Docs Home
Google Cloud v8.32.1 published on Thursday, May 22, 2025 by Pulumi
gcp.projects.OrganizationPolicy
Explore with Pulumi AI
Allows management of Organization Policies for a Google Cloud Project.
Warning: This resource has been superseded by
gcp.orgpolicy.Policy.gcp.orgpolicy.Policyuses Organization Policy API V2 instead of Cloud Resource Manager API V1 and it supports additional features such as tags and conditions.
To get more information about Organization Policies, see:
Example Usage
To set policy with a boolean constraint:
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const serialPortPolicy = new gcp.projects.OrganizationPolicy("serial_port_policy", {
project: "your-project-id",
constraint: "compute.disableSerialPortAccess",
booleanPolicy: {
enforced: true,
},
});
import pulumi
import pulumi_gcp as gcp
serial_port_policy = gcp.projects.OrganizationPolicy("serial_port_policy",
project="your-project-id",
constraint="compute.disableSerialPortAccess",
boolean_policy={
"enforced": True,
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := projects.NewOrganizationPolicy(ctx, "serial_port_policy", &projects.OrganizationPolicyArgs{
Project: pulumi.String("your-project-id"),
Constraint: pulumi.String("compute.disableSerialPortAccess"),
BooleanPolicy: &projects.OrganizationPolicyBooleanPolicyArgs{
Enforced: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var serialPortPolicy = new Gcp.Projects.OrganizationPolicy("serial_port_policy", new()
{
Project = "your-project-id",
Constraint = "compute.disableSerialPortAccess",
BooleanPolicy = new Gcp.Projects.Inputs.OrganizationPolicyBooleanPolicyArgs
{
Enforced = true,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.projects.OrganizationPolicy;
import com.pulumi.gcp.projects.OrganizationPolicyArgs;
import com.pulumi.gcp.projects.inputs.OrganizationPolicyBooleanPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var serialPortPolicy = new OrganizationPolicy("serialPortPolicy", OrganizationPolicyArgs.builder()
.project("your-project-id")
.constraint("compute.disableSerialPortAccess")
.booleanPolicy(OrganizationPolicyBooleanPolicyArgs.builder()
.enforced(true)
.build())
.build());
}
}
resources:
serialPortPolicy:
type: gcp:projects:OrganizationPolicy
name: serial_port_policy
properties:
project: your-project-id
constraint: compute.disableSerialPortAccess
booleanPolicy:
enforced: true
To set a policy with a list constraint:
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const servicesPolicy = new gcp.projects.OrganizationPolicy("services_policy", {
project: "your-project-id",
constraint: "serviceuser.services",
listPolicy: {
allow: {
all: true,
},
},
});
import pulumi
import pulumi_gcp as gcp
services_policy = gcp.projects.OrganizationPolicy("services_policy",
project="your-project-id",
constraint="serviceuser.services",
list_policy={
"allow": {
"all": True,
},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := projects.NewOrganizationPolicy(ctx, "services_policy", &projects.OrganizationPolicyArgs{
Project: pulumi.String("your-project-id"),
Constraint: pulumi.String("serviceuser.services"),
ListPolicy: &projects.OrganizationPolicyListPolicyArgs{
Allow: &projects.OrganizationPolicyListPolicyAllowArgs{
All: pulumi.Bool(true),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var servicesPolicy = new Gcp.Projects.OrganizationPolicy("services_policy", new()
{
Project = "your-project-id",
Constraint = "serviceuser.services",
ListPolicy = new Gcp.Projects.Inputs.OrganizationPolicyListPolicyArgs
{
Allow = new Gcp.Projects.Inputs.OrganizationPolicyListPolicyAllowArgs
{
All = true,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.projects.OrganizationPolicy;
import com.pulumi.gcp.projects.OrganizationPolicyArgs;
import com.pulumi.gcp.projects.inputs.OrganizationPolicyListPolicyArgs;
import com.pulumi.gcp.projects.inputs.OrganizationPolicyListPolicyAllowArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var servicesPolicy = new OrganizationPolicy("servicesPolicy", OrganizationPolicyArgs.builder()
.project("your-project-id")
.constraint("serviceuser.services")
.listPolicy(OrganizationPolicyListPolicyArgs.builder()
.allow(OrganizationPolicyListPolicyAllowArgs.builder()
.all(true)
.build())
.build())
.build());
}
}
resources:
servicesPolicy:
type: gcp:projects:OrganizationPolicy
name: services_policy
properties:
project: your-project-id
constraint: serviceuser.services
listPolicy:
allow:
all: true
Or to deny some services, use the following instead:
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const servicesPolicy = new gcp.projects.OrganizationPolicy("services_policy", {
project: "your-project-id",
constraint: "serviceuser.services",
listPolicy: {
suggestedValue: "compute.googleapis.com",
deny: {
values: ["cloudresourcemanager.googleapis.com"],
},
},
});
import pulumi
import pulumi_gcp as gcp
services_policy = gcp.projects.OrganizationPolicy("services_policy",
project="your-project-id",
constraint="serviceuser.services",
list_policy={
"suggested_value": "compute.googleapis.com",
"deny": {
"values": ["cloudresourcemanager.googleapis.com"],
},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := projects.NewOrganizationPolicy(ctx, "services_policy", &projects.OrganizationPolicyArgs{
Project: pulumi.String("your-project-id"),
Constraint: pulumi.String("serviceuser.services"),
ListPolicy: &projects.OrganizationPolicyListPolicyArgs{
SuggestedValue: pulumi.String("compute.googleapis.com"),
Deny: &projects.OrganizationPolicyListPolicyDenyArgs{
Values: pulumi.StringArray{
pulumi.String("cloudresourcemanager.googleapis.com"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var servicesPolicy = new Gcp.Projects.OrganizationPolicy("services_policy", new()
{
Project = "your-project-id",
Constraint = "serviceuser.services",
ListPolicy = new Gcp.Projects.Inputs.OrganizationPolicyListPolicyArgs
{
SuggestedValue = "compute.googleapis.com",
Deny = new Gcp.Projects.Inputs.OrganizationPolicyListPolicyDenyArgs
{
Values = new[]
{
"cloudresourcemanager.googleapis.com",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.projects.OrganizationPolicy;
import com.pulumi.gcp.projects.OrganizationPolicyArgs;
import com.pulumi.gcp.projects.inputs.OrganizationPolicyListPolicyArgs;
import com.pulumi.gcp.projects.inputs.OrganizationPolicyListPolicyDenyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var servicesPolicy = new OrganizationPolicy("servicesPolicy", OrganizationPolicyArgs.builder()
.project("your-project-id")
.constraint("serviceuser.services")
.listPolicy(OrganizationPolicyListPolicyArgs.builder()
.suggestedValue("compute.googleapis.com")
.deny(OrganizationPolicyListPolicyDenyArgs.builder()
.values("cloudresourcemanager.googleapis.com")
.build())
.build())
.build());
}
}
resources:
servicesPolicy:
type: gcp:projects:OrganizationPolicy
name: services_policy
properties:
project: your-project-id
constraint: serviceuser.services
listPolicy:
suggestedValue: compute.googleapis.com
deny:
values:
- cloudresourcemanager.googleapis.com
To restore the default project organization policy, use the following instead:
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const servicesPolicy = new gcp.projects.OrganizationPolicy("services_policy", {
project: "your-project-id",
constraint: "serviceuser.services",
restorePolicy: {
"default": true,
},
});
import pulumi
import pulumi_gcp as gcp
services_policy = gcp.projects.OrganizationPolicy("services_policy",
project="your-project-id",
constraint="serviceuser.services",
restore_policy={
"default": True,
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := projects.NewOrganizationPolicy(ctx, "services_policy", &projects.OrganizationPolicyArgs{
Project: pulumi.String("your-project-id"),
Constraint: pulumi.String("serviceuser.services"),
RestorePolicy: &projects.OrganizationPolicyRestorePolicyArgs{
Default: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var servicesPolicy = new Gcp.Projects.OrganizationPolicy("services_policy", new()
{
Project = "your-project-id",
Constraint = "serviceuser.services",
RestorePolicy = new Gcp.Projects.Inputs.OrganizationPolicyRestorePolicyArgs
{
Default = true,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.projects.OrganizationPolicy;
import com.pulumi.gcp.projects.OrganizationPolicyArgs;
import com.pulumi.gcp.projects.inputs.OrganizationPolicyRestorePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var servicesPolicy = new OrganizationPolicy("servicesPolicy", OrganizationPolicyArgs.builder()
.project("your-project-id")
.constraint("serviceuser.services")
.restorePolicy(OrganizationPolicyRestorePolicyArgs.builder()
.default_(true)
.build())
.build());
}
}
resources:
servicesPolicy:
type: gcp:projects:OrganizationPolicy
name: services_policy
properties:
project: your-project-id
constraint: serviceuser.services
restorePolicy:
default: true
Create OrganizationPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new OrganizationPolicy(name: string, args: OrganizationPolicyArgs, opts?: CustomResourceOptions);@overload
def OrganizationPolicy(resource_name: str,
args: OrganizationPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def OrganizationPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
constraint: Optional[str] = None,
project: Optional[str] = None,
boolean_policy: Optional[OrganizationPolicyBooleanPolicyArgs] = None,
list_policy: Optional[OrganizationPolicyListPolicyArgs] = None,
restore_policy: Optional[OrganizationPolicyRestorePolicyArgs] = None,
version: Optional[int] = None)func NewOrganizationPolicy(ctx *Context, name string, args OrganizationPolicyArgs, opts ...ResourceOption) (*OrganizationPolicy, error)public OrganizationPolicy(string name, OrganizationPolicyArgs args, CustomResourceOptions? opts = null)
public OrganizationPolicy(String name, OrganizationPolicyArgs args)
public OrganizationPolicy(String name, OrganizationPolicyArgs args, CustomResourceOptions options)
type: gcp:projects:OrganizationPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args OrganizationPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args OrganizationPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args OrganizationPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OrganizationPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args OrganizationPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var gcpOrganizationPolicyResource = new Gcp.Projects.OrganizationPolicy("gcpOrganizationPolicyResource", new()
{
Constraint = "string",
Project = "string",
BooleanPolicy = new Gcp.Projects.Inputs.OrganizationPolicyBooleanPolicyArgs
{
Enforced = false,
},
ListPolicy = new Gcp.Projects.Inputs.OrganizationPolicyListPolicyArgs
{
Allow = new Gcp.Projects.Inputs.OrganizationPolicyListPolicyAllowArgs
{
All = false,
Values = new[]
{
"string",
},
},
Deny = new Gcp.Projects.Inputs.OrganizationPolicyListPolicyDenyArgs
{
All = false,
Values = new[]
{
"string",
},
},
InheritFromParent = false,
SuggestedValue = "string",
},
RestorePolicy = new Gcp.Projects.Inputs.OrganizationPolicyRestorePolicyArgs
{
Default = false,
},
Version = 0,
});
example, err := projects.NewOrganizationPolicy(ctx, "gcpOrganizationPolicyResource", &projects.OrganizationPolicyArgs{
Constraint: pulumi.String("string"),
Project: pulumi.String("string"),
BooleanPolicy: &projects.OrganizationPolicyBooleanPolicyArgs{
Enforced: pulumi.Bool(false),
},
ListPolicy: &projects.OrganizationPolicyListPolicyArgs{
Allow: &projects.OrganizationPolicyListPolicyAllowArgs{
All: pulumi.Bool(false),
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
Deny: &projects.OrganizationPolicyListPolicyDenyArgs{
All: pulumi.Bool(false),
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
InheritFromParent: pulumi.Bool(false),
SuggestedValue: pulumi.String("string"),
},
RestorePolicy: &projects.OrganizationPolicyRestorePolicyArgs{
Default: pulumi.Bool(false),
},
Version: pulumi.Int(0),
})
var gcpOrganizationPolicyResource = new com.pulumi.gcp.projects.OrganizationPolicy("gcpOrganizationPolicyResource", com.pulumi.gcp.projects.OrganizationPolicyArgs.builder()
.constraint("string")
.project("string")
.booleanPolicy(OrganizationPolicyBooleanPolicyArgs.builder()
.enforced(false)
.build())
.listPolicy(OrganizationPolicyListPolicyArgs.builder()
.allow(OrganizationPolicyListPolicyAllowArgs.builder()
.all(false)
.values("string")
.build())
.deny(OrganizationPolicyListPolicyDenyArgs.builder()
.all(false)
.values("string")
.build())
.inheritFromParent(false)
.suggestedValue("string")
.build())
.restorePolicy(OrganizationPolicyRestorePolicyArgs.builder()
.default_(false)
.build())
.version(0)
.build());
gcp_organization_policy_resource = gcp.projects.OrganizationPolicy("gcpOrganizationPolicyResource",
constraint="string",
project="string",
boolean_policy={
"enforced": False,
},
list_policy={
"allow": {
"all": False,
"values": ["string"],
},
"deny": {
"all": False,
"values": ["string"],
},
"inherit_from_parent": False,
"suggested_value": "string",
},
restore_policy={
"default": False,
},
version=0)
const gcpOrganizationPolicyResource = new gcp.projects.OrganizationPolicy("gcpOrganizationPolicyResource", {
constraint: "string",
project: "string",
booleanPolicy: {
enforced: false,
},
listPolicy: {
allow: {
all: false,
values: ["string"],
},
deny: {
all: false,
values: ["string"],
},
inheritFromParent: false,
suggestedValue: "string",
},
restorePolicy: {
"default": false,
},
version: 0,
});
type: gcp:projects:OrganizationPolicy
properties:
booleanPolicy:
enforced: false
constraint: string
listPolicy:
allow:
all: false
values:
- string
deny:
all: false
values:
- string
inheritFromParent: false
suggestedValue: string
project: string
restorePolicy:
default: false
version: 0
OrganizationPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The OrganizationPolicy resource accepts the following input properties:
- Constraint string
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - Project string
- The project id of the project to set the policy for.
- Boolean
Policy OrganizationPolicy Boolean Policy - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- List
Policy OrganizationPolicy List Policy - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- Restore
Policy OrganizationPolicy Restore Policy A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- Version int
- Version of the Policy. Default version is 0.
- Constraint string
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - Project string
- The project id of the project to set the policy for.
- Boolean
Policy OrganizationPolicy Boolean Policy Args - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- List
Policy OrganizationPolicy List Policy Args - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- Restore
Policy OrganizationPolicy Restore Policy Args A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- Version int
- Version of the Policy. Default version is 0.
- constraint String
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - project String
- The project id of the project to set the policy for.
- boolean
Policy OrganizationPolicy Boolean Policy - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- list
Policy OrganizationPolicy List Policy - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- restore
Policy OrganizationPolicy Restore Policy A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- version Integer
- Version of the Policy. Default version is 0.
- constraint string
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - project string
- The project id of the project to set the policy for.
- boolean
Policy OrganizationPolicy Boolean Policy - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- list
Policy OrganizationPolicy List Policy - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- restore
Policy OrganizationPolicy Restore Policy A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- version number
- Version of the Policy. Default version is 0.
- constraint str
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - project str
- The project id of the project to set the policy for.
- boolean_
policy OrganizationPolicy Boolean Policy Args - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- list_
policy OrganizationPolicy List Policy Args - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- restore_
policy OrganizationPolicy Restore Policy Args A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- version int
- Version of the Policy. Default version is 0.
- constraint String
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - project String
- The project id of the project to set the policy for.
- boolean
Policy Property Map - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- list
Policy Property Map - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- restore
Policy Property Map A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- version Number
- Version of the Policy. Default version is 0.
Outputs
All input properties are implicitly available as output properties. Additionally, the OrganizationPolicy resource produces the following output properties:
- Etag string
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - Id string
- The provider-assigned unique ID for this managed resource.
- Update
Time string - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- Etag string
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - Id string
- The provider-assigned unique ID for this managed resource.
- Update
Time string - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- etag String
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - id String
- The provider-assigned unique ID for this managed resource.
- update
Time String - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- etag string
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - id string
- The provider-assigned unique ID for this managed resource.
- update
Time string - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- etag str
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - id str
- The provider-assigned unique ID for this managed resource.
- update_
time str - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- etag String
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - id String
- The provider-assigned unique ID for this managed resource.
- update
Time String - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
Look up Existing OrganizationPolicy Resource
Get an existing OrganizationPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: OrganizationPolicyState, opts?: CustomResourceOptions): OrganizationPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
boolean_policy: Optional[OrganizationPolicyBooleanPolicyArgs] = None,
constraint: Optional[str] = None,
etag: Optional[str] = None,
list_policy: Optional[OrganizationPolicyListPolicyArgs] = None,
project: Optional[str] = None,
restore_policy: Optional[OrganizationPolicyRestorePolicyArgs] = None,
update_time: Optional[str] = None,
version: Optional[int] = None) -> OrganizationPolicyfunc GetOrganizationPolicy(ctx *Context, name string, id IDInput, state *OrganizationPolicyState, opts ...ResourceOption) (*OrganizationPolicy, error)public static OrganizationPolicy Get(string name, Input<string> id, OrganizationPolicyState? state, CustomResourceOptions? opts = null)public static OrganizationPolicy get(String name, Output<String> id, OrganizationPolicyState state, CustomResourceOptions options)resources: _: type: gcp:projects:OrganizationPolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Boolean
Policy OrganizationPolicy Boolean Policy - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- Constraint string
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - Etag string
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - List
Policy OrganizationPolicy List Policy - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- Project string
- The project id of the project to set the policy for.
- Restore
Policy OrganizationPolicy Restore Policy A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- Update
Time string - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- Version int
- Version of the Policy. Default version is 0.
- Boolean
Policy OrganizationPolicy Boolean Policy Args - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- Constraint string
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - Etag string
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - List
Policy OrganizationPolicy List Policy Args - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- Project string
- The project id of the project to set the policy for.
- Restore
Policy OrganizationPolicy Restore Policy Args A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- Update
Time string - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- Version int
- Version of the Policy. Default version is 0.
- boolean
Policy OrganizationPolicy Boolean Policy - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- constraint String
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - etag String
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - list
Policy OrganizationPolicy List Policy - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- project String
- The project id of the project to set the policy for.
- restore
Policy OrganizationPolicy Restore Policy A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- update
Time String - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- version Integer
- Version of the Policy. Default version is 0.
- boolean
Policy OrganizationPolicy Boolean Policy - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- constraint string
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - etag string
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - list
Policy OrganizationPolicy List Policy - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- project string
- The project id of the project to set the policy for.
- restore
Policy OrganizationPolicy Restore Policy A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- update
Time string - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- version number
- Version of the Policy. Default version is 0.
- boolean_
policy OrganizationPolicy Boolean Policy Args - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- constraint str
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - etag str
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - list_
policy OrganizationPolicy List Policy Args - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- project str
- The project id of the project to set the policy for.
- restore_
policy OrganizationPolicy Restore Policy Args A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- update_
time str - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- version int
- Version of the Policy. Default version is 0.
- boolean
Policy Property Map - A boolean policy is a constraint that is either enforced or not. Structure is documented below.
- constraint String
- The name of the Constraint the Policy is configuring, for example,
serviceuser.services. Check out the complete list of available constraints. - etag String
- (Computed) The etag of the organization policy.
etagis used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. - list
Policy Property Map - A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
- project String
- The project id of the project to set the policy for.
- restore
Policy Property Map A restore policy is a constraint to restore the default policy. Structure is documented below.
Note: If none of [
boolean_policy,list_policy,restore_policy] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.- update
Time String - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
- version Number
- Version of the Policy. Default version is 0.
Supporting Types
OrganizationPolicyBooleanPolicy, OrganizationPolicyBooleanPolicyArgs
- Enforced bool
- If true, then the Policy is enforced. If false, then any configuration is acceptable.
- Enforced bool
- If true, then the Policy is enforced. If false, then any configuration is acceptable.
- enforced Boolean
- If true, then the Policy is enforced. If false, then any configuration is acceptable.
- enforced boolean
- If true, then the Policy is enforced. If false, then any configuration is acceptable.
- enforced bool
- If true, then the Policy is enforced. If false, then any configuration is acceptable.
- enforced Boolean
- If true, then the Policy is enforced. If false, then any configuration is acceptable.
OrganizationPolicyListPolicy, OrganizationPolicyListPolicyArgs
- Allow
Organization
Policy List Policy Allow - or
deny- (Optional) One or the other must be set. - Deny
Organization
Policy List Policy Deny - One or the other must be set.
- Inherit
From boolParent If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
The
allowordenyblocks support:- Suggested
Value string - The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
- Allow
Organization
Policy List Policy Allow - or
deny- (Optional) One or the other must be set. - Deny
Organization
Policy List Policy Deny - One or the other must be set.
- Inherit
From boolParent If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
The
allowordenyblocks support:- Suggested
Value string - The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
- allow
Organization
Policy List Policy Allow - or
deny- (Optional) One or the other must be set. - deny
Organization
Policy List Policy Deny - One or the other must be set.
- inherit
From BooleanParent If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
The
allowordenyblocks support:- suggested
Value String - The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
- allow
Organization
Policy List Policy Allow - or
deny- (Optional) One or the other must be set. - deny
Organization
Policy List Policy Deny - One or the other must be set.
- inherit
From booleanParent If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
The
allowordenyblocks support:- suggested
Value string - The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
- allow
Organization
Policy List Policy Allow - or
deny- (Optional) One or the other must be set. - deny
Organization
Policy List Policy Deny - One or the other must be set.
- inherit_
from_ boolparent If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
The
allowordenyblocks support:- suggested_
value str - The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
- allow Property Map
- or
deny- (Optional) One or the other must be set. - deny Property Map
- One or the other must be set.
- inherit
From BooleanParent If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
The
allowordenyblocks support:- suggested
Value String - The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
OrganizationPolicyListPolicyAllow, OrganizationPolicyListPolicyAllowArgs
OrganizationPolicyListPolicyDeny, OrganizationPolicyListPolicyDenyArgs
OrganizationPolicyRestorePolicy, OrganizationPolicyRestorePolicyArgs
- Default bool
- May only be set to true. If set, then the default Policy is restored.
- Default bool
- May only be set to true. If set, then the default Policy is restored.
- default_ Boolean
- May only be set to true. If set, then the default Policy is restored.
- default boolean
- May only be set to true. If set, then the default Policy is restored.
- default bool
- May only be set to true. If set, then the default Policy is restored.
- default Boolean
- May only be set to true. If set, then the default Policy is restored.
Import
Project organization policies can be imported using any of the follow formats:
projects/{{project_id}}:constraints/{{constraint}}{{project_id}}:constraints/{{constraint}}{{project_id}}:{{constraint}}
When using the pulumi import command, project organization policies can be imported using one of the formats above. For example:
$ pulumi import gcp:projects/organizationPolicy:OrganizationPolicy default projects/{{project_id}}:constraints/{{constraint}}
$ pulumi import gcp:projects/organizationPolicy:OrganizationPolicy default {{project_id}}:constraints/{{constraint}}
$ pulumi import gcp:projects/organizationPolicy:OrganizationPolicy default {{project_id}}:{{constraint}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.