V2Policy
data class V2PolicyOrchestratorArgs(val action: Output<String>? = null, val description: Output<String>? = null, val labels: Output<Map<String, String>>? = null, val orchestratedResource: Output<V2PolicyOrchestratorOrchestratedResourceArgs>? = null, val orchestrationScope: Output<V2PolicyOrchestratorOrchestrationScopeArgs>? = null, val policyOrchestratorId: Output<String>? = null, val project: Output<String>? = null, val state: Output<String>? = null) : ConvertibleToJava<V2PolicyOrchestratorArgs>
PolicyOrchestrator helps managing project+zone level policy resources (e.g. OS Policy Assignments), by providing tools to create, update and delete them across projects and locations, at scale.
Example Usage
Osconfigv2 Policy Orchestrator Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const policyOrchestrator = new gcp.osconfig.V2PolicyOrchestrator("policy_orchestrator", {
policyOrchestratorId: "po",
state: "ACTIVE",
action: "UPSERT",
orchestratedResource: {
id: "test-orchestrated-resource",
osPolicyAssignmentV1Payload: {
osPolicies: [{
id: "test-os-policy",
mode: "VALIDATION",
resourceGroups: [{
resources: [{
id: "resource-tf",
file: {
content: "file-content-tf",
path: "file-path-tf-1",
state: "PRESENT",
},
}],
}],
}],
instanceFilter: {
inventories: [{
osShortName: "windows-10",
}],
},
rollout: {
disruptionBudget: {
percent: 100,
},
minWaitDuration: "60s",
},
},
},
labels: {
state: "active",
},
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
policy_orchestrator = gcp.osconfig.V2PolicyOrchestrator("policy_orchestrator",
policy_orchestrator_id="po",
state="ACTIVE",
action="UPSERT",
orchestrated_resource={
"id": "test-orchestrated-resource",
"os_policy_assignment_v1_payload": {
"os_policies": [{
"id": "test-os-policy",
"mode": "VALIDATION",
"resource_groups": [{
"resources": [{
"id": "resource-tf",
"file": {
"content": "file-content-tf",
"path": "file-path-tf-1",
"state": "PRESENT",
},
}],
}],
}],
"instance_filter": {
"inventories": [{
"os_short_name": "windows-10",
}],
},
"rollout": {
"disruption_budget": {
"percent": 100,
},
"min_wait_duration": "60s",
},
},
},
labels={
"state": "active",
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var policyOrchestrator = new Gcp.OsConfig.V2PolicyOrchestrator("policy_orchestrator", new()
{
PolicyOrchestratorId = "po",
State = "ACTIVE",
Action = "UPSERT",
OrchestratedResource = new Gcp.OsConfig.Inputs.V2PolicyOrchestratorOrchestratedResourceArgs
{
Id = "test-orchestrated-resource",
OsPolicyAssignmentV1Payload = new Gcp.OsConfig.Inputs.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadArgs
{
OsPolicies = new[]
{
new Gcp.OsConfig.Inputs.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadOsPolicyArgs
{
Id = "test-os-policy",
Mode = "VALIDATION",
ResourceGroups = new[]
{
new Gcp.OsConfig.Inputs.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadOsPolicyResourceGroupArgs
{
Resources = new[]
{
new Gcp.OsConfig.Inputs.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadOsPolicyResourceGroupResourceArgs
{
Id = "resource-tf",
File = new Gcp.OsConfig.Inputs.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadOsPolicyResourceGroupResourceFileArgs
{
Content = "file-content-tf",
Path = "file-path-tf-1",
State = "PRESENT",
},
},
},
},
},
},
},
InstanceFilter = new Gcp.OsConfig.Inputs.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadInstanceFilterArgs
{
Inventories = new[]
{
new Gcp.OsConfig.Inputs.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadInstanceFilterInventoryArgs
{
OsShortName = "windows-10",
},
},
},
Rollout = new Gcp.OsConfig.Inputs.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadRolloutArgs
{
DisruptionBudget = new Gcp.OsConfig.Inputs.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadRolloutDisruptionBudgetArgs
{
Percent = 100,
},
MinWaitDuration = "60s",
},
},
},
Labels =
{
{ "state", "active" },
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/osconfig"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := osconfig.NewV2PolicyOrchestrator(ctx, "policy_orchestrator", &osconfig.V2PolicyOrchestratorArgs{
PolicyOrchestratorId: pulumi.String("po"),
State: pulumi.String("ACTIVE"),
Action: pulumi.String("UPSERT"),
OrchestratedResource: &osconfig.V2PolicyOrchestratorOrchestratedResourceArgs{
Id: pulumi.String("test-orchestrated-resource"),
OsPolicyAssignmentV1Payload: &osconfig.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadArgs{
OsPolicies: osconfig.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadOsPolicyArray{
&osconfig.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadOsPolicyArgs{
Id: pulumi.String("test-os-policy"),
Mode: pulumi.String("VALIDATION"),
ResourceGroups: osconfig.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadOsPolicyResourceGroupArray{
&osconfig.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadOsPolicyResourceGroupArgs{
Resources: osconfig.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadOsPolicyResourceGroupResourceArray{
&osconfig.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadOsPolicyResourceGroupResourceArgs{
Id: pulumi.String("resource-tf"),
File: &osconfig.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadOsPolicyResourceGroupResourceFileArgs{
Content: pulumi.String("file-content-tf"),
Path: pulumi.String("file-path-tf-1"),
State: pulumi.String("PRESENT"),
},
},
},
},
},
},
},
InstanceFilter: &osconfig.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadInstanceFilterArgs{
Inventories: osconfig.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadInstanceFilterInventoryArray{
&osconfig.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadInstanceFilterInventoryArgs{
OsShortName: pulumi.String("windows-10"),
},
},
},
Rollout: &osconfig.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadRolloutArgs{
DisruptionBudget: &osconfig.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadRolloutDisruptionBudgetArgs{
Percent: pulumi.Int(100),
},
MinWaitDuration: pulumi.String("60s"),
},
},
},
Labels: pulumi.StringMap{
"state": pulumi.String("active"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.osconfig.V2PolicyOrchestrator;
import com.pulumi.gcp.osconfig.V2PolicyOrchestratorArgs;
import com.pulumi.gcp.osconfig.inputs.V2PolicyOrchestratorOrchestratedResourceArgs;
import com.pulumi.gcp.osconfig.inputs.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadArgs;
import com.pulumi.gcp.osconfig.inputs.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadInstanceFilterArgs;
import com.pulumi.gcp.osconfig.inputs.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadRolloutArgs;
import com.pulumi.gcp.osconfig.inputs.V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadRolloutDisruptionBudgetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyOrchestrator = new V2PolicyOrchestrator("policyOrchestrator", V2PolicyOrchestratorArgs.builder()
.policyOrchestratorId("po")
.state("ACTIVE")
.action("UPSERT")
.orchestratedResource(V2PolicyOrchestratorOrchestratedResourceArgs.builder()
.id("test-orchestrated-resource")
.osPolicyAssignmentV1Payload(V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadArgs.builder()
.osPolicies(V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadOsPolicyArgs.builder()
.id("test-os-policy")
.mode("VALIDATION")
.resourceGroups(V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadOsPolicyResourceGroupArgs.builder()
.resources(V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadOsPolicyResourceGroupResourceArgs.builder()
.id("resource-tf")
.file(V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadOsPolicyResourceGroupResourceFileArgs.builder()
.content("file-content-tf")
.path("file-path-tf-1")
.state("PRESENT")
.build())
.build())
.build())
.build())
.instanceFilter(V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadInstanceFilterArgs.builder()
.inventories(V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadInstanceFilterInventoryArgs.builder()
.osShortName("windows-10")
.build())
.build())
.rollout(V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadRolloutArgs.builder()
.disruptionBudget(V2PolicyOrchestratorOrchestratedResourceOsPolicyAssignmentV1PayloadRolloutDisruptionBudgetArgs.builder()
.percent(100)
.build())
.minWaitDuration("60s")
.build())
.build())
.build())
.labels(Map.of("state", "active"))
.build());
}
}Content copied to clipboard
resources:
policyOrchestrator:
type: gcp:osconfig:V2PolicyOrchestrator
name: policy_orchestrator
properties:
policyOrchestratorId: po
state: ACTIVE
action: UPSERT
orchestratedResource:
id: test-orchestrated-resource
osPolicyAssignmentV1Payload:
osPolicies:
- id: test-os-policy
mode: VALIDATION
resourceGroups:
- resources:
- id: resource-tf
file:
content: file-content-tf
path: file-path-tf-1
state: PRESENT
instanceFilter:
inventories:
- osShortName: windows-10
rollout:
disruptionBudget:
percent: 100
minWaitDuration: 60s
labels:
state: activeContent copied to clipboard
Import
PolicyOrchestrator can be imported using any of these accepted formats:
projects/{{project}}/locations/global/policyOrchestrators/{{policy_orchestrator_id}}{{project}}/{{policy_orchestrator_id}}{{policy_orchestrator_id}}When using thepulumi importcommand, PolicyOrchestrator can be imported using one of the formats above. For example:
$ pulumi import gcp:osconfig/v2PolicyOrchestrator:V2PolicyOrchestrator default projects/{{project}}/locations/global/policyOrchestrators/{{policy_orchestrator_id}}Content copied to clipboard
$ pulumi import gcp:osconfig/v2PolicyOrchestrator:V2PolicyOrchestrator default {{project}}/{{policy_orchestrator_id}}Content copied to clipboard
$ pulumi import gcp:osconfig/v2PolicyOrchestrator:V2PolicyOrchestrator default {{policy_orchestrator_id}}Content copied to clipboard
Constructors
Link copied to clipboard
constructor(action: Output<String>? = null, description: Output<String>? = null, labels: Output<Map<String, String>>? = null, orchestratedResource: Output<V2PolicyOrchestratorOrchestratedResourceArgs>? = null, orchestrationScope: Output<V2PolicyOrchestratorOrchestrationScopeArgs>? = null, policyOrchestratorId: Output<String>? = null, project: Output<String>? = null, state: Output<String>? = null)
Properties
Link copied to clipboard
Optional. Freeform text describing the purpose of the resource.
Link copied to clipboard
Link copied to clipboard
Represents a resource that is being orchestrated by the policy orchestrator. Structure is documented below.
Link copied to clipboard
Defines a set of selectors which drive which resources are in scope of policy orchestration.
Link copied to clipboard
Required. The logical identifier of the policy orchestrator, with the following restrictions: