Docs
PackagesGoogle Cloud Classic v7.23.0 published on Wednesday, May 15, 2024 by Pulumi
gcp.securityposture.Posture
Explore with Pulumi AI
A Posture represents a collection of policy set including its name, state, description and policy sets. A policy set includes set of policies along with their definition. A posture can be created at the organization level. Every update to a deployed posture creates a new posture revision with an updated revision_id.
To get more information about Posture, see:
- How-to Guides
Example Usage
Securityposture Posture Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const posture1 = new gcp.securityposture.Posture("posture1", {
postureId: "posture_example",
parent: "organizations/123456789",
location: "global",
state: "ACTIVE",
description: "a new posture",
policySets: [
{
policySetId: "org_policy_set",
description: "set of org policies",
policies: [
{
policyId: "canned_org_policy",
constraint: {
orgPolicyConstraint: {
cannedConstraintId: "storage.uniformBucketLevelAccess",
policyRules: [{
enforce: true,
condition: {
description: "condition description",
expression: "resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')",
title: "a CEL condition",
},
}],
},
},
},
{
policyId: "custom_org_policy",
constraint: {
orgPolicyConstraintCustom: {
customConstraint: {
name: "organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade",
displayName: "Disable GKE auto upgrade",
description: "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
actionType: "ALLOW",
condition: "resource.management.autoUpgrade == false",
methodTypes: [
"CREATE",
"UPDATE",
],
resourceTypes: ["container.googleapis.com/NodePool"],
},
policyRules: [{
enforce: true,
condition: {
description: "condition description",
expression: "resource.matchTagId('tagKeys/key_id','tagValues/value_id')",
title: "a CEL condition",
},
}],
},
},
},
],
},
{
policySetId: "sha_policy_set",
description: "set of sha policies",
policies: [
{
policyId: "sha_builtin_module",
constraint: {
securityHealthAnalyticsModule: {
moduleName: "BIGQUERY_TABLE_CMEK_DISABLED",
moduleEnablementState: "ENABLED",
},
},
description: "enable BIGQUERY_TABLE_CMEK_DISABLED",
},
{
policyId: "sha_custom_module",
constraint: {
securityHealthAnalyticsCustomModule: {
displayName: "custom_SHA_policy",
config: {
predicate: {
expression: "resource.rotationPeriod > duration('2592000s')",
},
customOutput: {
properties: [{
name: "duration",
valueExpression: {
expression: "resource.rotationPeriod",
},
}],
},
resourceSelector: {
resourceTypes: ["cloudkms.googleapis.com/CryptoKey"],
},
severity: "LOW",
description: "Custom Module",
recommendation: "Testing custom modules",
},
moduleEnablementState: "ENABLED",
},
},
},
],
},
],
});
import pulumi
import pulumi_gcp as gcp
posture1 = gcp.securityposture.Posture("posture1",
posture_id="posture_example",
parent="organizations/123456789",
location="global",
state="ACTIVE",
description="a new posture",
policy_sets=[
gcp.securityposture.PosturePolicySetArgs(
policy_set_id="org_policy_set",
description="set of org policies",
policies=[
gcp.securityposture.PosturePolicySetPolicyArgs(
policy_id="canned_org_policy",
constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
org_policy_constraint=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs(
canned_constraint_id="storage.uniformBucketLevelAccess",
policy_rules=[gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs(
enforce=True,
condition=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs(
description="condition description",
expression="resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')",
title="a CEL condition",
),
)],
),
),
),
gcp.securityposture.PosturePolicySetPolicyArgs(
policy_id="custom_org_policy",
constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
org_policy_constraint_custom=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs(
custom_constraint=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs(
name="organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade",
display_name="Disable GKE auto upgrade",
description="Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
action_type="ALLOW",
condition="resource.management.autoUpgrade == false",
method_types=[
"CREATE",
"UPDATE",
],
resource_types=["container.googleapis.com/NodePool"],
),
policy_rules=[gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs(
enforce=True,
condition=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs(
description="condition description",
expression="resource.matchTagId('tagKeys/key_id','tagValues/value_id')",
title="a CEL condition",
),
)],
),
),
),
],
),
gcp.securityposture.PosturePolicySetArgs(
policy_set_id="sha_policy_set",
description="set of sha policies",
policies=[
gcp.securityposture.PosturePolicySetPolicyArgs(
policy_id="sha_builtin_module",
constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
security_health_analytics_module=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs(
module_name="BIGQUERY_TABLE_CMEK_DISABLED",
module_enablement_state="ENABLED",
),
),
description="enable BIGQUERY_TABLE_CMEK_DISABLED",
),
gcp.securityposture.PosturePolicySetPolicyArgs(
policy_id="sha_custom_module",
constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
security_health_analytics_custom_module=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs(
display_name="custom_SHA_policy",
config=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs(
predicate=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs(
expression="resource.rotationPeriod > duration('2592000s')",
),
custom_output=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs(
properties=[gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs(
name="duration",
value_expression=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs(
expression="resource.rotationPeriod",
),
)],
),
resource_selector=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs(
resource_types=["cloudkms.googleapis.com/CryptoKey"],
),
severity="LOW",
description="Custom Module",
recommendation="Testing custom modules",
),
module_enablement_state="ENABLED",
),
),
),
],
),
])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securityposture"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityposture.NewPosture(ctx, "posture1", &securityposture.PostureArgs{
PostureId: pulumi.String("posture_example"),
Parent: pulumi.String("organizations/123456789"),
Location: pulumi.String("global"),
State: pulumi.String("ACTIVE"),
Description: pulumi.String("a new posture"),
PolicySets: securityposture.PosturePolicySetArray{
&securityposture.PosturePolicySetArgs{
PolicySetId: pulumi.String("org_policy_set"),
Description: pulumi.String("set of org policies"),
Policies: securityposture.PosturePolicySetPolicyArray{
&securityposture.PosturePolicySetPolicyArgs{
PolicyId: pulumi.String("canned_org_policy"),
Constraint: &securityposture.PosturePolicySetPolicyConstraintArgs{
OrgPolicyConstraint: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs{
CannedConstraintId: pulumi.String("storage.uniformBucketLevelAccess"),
PolicyRules: securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArray{
&securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs{
Enforce: pulumi.Bool(true),
Condition: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs{
Description: pulumi.String("condition description"),
Expression: pulumi.String("resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')"),
Title: pulumi.String("a CEL condition"),
},
},
},
},
},
},
&securityposture.PosturePolicySetPolicyArgs{
PolicyId: pulumi.String("custom_org_policy"),
Constraint: &securityposture.PosturePolicySetPolicyConstraintArgs{
OrgPolicyConstraintCustom: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs{
CustomConstraint: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs{
Name: pulumi.String("organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade"),
DisplayName: pulumi.String("Disable GKE auto upgrade"),
Description: pulumi.String("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced."),
ActionType: pulumi.String("ALLOW"),
Condition: pulumi.String("resource.management.autoUpgrade == false"),
MethodTypes: pulumi.StringArray{
pulumi.String("CREATE"),
pulumi.String("UPDATE"),
},
ResourceTypes: pulumi.StringArray{
pulumi.String("container.googleapis.com/NodePool"),
},
},
PolicyRules: securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArray{
&securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs{
Enforce: pulumi.Bool(true),
Condition: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs{
Description: pulumi.String("condition description"),
Expression: pulumi.String("resource.matchTagId('tagKeys/key_id','tagValues/value_id')"),
Title: pulumi.String("a CEL condition"),
},
},
},
},
},
},
},
},
&securityposture.PosturePolicySetArgs{
PolicySetId: pulumi.String("sha_policy_set"),
Description: pulumi.String("set of sha policies"),
Policies: securityposture.PosturePolicySetPolicyArray{
&securityposture.PosturePolicySetPolicyArgs{
PolicyId: pulumi.String("sha_builtin_module"),
Constraint: &securityposture.PosturePolicySetPolicyConstraintArgs{
SecurityHealthAnalyticsModule: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs{
ModuleName: pulumi.String("BIGQUERY_TABLE_CMEK_DISABLED"),
ModuleEnablementState: pulumi.String("ENABLED"),
},
},
Description: pulumi.String("enable BIGQUERY_TABLE_CMEK_DISABLED"),
},
&securityposture.PosturePolicySetPolicyArgs{
PolicyId: pulumi.String("sha_custom_module"),
Constraint: &securityposture.PosturePolicySetPolicyConstraintArgs{
SecurityHealthAnalyticsCustomModule: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs{
DisplayName: pulumi.String("custom_SHA_policy"),
Config: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs{
Predicate: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs{
Expression: pulumi.String("resource.rotationPeriod > duration('2592000s')"),
},
CustomOutput: securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs{
Properties: securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArray{
&securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs{
Name: pulumi.String("duration"),
ValueExpression: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs{
Expression: pulumi.String("resource.rotationPeriod"),
},
},
},
},
ResourceSelector: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs{
ResourceTypes: pulumi.StringArray{
pulumi.String("cloudkms.googleapis.com/CryptoKey"),
},
},
Severity: pulumi.String("LOW"),
Description: pulumi.String("Custom Module"),
Recommendation: pulumi.String("Testing custom modules"),
},
ModuleEnablementState: pulumi.String("ENABLED"),
},
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var posture1 = new Gcp.SecurityPosture.Posture("posture1", new()
{
PostureId = "posture_example",
Parent = "organizations/123456789",
Location = "global",
State = "ACTIVE",
Description = "a new posture",
PolicySets = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetArgs
{
PolicySetId = "org_policy_set",
Description = "set of org policies",
Policies = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs
{
PolicyId = "canned_org_policy",
Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs
{
OrgPolicyConstraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs
{
CannedConstraintId = "storage.uniformBucketLevelAccess",
PolicyRules = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs
{
Enforce = true,
Condition = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs
{
Description = "condition description",
Expression = "resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')",
Title = "a CEL condition",
},
},
},
},
},
},
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs
{
PolicyId = "custom_org_policy",
Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs
{
OrgPolicyConstraintCustom = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs
{
CustomConstraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs
{
Name = "organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade",
DisplayName = "Disable GKE auto upgrade",
Description = "Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
ActionType = "ALLOW",
Condition = "resource.management.autoUpgrade == false",
MethodTypes = new[]
{
"CREATE",
"UPDATE",
},
ResourceTypes = new[]
{
"container.googleapis.com/NodePool",
},
},
PolicyRules = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs
{
Enforce = true,
Condition = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs
{
Description = "condition description",
Expression = "resource.matchTagId('tagKeys/key_id','tagValues/value_id')",
Title = "a CEL condition",
},
},
},
},
},
},
},
},
new Gcp.SecurityPosture.Inputs.PosturePolicySetArgs
{
PolicySetId = "sha_policy_set",
Description = "set of sha policies",
Policies = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs
{
PolicyId = "sha_builtin_module",
Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs
{
SecurityHealthAnalyticsModule = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs
{
ModuleName = "BIGQUERY_TABLE_CMEK_DISABLED",
ModuleEnablementState = "ENABLED",
},
},
Description = "enable BIGQUERY_TABLE_CMEK_DISABLED",
},
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs
{
PolicyId = "sha_custom_module",
Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs
{
SecurityHealthAnalyticsCustomModule = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs
{
DisplayName = "custom_SHA_policy",
Config = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs
{
Predicate = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs
{
Expression = "resource.rotationPeriod > duration('2592000s')",
},
CustomOutput = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs
{
Properties = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs
{
Name = "duration",
ValueExpression = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs
{
Expression = "resource.rotationPeriod",
},
},
},
},
ResourceSelector = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs
{
ResourceTypes = new[]
{
"cloudkms.googleapis.com/CryptoKey",
},
},
Severity = "LOW",
Description = "Custom Module",
Recommendation = "Testing custom modules",
},
ModuleEnablementState = "ENABLED",
},
},
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.securityposture.Posture;
import com.pulumi.gcp.securityposture.PostureArgs;
import com.pulumi.gcp.securityposture.inputs.PosturePolicySetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var posture1 = new Posture("posture1", PostureArgs.builder()
.postureId("posture_example")
.parent("organizations/123456789")
.location("global")
.state("ACTIVE")
.description("a new posture")
.policySets(
PosturePolicySetArgs.builder()
.policySetId("org_policy_set")
.description("set of org policies")
.policies(
PosturePolicySetPolicyArgs.builder()
.policyId("canned_org_policy")
.constraint(PosturePolicySetPolicyConstraintArgs.builder()
.orgPolicyConstraint(PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs.builder()
.cannedConstraintId("storage.uniformBucketLevelAccess")
.policyRules(PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs.builder()
.enforce(true)
.condition(PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs.builder()
.description("condition description")
.expression("resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')")
.title("a CEL condition")
.build())
.build())
.build())
.build())
.build(),
PosturePolicySetPolicyArgs.builder()
.policyId("custom_org_policy")
.constraint(PosturePolicySetPolicyConstraintArgs.builder()
.orgPolicyConstraintCustom(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs.builder()
.customConstraint(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs.builder()
.name("organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade")
.displayName("Disable GKE auto upgrade")
.description("Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.")
.actionType("ALLOW")
.condition("resource.management.autoUpgrade == false")
.methodTypes(
"CREATE",
"UPDATE")
.resourceTypes("container.googleapis.com/NodePool")
.build())
.policyRules(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs.builder()
.enforce(true)
.condition(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs.builder()
.description("condition description")
.expression("resource.matchTagId('tagKeys/key_id','tagValues/value_id')")
.title("a CEL condition")
.build())
.build())
.build())
.build())
.build())
.build(),
PosturePolicySetArgs.builder()
.policySetId("sha_policy_set")
.description("set of sha policies")
.policies(
PosturePolicySetPolicyArgs.builder()
.policyId("sha_builtin_module")
.constraint(PosturePolicySetPolicyConstraintArgs.builder()
.securityHealthAnalyticsModule(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs.builder()
.moduleName("BIGQUERY_TABLE_CMEK_DISABLED")
.moduleEnablementState("ENABLED")
.build())
.build())
.description("enable BIGQUERY_TABLE_CMEK_DISABLED")
.build(),
PosturePolicySetPolicyArgs.builder()
.policyId("sha_custom_module")
.constraint(PosturePolicySetPolicyConstraintArgs.builder()
.securityHealthAnalyticsCustomModule(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs.builder()
.displayName("custom_SHA_policy")
.config(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs.builder()
.predicate(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs.builder()
.expression("resource.rotationPeriod > duration('2592000s')")
.build())
.customOutput(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs.builder()
.properties(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs.builder()
.name("duration")
.valueExpression(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs.builder()
.expression("resource.rotationPeriod")
.build())
.build())
.build())
.resourceSelector(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs.builder()
.resourceTypes("cloudkms.googleapis.com/CryptoKey")
.build())
.severity("LOW")
.description("Custom Module")
.recommendation("Testing custom modules")
.build())
.moduleEnablementState("ENABLED")
.build())
.build())
.build())
.build())
.build());
}
}
resources:
posture1:
type: gcp:securityposture:Posture
properties:
postureId: posture_example
parent: organizations/123456789
location: global
state: ACTIVE
description: a new posture
policySets:
- policySetId: org_policy_set
description: set of org policies
policies:
- policyId: canned_org_policy
constraint:
orgPolicyConstraint:
cannedConstraintId: storage.uniformBucketLevelAccess
policyRules:
- enforce: true
condition:
description: condition description
expression: resource.matchTag('org_id/tag_key_short_name,'tag_value_short_name')
title: a CEL condition
- policyId: custom_org_policy
constraint:
orgPolicyConstraintCustom:
customConstraint:
name: organizations/123456789/customConstraints/custom.disableGkeAutoUpgrade
displayName: Disable GKE auto upgrade
description: Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.
actionType: ALLOW
condition: resource.management.autoUpgrade == false
methodTypes:
- CREATE
- UPDATE
resourceTypes:
- container.googleapis.com/NodePool
policyRules:
- enforce: true
condition:
description: condition description
expression: resource.matchTagId('tagKeys/key_id','tagValues/value_id')
title: a CEL condition
- policySetId: sha_policy_set
description: set of sha policies
policies:
- policyId: sha_builtin_module
constraint:
securityHealthAnalyticsModule:
moduleName: BIGQUERY_TABLE_CMEK_DISABLED
moduleEnablementState: ENABLED
description: enable BIGQUERY_TABLE_CMEK_DISABLED
- policyId: sha_custom_module
constraint:
securityHealthAnalyticsCustomModule:
displayName: custom_SHA_policy
config:
predicate:
expression: resource.rotationPeriod > duration('2592000s')
customOutput:
properties:
- name: duration
valueExpression:
expression: resource.rotationPeriod
resourceSelector:
resourceTypes:
- cloudkms.googleapis.com/CryptoKey
severity: LOW
description: Custom Module
recommendation: Testing custom modules
moduleEnablementState: ENABLED
Create Posture Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Posture(name: string, args: PostureArgs, opts?: CustomResourceOptions);@overload
def Posture(resource_name: str,
args: PostureArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Posture(resource_name: str,
opts: Optional[ResourceOptions] = None,
location: Optional[str] = None,
parent: Optional[str] = None,
policy_sets: Optional[Sequence[PosturePolicySetArgs]] = None,
posture_id: Optional[str] = None,
state: Optional[str] = None,
description: Optional[str] = None)func NewPosture(ctx *Context, name string, args PostureArgs, opts ...ResourceOption) (*Posture, error)public Posture(string name, PostureArgs args, CustomResourceOptions? opts = null)
public Posture(String name, PostureArgs args)
public Posture(String name, PostureArgs args, CustomResourceOptions options)
type: gcp:securityposture:Posture
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PostureArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PostureArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PostureArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PostureArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PostureArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var postureResource = new Gcp.SecurityPosture.Posture("postureResource", new()
{
Location = "string",
Parent = "string",
PolicySets = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetArgs
{
Policies = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs
{
Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs
{
OrgPolicyConstraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs
{
CannedConstraintId = "string",
PolicyRules = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs
{
AllowAll = false,
Condition = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs
{
Expression = "string",
Description = "string",
Location = "string",
Title = "string",
},
DenyAll = false,
Enforce = false,
Values = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValuesArgs
{
AllowedValues = new[]
{
"string",
},
DeniedValues = new[]
{
"string",
},
},
},
},
},
OrgPolicyConstraintCustom = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs
{
PolicyRules = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs
{
AllowAll = false,
Condition = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs
{
Expression = "string",
Description = "string",
Location = "string",
Title = "string",
},
DenyAll = false,
Enforce = false,
Values = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValuesArgs
{
AllowedValues = new[]
{
"string",
},
DeniedValues = new[]
{
"string",
},
},
},
},
CustomConstraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs
{
ActionType = "string",
Condition = "string",
MethodTypes = new[]
{
"string",
},
Name = "string",
ResourceTypes = new[]
{
"string",
},
Description = "string",
DisplayName = "string",
},
},
SecurityHealthAnalyticsCustomModule = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs
{
Config = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs
{
Predicate = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs
{
Expression = "string",
Description = "string",
Location = "string",
Title = "string",
},
ResourceSelector = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs
{
ResourceTypes = new[]
{
"string",
},
},
Severity = "string",
CustomOutput = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs
{
Properties = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs
{
Name = "string",
ValueExpression = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs
{
Expression = "string",
Description = "string",
Location = "string",
Title = "string",
},
},
},
},
Description = "string",
Recommendation = "string",
},
DisplayName = "string",
Id = "string",
ModuleEnablementState = "string",
},
SecurityHealthAnalyticsModule = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs
{
ModuleName = "string",
ModuleEnablementState = "string",
},
},
PolicyId = "string",
ComplianceStandards = new[]
{
new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyComplianceStandardArgs
{
Control = "string",
Standard = "string",
},
},
Description = "string",
},
},
PolicySetId = "string",
Description = "string",
},
},
PostureId = "string",
State = "string",
Description = "string",
});
example, err := securityposture.NewPosture(ctx, "postureResource", &securityposture.PostureArgs{
Location: pulumi.String("string"),
Parent: pulumi.String("string"),
PolicySets: securityposture.PosturePolicySetArray{
&securityposture.PosturePolicySetArgs{
Policies: securityposture.PosturePolicySetPolicyArray{
&securityposture.PosturePolicySetPolicyArgs{
Constraint: &securityposture.PosturePolicySetPolicyConstraintArgs{
OrgPolicyConstraint: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs{
CannedConstraintId: pulumi.String("string"),
PolicyRules: securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArray{
&securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs{
AllowAll: pulumi.Bool(false),
Condition: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs{
Expression: pulumi.String("string"),
Description: pulumi.String("string"),
Location: pulumi.String("string"),
Title: pulumi.String("string"),
},
DenyAll: pulumi.Bool(false),
Enforce: pulumi.Bool(false),
Values: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValuesArgs{
AllowedValues: pulumi.StringArray{
pulumi.String("string"),
},
DeniedValues: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
},
OrgPolicyConstraintCustom: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs{
PolicyRules: securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArray{
&securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs{
AllowAll: pulumi.Bool(false),
Condition: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs{
Expression: pulumi.String("string"),
Description: pulumi.String("string"),
Location: pulumi.String("string"),
Title: pulumi.String("string"),
},
DenyAll: pulumi.Bool(false),
Enforce: pulumi.Bool(false),
Values: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValuesArgs{
AllowedValues: pulumi.StringArray{
pulumi.String("string"),
},
DeniedValues: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
CustomConstraint: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs{
ActionType: pulumi.String("string"),
Condition: pulumi.String("string"),
MethodTypes: pulumi.StringArray{
pulumi.String("string"),
},
Name: pulumi.String("string"),
ResourceTypes: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
},
},
SecurityHealthAnalyticsCustomModule: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs{
Config: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs{
Predicate: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs{
Expression: pulumi.String("string"),
Description: pulumi.String("string"),
Location: pulumi.String("string"),
Title: pulumi.String("string"),
},
ResourceSelector: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs{
ResourceTypes: pulumi.StringArray{
pulumi.String("string"),
},
},
Severity: pulumi.String("string"),
CustomOutput: securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs{
Properties: securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArray{
&securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs{
Name: pulumi.String("string"),
ValueExpression: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs{
Expression: pulumi.String("string"),
Description: pulumi.String("string"),
Location: pulumi.String("string"),
Title: pulumi.String("string"),
},
},
},
},
Description: pulumi.String("string"),
Recommendation: pulumi.String("string"),
},
DisplayName: pulumi.String("string"),
Id: pulumi.String("string"),
ModuleEnablementState: pulumi.String("string"),
},
SecurityHealthAnalyticsModule: &securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs{
ModuleName: pulumi.String("string"),
ModuleEnablementState: pulumi.String("string"),
},
},
PolicyId: pulumi.String("string"),
ComplianceStandards: securityposture.PosturePolicySetPolicyComplianceStandardArray{
&securityposture.PosturePolicySetPolicyComplianceStandardArgs{
Control: pulumi.String("string"),
Standard: pulumi.String("string"),
},
},
Description: pulumi.String("string"),
},
},
PolicySetId: pulumi.String("string"),
Description: pulumi.String("string"),
},
},
PostureId: pulumi.String("string"),
State: pulumi.String("string"),
Description: pulumi.String("string"),
})
var postureResource = new Posture("postureResource", PostureArgs.builder()
.location("string")
.parent("string")
.policySets(PosturePolicySetArgs.builder()
.policies(PosturePolicySetPolicyArgs.builder()
.constraint(PosturePolicySetPolicyConstraintArgs.builder()
.orgPolicyConstraint(PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs.builder()
.cannedConstraintId("string")
.policyRules(PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs.builder()
.allowAll(false)
.condition(PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs.builder()
.expression("string")
.description("string")
.location("string")
.title("string")
.build())
.denyAll(false)
.enforce(false)
.values(PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValuesArgs.builder()
.allowedValues("string")
.deniedValues("string")
.build())
.build())
.build())
.orgPolicyConstraintCustom(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs.builder()
.policyRules(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs.builder()
.allowAll(false)
.condition(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs.builder()
.expression("string")
.description("string")
.location("string")
.title("string")
.build())
.denyAll(false)
.enforce(false)
.values(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValuesArgs.builder()
.allowedValues("string")
.deniedValues("string")
.build())
.build())
.customConstraint(PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs.builder()
.actionType("string")
.condition("string")
.methodTypes("string")
.name("string")
.resourceTypes("string")
.description("string")
.displayName("string")
.build())
.build())
.securityHealthAnalyticsCustomModule(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs.builder()
.config(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs.builder()
.predicate(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs.builder()
.expression("string")
.description("string")
.location("string")
.title("string")
.build())
.resourceSelector(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs.builder()
.resourceTypes("string")
.build())
.severity("string")
.customOutput(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs.builder()
.properties(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs.builder()
.name("string")
.valueExpression(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs.builder()
.expression("string")
.description("string")
.location("string")
.title("string")
.build())
.build())
.build())
.description("string")
.recommendation("string")
.build())
.displayName("string")
.id("string")
.moduleEnablementState("string")
.build())
.securityHealthAnalyticsModule(PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs.builder()
.moduleName("string")
.moduleEnablementState("string")
.build())
.build())
.policyId("string")
.complianceStandards(PosturePolicySetPolicyComplianceStandardArgs.builder()
.control("string")
.standard("string")
.build())
.description("string")
.build())
.policySetId("string")
.description("string")
.build())
.postureId("string")
.state("string")
.description("string")
.build());
posture_resource = gcp.securityposture.Posture("postureResource",
location="string",
parent="string",
policy_sets=[gcp.securityposture.PosturePolicySetArgs(
policies=[gcp.securityposture.PosturePolicySetPolicyArgs(
constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
org_policy_constraint=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs(
canned_constraint_id="string",
policy_rules=[gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs(
allow_all=False,
condition=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs(
expression="string",
description="string",
location="string",
title="string",
),
deny_all=False,
enforce=False,
values=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValuesArgs(
allowed_values=["string"],
denied_values=["string"],
),
)],
),
org_policy_constraint_custom=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs(
policy_rules=[gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs(
allow_all=False,
condition=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs(
expression="string",
description="string",
location="string",
title="string",
),
deny_all=False,
enforce=False,
values=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValuesArgs(
allowed_values=["string"],
denied_values=["string"],
),
)],
custom_constraint=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs(
action_type="string",
condition="string",
method_types=["string"],
name="string",
resource_types=["string"],
description="string",
display_name="string",
),
),
security_health_analytics_custom_module=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs(
config=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs(
predicate=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs(
expression="string",
description="string",
location="string",
title="string",
),
resource_selector=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs(
resource_types=["string"],
),
severity="string",
custom_output=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs(
properties=[gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs(
name="string",
value_expression=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs(
expression="string",
description="string",
location="string",
title="string",
),
)],
),
description="string",
recommendation="string",
),
display_name="string",
id="string",
module_enablement_state="string",
),
security_health_analytics_module=gcp.securityposture.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs(
module_name="string",
module_enablement_state="string",
),
),
policy_id="string",
compliance_standards=[gcp.securityposture.PosturePolicySetPolicyComplianceStandardArgs(
control="string",
standard="string",
)],
description="string",
)],
policy_set_id="string",
description="string",
)],
posture_id="string",
state="string",
description="string")
const postureResource = new gcp.securityposture.Posture("postureResource", {
location: "string",
parent: "string",
policySets: [{
policies: [{
constraint: {
orgPolicyConstraint: {
cannedConstraintId: "string",
policyRules: [{
allowAll: false,
condition: {
expression: "string",
description: "string",
location: "string",
title: "string",
},
denyAll: false,
enforce: false,
values: {
allowedValues: ["string"],
deniedValues: ["string"],
},
}],
},
orgPolicyConstraintCustom: {
policyRules: [{
allowAll: false,
condition: {
expression: "string",
description: "string",
location: "string",
title: "string",
},
denyAll: false,
enforce: false,
values: {
allowedValues: ["string"],
deniedValues: ["string"],
},
}],
customConstraint: {
actionType: "string",
condition: "string",
methodTypes: ["string"],
name: "string",
resourceTypes: ["string"],
description: "string",
displayName: "string",
},
},
securityHealthAnalyticsCustomModule: {
config: {
predicate: {
expression: "string",
description: "string",
location: "string",
title: "string",
},
resourceSelector: {
resourceTypes: ["string"],
},
severity: "string",
customOutput: {
properties: [{
name: "string",
valueExpression: {
expression: "string",
description: "string",
location: "string",
title: "string",
},
}],
},
description: "string",
recommendation: "string",
},
displayName: "string",
id: "string",
moduleEnablementState: "string",
},
securityHealthAnalyticsModule: {
moduleName: "string",
moduleEnablementState: "string",
},
},
policyId: "string",
complianceStandards: [{
control: "string",
standard: "string",
}],
description: "string",
}],
policySetId: "string",
description: "string",
}],
postureId: "string",
state: "string",
description: "string",
});
type: gcp:securityposture:Posture
properties:
description: string
location: string
parent: string
policySets:
- description: string
policies:
- complianceStandards:
- control: string
standard: string
constraint:
orgPolicyConstraint:
cannedConstraintId: string
policyRules:
- allowAll: false
condition:
description: string
expression: string
location: string
title: string
denyAll: false
enforce: false
values:
allowedValues:
- string
deniedValues:
- string
orgPolicyConstraintCustom:
customConstraint:
actionType: string
condition: string
description: string
displayName: string
methodTypes:
- string
name: string
resourceTypes:
- string
policyRules:
- allowAll: false
condition:
description: string
expression: string
location: string
title: string
denyAll: false
enforce: false
values:
allowedValues:
- string
deniedValues:
- string
securityHealthAnalyticsCustomModule:
config:
customOutput:
properties:
- name: string
valueExpression:
description: string
expression: string
location: string
title: string
description: string
predicate:
description: string
expression: string
location: string
title: string
recommendation: string
resourceSelector:
resourceTypes:
- string
severity: string
displayName: string
id: string
moduleEnablementState: string
securityHealthAnalyticsModule:
moduleEnablementState: string
moduleName: string
description: string
policyId: string
policySetId: string
postureId: string
state: string
Posture Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Posture resource accepts the following input properties:
- Location string
- Location of the resource, eg: global.
- Parent string
- The parent of the resource, an organization. Format should be
organizations/{organization_id}. - Policy
Sets List<PosturePolicy Set> - List of policy sets for the posture. Structure is documented below.
- Posture
Id string - Id of the posture. It is an immutable field.
- State string
- State of the posture. Update to state field should not be triggered along with
with other field updates.
Possible values are:
DEPRECATED,DRAFT,ACTIVE. - Description string
- Description of the posture.
- Location string
- Location of the resource, eg: global.
- Parent string
- The parent of the resource, an organization. Format should be
organizations/{organization_id}. - Policy
Sets []PosturePolicy Set Args - List of policy sets for the posture. Structure is documented below.
- Posture
Id string - Id of the posture. It is an immutable field.
- State string
- State of the posture. Update to state field should not be triggered along with
with other field updates.
Possible values are:
DEPRECATED,DRAFT,ACTIVE. - Description string
- Description of the posture.
- location String
- Location of the resource, eg: global.
- parent String
- The parent of the resource, an organization. Format should be
organizations/{organization_id}. - policy
Sets List<PosturePolicy Set> - List of policy sets for the posture. Structure is documented below.
- posture
Id String - Id of the posture. It is an immutable field.
- state String
- State of the posture. Update to state field should not be triggered along with
with other field updates.
Possible values are:
DEPRECATED,DRAFT,ACTIVE. - description String
- Description of the posture.
- location string
- Location of the resource, eg: global.
- parent string
- The parent of the resource, an organization. Format should be
organizations/{organization_id}. - policy
Sets PosturePolicy Set[] - List of policy sets for the posture. Structure is documented below.
- posture
Id string - Id of the posture. It is an immutable field.
- state string
- State of the posture. Update to state field should not be triggered along with
with other field updates.
Possible values are:
DEPRECATED,DRAFT,ACTIVE. - description string
- Description of the posture.
- location str
- Location of the resource, eg: global.
- parent str
- The parent of the resource, an organization. Format should be
organizations/{organization_id}. - policy_
sets Sequence[PosturePolicy Set Args] - List of policy sets for the posture. Structure is documented below.
- posture_
id str - Id of the posture. It is an immutable field.
- state str
- State of the posture. Update to state field should not be triggered along with
with other field updates.
Possible values are:
DEPRECATED,DRAFT,ACTIVE. - description str
- Description of the posture.
- location String
- Location of the resource, eg: global.
- parent String
- The parent of the resource, an organization. Format should be
organizations/{organization_id}. - policy
Sets List<Property Map> - List of policy sets for the posture. Structure is documented below.
- posture
Id String - Id of the posture. It is an immutable field.
- state String
- State of the posture. Update to state field should not be triggered along with
with other field updates.
Possible values are:
DEPRECATED,DRAFT,ACTIVE. - description String
- Description of the posture.
Outputs
All input properties are implicitly available as output properties. Additionally, the Posture resource produces the following output properties:
- Create
Time string - Time the Posture was created in UTC.
- Etag string
- For Resource freshness validation (https://google.aip.dev/154)
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Name of the posture.
- Reconciling bool
- If set, there are currently changes in flight to the posture.
- Revision
Id string - Revision_id of the posture.
- Update
Time string - Time the Posture was updated in UTC.
- Create
Time string - Time the Posture was created in UTC.
- Etag string
- For Resource freshness validation (https://google.aip.dev/154)
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Name of the posture.
- Reconciling bool
- If set, there are currently changes in flight to the posture.
- Revision
Id string - Revision_id of the posture.
- Update
Time string - Time the Posture was updated in UTC.
- create
Time String - Time the Posture was created in UTC.
- etag String
- For Resource freshness validation (https://google.aip.dev/154)
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Name of the posture.
- reconciling Boolean
- If set, there are currently changes in flight to the posture.
- revision
Id String - Revision_id of the posture.
- update
Time String - Time the Posture was updated in UTC.
- create
Time string - Time the Posture was created in UTC.
- etag string
- For Resource freshness validation (https://google.aip.dev/154)
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- Name of the posture.
- reconciling boolean
- If set, there are currently changes in flight to the posture.
- revision
Id string - Revision_id of the posture.
- update
Time string - Time the Posture was updated in UTC.
- create_
time str - Time the Posture was created in UTC.
- etag str
- For Resource freshness validation (https://google.aip.dev/154)
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- Name of the posture.
- reconciling bool
- If set, there are currently changes in flight to the posture.
- revision_
id str - Revision_id of the posture.
- update_
time str - Time the Posture was updated in UTC.
- create
Time String - Time the Posture was created in UTC.
- etag String
- For Resource freshness validation (https://google.aip.dev/154)
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Name of the posture.
- reconciling Boolean
- If set, there are currently changes in flight to the posture.
- revision
Id String - Revision_id of the posture.
- update
Time String - Time the Posture was updated in UTC.
Look up Existing Posture Resource
Get an existing Posture resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PostureState, opts?: CustomResourceOptions): Posture@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
create_time: Optional[str] = None,
description: Optional[str] = None,
etag: Optional[str] = None,
location: Optional[str] = None,
name: Optional[str] = None,
parent: Optional[str] = None,
policy_sets: Optional[Sequence[PosturePolicySetArgs]] = None,
posture_id: Optional[str] = None,
reconciling: Optional[bool] = None,
revision_id: Optional[str] = None,
state: Optional[str] = None,
update_time: Optional[str] = None) -> Posturefunc GetPosture(ctx *Context, name string, id IDInput, state *PostureState, opts ...ResourceOption) (*Posture, error)public static Posture Get(string name, Input<string> id, PostureState? state, CustomResourceOptions? opts = null)public static Posture get(String name, Output<String> id, PostureState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Create
Time string - Time the Posture was created in UTC.
- Description string
- Description of the posture.
- Etag string
- For Resource freshness validation (https://google.aip.dev/154)
- Location string
- Location of the resource, eg: global.
- Name string
- Name of the posture.
- Parent string
- The parent of the resource, an organization. Format should be
organizations/{organization_id}. - Policy
Sets List<PosturePolicy Set> - List of policy sets for the posture. Structure is documented below.
- Posture
Id string - Id of the posture. It is an immutable field.
- Reconciling bool
- If set, there are currently changes in flight to the posture.
- Revision
Id string - Revision_id of the posture.
- State string
- State of the posture. Update to state field should not be triggered along with
with other field updates.
Possible values are:
DEPRECATED,DRAFT,ACTIVE. - Update
Time string - Time the Posture was updated in UTC.
- Create
Time string - Time the Posture was created in UTC.
- Description string
- Description of the posture.
- Etag string
- For Resource freshness validation (https://google.aip.dev/154)
- Location string
- Location of the resource, eg: global.
- Name string
- Name of the posture.
- Parent string
- The parent of the resource, an organization. Format should be
organizations/{organization_id}. - Policy
Sets []PosturePolicy Set Args - List of policy sets for the posture. Structure is documented below.
- Posture
Id string - Id of the posture. It is an immutable field.
- Reconciling bool
- If set, there are currently changes in flight to the posture.
- Revision
Id string - Revision_id of the posture.
- State string
- State of the posture. Update to state field should not be triggered along with
with other field updates.
Possible values are:
DEPRECATED,DRAFT,ACTIVE. - Update
Time string - Time the Posture was updated in UTC.
- create
Time String - Time the Posture was created in UTC.
- description String
- Description of the posture.
- etag String
- For Resource freshness validation (https://google.aip.dev/154)
- location String
- Location of the resource, eg: global.
- name String
- Name of the posture.
- parent String
- The parent of the resource, an organization. Format should be
organizations/{organization_id}. - policy
Sets List<PosturePolicy Set> - List of policy sets for the posture. Structure is documented below.
- posture
Id String - Id of the posture. It is an immutable field.
- reconciling Boolean
- If set, there are currently changes in flight to the posture.
- revision
Id String - Revision_id of the posture.
- state String
- State of the posture. Update to state field should not be triggered along with
with other field updates.
Possible values are:
DEPRECATED,DRAFT,ACTIVE. - update
Time String - Time the Posture was updated in UTC.
- create
Time string - Time the Posture was created in UTC.
- description string
- Description of the posture.
- etag string
- For Resource freshness validation (https://google.aip.dev/154)
- location string
- Location of the resource, eg: global.
- name string
- Name of the posture.
- parent string
- The parent of the resource, an organization. Format should be
organizations/{organization_id}. - policy
Sets PosturePolicy Set[] - List of policy sets for the posture. Structure is documented below.
- posture
Id string - Id of the posture. It is an immutable field.
- reconciling boolean
- If set, there are currently changes in flight to the posture.
- revision
Id string - Revision_id of the posture.
- state string
- State of the posture. Update to state field should not be triggered along with
with other field updates.
Possible values are:
DEPRECATED,DRAFT,ACTIVE. - update
Time string - Time the Posture was updated in UTC.
- create_
time str - Time the Posture was created in UTC.
- description str
- Description of the posture.
- etag str
- For Resource freshness validation (https://google.aip.dev/154)
- location str
- Location of the resource, eg: global.
- name str
- Name of the posture.
- parent str
- The parent of the resource, an organization. Format should be
organizations/{organization_id}. - policy_
sets Sequence[PosturePolicy Set Args] - List of policy sets for the posture. Structure is documented below.
- posture_
id str - Id of the posture. It is an immutable field.
- reconciling bool
- If set, there are currently changes in flight to the posture.
- revision_
id str - Revision_id of the posture.
- state str
- State of the posture. Update to state field should not be triggered along with
with other field updates.
Possible values are:
DEPRECATED,DRAFT,ACTIVE. - update_
time str - Time the Posture was updated in UTC.
- create
Time String - Time the Posture was created in UTC.
- description String
- Description of the posture.
- etag String
- For Resource freshness validation (https://google.aip.dev/154)
- location String
- Location of the resource, eg: global.
- name String
- Name of the posture.
- parent String
- The parent of the resource, an organization. Format should be
organizations/{organization_id}. - policy
Sets List<Property Map> - List of policy sets for the posture. Structure is documented below.
- posture
Id String - Id of the posture. It is an immutable field.
- reconciling Boolean
- If set, there are currently changes in flight to the posture.
- revision
Id String - Revision_id of the posture.
- state String
- State of the posture. Update to state field should not be triggered along with
with other field updates.
Possible values are:
DEPRECATED,DRAFT,ACTIVE. - update
Time String - Time the Posture was updated in UTC.
Supporting Types
PosturePolicySet, PosturePolicySetArgs
- Policies
List<Posture
Policy Set Policy> - List of security policy Structure is documented below.
- Policy
Set stringId - ID of the policy set.
- Description string
- Description of the policy set.
- Policies
[]Posture
Policy Set Policy - List of security policy Structure is documented below.
- Policy
Set stringId - ID of the policy set.
- Description string
- Description of the policy set.
- policies
List<Posture
Policy Set Policy> - List of security policy Structure is documented below.
- policy
Set StringId - ID of the policy set.
- description String
- Description of the policy set.
- policies
Posture
Policy Set Policy[] - List of security policy Structure is documented below.
- policy
Set stringId - ID of the policy set.
- description string
- Description of the policy set.
- policies
Sequence[Posture
Policy Set Policy] - List of security policy Structure is documented below.
- policy_
set_ strid - ID of the policy set.
- description str
- Description of the policy set.
- policies List<Property Map>
- List of security policy Structure is documented below.
- policy
Set StringId - ID of the policy set.
- description String
- Description of the policy set.
PosturePolicySetPolicy, PosturePolicySetPolicyArgs
- Constraint
Posture
Policy Set Policy Constraint - Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule Structure is documented below.
- Policy
Id string - ID of the policy.
- Compliance
Standards List<PosturePolicy Set Policy Compliance Standard> - Mapping for policy to security standards and controls. Structure is documented below.
- Description string
- Description of the policy.
- Constraint
Posture
Policy Set Policy Constraint - Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule Structure is documented below.
- Policy
Id string - ID of the policy.
- Compliance
Standards []PosturePolicy Set Policy Compliance Standard - Mapping for policy to security standards and controls. Structure is documented below.
- Description string
- Description of the policy.
- constraint
Posture
Policy Set Policy Constraint - Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule Structure is documented below.
- policy
Id String - ID of the policy.
- compliance
Standards List<PosturePolicy Set Policy Compliance Standard> - Mapping for policy to security standards and controls. Structure is documented below.
- description String
- Description of the policy.
- constraint
Posture
Policy Set Policy Constraint - Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule Structure is documented below.
- policy
Id string - ID of the policy.
- compliance
Standards PosturePolicy Set Policy Compliance Standard[] - Mapping for policy to security standards and controls. Structure is documented below.
- description string
- Description of the policy.
- constraint
Posture
Policy Set Policy Constraint - Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule Structure is documented below.
- policy_
id str - ID of the policy.
- compliance_
standards Sequence[PosturePolicy Set Policy Compliance Standard] - Mapping for policy to security standards and controls. Structure is documented below.
- description str
- Description of the policy.
- constraint Property Map
- Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule Structure is documented below.
- policy
Id String - ID of the policy.
- compliance
Standards List<Property Map> - Mapping for policy to security standards and controls. Structure is documented below.
- description String
- Description of the policy.
PosturePolicySetPolicyComplianceStandard, PosturePolicySetPolicyComplianceStandardArgs
PosturePolicySetPolicyConstraint, PosturePolicySetPolicyConstraintArgs
- Org
Policy PostureConstraint Policy Set Policy Constraint Org Policy Constraint - Organization policy canned constraint definition. Structure is documented below.
- Org
Policy PostureConstraint Custom Policy Set Policy Constraint Org Policy Constraint Custom - Organization policy custom constraint policy definition. Structure is documented below.
- Security
Health PostureAnalytics Custom Module Policy Set Policy Constraint Security Health Analytics Custom Module - Definition of Security Health Analytics Custom Module. Structure is documented below.
- Security
Health PostureAnalytics Module Policy Set Policy Constraint Security Health Analytics Module - Security Health Analytics built-in detector definition. Structure is documented below.
- Org
Policy PostureConstraint Policy Set Policy Constraint Org Policy Constraint - Organization policy canned constraint definition. Structure is documented below.
- Org
Policy PostureConstraint Custom Policy Set Policy Constraint Org Policy Constraint Custom - Organization policy custom constraint policy definition. Structure is documented below.
- Security
Health PostureAnalytics Custom Module Policy Set Policy Constraint Security Health Analytics Custom Module - Definition of Security Health Analytics Custom Module. Structure is documented below.
- Security
Health PostureAnalytics Module Policy Set Policy Constraint Security Health Analytics Module - Security Health Analytics built-in detector definition. Structure is documented below.
- org
Policy PostureConstraint Policy Set Policy Constraint Org Policy Constraint - Organization policy canned constraint definition. Structure is documented below.
- org
Policy PostureConstraint Custom Policy Set Policy Constraint Org Policy Constraint Custom - Organization policy custom constraint policy definition. Structure is documented below.
- security
Health PostureAnalytics Custom Module Policy Set Policy Constraint Security Health Analytics Custom Module - Definition of Security Health Analytics Custom Module. Structure is documented below.
- security
Health PostureAnalytics Module Policy Set Policy Constraint Security Health Analytics Module - Security Health Analytics built-in detector definition. Structure is documented below.
- org
Policy PostureConstraint Policy Set Policy Constraint Org Policy Constraint - Organization policy canned constraint definition. Structure is documented below.
- org
Policy PostureConstraint Custom Policy Set Policy Constraint Org Policy Constraint Custom - Organization policy custom constraint policy definition. Structure is documented below.
- security
Health PostureAnalytics Custom Module Policy Set Policy Constraint Security Health Analytics Custom Module - Definition of Security Health Analytics Custom Module. Structure is documented below.
- security
Health PostureAnalytics Module Policy Set Policy Constraint Security Health Analytics Module - Security Health Analytics built-in detector definition. Structure is documented below.
- org_
policy_ Postureconstraint Policy Set Policy Constraint Org Policy Constraint - Organization policy canned constraint definition. Structure is documented below.
- org_
policy_ Postureconstraint_ custom Policy Set Policy Constraint Org Policy Constraint Custom - Organization policy custom constraint policy definition. Structure is documented below.
- security_
health_ Postureanalytics_ custom_ module Policy Set Policy Constraint Security Health Analytics Custom Module - Definition of Security Health Analytics Custom Module. Structure is documented below.
- security_
health_ Postureanalytics_ module Policy Set Policy Constraint Security Health Analytics Module - Security Health Analytics built-in detector definition. Structure is documented below.
- org
Policy Property MapConstraint - Organization policy canned constraint definition. Structure is documented below.
- org
Policy Property MapConstraint Custom - Organization policy custom constraint policy definition. Structure is documented below.
- security
Health Property MapAnalytics Custom Module - Definition of Security Health Analytics Custom Module. Structure is documented below.
- security
Health Property MapAnalytics Module - Security Health Analytics built-in detector definition. Structure is documented below.
PosturePolicySetPolicyConstraintOrgPolicyConstraint, PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs
- Canned
Constraint stringId - Organization policy canned constraint Id
- Policy
Rules List<PosturePolicy Set Policy Constraint Org Policy Constraint Policy Rule> - Definition of policy rules Structure is documented below.
- Canned
Constraint stringId - Organization policy canned constraint Id
- Policy
Rules []PosturePolicy Set Policy Constraint Org Policy Constraint Policy Rule - Definition of policy rules Structure is documented below.
- canned
Constraint StringId - Organization policy canned constraint Id
- policy
Rules List<PosturePolicy Set Policy Constraint Org Policy Constraint Policy Rule> - Definition of policy rules Structure is documented below.
- canned
Constraint stringId - Organization policy canned constraint Id
- policy
Rules PosturePolicy Set Policy Constraint Org Policy Constraint Policy Rule[] - Definition of policy rules Structure is documented below.
- canned_
constraint_ strid - Organization policy canned constraint Id
- policy_
rules Sequence[PosturePolicy Set Policy Constraint Org Policy Constraint Policy Rule] - Definition of policy rules Structure is documented below.
- canned
Constraint StringId - Organization policy canned constraint Id
- policy
Rules List<Property Map> - Definition of policy rules Structure is documented below.
PosturePolicySetPolicyConstraintOrgPolicyConstraintCustom, PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs
- Policy
Rules List<PosturePolicy Set Policy Constraint Org Policy Constraint Custom Policy Rule> - Definition of policy rules Structure is documented below.
- Custom
Constraint PosturePolicy Set Policy Constraint Org Policy Constraint Custom Custom Constraint - Organization policy custom constraint definition. Structure is documented below.
- Policy
Rules []PosturePolicy Set Policy Constraint Org Policy Constraint Custom Policy Rule - Definition of policy rules Structure is documented below.
- Custom
Constraint PosturePolicy Set Policy Constraint Org Policy Constraint Custom Custom Constraint - Organization policy custom constraint definition. Structure is documented below.
- policy
Rules List<PosturePolicy Set Policy Constraint Org Policy Constraint Custom Policy Rule> - Definition of policy rules Structure is documented below.
- custom
Constraint PosturePolicy Set Policy Constraint Org Policy Constraint Custom Custom Constraint - Organization policy custom constraint definition. Structure is documented below.
- policy
Rules PosturePolicy Set Policy Constraint Org Policy Constraint Custom Policy Rule[] - Definition of policy rules Structure is documented below.
- custom
Constraint PosturePolicy Set Policy Constraint Org Policy Constraint Custom Custom Constraint - Organization policy custom constraint definition. Structure is documented below.
- policy_
rules Sequence[PosturePolicy Set Policy Constraint Org Policy Constraint Custom Policy Rule] - Definition of policy rules Structure is documented below.
- custom_
constraint PosturePolicy Set Policy Constraint Org Policy Constraint Custom Custom Constraint - Organization policy custom constraint definition. Structure is documented below.
- policy
Rules List<Property Map> - Definition of policy rules Structure is documented below.
- custom
Constraint Property Map - Organization policy custom constraint definition. Structure is documented below.
PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraint, PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs
- Action
Type string - The action to take if the condition is met.
Possible values are:
ALLOW,DENY. - Condition string
- A CEL condition that refers to a supported service resource, for example
resource.management.autoUpgrade == false. For details about CEL usage, see Common Expression Language. - Method
Types List<string> - A list of RESTful methods for which to enforce the constraint. Can be
CREATE,UPDATE, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in Supported services. - Name string
- Immutable. The name of the custom constraint. This is unique within the organization.
- Resource
Types List<string> - Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example,
container.googleapis.com/NodePool. - Description string
- A human-friendly description of the constraint to display as an error message when the policy is violated.
- Display
Name string - A human-friendly name for the constraint.
- Action
Type string - The action to take if the condition is met.
Possible values are:
ALLOW,DENY. - Condition string
- A CEL condition that refers to a supported service resource, for example
resource.management.autoUpgrade == false. For details about CEL usage, see Common Expression Language. - Method
Types []string - A list of RESTful methods for which to enforce the constraint. Can be
CREATE,UPDATE, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in Supported services. - Name string
- Immutable. The name of the custom constraint. This is unique within the organization.
- Resource
Types []string - Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example,
container.googleapis.com/NodePool. - Description string
- A human-friendly description of the constraint to display as an error message when the policy is violated.
- Display
Name string - A human-friendly name for the constraint.
- action
Type String - The action to take if the condition is met.
Possible values are:
ALLOW,DENY. - condition String
- A CEL condition that refers to a supported service resource, for example
resource.management.autoUpgrade == false. For details about CEL usage, see Common Expression Language. - method
Types List<String> - A list of RESTful methods for which to enforce the constraint. Can be
CREATE,UPDATE, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in Supported services. - name String
- Immutable. The name of the custom constraint. This is unique within the organization.
- resource
Types List<String> - Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example,
container.googleapis.com/NodePool. - description String
- A human-friendly description of the constraint to display as an error message when the policy is violated.
- display
Name String - A human-friendly name for the constraint.
- action
Type string - The action to take if the condition is met.
Possible values are:
ALLOW,DENY. - condition string
- A CEL condition that refers to a supported service resource, for example
resource.management.autoUpgrade == false. For details about CEL usage, see Common Expression Language. - method
Types string[] - A list of RESTful methods for which to enforce the constraint. Can be
CREATE,UPDATE, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in Supported services. - name string
- Immutable. The name of the custom constraint. This is unique within the organization.
- resource
Types string[] - Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example,
container.googleapis.com/NodePool. - description string
- A human-friendly description of the constraint to display as an error message when the policy is violated.
- display
Name string - A human-friendly name for the constraint.
- action_
type str - The action to take if the condition is met.
Possible values are:
ALLOW,DENY. - condition str
- A CEL condition that refers to a supported service resource, for example
resource.management.autoUpgrade == false. For details about CEL usage, see Common Expression Language. - method_
types Sequence[str] - A list of RESTful methods for which to enforce the constraint. Can be
CREATE,UPDATE, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in Supported services. - name str
- Immutable. The name of the custom constraint. This is unique within the organization.
- resource_
types Sequence[str] - Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example,
container.googleapis.com/NodePool. - description str
- A human-friendly description of the constraint to display as an error message when the policy is violated.
- display_
name str - A human-friendly name for the constraint.
- action
Type String - The action to take if the condition is met.
Possible values are:
ALLOW,DENY. - condition String
- A CEL condition that refers to a supported service resource, for example
resource.management.autoUpgrade == false. For details about CEL usage, see Common Expression Language. - method
Types List<String> - A list of RESTful methods for which to enforce the constraint. Can be
CREATE,UPDATE, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in Supported services. - name String
- Immutable. The name of the custom constraint. This is unique within the organization.
- resource
Types List<String> - Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example,
container.googleapis.com/NodePool. - description String
- A human-friendly description of the constraint to display as an error message when the policy is violated.
- display
Name String - A human-friendly name for the constraint.
PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRule, PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs
- Allow
All bool - Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
- Condition
Posture
Policy Set Policy Constraint Org Policy Constraint Custom Policy Rule Condition - Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
- Deny
All bool - Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
- Enforce bool
- If
true, then the policy is enforced. Iffalse, then any configuration is acceptable. This field can be set only in policies for boolean constraints. - Values
Posture
Policy Set Policy Constraint Org Policy Constraint Custom Policy Rule Values - List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
- Allow
All bool - Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
- Condition
Posture
Policy Set Policy Constraint Org Policy Constraint Custom Policy Rule Condition - Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
- Deny
All bool - Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
- Enforce bool
- If
true, then the policy is enforced. Iffalse, then any configuration is acceptable. This field can be set only in policies for boolean constraints. - Values
Posture
Policy Set Policy Constraint Org Policy Constraint Custom Policy Rule Values - List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
- allow
All Boolean - Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
- condition
Posture
Policy Set Policy Constraint Org Policy Constraint Custom Policy Rule Condition - Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
- deny
All Boolean - Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
- enforce Boolean
- If
true, then the policy is enforced. Iffalse, then any configuration is acceptable. This field can be set only in policies for boolean constraints. - values
Posture
Policy Set Policy Constraint Org Policy Constraint Custom Policy Rule Values - List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
- allow
All boolean - Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
- condition
Posture
Policy Set Policy Constraint Org Policy Constraint Custom Policy Rule Condition - Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
- deny
All boolean - Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
- enforce boolean
- If
true, then the policy is enforced. Iffalse, then any configuration is acceptable. This field can be set only in policies for boolean constraints. - values
Posture
Policy Set Policy Constraint Org Policy Constraint Custom Policy Rule Values - List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
- allow_
all bool - Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
- condition
Posture
Policy Set Policy Constraint Org Policy Constraint Custom Policy Rule Condition - Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
- deny_
all bool - Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
- enforce bool
- If
true, then the policy is enforced. Iffalse, then any configuration is acceptable. This field can be set only in policies for boolean constraints. - values
Posture
Policy Set Policy Constraint Org Policy Constraint Custom Policy Rule Values - List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
- allow
All Boolean - Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
- condition Property Map
- Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
- deny
All Boolean - Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
- enforce Boolean
- If
true, then the policy is enforced. Iffalse, then any configuration is acceptable. This field can be set only in policies for boolean constraints. - values Property Map
- List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleCondition, PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleConditionArgs
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Description string
- Description of the expression
- Location string
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- Title string
- Title for the expression, i.e. a short string describing its purpose.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Description string
- Description of the expression
- Location string
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- Title string
- Title for the expression, i.e. a short string describing its purpose.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- description String
- Description of the expression
- location String
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- title String
- Title for the expression, i.e. a short string describing its purpose.
- expression string
- Textual representation of an expression in Common Expression Language syntax.
- description string
- Description of the expression
- location string
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- title string
- Title for the expression, i.e. a short string describing its purpose.
- expression str
- Textual representation of an expression in Common Expression Language syntax.
- description str
- Description of the expression
- location str
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- title str
- Title for the expression, i.e. a short string describing its purpose.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- description String
- Description of the expression
- location String
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- title String
- Title for the expression, i.e. a short string describing its purpose.
PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValues, PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValuesArgs
- Allowed
Values List<string> - List of values allowed at this resource.
- Denied
Values List<string> - List of values denied at this resource.
- Allowed
Values []string - List of values allowed at this resource.
- Denied
Values []string - List of values denied at this resource.
- allowed
Values List<String> - List of values allowed at this resource.
- denied
Values List<String> - List of values denied at this resource.
- allowed
Values string[] - List of values allowed at this resource.
- denied
Values string[] - List of values denied at this resource.
- allowed_
values Sequence[str] - List of values allowed at this resource.
- denied_
values Sequence[str] - List of values denied at this resource.
- allowed
Values List<String> - List of values allowed at this resource.
- denied
Values List<String> - List of values denied at this resource.
PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRule, PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs
- Allow
All bool - Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
- Condition
Posture
Policy Set Policy Constraint Org Policy Constraint Policy Rule Condition - Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
- Deny
All bool - Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
- Enforce bool
- If
true, then the policy is enforced. Iffalse, then any configuration is acceptable. This field can be set only in policies for boolean constraints. - Values
Posture
Policy Set Policy Constraint Org Policy Constraint Policy Rule Values - List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
- Allow
All bool - Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
- Condition
Posture
Policy Set Policy Constraint Org Policy Constraint Policy Rule Condition - Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
- Deny
All bool - Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
- Enforce bool
- If
true, then the policy is enforced. Iffalse, then any configuration is acceptable. This field can be set only in policies for boolean constraints. - Values
Posture
Policy Set Policy Constraint Org Policy Constraint Policy Rule Values - List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
- allow
All Boolean - Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
- condition
Posture
Policy Set Policy Constraint Org Policy Constraint Policy Rule Condition - Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
- deny
All Boolean - Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
- enforce Boolean
- If
true, then the policy is enforced. Iffalse, then any configuration is acceptable. This field can be set only in policies for boolean constraints. - values
Posture
Policy Set Policy Constraint Org Policy Constraint Policy Rule Values - List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
- allow
All boolean - Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
- condition
Posture
Policy Set Policy Constraint Org Policy Constraint Policy Rule Condition - Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
- deny
All boolean - Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
- enforce boolean
- If
true, then the policy is enforced. Iffalse, then any configuration is acceptable. This field can be set only in policies for boolean constraints. - values
Posture
Policy Set Policy Constraint Org Policy Constraint Policy Rule Values - List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
- allow_
all bool - Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
- condition
Posture
Policy Set Policy Constraint Org Policy Constraint Policy Rule Condition - Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
- deny_
all bool - Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
- enforce bool
- If
true, then the policy is enforced. Iffalse, then any configuration is acceptable. This field can be set only in policies for boolean constraints. - values
Posture
Policy Set Policy Constraint Org Policy Constraint Policy Rule Values - List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
- allow
All Boolean - Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
- condition Property Map
- Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. Structure is documented below.
- deny
All Boolean - Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
- enforce Boolean
- If
true, then the policy is enforced. Iffalse, then any configuration is acceptable. This field can be set only in policies for boolean constraints. - values Property Map
- List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below.
PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleCondition, PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleConditionArgs
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Description string
- Description of the expression
- Location string
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- Title string
- Title for the expression, i.e. a short string describing its purpose.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Description string
- Description of the expression
- Location string
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- Title string
- Title for the expression, i.e. a short string describing its purpose.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- description String
- Description of the expression
- location String
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- title String
- Title for the expression, i.e. a short string describing its purpose.
- expression string
- Textual representation of an expression in Common Expression Language syntax.
- description string
- Description of the expression
- location string
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- title string
- Title for the expression, i.e. a short string describing its purpose.
- expression str
- Textual representation of an expression in Common Expression Language syntax.
- description str
- Description of the expression
- location str
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- title str
- Title for the expression, i.e. a short string describing its purpose.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- description String
- Description of the expression
- location String
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- title String
- Title for the expression, i.e. a short string describing its purpose.
PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValues, PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValuesArgs
- Allowed
Values List<string> - List of values allowed at this resource.
- Denied
Values List<string> - List of values denied at this resource.
- Allowed
Values []string - List of values allowed at this resource.
- Denied
Values []string - List of values denied at this resource.
- allowed
Values List<String> - List of values allowed at this resource.
- denied
Values List<String> - List of values denied at this resource.
- allowed
Values string[] - List of values allowed at this resource.
- denied
Values string[] - List of values denied at this resource.
- allowed_
values Sequence[str] - List of values allowed at this resource.
- denied_
values Sequence[str] - List of values denied at this resource.
- allowed
Values List<String> - List of values allowed at this resource.
- denied
Values List<String> - List of values denied at this resource.
PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModule, PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs
- Config
Posture
Policy Set Policy Constraint Security Health Analytics Custom Module Config - Custom module details. Structure is documented below.
- Display
Name string - The display name of the Security Health Analytics custom module. This display name becomes the finding category for all findings that are returned by this custom module.
- Id string
- (Output) A server generated id of custom module.
- Module
Enablement stringState - The state of enablement for the module at its level of the resource hierarchy.
Possible values are:
ENABLEMENT_STATE_UNSPECIFIED,ENABLED,DISABLED.
- Config
Posture
Policy Set Policy Constraint Security Health Analytics Custom Module Config - Custom module details. Structure is documented below.
- Display
Name string - The display name of the Security Health Analytics custom module. This display name becomes the finding category for all findings that are returned by this custom module.
- Id string
- (Output) A server generated id of custom module.
- Module
Enablement stringState - The state of enablement for the module at its level of the resource hierarchy.
Possible values are:
ENABLEMENT_STATE_UNSPECIFIED,ENABLED,DISABLED.
- config
Posture
Policy Set Policy Constraint Security Health Analytics Custom Module Config - Custom module details. Structure is documented below.
- display
Name String - The display name of the Security Health Analytics custom module. This display name becomes the finding category for all findings that are returned by this custom module.
- id String
- (Output) A server generated id of custom module.
- module
Enablement StringState - The state of enablement for the module at its level of the resource hierarchy.
Possible values are:
ENABLEMENT_STATE_UNSPECIFIED,ENABLED,DISABLED.
- config
Posture
Policy Set Policy Constraint Security Health Analytics Custom Module Config - Custom module details. Structure is documented below.
- display
Name string - The display name of the Security Health Analytics custom module. This display name becomes the finding category for all findings that are returned by this custom module.
- id string
- (Output) A server generated id of custom module.
- module
Enablement stringState - The state of enablement for the module at its level of the resource hierarchy.
Possible values are:
ENABLEMENT_STATE_UNSPECIFIED,ENABLED,DISABLED.
- config
Posture
Policy Set Policy Constraint Security Health Analytics Custom Module Config - Custom module details. Structure is documented below.
- display_
name str - The display name of the Security Health Analytics custom module. This display name becomes the finding category for all findings that are returned by this custom module.
- id str
- (Output) A server generated id of custom module.
- module_
enablement_ strstate - The state of enablement for the module at its level of the resource hierarchy.
Possible values are:
ENABLEMENT_STATE_UNSPECIFIED,ENABLED,DISABLED.
- config Property Map
- Custom module details. Structure is documented below.
- display
Name String - The display name of the Security Health Analytics custom module. This display name becomes the finding category for all findings that are returned by this custom module.
- id String
- (Output) A server generated id of custom module.
- module
Enablement StringState - The state of enablement for the module at its level of the resource hierarchy.
Possible values are:
ENABLEMENT_STATE_UNSPECIFIED,ENABLED,DISABLED.
PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfig, PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs
- Predicate
Posture
Policy Set Policy Constraint Security Health Analytics Custom Module Config Predicate - The CEL expression to evaluate to produce findings.When the expression evaluates to true against a resource, a finding is generated. Structure is documented below.
- Resource
Selector PosturePolicy Set Policy Constraint Security Health Analytics Custom Module Config Resource Selector - The resource types that the custom module operates on. Each custom module can specify up to 5 resource types. Structure is documented below.
- Severity string
- The severity to assign to findings generated by the module.
Possible values are:
SEVERITY_UNSPECIFIED,CRITICAL,HIGH,MEDIUM,LOW. - Custom
Output PosturePolicy Set Policy Constraint Security Health Analytics Custom Module Config Custom Output - Custom output properties. A set of optional name-value pairs that define custom source properties to
return with each finding that is generated by the custom module. The custom
source properties that are defined here are included in the finding JSON
under
sourceProperties. Structure is documented below. - Description string
- Text that describes the vulnerability or misconfiguration that the custom module detects.
- Recommendation string
- An explanation of the recommended steps that security teams can take to resolve the detected issue
- Predicate
Posture
Policy Set Policy Constraint Security Health Analytics Custom Module Config Predicate - The CEL expression to evaluate to produce findings.When the expression evaluates to true against a resource, a finding is generated. Structure is documented below.
- Resource
Selector PosturePolicy Set Policy Constraint Security Health Analytics Custom Module Config Resource Selector - The resource types that the custom module operates on. Each custom module can specify up to 5 resource types. Structure is documented below.
- Severity string
- The severity to assign to findings generated by the module.
Possible values are:
SEVERITY_UNSPECIFIED,CRITICAL,HIGH,MEDIUM,LOW. - Custom
Output PosturePolicy Set Policy Constraint Security Health Analytics Custom Module Config Custom Output - Custom output properties. A set of optional name-value pairs that define custom source properties to
return with each finding that is generated by the custom module. The custom
source properties that are defined here are included in the finding JSON
under
sourceProperties. Structure is documented below. - Description string
- Text that describes the vulnerability or misconfiguration that the custom module detects.
- Recommendation string
- An explanation of the recommended steps that security teams can take to resolve the detected issue
- predicate
Posture
Policy Set Policy Constraint Security Health Analytics Custom Module Config Predicate - The CEL expression to evaluate to produce findings.When the expression evaluates to true against a resource, a finding is generated. Structure is documented below.
- resource
Selector PosturePolicy Set Policy Constraint Security Health Analytics Custom Module Config Resource Selector - The resource types that the custom module operates on. Each custom module can specify up to 5 resource types. Structure is documented below.
- severity String
- The severity to assign to findings generated by the module.
Possible values are:
SEVERITY_UNSPECIFIED,CRITICAL,HIGH,MEDIUM,LOW. - custom
Output PosturePolicy Set Policy Constraint Security Health Analytics Custom Module Config Custom Output - Custom output properties. A set of optional name-value pairs that define custom source properties to
return with each finding that is generated by the custom module. The custom
source properties that are defined here are included in the finding JSON
under
sourceProperties. Structure is documented below. - description String
- Text that describes the vulnerability or misconfiguration that the custom module detects.
- recommendation String
- An explanation of the recommended steps that security teams can take to resolve the detected issue
- predicate
Posture
Policy Set Policy Constraint Security Health Analytics Custom Module Config Predicate - The CEL expression to evaluate to produce findings.When the expression evaluates to true against a resource, a finding is generated. Structure is documented below.
- resource
Selector PosturePolicy Set Policy Constraint Security Health Analytics Custom Module Config Resource Selector - The resource types that the custom module operates on. Each custom module can specify up to 5 resource types. Structure is documented below.
- severity string
- The severity to assign to findings generated by the module.
Possible values are:
SEVERITY_UNSPECIFIED,CRITICAL,HIGH,MEDIUM,LOW. - custom
Output PosturePolicy Set Policy Constraint Security Health Analytics Custom Module Config Custom Output - Custom output properties. A set of optional name-value pairs that define custom source properties to
return with each finding that is generated by the custom module. The custom
source properties that are defined here are included in the finding JSON
under
sourceProperties. Structure is documented below. - description string
- Text that describes the vulnerability or misconfiguration that the custom module detects.
- recommendation string
- An explanation of the recommended steps that security teams can take to resolve the detected issue
- predicate
Posture
Policy Set Policy Constraint Security Health Analytics Custom Module Config Predicate - The CEL expression to evaluate to produce findings.When the expression evaluates to true against a resource, a finding is generated. Structure is documented below.
- resource_
selector PosturePolicy Set Policy Constraint Security Health Analytics Custom Module Config Resource Selector - The resource types that the custom module operates on. Each custom module can specify up to 5 resource types. Structure is documented below.
- severity str
- The severity to assign to findings generated by the module.
Possible values are:
SEVERITY_UNSPECIFIED,CRITICAL,HIGH,MEDIUM,LOW. - custom_
output PosturePolicy Set Policy Constraint Security Health Analytics Custom Module Config Custom Output - Custom output properties. A set of optional name-value pairs that define custom source properties to
return with each finding that is generated by the custom module. The custom
source properties that are defined here are included in the finding JSON
under
sourceProperties. Structure is documented below. - description str
- Text that describes the vulnerability or misconfiguration that the custom module detects.
- recommendation str
- An explanation of the recommended steps that security teams can take to resolve the detected issue
- predicate Property Map
- The CEL expression to evaluate to produce findings.When the expression evaluates to true against a resource, a finding is generated. Structure is documented below.
- resource
Selector Property Map - The resource types that the custom module operates on. Each custom module can specify up to 5 resource types. Structure is documented below.
- severity String
- The severity to assign to findings generated by the module.
Possible values are:
SEVERITY_UNSPECIFIED,CRITICAL,HIGH,MEDIUM,LOW. - custom
Output Property Map - Custom output properties. A set of optional name-value pairs that define custom source properties to
return with each finding that is generated by the custom module. The custom
source properties that are defined here are included in the finding JSON
under
sourceProperties. Structure is documented below. - description String
- Text that describes the vulnerability or misconfiguration that the custom module detects.
- recommendation String
- An explanation of the recommended steps that security teams can take to resolve the detected issue
PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutput, PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs
- Properties
List<Posture
Policy Set Policy Constraint Security Health Analytics Custom Module Config Custom Output Property> - A list of custom output properties to add to the finding. Structure is documented below.
- Properties
[]Posture
Policy Set Policy Constraint Security Health Analytics Custom Module Config Custom Output Property - A list of custom output properties to add to the finding. Structure is documented below.
- properties
List<Posture
Policy Set Policy Constraint Security Health Analytics Custom Module Config Custom Output Property> - A list of custom output properties to add to the finding. Structure is documented below.
- properties
Posture
Policy Set Policy Constraint Security Health Analytics Custom Module Config Custom Output Property[] - A list of custom output properties to add to the finding. Structure is documented below.
- properties
Sequence[Posture
Policy Set Policy Constraint Security Health Analytics Custom Module Config Custom Output Property] - A list of custom output properties to add to the finding. Structure is documented below.
- properties List<Property Map>
- A list of custom output properties to add to the finding. Structure is documented below.
PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputProperty, PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs
- Name string
- Name of the property for the custom output.
- Value
Expression PosturePolicy Set Policy Constraint Security Health Analytics Custom Module Config Custom Output Property Value Expression - The CEL expression for the custom output. A resource property can be specified to return the value of the property or a text string enclosed in quotation marks. Structure is documented below.
- Name string
- Name of the property for the custom output.
- Value
Expression PosturePolicy Set Policy Constraint Security Health Analytics Custom Module Config Custom Output Property Value Expression - The CEL expression for the custom output. A resource property can be specified to return the value of the property or a text string enclosed in quotation marks. Structure is documented below.
- name String
- Name of the property for the custom output.
- value
Expression PosturePolicy Set Policy Constraint Security Health Analytics Custom Module Config Custom Output Property Value Expression - The CEL expression for the custom output. A resource property can be specified to return the value of the property or a text string enclosed in quotation marks. Structure is documented below.
- name string
- Name of the property for the custom output.
- value
Expression PosturePolicy Set Policy Constraint Security Health Analytics Custom Module Config Custom Output Property Value Expression - The CEL expression for the custom output. A resource property can be specified to return the value of the property or a text string enclosed in quotation marks. Structure is documented below.
- name str
- Name of the property for the custom output.
- value_
expression PosturePolicy Set Policy Constraint Security Health Analytics Custom Module Config Custom Output Property Value Expression - The CEL expression for the custom output. A resource property can be specified to return the value of the property or a text string enclosed in quotation marks. Structure is documented below.
- name String
- Name of the property for the custom output.
- value
Expression Property Map - The CEL expression for the custom output. A resource property can be specified to return the value of the property or a text string enclosed in quotation marks. Structure is documented below.
PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpression, PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Description string
- Description of the expression
- Location string
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- Title string
- Title for the expression, i.e. a short string describing its purpose.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Description string
- Description of the expression
- Location string
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- Title string
- Title for the expression, i.e. a short string describing its purpose.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- description String
- Description of the expression
- location String
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- title String
- Title for the expression, i.e. a short string describing its purpose.
- expression string
- Textual representation of an expression in Common Expression Language syntax.
- description string
- Description of the expression
- location string
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- title string
- Title for the expression, i.e. a short string describing its purpose.
- expression str
- Textual representation of an expression in Common Expression Language syntax.
- description str
- Description of the expression
- location str
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- title str
- Title for the expression, i.e. a short string describing its purpose.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- description String
- Description of the expression
- location String
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- title String
- Title for the expression, i.e. a short string describing its purpose.
PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicate, PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Description string
- Description of the expression
- Location string
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- Title string
- Title for the expression, i.e. a short string describing its purpose.
- Expression string
- Textual representation of an expression in Common Expression Language syntax.
- Description string
- Description of the expression
- Location string
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- Title string
- Title for the expression, i.e. a short string describing its purpose.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- description String
- Description of the expression
- location String
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- title String
- Title for the expression, i.e. a short string describing its purpose.
- expression string
- Textual representation of an expression in Common Expression Language syntax.
- description string
- Description of the expression
- location string
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- title string
- Title for the expression, i.e. a short string describing its purpose.
- expression str
- Textual representation of an expression in Common Expression Language syntax.
- description str
- Description of the expression
- location str
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- title str
- Title for the expression, i.e. a short string describing its purpose.
- expression String
- Textual representation of an expression in Common Expression Language syntax.
- description String
- Description of the expression
- location String
- String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
- title String
- Title for the expression, i.e. a short string describing its purpose.
PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelector, PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs
- Resource
Types List<string> - The resource types to run the detector on.
- Resource
Types []string - The resource types to run the detector on.
- resource
Types List<String> - The resource types to run the detector on.
- resource
Types string[] - The resource types to run the detector on.
- resource_
types Sequence[str] - The resource types to run the detector on.
- resource
Types List<String> - The resource types to run the detector on.
PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModule, PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs
- Module
Name string - The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.
- Module
Enablement stringState - The state of enablement for the module at its level of the resource hierarchy.
Possible values are:
ENABLEMENT_STATE_UNSPECIFIED,ENABLED,DISABLED.
- Module
Name string - The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.
- Module
Enablement stringState - The state of enablement for the module at its level of the resource hierarchy.
Possible values are:
ENABLEMENT_STATE_UNSPECIFIED,ENABLED,DISABLED.
- module
Name String - The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.
- module
Enablement StringState - The state of enablement for the module at its level of the resource hierarchy.
Possible values are:
ENABLEMENT_STATE_UNSPECIFIED,ENABLED,DISABLED.
- module
Name string - The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.
- module
Enablement stringState - The state of enablement for the module at its level of the resource hierarchy.
Possible values are:
ENABLEMENT_STATE_UNSPECIFIED,ENABLED,DISABLED.
- module_
name str - The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.
- module_
enablement_ strstate - The state of enablement for the module at its level of the resource hierarchy.
Possible values are:
ENABLEMENT_STATE_UNSPECIFIED,ENABLED,DISABLED.
- module
Name String - The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.
- module
Enablement StringState - The state of enablement for the module at its level of the resource hierarchy.
Possible values are:
ENABLEMENT_STATE_UNSPECIFIED,ENABLED,DISABLED.
Import
Posture can be imported using any of these accepted formats:
{{parent}}/locations/{{location}}/postures/{{posture_id}}
When using the pulumi import command, Posture can be imported using one of the formats above. For example:
$ pulumi import gcp:securityposture/posture:Posture default {{parent}}/locations/{{location}}/postures/{{posture_id}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.