pulumi-gcp-kotlin/com.pulumi.gcp.securityposture.kotlin/PostureDeployment

PostureDeployment

class PostureDeployment : KotlinCustomResource

Represents a deployment of a security posture on a resource. A posture contains user curated policy sets. A posture can be deployed on a project or on a folder or on an organization. To deploy a posture we need to populate the posture's name and its revision_id in the posture deployment configuration. Every update to a deployed posture generates a new revision_id. Thus, the updated revision_id should be used in the respective posture deployment's configuration to deploy that posture on a resource. To get more information about PostureDeployment, see:

How-to Guides

Create and deploy a posture

Example Usage

Securityposture Posture Deployment Basic

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const posture1 = new gcp.securityposture.Posture("posture_1", {
    postureId: "posture_1",
    parent: "organizations/123456789",
    location: "global",
    state: "ACTIVE",
    description: "a new posture",
    policySets: [{
        policySetId: "org_policy_set",
        description: "set of org policies",
        policies: [{
            policyId: "policy_1",
            constraint: {
                orgPolicyConstraint: {
                    cannedConstraintId: "storage.uniformBucketLevelAccess",
                    policyRules: [{
                        enforce: true,
                    }],
                },
            },
        }],
    }],
});
const postureDeployment = new gcp.securityposture.PostureDeployment("postureDeployment", {
    postureDeploymentId: "posture_deployment_1",
    parent: "organizations/123456789",
    location: "global",
    description: "a new posture deployment",
    targetResource: "projects/1111111111111",
    postureId: posture1.name,
    postureRevisionId: posture1.revisionId,
});

import pulumi
import pulumi_gcp as gcp
posture1 = gcp.securityposture.Posture("posture_1",
    posture_id="posture_1",
    parent="organizations/123456789",
    location="global",
    state="ACTIVE",
    description="a new posture",
    policy_sets=[gcp.securityposture.PosturePolicySetArgs(
        policy_set_id="org_policy_set",
        description="set of org policies",
        policies=[gcp.securityposture.PosturePolicySetPolicyArgs(
            policy_id="policy_1",
            constraint=gcp.securityposture.PosturePolicySetPolicyConstraintArgs(
                org_policy_constraint=gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs(
                    canned_constraint_id="storage.uniformBucketLevelAccess",
                    policy_rules=[gcp.securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs(
                        enforce=True,
                    )],
                ),
            ),
        )],
    )])
posture_deployment = gcp.securityposture.PostureDeployment("postureDeployment",
    posture_deployment_id="posture_deployment_1",
    parent="organizations/123456789",
    location="global",
    description="a new posture deployment",
    target_resource="projects/1111111111111",
    posture_id=posture1.name,
    posture_revision_id=posture1.revision_id)

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
    var posture1 = new Gcp.SecurityPosture.Posture("posture_1", new()
    {
        PostureId = "posture_1",
        Parent = "organizations/123456789",
        Location = "global",
        State = "ACTIVE",
        Description = "a new posture",
        PolicySets = new[]
        {
            new Gcp.SecurityPosture.Inputs.PosturePolicySetArgs
            {
                PolicySetId = "org_policy_set",
                Description = "set of org policies",
                Policies = new[]
                {
                    new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyArgs
                    {
                        PolicyId = "policy_1",
                        Constraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintArgs
                        {
                            OrgPolicyConstraint = new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs
                            {
                                CannedConstraintId = "storage.uniformBucketLevelAccess",
                                PolicyRules = new[]
                                {
                                    new Gcp.SecurityPosture.Inputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs
                                    {
                                        Enforce = true,
                                    },
                                },
                            },
                        },
                    },
                },
            },
        },
    });
    var postureDeployment = new Gcp.SecurityPosture.PostureDeployment("postureDeployment", new()
    {
        PostureDeploymentId = "posture_deployment_1",
        Parent = "organizations/123456789",
        Location = "global",
        Description = "a new posture deployment",
        TargetResource = "projects/1111111111111",
        PostureId = posture1.Name,
        PostureRevisionId = posture1.RevisionId,
    });
});

package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/securityposture"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		posture1, err := securityposture.NewPosture(ctx, "posture_1", &securityposture.PostureArgs{
			PostureId:   pulumi.String("posture_1"),
			Parent:      pulumi.String("organizations/123456789"),
			Location:    pulumi.String("global"),
			State:       pulumi.String("ACTIVE"),
			Description: pulumi.String("a new posture"),
			PolicySets: securityposture.PosturePolicySetArray{
				&securityposture.PosturePolicySetArgs{
					PolicySetId: pulumi.String("org_policy_set"),
					Description: pulumi.String("set of org policies"),
					Policies: securityposture.PosturePolicySetPolicyArray{
						&securityposture.PosturePolicySetPolicyArgs{
							PolicyId: pulumi.String("policy_1"),
							Constraint: &securityposture.PosturePolicySetPolicyConstraintArgs{
								OrgPolicyConstraint: &securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs{
									CannedConstraintId: pulumi.String("storage.uniformBucketLevelAccess"),
									PolicyRules: securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArray{
										&securityposture.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs{
											Enforce: pulumi.Bool(true),
										},
									},
								},
							},
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = securityposture.NewPostureDeployment(ctx, "postureDeployment", &securityposture.PostureDeploymentArgs{
			PostureDeploymentId: pulumi.String("posture_deployment_1"),
			Parent:              pulumi.String("organizations/123456789"),
			Location:            pulumi.String("global"),
			Description:         pulumi.String("a new posture deployment"),
			TargetResource:      pulumi.String("projects/1111111111111"),
			PostureId:           posture1.Name,
			PostureRevisionId:   posture1.RevisionId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.securityposture.Posture;
import com.pulumi.gcp.securityposture.PostureArgs;
import com.pulumi.gcp.securityposture.inputs.PosturePolicySetArgs;
import com.pulumi.gcp.securityposture.PostureDeployment;
import com.pulumi.gcp.securityposture.PostureDeploymentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var posture1 = new Posture("posture1", PostureArgs.builder()
            .postureId("posture_1")
            .parent("organizations/123456789")
            .location("global")
            .state("ACTIVE")
            .description("a new posture")
            .policySets(PosturePolicySetArgs.builder()
                .policySetId("org_policy_set")
                .description("set of org policies")
                .policies(PosturePolicySetPolicyArgs.builder()
                    .policyId("policy_1")
                    .constraint(PosturePolicySetPolicyConstraintArgs.builder()
                        .orgPolicyConstraint(PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs.builder()
                            .cannedConstraintId("storage.uniformBucketLevelAccess")
                            .policyRules(PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs.builder()
                                .enforce(true)
                                .build())
                            .build())
                        .build())
                    .build())
                .build())
            .build());
        var postureDeployment = new PostureDeployment("postureDeployment", PostureDeploymentArgs.builder()
            .postureDeploymentId("posture_deployment_1")
            .parent("organizations/123456789")
            .location("global")
            .description("a new posture deployment")
            .targetResource("projects/1111111111111")
            .postureId(posture1.name())
            .postureRevisionId(posture1.revisionId())
            .build());
    }
}

resources:
  posture1:
    type: gcp:securityposture:Posture
    name: posture_1
    properties:
      postureId: posture_1
      parent: organizations/123456789
      location: global
      state: ACTIVE
      description: a new posture
      policySets:
        - policySetId: org_policy_set
          description: set of org policies
          policies:
            - policyId: policy_1
              constraint:
                orgPolicyConstraint:
                  cannedConstraintId: storage.uniformBucketLevelAccess
                  policyRules:
                    - enforce: true
  postureDeployment:
    type: gcp:securityposture:PostureDeployment
    properties:
      postureDeploymentId: posture_deployment_1
      parent: organizations/123456789
      location: global
      description: a new posture deployment
      targetResource: projects/1111111111111
      postureId: ${posture1.name}
      postureRevisionId: ${posture1.revisionId}

Import

PostureDeployment can be imported using any of these accepted formats:

{{parent}}/locations/{{location}}/postureDeployments/{{posture_deployment_id}} When using the pulumi import command, PostureDeployment can be imported using one of the formats above. For example:

$ pulumi import gcp:securityposture/postureDeployment:PostureDeployment default {{parent}}/locations/{{location}}/postureDeployments/{{posture_deployment_id}}

Properties

createTime

val createTime: Output<String>

Time the posture deployment was created in UTC.

description

val description: Output<String>?

Description of the posture deployment.

desiredPostureId

val desiredPostureId: Output<String>

This is an output only optional field which will be filled in case when PostureDeployment state is UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED. It denotes the desired posture to be deployed.

desiredPostureRevisionId

val desiredPostureRevisionId: Output<String>

This is an output only optional field which will be filled in case when PostureDeployment state is UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED. It denotes the desired posture revision_id to be deployed.

etag

val etag: Output<String>

For Resource freshness validation (https://google.aip.dev/154)

failureMessage

val failureMessage: Output<String>

This is a output only optional field which will be filled in case where PostureDeployment enters a failure state like UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED. It will have the failure message for posture deployment's CREATE/UPDATE/DELETE methods.

val id: Output<String>

location

val location: Output<String>

The location of the resource, eg. global`.

name

val name: Output<String>

Name of the posture deployment instance.

parent

val parent: Output<String>

The parent of the resource, an organization. Format should be organizations/{organization_id}.

postureDeploymentId

val postureDeploymentId: Output<String>

ID of the posture deployment.

postureId

val postureId: Output<String>

Relative name of the posture which needs to be deployed. It should be in the format: organizations/{organization_id}/locations/{location}/postures/{posture_id}

postureRevisionId

val postureRevisionId: Output<String>

Revision_id the posture which needs to be deployed.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

reconciling

val reconciling: Output<Boolean>

If set, there are currently changes in flight to the posture deployment.

state

val state: Output<String>

State of the posture deployment. A posture deployment can be in the following terminal states: ACTIVE, CREATE_FAILED, UPDATE_FAILED, DELETE_FAILED.

targetResource

val targetResource: Output<String>

The resource on which the posture should be deployed. This can be in one of the following formats: projects/{project_number}, folders/{folder_number}, organizations/{organization_id}

updateTime

val updateTime: Output<String>

Time the posture deployment was updated in UTC.

urn

val urn: Output<String>