Google Cloud (GCP) Classic

Pulumi Official
Package maintained by Pulumi
v6.25.0 published on Wednesday, May 25, 2022 by Pulumi

DenyPolicy

Import

DenyPolicy can be imported using any of these accepted formats

 $ pulumi import gcp:iam/denyPolicy:DenyPolicy default {{parent}}/{{name}}

Create a DenyPolicy Resource

new DenyPolicy(name: string, args: DenyPolicyArgs, opts?: CustomResourceOptions);
@overload
def DenyPolicy(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               display_name: Optional[str] = None,
               name: Optional[str] = None,
               parent: Optional[str] = None,
               rules: Optional[Sequence[DenyPolicyRuleArgs]] = None)
@overload
def DenyPolicy(resource_name: str,
               args: DenyPolicyArgs,
               opts: Optional[ResourceOptions] = None)
func NewDenyPolicy(ctx *Context, name string, args DenyPolicyArgs, opts ...ResourceOption) (*DenyPolicy, error)
public DenyPolicy(string name, DenyPolicyArgs args, CustomResourceOptions? opts = null)
public DenyPolicy(String name, DenyPolicyArgs args)
public DenyPolicy(String name, DenyPolicyArgs args, CustomResourceOptions options)
type: gcp:iam:DenyPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args DenyPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args DenyPolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args DenyPolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args DenyPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args DenyPolicyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

DenyPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The DenyPolicy resource accepts the following input properties:

Parent string

The attachment point is identified by its URL-encoded full resource name.

Rules List<Pulumi.Gcp.Iam.Inputs.DenyPolicyRuleArgs>

Rules to be applied. Structure is documented below.

DisplayName string

The display name of the rule.

Name string

The name of the policy.

Parent string

The attachment point is identified by its URL-encoded full resource name.

Rules []DenyPolicyRuleArgs

Rules to be applied. Structure is documented below.

DisplayName string

The display name of the rule.

Name string

The name of the policy.

parent String

The attachment point is identified by its URL-encoded full resource name.

rules List<DenyPolicyRuleArgs>

Rules to be applied. Structure is documented below.

displayName String

The display name of the rule.

name String

The name of the policy.

parent string

The attachment point is identified by its URL-encoded full resource name.

rules DenyPolicyRuleArgs[]

Rules to be applied. Structure is documented below.

displayName string

The display name of the rule.

name string

The name of the policy.

parent str

The attachment point is identified by its URL-encoded full resource name.

rules Sequence[DenyPolicyRuleArgs]

Rules to be applied. Structure is documented below.

display_name str

The display name of the rule.

name str

The name of the policy.

parent String

The attachment point is identified by its URL-encoded full resource name.

rules List<Property Map>

Rules to be applied. Structure is documented below.

displayName String

The display name of the rule.

name String

The name of the policy.

Outputs

All input properties are implicitly available as output properties. Additionally, the DenyPolicy resource produces the following output properties:

Etag string

The hash of the resource. Used internally during updates.

Id string

The provider-assigned unique ID for this managed resource.

Etag string

The hash of the resource. Used internally during updates.

Id string

The provider-assigned unique ID for this managed resource.

etag String

The hash of the resource. Used internally during updates.

id String

The provider-assigned unique ID for this managed resource.

etag string

The hash of the resource. Used internally during updates.

id string

The provider-assigned unique ID for this managed resource.

etag str

The hash of the resource. Used internally during updates.

id str

The provider-assigned unique ID for this managed resource.

etag String

The hash of the resource. Used internally during updates.

id String

The provider-assigned unique ID for this managed resource.

Look up an Existing DenyPolicy Resource

Get an existing DenyPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: DenyPolicyState, opts?: CustomResourceOptions): DenyPolicy
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        display_name: Optional[str] = None,
        etag: Optional[str] = None,
        name: Optional[str] = None,
        parent: Optional[str] = None,
        rules: Optional[Sequence[DenyPolicyRuleArgs]] = None) -> DenyPolicy
func GetDenyPolicy(ctx *Context, name string, id IDInput, state *DenyPolicyState, opts ...ResourceOption) (*DenyPolicy, error)
public static DenyPolicy Get(string name, Input<string> id, DenyPolicyState? state, CustomResourceOptions? opts = null)
public static DenyPolicy get(String name, Output<String> id, DenyPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
DisplayName string

The display name of the rule.

Etag string

The hash of the resource. Used internally during updates.

Name string

The name of the policy.

Parent string

The attachment point is identified by its URL-encoded full resource name.

Rules List<Pulumi.Gcp.Iam.Inputs.DenyPolicyRuleArgs>

Rules to be applied. Structure is documented below.

DisplayName string

The display name of the rule.

Etag string

The hash of the resource. Used internally during updates.

Name string

The name of the policy.

Parent string

The attachment point is identified by its URL-encoded full resource name.

Rules []DenyPolicyRuleArgs

Rules to be applied. Structure is documented below.

displayName String

The display name of the rule.

etag String

The hash of the resource. Used internally during updates.

name String

The name of the policy.

parent String

The attachment point is identified by its URL-encoded full resource name.

rules List<DenyPolicyRuleArgs>

Rules to be applied. Structure is documented below.

displayName string

The display name of the rule.

etag string

The hash of the resource. Used internally during updates.

name string

The name of the policy.

parent string

The attachment point is identified by its URL-encoded full resource name.

rules DenyPolicyRuleArgs[]

Rules to be applied. Structure is documented below.

display_name str

The display name of the rule.

etag str

The hash of the resource. Used internally during updates.

name str

The name of the policy.

parent str

The attachment point is identified by its URL-encoded full resource name.

rules Sequence[DenyPolicyRuleArgs]

Rules to be applied. Structure is documented below.

displayName String

The display name of the rule.

etag String

The hash of the resource. Used internally during updates.

name String

The name of the policy.

parent String

The attachment point is identified by its URL-encoded full resource name.

rules List<Property Map>

Rules to be applied. Structure is documented below.

Supporting Types

DenyPolicyRule

DenyRule Pulumi.Gcp.Iam.Inputs.DenyPolicyRuleDenyRule

A deny rule in an IAM deny policy. Structure is documented below.

Description string

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

DenyRule DenyPolicyRuleDenyRule

A deny rule in an IAM deny policy. Structure is documented below.

Description string

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

denyRule DenyPolicyRuleDenyRule

A deny rule in an IAM deny policy. Structure is documented below.

description String

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

denyRule DenyPolicyRuleDenyRule

A deny rule in an IAM deny policy. Structure is documented below.

description string

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

deny_rule DenyPolicyRuleDenyRule

A deny rule in an IAM deny policy. Structure is documented below.

description str

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

denyRule Property Map

A deny rule in an IAM deny policy. Structure is documented below.

description String

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

DenyPolicyRuleDenyRule

DenialCondition Pulumi.Gcp.Iam.Inputs.DenyPolicyRuleDenyRuleDenialCondition

User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.

DeniedPermissions List<string>

The permissions that are explicitly denied by this rule. Each permission uses the format {service-fqdn}/{resource}.{verb}, where {service-fqdn} is the fully qualified domain name for the service. For example, iam.googleapis.com/roles.list.

DeniedPrincipals List<string>

The identities that are prevented from using one or more permissions on Google Cloud resources.

ExceptionPermissions List<string>

Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions. If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied. The excluded permissions can be specified using the same syntax as deniedPermissions.

ExceptionPrincipals List<string>

The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals. For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.

DenialCondition DenyPolicyRuleDenyRuleDenialCondition

User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.

DeniedPermissions []string

The permissions that are explicitly denied by this rule. Each permission uses the format {service-fqdn}/{resource}.{verb}, where {service-fqdn} is the fully qualified domain name for the service. For example, iam.googleapis.com/roles.list.

DeniedPrincipals []string

The identities that are prevented from using one or more permissions on Google Cloud resources.

ExceptionPermissions []string

Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions. If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied. The excluded permissions can be specified using the same syntax as deniedPermissions.

ExceptionPrincipals []string

The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals. For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.

denialCondition DenyPolicyRuleDenyRuleDenialCondition

User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.

deniedPermissions List<String>

The permissions that are explicitly denied by this rule. Each permission uses the format {service-fqdn}/{resource}.{verb}, where {service-fqdn} is the fully qualified domain name for the service. For example, iam.googleapis.com/roles.list.

deniedPrincipals List<String>

The identities that are prevented from using one or more permissions on Google Cloud resources.

exceptionPermissions List<String>

Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions. If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied. The excluded permissions can be specified using the same syntax as deniedPermissions.

exceptionPrincipals List<String>

The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals. For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.

denialCondition DenyPolicyRuleDenyRuleDenialCondition

User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.

deniedPermissions string[]

The permissions that are explicitly denied by this rule. Each permission uses the format {service-fqdn}/{resource}.{verb}, where {service-fqdn} is the fully qualified domain name for the service. For example, iam.googleapis.com/roles.list.

deniedPrincipals string[]

The identities that are prevented from using one or more permissions on Google Cloud resources.

exceptionPermissions string[]

Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions. If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied. The excluded permissions can be specified using the same syntax as deniedPermissions.

exceptionPrincipals string[]

The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals. For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.

denial_condition DenyPolicyRuleDenyRuleDenialCondition

User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.

denied_permissions Sequence[str]

The permissions that are explicitly denied by this rule. Each permission uses the format {service-fqdn}/{resource}.{verb}, where {service-fqdn} is the fully qualified domain name for the service. For example, iam.googleapis.com/roles.list.

denied_principals Sequence[str]

The identities that are prevented from using one or more permissions on Google Cloud resources.

exception_permissions Sequence[str]

Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions. If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied. The excluded permissions can be specified using the same syntax as deniedPermissions.

exception_principals Sequence[str]

The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals. For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.

denialCondition Property Map

User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Structure is documented below.

deniedPermissions List<String>

The permissions that are explicitly denied by this rule. Each permission uses the format {service-fqdn}/{resource}.{verb}, where {service-fqdn} is the fully qualified domain name for the service. For example, iam.googleapis.com/roles.list.

deniedPrincipals List<String>

The identities that are prevented from using one or more permissions on Google Cloud resources.

exceptionPermissions List<String>

Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions. If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied. The excluded permissions can be specified using the same syntax as deniedPermissions.

exceptionPrincipals List<String>

The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals. For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.

DenyPolicyRuleDenyRuleDenialCondition

Expression string

Textual representation of an expression in Common Expression Language syntax.

Description string

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

Location string

String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

Title string

Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

Expression string

Textual representation of an expression in Common Expression Language syntax.

Description string

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

Location string

String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

Title string

Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

expression String

Textual representation of an expression in Common Expression Language syntax.

description String

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

location String

String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title String

Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

expression string

Textual representation of an expression in Common Expression Language syntax.

description string

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

location string

String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title string

Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

expression str

Textual representation of an expression in Common Expression Language syntax.

description str

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

location str

String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title str

Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

expression String

Textual representation of an expression in Common Expression Language syntax.

description String

Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

location String

String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

title String

Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

Package Details

Repository
https://github.com/pulumi/pulumi-gcp
License
Apache-2.0
Notes

This Pulumi package is based on the google-beta Terraform Provider.