Docs Home
vra 0.13.0 published on Wednesday, May 14, 2025 by vmware
vra.PolicyIaasResource
Explore with Pulumi AI
Creates an IaaS Resource policy resource to manage IaaS resources lifecycle at namespace level.
Example Usage
S
The following example shows how to create an IaaS resource policy resource:
import * as pulumi from "@pulumi/pulumi";
import * as vra from "@pulumi/vra";
const policyIaasResource = new vra.PolicyIaasResource("policyIaasResource", {
description: "IaaS Resource Policy [terraform-iaas-resource-policy] created by Terraform",
enforcementType: "HARD",
failurePolicy: "Fail",
resourceRules: [{
apiGroups: ["vmoperator.vmware.com"],
apiVersions: ["*"],
operations: ["CREATE"],
resources: ["virtualmachines"],
}],
validationActions: ["Deny"],
validations: [{
expression: "request.resource.resource != \"virtualmachines\"",
message: "Virtual Machines are prohibited to be provisioned in the namespace.",
}],
});
import pulumi
import pulumi_vra as vra
policy_iaas_resource = vra.PolicyIaasResource("policyIaasResource",
description="IaaS Resource Policy [terraform-iaas-resource-policy] created by Terraform",
enforcement_type="HARD",
failure_policy="Fail",
resource_rules=[{
"api_groups": ["vmoperator.vmware.com"],
"api_versions": ["*"],
"operations": ["CREATE"],
"resources": ["virtualmachines"],
}],
validation_actions=["Deny"],
validations=[{
"expression": "request.resource.resource != \"virtualmachines\"",
"message": "Virtual Machines are prohibited to be provisioned in the namespace.",
}])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/vra/vra"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vra.NewPolicyIaasResource(ctx, "policyIaasResource", &vra.PolicyIaasResourceArgs{
Description: pulumi.String("IaaS Resource Policy [terraform-iaas-resource-policy] created by Terraform"),
EnforcementType: pulumi.String("HARD"),
FailurePolicy: pulumi.String("Fail"),
ResourceRules: vra.PolicyIaasResourceResourceRuleArray{
&vra.PolicyIaasResourceResourceRuleArgs{
ApiGroups: pulumi.StringArray{
pulumi.String("vmoperator.vmware.com"),
},
ApiVersions: pulumi.StringArray{
pulumi.String("*"),
},
Operations: pulumi.StringArray{
pulumi.String("CREATE"),
},
Resources: pulumi.StringArray{
pulumi.String("virtualmachines"),
},
},
},
ValidationActions: pulumi.StringArray{
pulumi.String("Deny"),
},
Validations: vra.PolicyIaasResourceValidationArray{
&vra.PolicyIaasResourceValidationArgs{
Expression: pulumi.String("request.resource.resource != \"virtualmachines\""),
Message: pulumi.String("Virtual Machines are prohibited to be provisioned in the namespace."),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vra = Pulumi.Vra;
return await Deployment.RunAsync(() =>
{
var policyIaasResource = new Vra.PolicyIaasResource("policyIaasResource", new()
{
Description = "IaaS Resource Policy [terraform-iaas-resource-policy] created by Terraform",
EnforcementType = "HARD",
FailurePolicy = "Fail",
ResourceRules = new[]
{
new Vra.Inputs.PolicyIaasResourceResourceRuleArgs
{
ApiGroups = new[]
{
"vmoperator.vmware.com",
},
ApiVersions = new[]
{
"*",
},
Operations = new[]
{
"CREATE",
},
Resources = new[]
{
"virtualmachines",
},
},
},
ValidationActions = new[]
{
"Deny",
},
Validations = new[]
{
new Vra.Inputs.PolicyIaasResourceValidationArgs
{
Expression = "request.resource.resource != \"virtualmachines\"",
Message = "Virtual Machines are prohibited to be provisioned in the namespace.",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vra.PolicyIaasResource;
import com.pulumi.vra.PolicyIaasResourceArgs;
import com.pulumi.vra.inputs.PolicyIaasResourceResourceRuleArgs;
import com.pulumi.vra.inputs.PolicyIaasResourceValidationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyIaasResource = new PolicyIaasResource("policyIaasResource", PolicyIaasResourceArgs.builder()
.description("IaaS Resource Policy [terraform-iaas-resource-policy] created by Terraform")
.enforcementType("HARD")
.failurePolicy("Fail")
.resourceRules(PolicyIaasResourceResourceRuleArgs.builder()
.apiGroups("vmoperator.vmware.com")
.apiVersions("*")
.operations("CREATE")
.resources("virtualmachines")
.build())
.validationActions("Deny")
.validations(PolicyIaasResourceValidationArgs.builder()
.expression("request.resource.resource != \"virtualmachines\"")
.message("Virtual Machines are prohibited to be provisioned in the namespace.")
.build())
.build());
}
}
resources:
policyIaasResource:
type: vra:PolicyIaasResource
properties:
description: IaaS Resource Policy [terraform-iaas-resource-policy] created by Terraform
enforcementType: HARD
failurePolicy: Fail
resourceRules:
- apiGroups:
- vmoperator.vmware.com
apiVersions:
- '*'
operations:
- CREATE
resources:
- virtualmachines
validationActions:
- Deny
validations:
- expression: request.resource.resource != "virtualmachines"
message: Virtual Machines are prohibited to be provisioned in the namespace.
Create PolicyIaasResource Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PolicyIaasResource(name: string, args: PolicyIaasResourceArgs, opts?: CustomResourceOptions);@overload
def PolicyIaasResource(resource_name: str,
args: PolicyIaasResourceArgs,
opts: Optional[ResourceOptions] = None)
@overload
def PolicyIaasResource(resource_name: str,
opts: Optional[ResourceOptions] = None,
resource_rules: Optional[Sequence[PolicyIaasResourceResourceRuleArgs]] = None,
validations: Optional[Sequence[PolicyIaasResourceValidationArgs]] = None,
enforcement_type: Optional[str] = None,
validation_actions: Optional[Sequence[str]] = None,
failure_policy: Optional[str] = None,
match_policy: Optional[str] = None,
match_expressions: Optional[Sequence[PolicyIaasResourceMatchExpressionArgs]] = None,
match_labels: Optional[Mapping[str, str]] = None,
criterias: Optional[Sequence[Mapping[str, str]]] = None,
name: Optional[str] = None,
policy_iaas_resource_id: Optional[str] = None,
project_criterias: Optional[Sequence[Mapping[str, str]]] = None,
project_id: Optional[str] = None,
match_conditions: Optional[Sequence[PolicyIaasResourceMatchConditionArgs]] = None,
exclude_resource_rules: Optional[Sequence[PolicyIaasResourceExcludeResourceRuleArgs]] = None,
description: Optional[str] = None)func NewPolicyIaasResource(ctx *Context, name string, args PolicyIaasResourceArgs, opts ...ResourceOption) (*PolicyIaasResource, error)public PolicyIaasResource(string name, PolicyIaasResourceArgs args, CustomResourceOptions? opts = null)
public PolicyIaasResource(String name, PolicyIaasResourceArgs args)
public PolicyIaasResource(String name, PolicyIaasResourceArgs args, CustomResourceOptions options)
type: vra:PolicyIaasResource
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyIaasResourceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyIaasResourceArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyIaasResourceArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyIaasResourceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyIaasResourceArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var policyIaasResourceResource = new Vra.PolicyIaasResource("policyIaasResourceResource", new()
{
ResourceRules = new[]
{
new Vra.Inputs.PolicyIaasResourceResourceRuleArgs
{
ApiGroups = new[]
{
"string",
},
ApiVersions = new[]
{
"string",
},
Operations = new[]
{
"string",
},
Resources = new[]
{
"string",
},
},
},
Validations = new[]
{
new Vra.Inputs.PolicyIaasResourceValidationArgs
{
Expression = "string",
Message = "string",
MessageExpression = "string",
Reason = "string",
},
},
EnforcementType = "string",
ValidationActions = new[]
{
"string",
},
FailurePolicy = "string",
MatchPolicy = "string",
MatchExpressions = new[]
{
new Vra.Inputs.PolicyIaasResourceMatchExpressionArgs
{
Key = "string",
Operator = "string",
Values = new[]
{
"string",
},
},
},
MatchLabels =
{
{ "string", "string" },
},
Criterias = new[]
{
{
{ "string", "string" },
},
},
Name = "string",
PolicyIaasResourceId = "string",
ProjectCriterias = new[]
{
{
{ "string", "string" },
},
},
ProjectId = "string",
MatchConditions = new[]
{
new Vra.Inputs.PolicyIaasResourceMatchConditionArgs
{
Expression = "string",
Name = "string",
},
},
ExcludeResourceRules = new[]
{
new Vra.Inputs.PolicyIaasResourceExcludeResourceRuleArgs
{
ApiGroups = new[]
{
"string",
},
ApiVersions = new[]
{
"string",
},
Operations = new[]
{
"string",
},
Resources = new[]
{
"string",
},
},
},
Description = "string",
});
example, err := vra.NewPolicyIaasResource(ctx, "policyIaasResourceResource", &vra.PolicyIaasResourceArgs{
ResourceRules: vra.PolicyIaasResourceResourceRuleArray{
&vra.PolicyIaasResourceResourceRuleArgs{
ApiGroups: pulumi.StringArray{
pulumi.String("string"),
},
ApiVersions: pulumi.StringArray{
pulumi.String("string"),
},
Operations: pulumi.StringArray{
pulumi.String("string"),
},
Resources: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Validations: vra.PolicyIaasResourceValidationArray{
&vra.PolicyIaasResourceValidationArgs{
Expression: pulumi.String("string"),
Message: pulumi.String("string"),
MessageExpression: pulumi.String("string"),
Reason: pulumi.String("string"),
},
},
EnforcementType: pulumi.String("string"),
ValidationActions: pulumi.StringArray{
pulumi.String("string"),
},
FailurePolicy: pulumi.String("string"),
MatchPolicy: pulumi.String("string"),
MatchExpressions: vra.PolicyIaasResourceMatchExpressionArray{
&vra.PolicyIaasResourceMatchExpressionArgs{
Key: pulumi.String("string"),
Operator: pulumi.String("string"),
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
},
MatchLabels: pulumi.StringMap{
"string": pulumi.String("string"),
},
Criterias: pulumi.StringMapArray{
pulumi.StringMap{
"string": pulumi.String("string"),
},
},
Name: pulumi.String("string"),
PolicyIaasResourceId: pulumi.String("string"),
ProjectCriterias: pulumi.StringMapArray{
pulumi.StringMap{
"string": pulumi.String("string"),
},
},
ProjectId: pulumi.String("string"),
MatchConditions: vra.PolicyIaasResourceMatchConditionArray{
&vra.PolicyIaasResourceMatchConditionArgs{
Expression: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
ExcludeResourceRules: vra.PolicyIaasResourceExcludeResourceRuleArray{
&vra.PolicyIaasResourceExcludeResourceRuleArgs{
ApiGroups: pulumi.StringArray{
pulumi.String("string"),
},
ApiVersions: pulumi.StringArray{
pulumi.String("string"),
},
Operations: pulumi.StringArray{
pulumi.String("string"),
},
Resources: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Description: pulumi.String("string"),
})
var policyIaasResourceResource = new PolicyIaasResource("policyIaasResourceResource", PolicyIaasResourceArgs.builder()
.resourceRules(PolicyIaasResourceResourceRuleArgs.builder()
.apiGroups("string")
.apiVersions("string")
.operations("string")
.resources("string")
.build())
.validations(PolicyIaasResourceValidationArgs.builder()
.expression("string")
.message("string")
.messageExpression("string")
.reason("string")
.build())
.enforcementType("string")
.validationActions("string")
.failurePolicy("string")
.matchPolicy("string")
.matchExpressions(PolicyIaasResourceMatchExpressionArgs.builder()
.key("string")
.operator("string")
.values("string")
.build())
.matchLabels(Map.of("string", "string"))
.criterias(Map.of("string", "string"))
.name("string")
.policyIaasResourceId("string")
.projectCriterias(Map.of("string", "string"))
.projectId("string")
.matchConditions(PolicyIaasResourceMatchConditionArgs.builder()
.expression("string")
.name("string")
.build())
.excludeResourceRules(PolicyIaasResourceExcludeResourceRuleArgs.builder()
.apiGroups("string")
.apiVersions("string")
.operations("string")
.resources("string")
.build())
.description("string")
.build());
policy_iaas_resource_resource = vra.PolicyIaasResource("policyIaasResourceResource",
resource_rules=[{
"api_groups": ["string"],
"api_versions": ["string"],
"operations": ["string"],
"resources": ["string"],
}],
validations=[{
"expression": "string",
"message": "string",
"message_expression": "string",
"reason": "string",
}],
enforcement_type="string",
validation_actions=["string"],
failure_policy="string",
match_policy="string",
match_expressions=[{
"key": "string",
"operator": "string",
"values": ["string"],
}],
match_labels={
"string": "string",
},
criterias=[{
"string": "string",
}],
name="string",
policy_iaas_resource_id="string",
project_criterias=[{
"string": "string",
}],
project_id="string",
match_conditions=[{
"expression": "string",
"name": "string",
}],
exclude_resource_rules=[{
"api_groups": ["string"],
"api_versions": ["string"],
"operations": ["string"],
"resources": ["string"],
}],
description="string")
const policyIaasResourceResource = new vra.PolicyIaasResource("policyIaasResourceResource", {
resourceRules: [{
apiGroups: ["string"],
apiVersions: ["string"],
operations: ["string"],
resources: ["string"],
}],
validations: [{
expression: "string",
message: "string",
messageExpression: "string",
reason: "string",
}],
enforcementType: "string",
validationActions: ["string"],
failurePolicy: "string",
matchPolicy: "string",
matchExpressions: [{
key: "string",
operator: "string",
values: ["string"],
}],
matchLabels: {
string: "string",
},
criterias: [{
string: "string",
}],
name: "string",
policyIaasResourceId: "string",
projectCriterias: [{
string: "string",
}],
projectId: "string",
matchConditions: [{
expression: "string",
name: "string",
}],
excludeResourceRules: [{
apiGroups: ["string"],
apiVersions: ["string"],
operations: ["string"],
resources: ["string"],
}],
description: "string",
});
type: vra:PolicyIaasResource
properties:
criterias:
- string: string
description: string
enforcementType: string
excludeResourceRules:
- apiGroups:
- string
apiVersions:
- string
operations:
- string
resources:
- string
failurePolicy: string
matchConditions:
- expression: string
name: string
matchExpressions:
- key: string
operator: string
values:
- string
matchLabels:
string: string
matchPolicy: string
name: string
policyIaasResourceId: string
projectCriterias:
- string: string
projectId: string
resourceRules:
- apiGroups:
- string
apiVersions:
- string
operations:
- string
resources:
- string
validationActions:
- string
validations:
- expression: string
message: string
messageExpression: string
reason: string
PolicyIaasResource Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PolicyIaasResource resource accepts the following input properties:
- Enforcement
Type string - The type of enforcement for the policy. Supported values:
HARD,SOFT. - Failure
Policy string - Failure policy to apply when the policy fails. Supported values:
Fail,Ignore. - Resource
Rules List<PolicyIaas Resource Resource Rule> - Resource Rules:
- Validation
Actions List<string> - List of validation actions.
- Validations
List<Policy
Iaas Resource Validation> - List of CEL expressions which are used to validate admission requests:
- Criterias
List<Immutable
Dictionary<string, string>> - The policy criteria.
- Description string
- A human-friendly description for the policy instance.
- Exclude
Resource List<PolicyRules Iaas Resource Exclude Resource Rule> - Exclude Resource Rules:
- Match
Conditions List<PolicyIaas Resource Match Condition> - List of conditions that must be met for a request to be validated:
- Match
Expressions List<PolicyIaas Resource Match Expression> - List of label selector requirements that must be met for an object to be validated:
- Match
Labels Dictionary<string, string> - Map of {key,value} pairs that must be met for an object to be validated.
- Match
Policy string - Match policy. Supported values:
Exact,Equivalent. - Name string
- A human-friendly name used as an identifier for the policy instance.
- Policy
Iaas stringResource Id - Project
Criterias List<ImmutableDictionary<string, string>> - The project based criteria. Updating this argument triggers a recreation of the resource. It cannot be specified when
project_idis set. - Project
Id string - The id of the project this entity belongs to. Updating this argument triggers a recreation of the resource.
- Enforcement
Type string - The type of enforcement for the policy. Supported values:
HARD,SOFT. - Failure
Policy string - Failure policy to apply when the policy fails. Supported values:
Fail,Ignore. - Resource
Rules []PolicyIaas Resource Resource Rule Args - Resource Rules:
- Validation
Actions []string - List of validation actions.
- Validations
[]Policy
Iaas Resource Validation Args - List of CEL expressions which are used to validate admission requests:
- Criterias []map[string]string
- The policy criteria.
- Description string
- A human-friendly description for the policy instance.
- Exclude
Resource []PolicyRules Iaas Resource Exclude Resource Rule Args - Exclude Resource Rules:
- Match
Conditions []PolicyIaas Resource Match Condition Args - List of conditions that must be met for a request to be validated:
- Match
Expressions []PolicyIaas Resource Match Expression Args - List of label selector requirements that must be met for an object to be validated:
- Match
Labels map[string]string - Map of {key,value} pairs that must be met for an object to be validated.
- Match
Policy string - Match policy. Supported values:
Exact,Equivalent. - Name string
- A human-friendly name used as an identifier for the policy instance.
- Policy
Iaas stringResource Id - Project
Criterias []map[string]string - The project based criteria. Updating this argument triggers a recreation of the resource. It cannot be specified when
project_idis set. - Project
Id string - The id of the project this entity belongs to. Updating this argument triggers a recreation of the resource.
- enforcement
Type String - The type of enforcement for the policy. Supported values:
HARD,SOFT. - failure
Policy String - Failure policy to apply when the policy fails. Supported values:
Fail,Ignore. - resource
Rules List<PolicyIaas Resource Resource Rule> - Resource Rules:
- validation
Actions List<String> - List of validation actions.
- validations
List<Policy
Iaas Resource Validation> - List of CEL expressions which are used to validate admission requests:
- criterias List<Map<String,String>>
- The policy criteria.
- description String
- A human-friendly description for the policy instance.
- exclude
Resource List<PolicyRules Iaas Resource Exclude Resource Rule> - Exclude Resource Rules:
- match
Conditions List<PolicyIaas Resource Match Condition> - List of conditions that must be met for a request to be validated:
- match
Expressions List<PolicyIaas Resource Match Expression> - List of label selector requirements that must be met for an object to be validated:
- match
Labels Map<String,String> - Map of {key,value} pairs that must be met for an object to be validated.
- match
Policy String - Match policy. Supported values:
Exact,Equivalent. - name String
- A human-friendly name used as an identifier for the policy instance.
- policy
Iaas StringResource Id - project
Criterias List<Map<String,String>> - The project based criteria. Updating this argument triggers a recreation of the resource. It cannot be specified when
project_idis set. - project
Id String - The id of the project this entity belongs to. Updating this argument triggers a recreation of the resource.
- enforcement
Type string - The type of enforcement for the policy. Supported values:
HARD,SOFT. - failure
Policy string - Failure policy to apply when the policy fails. Supported values:
Fail,Ignore. - resource
Rules PolicyIaas Resource Resource Rule[] - Resource Rules:
- validation
Actions string[] - List of validation actions.
- validations
Policy
Iaas Resource Validation[] - List of CEL expressions which are used to validate admission requests:
- criterias {[key: string]: string}[]
- The policy criteria.
- description string
- A human-friendly description for the policy instance.
- exclude
Resource PolicyRules Iaas Resource Exclude Resource Rule[] - Exclude Resource Rules:
- match
Conditions PolicyIaas Resource Match Condition[] - List of conditions that must be met for a request to be validated:
- match
Expressions PolicyIaas Resource Match Expression[] - List of label selector requirements that must be met for an object to be validated:
- match
Labels {[key: string]: string} - Map of {key,value} pairs that must be met for an object to be validated.
- match
Policy string - Match policy. Supported values:
Exact,Equivalent. - name string
- A human-friendly name used as an identifier for the policy instance.
- policy
Iaas stringResource Id - project
Criterias {[key: string]: string}[] - The project based criteria. Updating this argument triggers a recreation of the resource. It cannot be specified when
project_idis set. - project
Id string - The id of the project this entity belongs to. Updating this argument triggers a recreation of the resource.
- enforcement_
type str - The type of enforcement for the policy. Supported values:
HARD,SOFT. - failure_
policy str - Failure policy to apply when the policy fails. Supported values:
Fail,Ignore. - resource_
rules Sequence[PolicyIaas Resource Resource Rule Args] - Resource Rules:
- validation_
actions Sequence[str] - List of validation actions.
- validations
Sequence[Policy
Iaas Resource Validation Args] - List of CEL expressions which are used to validate admission requests:
- criterias Sequence[Mapping[str, str]]
- The policy criteria.
- description str
- A human-friendly description for the policy instance.
- exclude_
resource_ Sequence[Policyrules Iaas Resource Exclude Resource Rule Args] - Exclude Resource Rules:
- match_
conditions Sequence[PolicyIaas Resource Match Condition Args] - List of conditions that must be met for a request to be validated:
- match_
expressions Sequence[PolicyIaas Resource Match Expression Args] - List of label selector requirements that must be met for an object to be validated:
- match_
labels Mapping[str, str] - Map of {key,value} pairs that must be met for an object to be validated.
- match_
policy str - Match policy. Supported values:
Exact,Equivalent. - name str
- A human-friendly name used as an identifier for the policy instance.
- policy_
iaas_ strresource_ id - project_
criterias Sequence[Mapping[str, str]] - The project based criteria. Updating this argument triggers a recreation of the resource. It cannot be specified when
project_idis set. - project_
id str - The id of the project this entity belongs to. Updating this argument triggers a recreation of the resource.
- enforcement
Type String - The type of enforcement for the policy. Supported values:
HARD,SOFT. - failure
Policy String - Failure policy to apply when the policy fails. Supported values:
Fail,Ignore. - resource
Rules List<Property Map> - Resource Rules:
- validation
Actions List<String> - List of validation actions.
- validations List<Property Map>
- List of CEL expressions which are used to validate admission requests:
- criterias List<Map<String>>
- The policy criteria.
- description String
- A human-friendly description for the policy instance.
- exclude
Resource List<Property Map>Rules - Exclude Resource Rules:
- match
Conditions List<Property Map> - List of conditions that must be met for a request to be validated:
- match
Expressions List<Property Map> - List of label selector requirements that must be met for an object to be validated:
- match
Labels Map<String> - Map of {key,value} pairs that must be met for an object to be validated.
- match
Policy String - Match policy. Supported values:
Exact,Equivalent. - name String
- A human-friendly name used as an identifier for the policy instance.
- policy
Iaas StringResource Id - project
Criterias List<Map<String>> - The project based criteria. Updating this argument triggers a recreation of the resource. It cannot be specified when
project_idis set. - project
Id String - The id of the project this entity belongs to. Updating this argument triggers a recreation of the resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the PolicyIaasResource resource produces the following output properties:
- Created
At string - Date when the entity was created. The date is in ISO 8601 and UTC.
- Created
By string - The user the entity was created by.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Updated stringAt - Date when the entity was last updated. The date is ISO 8601 and UTC.
- Last
Updated stringBy - The user the entity was last updated by.
- Org
Id string - The id of the organization this entity belongs to.
- Created
At string - Date when the entity was created. The date is in ISO 8601 and UTC.
- Created
By string - The user the entity was created by.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Updated stringAt - Date when the entity was last updated. The date is ISO 8601 and UTC.
- Last
Updated stringBy - The user the entity was last updated by.
- Org
Id string - The id of the organization this entity belongs to.
- created
At String - Date when the entity was created. The date is in ISO 8601 and UTC.
- created
By String - The user the entity was created by.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Updated StringAt - Date when the entity was last updated. The date is ISO 8601 and UTC.
- last
Updated StringBy - The user the entity was last updated by.
- org
Id String - The id of the organization this entity belongs to.
- created
At string - Date when the entity was created. The date is in ISO 8601 and UTC.
- created
By string - The user the entity was created by.
- id string
- The provider-assigned unique ID for this managed resource.
- last
Updated stringAt - Date when the entity was last updated. The date is ISO 8601 and UTC.
- last
Updated stringBy - The user the entity was last updated by.
- org
Id string - The id of the organization this entity belongs to.
- created_
at str - Date when the entity was created. The date is in ISO 8601 and UTC.
- created_
by str - The user the entity was created by.
- id str
- The provider-assigned unique ID for this managed resource.
- last_
updated_ strat - Date when the entity was last updated. The date is ISO 8601 and UTC.
- last_
updated_ strby - The user the entity was last updated by.
- org_
id str - The id of the organization this entity belongs to.
- created
At String - Date when the entity was created. The date is in ISO 8601 and UTC.
- created
By String - The user the entity was created by.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Updated StringAt - Date when the entity was last updated. The date is ISO 8601 and UTC.
- last
Updated StringBy - The user the entity was last updated by.
- org
Id String - The id of the organization this entity belongs to.
Look up Existing PolicyIaasResource Resource
Get an existing PolicyIaasResource resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyIaasResourceState, opts?: CustomResourceOptions): PolicyIaasResource@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
created_at: Optional[str] = None,
created_by: Optional[str] = None,
criterias: Optional[Sequence[Mapping[str, str]]] = None,
description: Optional[str] = None,
enforcement_type: Optional[str] = None,
exclude_resource_rules: Optional[Sequence[PolicyIaasResourceExcludeResourceRuleArgs]] = None,
failure_policy: Optional[str] = None,
last_updated_at: Optional[str] = None,
last_updated_by: Optional[str] = None,
match_conditions: Optional[Sequence[PolicyIaasResourceMatchConditionArgs]] = None,
match_expressions: Optional[Sequence[PolicyIaasResourceMatchExpressionArgs]] = None,
match_labels: Optional[Mapping[str, str]] = None,
match_policy: Optional[str] = None,
name: Optional[str] = None,
org_id: Optional[str] = None,
policy_iaas_resource_id: Optional[str] = None,
project_criterias: Optional[Sequence[Mapping[str, str]]] = None,
project_id: Optional[str] = None,
resource_rules: Optional[Sequence[PolicyIaasResourceResourceRuleArgs]] = None,
validation_actions: Optional[Sequence[str]] = None,
validations: Optional[Sequence[PolicyIaasResourceValidationArgs]] = None) -> PolicyIaasResourcefunc GetPolicyIaasResource(ctx *Context, name string, id IDInput, state *PolicyIaasResourceState, opts ...ResourceOption) (*PolicyIaasResource, error)public static PolicyIaasResource Get(string name, Input<string> id, PolicyIaasResourceState? state, CustomResourceOptions? opts = null)public static PolicyIaasResource get(String name, Output<String> id, PolicyIaasResourceState state, CustomResourceOptions options)resources: _: type: vra:PolicyIaasResource get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Created
At string - Date when the entity was created. The date is in ISO 8601 and UTC.
- Created
By string - The user the entity was created by.
- Criterias
List<Immutable
Dictionary<string, string>> - The policy criteria.
- Description string
- A human-friendly description for the policy instance.
- Enforcement
Type string - The type of enforcement for the policy. Supported values:
HARD,SOFT. - Exclude
Resource List<PolicyRules Iaas Resource Exclude Resource Rule> - Exclude Resource Rules:
- Failure
Policy string - Failure policy to apply when the policy fails. Supported values:
Fail,Ignore. - Last
Updated stringAt - Date when the entity was last updated. The date is ISO 8601 and UTC.
- Last
Updated stringBy - The user the entity was last updated by.
- Match
Conditions List<PolicyIaas Resource Match Condition> - List of conditions that must be met for a request to be validated:
- Match
Expressions List<PolicyIaas Resource Match Expression> - List of label selector requirements that must be met for an object to be validated:
- Match
Labels Dictionary<string, string> - Map of {key,value} pairs that must be met for an object to be validated.
- Match
Policy string - Match policy. Supported values:
Exact,Equivalent. - Name string
- A human-friendly name used as an identifier for the policy instance.
- Org
Id string - The id of the organization this entity belongs to.
- Policy
Iaas stringResource Id - Project
Criterias List<ImmutableDictionary<string, string>> - The project based criteria. Updating this argument triggers a recreation of the resource. It cannot be specified when
project_idis set. - Project
Id string - The id of the project this entity belongs to. Updating this argument triggers a recreation of the resource.
- Resource
Rules List<PolicyIaas Resource Resource Rule> - Resource Rules:
- Validation
Actions List<string> - List of validation actions.
- Validations
List<Policy
Iaas Resource Validation> - List of CEL expressions which are used to validate admission requests:
- Created
At string - Date when the entity was created. The date is in ISO 8601 and UTC.
- Created
By string - The user the entity was created by.
- Criterias []map[string]string
- The policy criteria.
- Description string
- A human-friendly description for the policy instance.
- Enforcement
Type string - The type of enforcement for the policy. Supported values:
HARD,SOFT. - Exclude
Resource []PolicyRules Iaas Resource Exclude Resource Rule Args - Exclude Resource Rules:
- Failure
Policy string - Failure policy to apply when the policy fails. Supported values:
Fail,Ignore. - Last
Updated stringAt - Date when the entity was last updated. The date is ISO 8601 and UTC.
- Last
Updated stringBy - The user the entity was last updated by.
- Match
Conditions []PolicyIaas Resource Match Condition Args - List of conditions that must be met for a request to be validated:
- Match
Expressions []PolicyIaas Resource Match Expression Args - List of label selector requirements that must be met for an object to be validated:
- Match
Labels map[string]string - Map of {key,value} pairs that must be met for an object to be validated.
- Match
Policy string - Match policy. Supported values:
Exact,Equivalent. - Name string
- A human-friendly name used as an identifier for the policy instance.
- Org
Id string - The id of the organization this entity belongs to.
- Policy
Iaas stringResource Id - Project
Criterias []map[string]string - The project based criteria. Updating this argument triggers a recreation of the resource. It cannot be specified when
project_idis set. - Project
Id string - The id of the project this entity belongs to. Updating this argument triggers a recreation of the resource.
- Resource
Rules []PolicyIaas Resource Resource Rule Args - Resource Rules:
- Validation
Actions []string - List of validation actions.
- Validations
[]Policy
Iaas Resource Validation Args - List of CEL expressions which are used to validate admission requests:
- created
At String - Date when the entity was created. The date is in ISO 8601 and UTC.
- created
By String - The user the entity was created by.
- criterias List<Map<String,String>>
- The policy criteria.
- description String
- A human-friendly description for the policy instance.
- enforcement
Type String - The type of enforcement for the policy. Supported values:
HARD,SOFT. - exclude
Resource List<PolicyRules Iaas Resource Exclude Resource Rule> - Exclude Resource Rules:
- failure
Policy String - Failure policy to apply when the policy fails. Supported values:
Fail,Ignore. - last
Updated StringAt - Date when the entity was last updated. The date is ISO 8601 and UTC.
- last
Updated StringBy - The user the entity was last updated by.
- match
Conditions List<PolicyIaas Resource Match Condition> - List of conditions that must be met for a request to be validated:
- match
Expressions List<PolicyIaas Resource Match Expression> - List of label selector requirements that must be met for an object to be validated:
- match
Labels Map<String,String> - Map of {key,value} pairs that must be met for an object to be validated.
- match
Policy String - Match policy. Supported values:
Exact,Equivalent. - name String
- A human-friendly name used as an identifier for the policy instance.
- org
Id String - The id of the organization this entity belongs to.
- policy
Iaas StringResource Id - project
Criterias List<Map<String,String>> - The project based criteria. Updating this argument triggers a recreation of the resource. It cannot be specified when
project_idis set. - project
Id String - The id of the project this entity belongs to. Updating this argument triggers a recreation of the resource.
- resource
Rules List<PolicyIaas Resource Resource Rule> - Resource Rules:
- validation
Actions List<String> - List of validation actions.
- validations
List<Policy
Iaas Resource Validation> - List of CEL expressions which are used to validate admission requests:
- created
At string - Date when the entity was created. The date is in ISO 8601 and UTC.
- created
By string - The user the entity was created by.
- criterias {[key: string]: string}[]
- The policy criteria.
- description string
- A human-friendly description for the policy instance.
- enforcement
Type string - The type of enforcement for the policy. Supported values:
HARD,SOFT. - exclude
Resource PolicyRules Iaas Resource Exclude Resource Rule[] - Exclude Resource Rules:
- failure
Policy string - Failure policy to apply when the policy fails. Supported values:
Fail,Ignore. - last
Updated stringAt - Date when the entity was last updated. The date is ISO 8601 and UTC.
- last
Updated stringBy - The user the entity was last updated by.
- match
Conditions PolicyIaas Resource Match Condition[] - List of conditions that must be met for a request to be validated:
- match
Expressions PolicyIaas Resource Match Expression[] - List of label selector requirements that must be met for an object to be validated:
- match
Labels {[key: string]: string} - Map of {key,value} pairs that must be met for an object to be validated.
- match
Policy string - Match policy. Supported values:
Exact,Equivalent. - name string
- A human-friendly name used as an identifier for the policy instance.
- org
Id string - The id of the organization this entity belongs to.
- policy
Iaas stringResource Id - project
Criterias {[key: string]: string}[] - The project based criteria. Updating this argument triggers a recreation of the resource. It cannot be specified when
project_idis set. - project
Id string - The id of the project this entity belongs to. Updating this argument triggers a recreation of the resource.
- resource
Rules PolicyIaas Resource Resource Rule[] - Resource Rules:
- validation
Actions string[] - List of validation actions.
- validations
Policy
Iaas Resource Validation[] - List of CEL expressions which are used to validate admission requests:
- created_
at str - Date when the entity was created. The date is in ISO 8601 and UTC.
- created_
by str - The user the entity was created by.
- criterias Sequence[Mapping[str, str]]
- The policy criteria.
- description str
- A human-friendly description for the policy instance.
- enforcement_
type str - The type of enforcement for the policy. Supported values:
HARD,SOFT. - exclude_
resource_ Sequence[Policyrules Iaas Resource Exclude Resource Rule Args] - Exclude Resource Rules:
- failure_
policy str - Failure policy to apply when the policy fails. Supported values:
Fail,Ignore. - last_
updated_ strat - Date when the entity was last updated. The date is ISO 8601 and UTC.
- last_
updated_ strby - The user the entity was last updated by.
- match_
conditions Sequence[PolicyIaas Resource Match Condition Args] - List of conditions that must be met for a request to be validated:
- match_
expressions Sequence[PolicyIaas Resource Match Expression Args] - List of label selector requirements that must be met for an object to be validated:
- match_
labels Mapping[str, str] - Map of {key,value} pairs that must be met for an object to be validated.
- match_
policy str - Match policy. Supported values:
Exact,Equivalent. - name str
- A human-friendly name used as an identifier for the policy instance.
- org_
id str - The id of the organization this entity belongs to.
- policy_
iaas_ strresource_ id - project_
criterias Sequence[Mapping[str, str]] - The project based criteria. Updating this argument triggers a recreation of the resource. It cannot be specified when
project_idis set. - project_
id str - The id of the project this entity belongs to. Updating this argument triggers a recreation of the resource.
- resource_
rules Sequence[PolicyIaas Resource Resource Rule Args] - Resource Rules:
- validation_
actions Sequence[str] - List of validation actions.
- validations
Sequence[Policy
Iaas Resource Validation Args] - List of CEL expressions which are used to validate admission requests:
- created
At String - Date when the entity was created. The date is in ISO 8601 and UTC.
- created
By String - The user the entity was created by.
- criterias List<Map<String>>
- The policy criteria.
- description String
- A human-friendly description for the policy instance.
- enforcement
Type String - The type of enforcement for the policy. Supported values:
HARD,SOFT. - exclude
Resource List<Property Map>Rules - Exclude Resource Rules:
- failure
Policy String - Failure policy to apply when the policy fails. Supported values:
Fail,Ignore. - last
Updated StringAt - Date when the entity was last updated. The date is ISO 8601 and UTC.
- last
Updated StringBy - The user the entity was last updated by.
- match
Conditions List<Property Map> - List of conditions that must be met for a request to be validated:
- match
Expressions List<Property Map> - List of label selector requirements that must be met for an object to be validated:
- match
Labels Map<String> - Map of {key,value} pairs that must be met for an object to be validated.
- match
Policy String - Match policy. Supported values:
Exact,Equivalent. - name String
- A human-friendly name used as an identifier for the policy instance.
- org
Id String - The id of the organization this entity belongs to.
- policy
Iaas StringResource Id - project
Criterias List<Map<String>> - The project based criteria. Updating this argument triggers a recreation of the resource. It cannot be specified when
project_idis set. - project
Id String - The id of the project this entity belongs to. Updating this argument triggers a recreation of the resource.
- resource
Rules List<Property Map> - Resource Rules:
- validation
Actions List<String> - List of validation actions.
- validations List<Property Map>
- List of CEL expressions which are used to validate admission requests:
Supporting Types
PolicyIaasResourceExcludeResourceRule, PolicyIaasResourceExcludeResourceRuleArgs
- Api
Groups List<string> - List of API groups the resources belong to.
- Api
Versions List<string> - List of API Versions the resources belong to.
- Operations List<string>
- List of Operations the admission hook cares about. Supported values:
CREATE,UPDATE,DELETE. - Resources List<string>
- List of Resources this rule applies to.
- Api
Groups []string - List of API groups the resources belong to.
- Api
Versions []string - List of API Versions the resources belong to.
- Operations []string
- List of Operations the admission hook cares about. Supported values:
CREATE,UPDATE,DELETE. - Resources []string
- List of Resources this rule applies to.
- api
Groups List<String> - List of API groups the resources belong to.
- api
Versions List<String> - List of API Versions the resources belong to.
- operations List<String>
- List of Operations the admission hook cares about. Supported values:
CREATE,UPDATE,DELETE. - resources List<String>
- List of Resources this rule applies to.
- api
Groups string[] - List of API groups the resources belong to.
- api
Versions string[] - List of API Versions the resources belong to.
- operations string[]
- List of Operations the admission hook cares about. Supported values:
CREATE,UPDATE,DELETE. - resources string[]
- List of Resources this rule applies to.
- api_
groups Sequence[str] - List of API groups the resources belong to.
- api_
versions Sequence[str] - List of API Versions the resources belong to.
- operations Sequence[str]
- List of Operations the admission hook cares about. Supported values:
CREATE,UPDATE,DELETE. - resources Sequence[str]
- List of Resources this rule applies to.
- api
Groups List<String> - List of API groups the resources belong to.
- api
Versions List<String> - List of API Versions the resources belong to.
- operations List<String>
- List of Operations the admission hook cares about. Supported values:
CREATE,UPDATE,DELETE. - resources List<String>
- List of Resources this rule applies to.
PolicyIaasResourceMatchCondition, PolicyIaasResourceMatchConditionArgs
- Expression string
- Expression which will be evaluated by CEL.
- Name string
- Identifier for this match condition.
- Expression string
- Expression which will be evaluated by CEL.
- Name string
- Identifier for this match condition.
- expression String
- Expression which will be evaluated by CEL.
- name String
- Identifier for this match condition.
- expression string
- Expression which will be evaluated by CEL.
- name string
- Identifier for this match condition.
- expression str
- Expression which will be evaluated by CEL.
- name str
- Identifier for this match condition.
- expression String
- Expression which will be evaluated by CEL.
- name String
- Identifier for this match condition.
PolicyIaasResourceMatchExpression, PolicyIaasResourceMatchExpressionArgs
PolicyIaasResourceResourceRule, PolicyIaasResourceResourceRuleArgs
- Api
Groups List<string> - List of API groups the resources belong to.
- Api
Versions List<string> - List of API Versions the resources belong to.
- Operations List<string>
- List of Operations the admission hook cares about. Supported values:
CREATE,UPDATE,DELETE. - Resources List<string>
- List of Resources this rule applies to.
- Api
Groups []string - List of API groups the resources belong to.
- Api
Versions []string - List of API Versions the resources belong to.
- Operations []string
- List of Operations the admission hook cares about. Supported values:
CREATE,UPDATE,DELETE. - Resources []string
- List of Resources this rule applies to.
- api
Groups List<String> - List of API groups the resources belong to.
- api
Versions List<String> - List of API Versions the resources belong to.
- operations List<String>
- List of Operations the admission hook cares about. Supported values:
CREATE,UPDATE,DELETE. - resources List<String>
- List of Resources this rule applies to.
- api
Groups string[] - List of API groups the resources belong to.
- api
Versions string[] - List of API Versions the resources belong to.
- operations string[]
- List of Operations the admission hook cares about. Supported values:
CREATE,UPDATE,DELETE. - resources string[]
- List of Resources this rule applies to.
- api_
groups Sequence[str] - List of API groups the resources belong to.
- api_
versions Sequence[str] - List of API Versions the resources belong to.
- operations Sequence[str]
- List of Operations the admission hook cares about. Supported values:
CREATE,UPDATE,DELETE. - resources Sequence[str]
- List of Resources this rule applies to.
- api
Groups List<String> - List of API groups the resources belong to.
- api
Versions List<String> - List of API Versions the resources belong to.
- operations List<String>
- List of Operations the admission hook cares about. Supported values:
CREATE,UPDATE,DELETE. - resources List<String>
- List of Resources this rule applies to.
PolicyIaasResourceValidation, PolicyIaasResourceValidationArgs
- Expression string
- Expression which will be evaluated by CEL.
- Message string
- Message displayed when validation fails.
- Message
Expression string - CEL expression that evaluates to the validation failure message that is returned when this rule fails.
- Reason string
- Machine-readable description of why this validation failed.
- Expression string
- Expression which will be evaluated by CEL.
- Message string
- Message displayed when validation fails.
- Message
Expression string - CEL expression that evaluates to the validation failure message that is returned when this rule fails.
- Reason string
- Machine-readable description of why this validation failed.
- expression String
- Expression which will be evaluated by CEL.
- message String
- Message displayed when validation fails.
- message
Expression String - CEL expression that evaluates to the validation failure message that is returned when this rule fails.
- reason String
- Machine-readable description of why this validation failed.
- expression string
- Expression which will be evaluated by CEL.
- message string
- Message displayed when validation fails.
- message
Expression string - CEL expression that evaluates to the validation failure message that is returned when this rule fails.
- reason string
- Machine-readable description of why this validation failed.
- expression str
- Expression which will be evaluated by CEL.
- message str
- Message displayed when validation fails.
- message_
expression str - CEL expression that evaluates to the validation failure message that is returned when this rule fails.
- reason str
- Machine-readable description of why this validation failed.
- expression String
- Expression which will be evaluated by CEL.
- message String
- Message displayed when validation fails.
- message
Expression String - CEL expression that evaluates to the validation failure message that is returned when this rule fails.
- reason String
- Machine-readable description of why this validation failed.
Import
To import an existing IaaS Resource policy, use the id as in the following example:
$ pulumi import vra:index/policyIaasResource:PolicyIaasResource policy_iaas_resource "c222fd4c-be40-43c9-a806-81ef25bdf661"`
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- vra vmware/terraform-provider-vra
- License
- Notes
- This Pulumi package is based on the
vraTerraform Provider.