gcp.projects.OrganizationPolicy
Explore with Pulumi AI
Allows management of Organization Policies for a Google Cloud Project.
Warning: This resource has been superseded by
gcp.orgpolicy.Policy
.gcp.orgpolicy.Policy
uses Organization Policy API V2 instead of Cloud Resource Manager API V1 and it supports additional features such as tags and conditions.
To get more information about Organization Policies, see:
Example Usage
To set policy with a
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var serialPortPolicy = new Gcp.Projects.OrganizationPolicy("serialPortPolicy", new()
{
BooleanPolicy = new Gcp.Projects.Inputs.OrganizationPolicyBooleanPolicyArgs
{
Enforced = true,
},
Constraint = "compute.disableSerialPortAccess",
Project = "your-project-id",
});
});
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := projects.NewOrganizationPolicy(ctx, "serialPortPolicy", &projects.OrganizationPolicyArgs{
BooleanPolicy: &projects.OrganizationPolicyBooleanPolicyArgs{
Enforced: pulumi.Bool(true),
},
Constraint: pulumi.String("compute.disableSerialPortAccess"),
Project: pulumi.String("your-project-id"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.projects.OrganizationPolicy;
import com.pulumi.gcp.projects.OrganizationPolicyArgs;
import com.pulumi.gcp.projects.inputs.OrganizationPolicyBooleanPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var serialPortPolicy = new OrganizationPolicy("serialPortPolicy", OrganizationPolicyArgs.builder()
.booleanPolicy(OrganizationPolicyBooleanPolicyArgs.builder()
.enforced(true)
.build())
.constraint("compute.disableSerialPortAccess")
.project("your-project-id")
.build());
}
}
import pulumi
import pulumi_gcp as gcp
serial_port_policy = gcp.projects.OrganizationPolicy("serialPortPolicy",
boolean_policy=gcp.projects.OrganizationPolicyBooleanPolicyArgs(
enforced=True,
),
constraint="compute.disableSerialPortAccess",
project="your-project-id")
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const serialPortPolicy = new gcp.projects.OrganizationPolicy("serialPortPolicy", {
booleanPolicy: {
enforced: true,
},
constraint: "compute.disableSerialPortAccess",
project: "your-project-id",
});
resources:
serialPortPolicy:
type: gcp:projects:OrganizationPolicy
properties:
booleanPolicy:
enforced: true
constraint: compute.disableSerialPortAccess
project: your-project-id
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var servicesPolicy = new Gcp.Projects.OrganizationPolicy("servicesPolicy", new()
{
Constraint = "serviceuser.services",
ListPolicy = new Gcp.Projects.Inputs.OrganizationPolicyListPolicyArgs
{
Allow = new Gcp.Projects.Inputs.OrganizationPolicyListPolicyAllowArgs
{
All = true,
},
},
Project = "your-project-id",
});
});
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := projects.NewOrganizationPolicy(ctx, "servicesPolicy", &projects.OrganizationPolicyArgs{
Constraint: pulumi.String("serviceuser.services"),
ListPolicy: &projects.OrganizationPolicyListPolicyArgs{
Allow: &projects.OrganizationPolicyListPolicyAllowArgs{
All: pulumi.Bool(true),
},
},
Project: pulumi.String("your-project-id"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.projects.OrganizationPolicy;
import com.pulumi.gcp.projects.OrganizationPolicyArgs;
import com.pulumi.gcp.projects.inputs.OrganizationPolicyListPolicyArgs;
import com.pulumi.gcp.projects.inputs.OrganizationPolicyListPolicyAllowArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var servicesPolicy = new OrganizationPolicy("servicesPolicy", OrganizationPolicyArgs.builder()
.constraint("serviceuser.services")
.listPolicy(OrganizationPolicyListPolicyArgs.builder()
.allow(OrganizationPolicyListPolicyAllowArgs.builder()
.all(true)
.build())
.build())
.project("your-project-id")
.build());
}
}
import pulumi
import pulumi_gcp as gcp
services_policy = gcp.projects.OrganizationPolicy("servicesPolicy",
constraint="serviceuser.services",
list_policy=gcp.projects.OrganizationPolicyListPolicyArgs(
allow=gcp.projects.OrganizationPolicyListPolicyAllowArgs(
all=True,
),
),
project="your-project-id")
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const servicesPolicy = new gcp.projects.OrganizationPolicy("servicesPolicy", {
constraint: "serviceuser.services",
listPolicy: {
allow: {
all: true,
},
},
project: "your-project-id",
});
resources:
servicesPolicy:
type: gcp:projects:OrganizationPolicy
properties:
constraint: serviceuser.services
listPolicy:
allow:
all: true
project: your-project-id
Or to deny some services, use the following instead
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var servicesPolicy = new Gcp.Projects.OrganizationPolicy("servicesPolicy", new()
{
Constraint = "serviceuser.services",
ListPolicy = new Gcp.Projects.Inputs.OrganizationPolicyListPolicyArgs
{
Deny = new Gcp.Projects.Inputs.OrganizationPolicyListPolicyDenyArgs
{
Values = new[]
{
"cloudresourcemanager.googleapis.com",
},
},
SuggestedValue = "compute.googleapis.com",
},
Project = "your-project-id",
});
});
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := projects.NewOrganizationPolicy(ctx, "servicesPolicy", &projects.OrganizationPolicyArgs{
Constraint: pulumi.String("serviceuser.services"),
ListPolicy: &projects.OrganizationPolicyListPolicyArgs{
Deny: &projects.OrganizationPolicyListPolicyDenyArgs{
Values: pulumi.StringArray{
pulumi.String("cloudresourcemanager.googleapis.com"),
},
},
SuggestedValue: pulumi.String("compute.googleapis.com"),
},
Project: pulumi.String("your-project-id"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.projects.OrganizationPolicy;
import com.pulumi.gcp.projects.OrganizationPolicyArgs;
import com.pulumi.gcp.projects.inputs.OrganizationPolicyListPolicyArgs;
import com.pulumi.gcp.projects.inputs.OrganizationPolicyListPolicyDenyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var servicesPolicy = new OrganizationPolicy("servicesPolicy", OrganizationPolicyArgs.builder()
.constraint("serviceuser.services")
.listPolicy(OrganizationPolicyListPolicyArgs.builder()
.deny(OrganizationPolicyListPolicyDenyArgs.builder()
.values("cloudresourcemanager.googleapis.com")
.build())
.suggestedValue("compute.googleapis.com")
.build())
.project("your-project-id")
.build());
}
}
import pulumi
import pulumi_gcp as gcp
services_policy = gcp.projects.OrganizationPolicy("servicesPolicy",
constraint="serviceuser.services",
list_policy=gcp.projects.OrganizationPolicyListPolicyArgs(
deny=gcp.projects.OrganizationPolicyListPolicyDenyArgs(
values=["cloudresourcemanager.googleapis.com"],
),
suggested_value="compute.googleapis.com",
),
project="your-project-id")
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const servicesPolicy = new gcp.projects.OrganizationPolicy("servicesPolicy", {
constraint: "serviceuser.services",
listPolicy: {
deny: {
values: ["cloudresourcemanager.googleapis.com"],
},
suggestedValue: "compute.googleapis.com",
},
project: "your-project-id",
});
resources:
servicesPolicy:
type: gcp:projects:OrganizationPolicy
properties:
constraint: serviceuser.services
listPolicy:
deny:
values:
- cloudresourcemanager.googleapis.com
suggestedValue: compute.googleapis.com
project: your-project-id
To restore the default project organization policy, use the following instead
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var servicesPolicy = new Gcp.Projects.OrganizationPolicy("servicesPolicy", new()
{
Constraint = "serviceuser.services",
Project = "your-project-id",
RestorePolicy = new Gcp.Projects.Inputs.OrganizationPolicyRestorePolicyArgs
{
Default = true,
},
});
});
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := projects.NewOrganizationPolicy(ctx, "servicesPolicy", &projects.OrganizationPolicyArgs{
Constraint: pulumi.String("serviceuser.services"),
Project: pulumi.String("your-project-id"),
RestorePolicy: &projects.OrganizationPolicyRestorePolicyArgs{
Default: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.projects.OrganizationPolicy;
import com.pulumi.gcp.projects.OrganizationPolicyArgs;
import com.pulumi.gcp.projects.inputs.OrganizationPolicyRestorePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var servicesPolicy = new OrganizationPolicy("servicesPolicy", OrganizationPolicyArgs.builder()
.constraint("serviceuser.services")
.project("your-project-id")
.restorePolicy(OrganizationPolicyRestorePolicyArgs.builder()
.default_(true)
.build())
.build());
}
}
import pulumi
import pulumi_gcp as gcp
services_policy = gcp.projects.OrganizationPolicy("servicesPolicy",
constraint="serviceuser.services",
project="your-project-id",
restore_policy=gcp.projects.OrganizationPolicyRestorePolicyArgs(
default=True,
))
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const servicesPolicy = new gcp.projects.OrganizationPolicy("servicesPolicy", {
constraint: "serviceuser.services",
project: "your-project-id",
restorePolicy: {
"default": true,
},
});
resources:
servicesPolicy:
type: gcp:projects:OrganizationPolicy
properties:
constraint: serviceuser.services
project: your-project-id
restorePolicy:
default: true
Create OrganizationPolicy Resource
new OrganizationPolicy(name: string, args: OrganizationPolicyArgs, opts?: CustomResourceOptions);
@overload
def OrganizationPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
boolean_policy: Optional[OrganizationPolicyBooleanPolicyArgs] = None,
constraint: Optional[str] = None,
list_policy: Optional[OrganizationPolicyListPolicyArgs] = None,
project: Optional[str] = None,
restore_policy: Optional[OrganizationPolicyRestorePolicyArgs] = None,
version: Optional[int] = None)
@overload
def OrganizationPolicy(resource_name: str,
args: OrganizationPolicyArgs,
opts: Optional[ResourceOptions] = None)
func NewOrganizationPolicy(ctx *Context, name string, args OrganizationPolicyArgs, opts ...ResourceOption) (*OrganizationPolicy, error)
public OrganizationPolicy(string name, OrganizationPolicyArgs args, CustomResourceOptions? opts = null)
public OrganizationPolicy(String name, OrganizationPolicyArgs args)
public OrganizationPolicy(String name, OrganizationPolicyArgs args, CustomResourceOptions options)
type: gcp:projects:OrganizationPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OrganizationPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args OrganizationPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args OrganizationPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OrganizationPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args OrganizationPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
OrganizationPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The OrganizationPolicy resource accepts the following input properties:
- Constraint string
The name of the Constraint the Policy is configuring, for example,
serviceuser.services
. Check out the complete list of available constraints.- Project string
The project id of the project to set the policy for.
- Boolean
Policy OrganizationPolicy Boolean Policy A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- List
Policy OrganizationPolicy List Policy A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- Restore
Policy OrganizationPolicy Restore Policy A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy
,list_policy
,restore_policy
] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- Version int
Version of the Policy. Default version is 0.
- Constraint string
The name of the Constraint the Policy is configuring, for example,
serviceuser.services
. Check out the complete list of available constraints.- Project string
The project id of the project to set the policy for.
- Boolean
Policy OrganizationPolicy Boolean Policy Args A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- List
Policy OrganizationPolicy List Policy Args A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- Restore
Policy OrganizationPolicy Restore Policy Args A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy
,list_policy
,restore_policy
] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- Version int
Version of the Policy. Default version is 0.
- constraint String
The name of the Constraint the Policy is configuring, for example,
serviceuser.services
. Check out the complete list of available constraints.- project String
The project id of the project to set the policy for.
- boolean
Policy OrganizationPolicy Boolean Policy A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- list
Policy OrganizationPolicy List Policy A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- restore
Policy OrganizationPolicy Restore Policy A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy
,list_policy
,restore_policy
] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- version Integer
Version of the Policy. Default version is 0.
- constraint string
The name of the Constraint the Policy is configuring, for example,
serviceuser.services
. Check out the complete list of available constraints.- project string
The project id of the project to set the policy for.
- boolean
Policy OrganizationPolicy Boolean Policy A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- list
Policy OrganizationPolicy List Policy A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- restore
Policy OrganizationPolicy Restore Policy A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy
,list_policy
,restore_policy
] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- version number
Version of the Policy. Default version is 0.
- constraint str
The name of the Constraint the Policy is configuring, for example,
serviceuser.services
. Check out the complete list of available constraints.- project str
The project id of the project to set the policy for.
- boolean_
policy OrganizationPolicy Boolean Policy Args A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- list_
policy OrganizationPolicy List Policy Args A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- restore_
policy OrganizationPolicy Restore Policy Args A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy
,list_policy
,restore_policy
] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- version int
Version of the Policy. Default version is 0.
- constraint String
The name of the Constraint the Policy is configuring, for example,
serviceuser.services
. Check out the complete list of available constraints.- project String
The project id of the project to set the policy for.
- boolean
Policy Property Map A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- list
Policy Property Map A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- restore
Policy Property Map A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy
,list_policy
,restore_policy
] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- version Number
Version of the Policy. Default version is 0.
Outputs
All input properties are implicitly available as output properties. Additionally, the OrganizationPolicy resource produces the following output properties:
- Etag string
(Computed) The etag of the organization policy.
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.- Id string
The provider-assigned unique ID for this managed resource.
- Update
Time string (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- Etag string
(Computed) The etag of the organization policy.
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.- Id string
The provider-assigned unique ID for this managed resource.
- Update
Time string (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- etag String
(Computed) The etag of the organization policy.
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.- id String
The provider-assigned unique ID for this managed resource.
- update
Time String (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- etag string
(Computed) The etag of the organization policy.
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.- id string
The provider-assigned unique ID for this managed resource.
- update
Time string (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- etag str
(Computed) The etag of the organization policy.
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.- id str
The provider-assigned unique ID for this managed resource.
- update_
time str (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- etag String
(Computed) The etag of the organization policy.
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.- id String
The provider-assigned unique ID for this managed resource.
- update
Time String (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
Look up Existing OrganizationPolicy Resource
Get an existing OrganizationPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: OrganizationPolicyState, opts?: CustomResourceOptions): OrganizationPolicy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
boolean_policy: Optional[OrganizationPolicyBooleanPolicyArgs] = None,
constraint: Optional[str] = None,
etag: Optional[str] = None,
list_policy: Optional[OrganizationPolicyListPolicyArgs] = None,
project: Optional[str] = None,
restore_policy: Optional[OrganizationPolicyRestorePolicyArgs] = None,
update_time: Optional[str] = None,
version: Optional[int] = None) -> OrganizationPolicy
func GetOrganizationPolicy(ctx *Context, name string, id IDInput, state *OrganizationPolicyState, opts ...ResourceOption) (*OrganizationPolicy, error)
public static OrganizationPolicy Get(string name, Input<string> id, OrganizationPolicyState? state, CustomResourceOptions? opts = null)
public static OrganizationPolicy get(String name, Output<String> id, OrganizationPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Boolean
Policy OrganizationPolicy Boolean Policy A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- Constraint string
The name of the Constraint the Policy is configuring, for example,
serviceuser.services
. Check out the complete list of available constraints.- Etag string
(Computed) The etag of the organization policy.
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.- List
Policy OrganizationPolicy List Policy A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- Project string
The project id of the project to set the policy for.
- Restore
Policy OrganizationPolicy Restore Policy A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy
,list_policy
,restore_policy
] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- Update
Time string (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- Version int
Version of the Policy. Default version is 0.
- Boolean
Policy OrganizationPolicy Boolean Policy Args A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- Constraint string
The name of the Constraint the Policy is configuring, for example,
serviceuser.services
. Check out the complete list of available constraints.- Etag string
(Computed) The etag of the organization policy.
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.- List
Policy OrganizationPolicy List Policy Args A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- Project string
The project id of the project to set the policy for.
- Restore
Policy OrganizationPolicy Restore Policy Args A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy
,list_policy
,restore_policy
] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- Update
Time string (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- Version int
Version of the Policy. Default version is 0.
- boolean
Policy OrganizationPolicy Boolean Policy A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- constraint String
The name of the Constraint the Policy is configuring, for example,
serviceuser.services
. Check out the complete list of available constraints.- etag String
(Computed) The etag of the organization policy.
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.- list
Policy OrganizationPolicy List Policy A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- project String
The project id of the project to set the policy for.
- restore
Policy OrganizationPolicy Restore Policy A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy
,list_policy
,restore_policy
] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- update
Time String (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- version Integer
Version of the Policy. Default version is 0.
- boolean
Policy OrganizationPolicy Boolean Policy A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- constraint string
The name of the Constraint the Policy is configuring, for example,
serviceuser.services
. Check out the complete list of available constraints.- etag string
(Computed) The etag of the organization policy.
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.- list
Policy OrganizationPolicy List Policy A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- project string
The project id of the project to set the policy for.
- restore
Policy OrganizationPolicy Restore Policy A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy
,list_policy
,restore_policy
] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- update
Time string (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- version number
Version of the Policy. Default version is 0.
- boolean_
policy OrganizationPolicy Boolean Policy Args A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- constraint str
The name of the Constraint the Policy is configuring, for example,
serviceuser.services
. Check out the complete list of available constraints.- etag str
(Computed) The etag of the organization policy.
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.- list_
policy OrganizationPolicy List Policy Args A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- project str
The project id of the project to set the policy for.
- restore_
policy OrganizationPolicy Restore Policy Args A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy
,list_policy
,restore_policy
] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- update_
time str (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- version int
Version of the Policy. Default version is 0.
- boolean
Policy Property Map A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- constraint String
The name of the Constraint the Policy is configuring, for example,
serviceuser.services
. Check out the complete list of available constraints.- etag String
(Computed) The etag of the organization policy.
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.- list
Policy Property Map A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- project String
The project id of the project to set the policy for.
- restore
Policy Property Map A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy
,list_policy
,restore_policy
] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- update
Time String (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- version Number
Version of the Policy. Default version is 0.
Supporting Types
OrganizationPolicyBooleanPolicy, OrganizationPolicyBooleanPolicyArgs
- Enforced bool
If true, then the Policy is enforced. If false, then any configuration is acceptable.
- Enforced bool
If true, then the Policy is enforced. If false, then any configuration is acceptable.
- enforced Boolean
If true, then the Policy is enforced. If false, then any configuration is acceptable.
- enforced boolean
If true, then the Policy is enforced. If false, then any configuration is acceptable.
- enforced bool
If true, then the Policy is enforced. If false, then any configuration is acceptable.
- enforced Boolean
If true, then the Policy is enforced. If false, then any configuration is acceptable.
OrganizationPolicyListPolicy, OrganizationPolicyListPolicyArgs
- Allow
Organization
Policy List Policy Allow or
deny
- (Optional) One or the other must be set.- Deny
Organization
Policy List Policy Deny - Inherit
From boolParent If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
The
allow
ordeny
blocks support:- Suggested
Value string The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
- Allow
Organization
Policy List Policy Allow or
deny
- (Optional) One or the other must be set.- Deny
Organization
Policy List Policy Deny - Inherit
From boolParent If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
The
allow
ordeny
blocks support:- Suggested
Value string The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
- allow
Organization
Policy List Policy Allow or
deny
- (Optional) One or the other must be set.- deny
Organization
Policy List Policy Deny - inherit
From BooleanParent If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
The
allow
ordeny
blocks support:- suggested
Value String The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
- allow
Organization
Policy List Policy Allow or
deny
- (Optional) One or the other must be set.- deny
Organization
Policy List Policy Deny - inherit
From booleanParent If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
The
allow
ordeny
blocks support:- suggested
Value string The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
- allow
Organization
Policy List Policy Allow or
deny
- (Optional) One or the other must be set.- deny
Organization
Policy List Policy Deny - inherit_
from_ boolparent If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
The
allow
ordeny
blocks support:- suggested_
value str The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
- allow Property Map
or
deny
- (Optional) One or the other must be set.- deny Property Map
- inherit
From BooleanParent If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
The
allow
ordeny
blocks support:- suggested
Value String The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
OrganizationPolicyListPolicyAllow, OrganizationPolicyListPolicyAllowArgs
OrganizationPolicyListPolicyDeny, OrganizationPolicyListPolicyDenyArgs
OrganizationPolicyRestorePolicy, OrganizationPolicyRestorePolicyArgs
- Default bool
May only be set to true. If set, then the default Policy is restored.
- Default bool
May only be set to true. If set, then the default Policy is restored.
- default_ Boolean
May only be set to true. If set, then the default Policy is restored.
- default boolean
May only be set to true. If set, then the default Policy is restored.
- default bool
May only be set to true. If set, then the default Policy is restored.
- default Boolean
May only be set to true. If set, then the default Policy is restored.
Import
Project organization policies can be imported using any of the follow formats
$ pulumi import gcp:projects/organizationPolicy:OrganizationPolicy policy projects/test-project:constraints/serviceuser.services
$ pulumi import gcp:projects/organizationPolicy:OrganizationPolicy policy test-project:constraints/serviceuser.services
$ pulumi import gcp:projects/organizationPolicy:OrganizationPolicy policy test-project:serviceuser.services
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
google-beta
Terraform Provider.