pulumi-gcp-kotlin/com.pulumi.gcp.projects.kotlin/OrganizationPolicyArgs

OrganizationPolicyArgs

data class OrganizationPolicyArgs(val booleanPolicy: Output<OrganizationPolicyBooleanPolicyArgs>? = null, val constraint: Output<String>? = null, val listPolicy: Output<OrganizationPolicyListPolicyArgs>? = null, val project: Output<String>? = null, val restorePolicy: Output<OrganizationPolicyRestorePolicyArgs>? = null, val version: Output<Int>? = null) : ConvertibleToJava<OrganizationPolicyArgs>

Allows management of Organization Policies for a Google Cloud Project.

Warning: This resource has been superseded by gcp.orgpolicy.Policy. gcp.orgpolicy.Policy uses Organization Policy API V2 instead of Cloud Resource Manager API V1 and it supports additional features such as tags and conditions. To get more information about Organization Policies, see:

Example Usage

To set policy with a boolean constraint:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const serialPortPolicy = new gcp.projects.OrganizationPolicy("serial_port_policy", {
    project: "your-project-id",
    constraint: "compute.disableSerialPortAccess",
    booleanPolicy: {
        enforced: true,
    },
});
Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
serial_port_policy = gcp.projects.OrganizationPolicy("serial_port_policy",
    project="your-project-id",
    constraint="compute.disableSerialPortAccess",
    boolean_policy={
        "enforced": True,
    })
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
    var serialPortPolicy = new Gcp.Projects.OrganizationPolicy("serial_port_policy", new()
    {
        Project = "your-project-id",
        Constraint = "compute.disableSerialPortAccess",
        BooleanPolicy = new Gcp.Projects.Inputs.OrganizationPolicyBooleanPolicyArgs
        {
            Enforced = true,
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewOrganizationPolicy(ctx, "serial_port_policy", &projects.OrganizationPolicyArgs{
			Project:    pulumi.String("your-project-id"),
			Constraint: pulumi.String("compute.disableSerialPortAccess"),
			BooleanPolicy: &projects.OrganizationPolicyBooleanPolicyArgs{
				Enforced: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.projects.OrganizationPolicy;
import com.pulumi.gcp.projects.OrganizationPolicyArgs;
import com.pulumi.gcp.projects.inputs.OrganizationPolicyBooleanPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var serialPortPolicy = new OrganizationPolicy("serialPortPolicy", OrganizationPolicyArgs.builder()
            .project("your-project-id")
            .constraint("compute.disableSerialPortAccess")
            .booleanPolicy(OrganizationPolicyBooleanPolicyArgs.builder()
                .enforced(true)
                .build())
            .build());
    }
}
Content copied to clipboard
resources:
  serialPortPolicy:
    type: gcp:projects:OrganizationPolicy
    name: serial_port_policy
    properties:
      project: your-project-id
      constraint: compute.disableSerialPortAccess
      booleanPolicy:
        enforced: true
Content copied to clipboard

To set a policy with a list constraint:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const servicesPolicy = new gcp.projects.OrganizationPolicy("services_policy", {
    project: "your-project-id",
    constraint: "serviceuser.services",
    listPolicy: {
        allow: {
            all: true,
        },
    },
});
Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
services_policy = gcp.projects.OrganizationPolicy("services_policy",
    project="your-project-id",
    constraint="serviceuser.services",
    list_policy={
        "allow": {
            "all": True,
        },
    })
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
    var servicesPolicy = new Gcp.Projects.OrganizationPolicy("services_policy", new()
    {
        Project = "your-project-id",
        Constraint = "serviceuser.services",
        ListPolicy = new Gcp.Projects.Inputs.OrganizationPolicyListPolicyArgs
        {
            Allow = new Gcp.Projects.Inputs.OrganizationPolicyListPolicyAllowArgs
            {
                All = true,
            },
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewOrganizationPolicy(ctx, "services_policy", &projects.OrganizationPolicyArgs{
			Project:    pulumi.String("your-project-id"),
			Constraint: pulumi.String("serviceuser.services"),
			ListPolicy: &projects.OrganizationPolicyListPolicyArgs{
				Allow: &projects.OrganizationPolicyListPolicyAllowArgs{
					All: pulumi.Bool(true),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.projects.OrganizationPolicy;
import com.pulumi.gcp.projects.OrganizationPolicyArgs;
import com.pulumi.gcp.projects.inputs.OrganizationPolicyListPolicyArgs;
import com.pulumi.gcp.projects.inputs.OrganizationPolicyListPolicyAllowArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var servicesPolicy = new OrganizationPolicy("servicesPolicy", OrganizationPolicyArgs.builder()
            .project("your-project-id")
            .constraint("serviceuser.services")
            .listPolicy(OrganizationPolicyListPolicyArgs.builder()
                .allow(OrganizationPolicyListPolicyAllowArgs.builder()
                    .all(true)
                    .build())
                .build())
            .build());
    }
}
Content copied to clipboard
resources:
  servicesPolicy:
    type: gcp:projects:OrganizationPolicy
    name: services_policy
    properties:
      project: your-project-id
      constraint: serviceuser.services
      listPolicy:
        allow:
          all: true
Content copied to clipboard

Or to deny some services, use the following instead:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const servicesPolicy = new gcp.projects.OrganizationPolicy("services_policy", {
    project: "your-project-id",
    constraint: "serviceuser.services",
    listPolicy: {
        suggestedValue: "compute.googleapis.com",
        deny: {
            values: ["cloudresourcemanager&#46;googleapis&#46;com"],
        },
    },
});
Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
services_policy = gcp.projects.OrganizationPolicy("services_policy",
    project="your-project-id",
    constraint="serviceuser.services",
    list_policy={
        "suggested_value": "compute.googleapis.com",
        "deny": {
            "values": ["cloudresourcemanager&#46;googleapis&#46;com"],
        },
    })
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
    var servicesPolicy = new Gcp.Projects.OrganizationPolicy("services_policy", new()
    {
        Project = "your-project-id",
        Constraint = "serviceuser.services",
        ListPolicy = new Gcp.Projects.Inputs.OrganizationPolicyListPolicyArgs
        {
            SuggestedValue = "compute.googleapis.com",
            Deny = new Gcp.Projects.Inputs.OrganizationPolicyListPolicyDenyArgs
            {
                Values = new[]
                {
                    "cloudresourcemanager.googleapis.com",
                },
            },
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewOrganizationPolicy(ctx, "services_policy", &projects.OrganizationPolicyArgs{
			Project:    pulumi.String("your-project-id"),
			Constraint: pulumi.String("serviceuser.services"),
			ListPolicy: &projects.OrganizationPolicyListPolicyArgs{
				SuggestedValue: pulumi.String("compute.googleapis.com"),
				Deny: &projects.OrganizationPolicyListPolicyDenyArgs{
					Values: pulumi.StringArray{
						pulumi.String("cloudresourcemanager.googleapis.com"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.projects.OrganizationPolicy;
import com.pulumi.gcp.projects.OrganizationPolicyArgs;
import com.pulumi.gcp.projects.inputs.OrganizationPolicyListPolicyArgs;
import com.pulumi.gcp.projects.inputs.OrganizationPolicyListPolicyDenyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var servicesPolicy = new OrganizationPolicy("servicesPolicy", OrganizationPolicyArgs.builder()
            .project("your-project-id")
            .constraint("serviceuser.services")
            .listPolicy(OrganizationPolicyListPolicyArgs.builder()
                .suggestedValue("compute.googleapis.com")
                .deny(OrganizationPolicyListPolicyDenyArgs.builder()
                    .values("cloudresourcemanager.googleapis.com")
                    .build())
                .build())
            .build());
    }
}
Content copied to clipboard
resources:
  servicesPolicy:
    type: gcp:projects:OrganizationPolicy
    name: services_policy
    properties:
      project: your-project-id
      constraint: serviceuser.services
      listPolicy:
        suggestedValue: compute.googleapis.com
        deny:
          values:
            - cloudresourcemanager.googleapis.com
Content copied to clipboard

To restore the default project organization policy, use the following instead:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const servicesPolicy = new gcp.projects.OrganizationPolicy("services_policy", {
    project: "your-project-id",
    constraint: "serviceuser.services",
    restorePolicy: {
        "default": true,
    },
});
Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
services_policy = gcp.projects.OrganizationPolicy("services_policy",
    project="your-project-id",
    constraint="serviceuser.services",
    restore_policy={
        "default": True,
    })
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
    var servicesPolicy = new Gcp.Projects.OrganizationPolicy("services_policy", new()
    {
        Project = "your-project-id",
        Constraint = "serviceuser.services",
        RestorePolicy = new Gcp.Projects.Inputs.OrganizationPolicyRestorePolicyArgs
        {
            Default = true,
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewOrganizationPolicy(ctx, "services_policy", &projects.OrganizationPolicyArgs{
			Project:    pulumi.String("your-project-id"),
			Constraint: pulumi.String("serviceuser.services"),
			RestorePolicy: &projects.OrganizationPolicyRestorePolicyArgs{
				Default: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.projects.OrganizationPolicy;
import com.pulumi.gcp.projects.OrganizationPolicyArgs;
import com.pulumi.gcp.projects.inputs.OrganizationPolicyRestorePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var servicesPolicy = new OrganizationPolicy("servicesPolicy", OrganizationPolicyArgs.builder()
            .project("your-project-id")
            .constraint("serviceuser.services")
            .restorePolicy(OrganizationPolicyRestorePolicyArgs.builder()
                .default_(true)
                .build())
            .build());
    }
}
Content copied to clipboard
resources:
  servicesPolicy:
    type: gcp:projects:OrganizationPolicy
    name: services_policy
    properties:
      project: your-project-id
      constraint: serviceuser.services
      restorePolicy:
        default: true
Content copied to clipboard

Import

Project organization policies can be imported using any of the follow formats:

  • projects/{{project_id}}:constraints/{{constraint}}

  • {{project_id}}:constraints/{{constraint}}

  • {{project_id}}:{{constraint}} When using the pulumi import command, project organization policies can be imported using one of the formats above. For example:

$ pulumi import gcp:projects/organizationPolicy:OrganizationPolicy default projects/{{project_id}}:constraints/{{constraint}}
Content copied to clipboard
$ pulumi import gcp:projects/organizationPolicy:OrganizationPolicy default {{project_id}}:constraints/{{constraint}}
Content copied to clipboard
$ pulumi import gcp:projects/organizationPolicy:OrganizationPolicy default {{project_id}}:{{constraint}}
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(booleanPolicy: Output<OrganizationPolicyBooleanPolicyArgs>? = null, constraint: Output<String>? = null, listPolicy: Output<OrganizationPolicyListPolicyArgs>? = null, project: Output<String>? = null, restorePolicy: Output<OrganizationPolicyRestorePolicyArgs>? = null, version: Output<Int>? = null)

Properties

Link copied to clipboard
val booleanPolicy: Output<OrganizationPolicyBooleanPolicyArgs>? = null

A boolean policy is a constraint that is either enforced or not. Structure is documented below.

Link copied to clipboard
val constraint: Output<String>? = null

The name of the Constraint the Policy is configuring, for example, serviceuser.services. Check out the complete list of available constraints.

Link copied to clipboard
val listPolicy: Output<OrganizationPolicyListPolicyArgs>? = null

A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.

Link copied to clipboard
val project: Output<String>? = null

The project id of the project to set the policy for.

Link copied to clipboard
val restorePolicy: Output<OrganizationPolicyRestorePolicyArgs>? = null

A restore policy is a constraint to restore the default policy. Structure is documented below.

Link copied to clipboard
val version: Output<Int>? = null

Version of the Policy. Default version is 0.

Functions

Link copied to clipboard
open override fun toJava(): OrganizationPolicyArgs