updated in UTC.

createTime String

Time the AccessPolicy was created in UTC.

name String

Resource name of the AccessPolicy. Format: {policy_id}

parent String

The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id}

scopes String

Folder or project on which this policy is applicable. Format: folders/{{folder_id}} or projects/{{project_id}}

title String

Human readable title. Does not affect behavior.

updateTime String

Time the AccessPolicy was updated in UTC.

Import

AccessPolicy can be imported using any of these accepted formats

 $ pulumi import gcp:accesscontextmanager/accessPolicy:AccessPolicy default {{name}}

Package Details

Repository
https://github.com/pulumi/pulumi-gcp
License
Apache-2.0
Notes

This Pulumi package is based on the google-beta Terraform Provider.