pulumi-gcp-kotlin/com.pulumi.gcp.accesscontextmanager.kotlin/ServicePerimeterResourceArgs

ServicePerimeterResourceArgs

data class ServicePerimeterResourceArgs(val perimeterName: Output<String>? = null, val resource: Output<String>? = null) : ConvertibleToJava<ServicePerimeterResourceArgs>

Allows configuring a single GCP resource that should be inside of a service perimeter. This resource is intended to be used in cases where it is not possible to compile a full list of projects to include in a gcp.accesscontextmanager.ServicePerimeter resource, to enable them to be added separately.

Note: If this resource is used alongside a gcp.accesscontextmanager.ServicePerimeter resource, the service perimeter resource must have a lifecycle block with ignore_changes = [status[0]&#46;resources] so they don't fight over which resources should be in the policy. To get more information about ServicePerimeterResource, see:

Warning: If you are using User ADCs (Application Default Credentials) with this resource, you must specify a billing_project and set user_project_override to true in the provider configuration. Otherwise the ACM API will return a 403 error. Your account must have the serviceusage.services.use permission on the billing_project you defined.

Example Usage

Access Context Manager Service Perimeter Resource Basic

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.accesscontextmanager.AccessPolicy;
import com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;
import com.pulumi.gcp.accesscontextmanager.ServicePerimeter;
import com.pulumi.gcp.accesscontextmanager.ServicePerimeterArgs;
import com.pulumi.gcp.accesscontextmanager.inputs.ServicePerimeterStatusArgs;
import com.pulumi.gcp.accesscontextmanager.ServicePerimeterResource;
import com.pulumi.gcp.accesscontextmanager.ServicePerimeterResourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var access_policy = new AccessPolicy("access-policy", AccessPolicyArgs.builder()
            .parent("organizations/123456789")
            .title("my policy")
            .build());
        var service_perimeter_resourceServicePerimeter = new ServicePerimeter("service-perimeter-resourceServicePerimeter", ServicePerimeterArgs.builder()
            .parent(access_policy.name().applyValue(name -> String.format("accessPolicies/%s", name)))
            .title("restrict_all")
            .status(ServicePerimeterStatusArgs.builder()
                .restrictedServices("storage.googleapis.com")
                .build())
            .build());
        var service_perimeter_resourceServicePerimeterResource = new ServicePerimeterResource("service-perimeter-resourceServicePerimeterResource", ServicePerimeterResourceArgs.builder()
            .perimeterName(service_perimeter_resourceServicePerimeter.name())
            .resource("projects/987654321")
            .build());
    }
}
Content copied to clipboard

Import

ServicePerimeterResource can be imported using any of these accepted formats:

$ pulumi import gcp:accesscontextmanager/servicePerimeterResource:ServicePerimeterResource default {{perimeter_name}}/{{resource}}
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(perimeterName: Output<String>? = null, resource: Output<String>? = null)

Properties

Link copied to clipboard
val perimeterName: Output<String>? = null

The name of the Service Perimeter to add this resource to.

Link copied to clipboard
val resource: Output<String>? = null

A GCP resource that is inside of the service perimeter. Currently only projects are allowed. Format: projects/{project_number}

Functions

Link copied to clipboard
open override fun toJava(): ServicePerimeterResourceArgs