1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. accesscontextmanager
  5. AccessPolicy
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

gcp.accesscontextmanager.AccessPolicy

Explore with Pulumi AI

gcp logo
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

    AccessPolicy is a container for AccessLevels (which define the necessary attributes to use GCP services) and ServicePerimeters (which define regions of services able to freely pass data within a perimeter). An access policy is globally visible within an organization, and the restrictions it specifies apply to all projects within an organization.

    To get more information about AccessPolicy, see:

    Warning: If you are using User ADCs (Application Default Credentials) with this resource, you must specify a billing_project and set user_project_override to true in the provider configuration. Otherwise the ACM API will return a 403 error. Your account must have the serviceusage.services.use permission on the billing_project you defined.

    Example Usage

    Access Context Manager Access Policy Basic

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const access_policy = new gcp.accesscontextmanager.AccessPolicy("access-policy", {
        parent: "organizations/123456789",
        title: "Org Access Policy",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    access_policy = gcp.accesscontextmanager.AccessPolicy("access-policy",
        parent="organizations/123456789",
        title="Org Access Policy")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := accesscontextmanager.NewAccessPolicy(ctx, "access-policy", &accesscontextmanager.AccessPolicyArgs{
    			Parent: pulumi.String("organizations/123456789"),
    			Title:  pulumi.String("Org Access Policy"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var access_policy = new Gcp.AccessContextManager.AccessPolicy("access-policy", new()
        {
            Parent = "organizations/123456789",
            Title = "Org Access Policy",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.accesscontextmanager.AccessPolicy;
    import com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var access_policy = new AccessPolicy("access-policy", AccessPolicyArgs.builder()
                .parent("organizations/123456789")
                .title("Org Access Policy")
                .build());
    
        }
    }
    
    resources:
      access-policy:
        type: gcp:accesscontextmanager:AccessPolicy
        properties:
          parent: organizations/123456789
          title: Org Access Policy
    

    Access Context Manager Access Policy Scoped

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const project = new gcp.organizations.Project("project", {
        projectId: "my-project-name",
        name: "my-project-name",
        orgId: "123456789",
        deletionPolicy: "DELETE",
    });
    const access_policy = new gcp.accesscontextmanager.AccessPolicy("access-policy", {
        parent: "organizations/123456789",
        title: "Scoped Access Policy",
        scopes: pulumi.interpolate`projects/${project.number}`,
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    project = gcp.organizations.Project("project",
        project_id="my-project-name",
        name="my-project-name",
        org_id="123456789",
        deletion_policy="DELETE")
    access_policy = gcp.accesscontextmanager.AccessPolicy("access-policy",
        parent="organizations/123456789",
        title="Scoped Access Policy",
        scopes=project.number.apply(lambda number: f"projects/{number}"))
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accesscontextmanager"
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		project, err := organizations.NewProject(ctx, "project", &organizations.ProjectArgs{
    			ProjectId:      pulumi.String("my-project-name"),
    			Name:           pulumi.String("my-project-name"),
    			OrgId:          pulumi.String("123456789"),
    			DeletionPolicy: pulumi.String("DELETE"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = accesscontextmanager.NewAccessPolicy(ctx, "access-policy", &accesscontextmanager.AccessPolicyArgs{
    			Parent: pulumi.String("organizations/123456789"),
    			Title:  pulumi.String("Scoped Access Policy"),
    			Scopes: project.Number.ApplyT(func(number string) (string, error) {
    				return fmt.Sprintf("projects/%v", number), nil
    			}).(pulumi.StringOutput),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var project = new Gcp.Organizations.Project("project", new()
        {
            ProjectId = "my-project-name",
            Name = "my-project-name",
            OrgId = "123456789",
            DeletionPolicy = "DELETE",
        });
    
        var access_policy = new Gcp.AccessContextManager.AccessPolicy("access-policy", new()
        {
            Parent = "organizations/123456789",
            Title = "Scoped Access Policy",
            Scopes = project.Number.Apply(number => $"projects/{number}"),
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.organizations.Project;
    import com.pulumi.gcp.organizations.ProjectArgs;
    import com.pulumi.gcp.accesscontextmanager.AccessPolicy;
    import com.pulumi.gcp.accesscontextmanager.AccessPolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var project = new Project("project", ProjectArgs.builder()
                .projectId("my-project-name")
                .name("my-project-name")
                .orgId("123456789")
                .deletionPolicy("DELETE")
                .build());
    
            var access_policy = new AccessPolicy("access-policy", AccessPolicyArgs.builder()
                .parent("organizations/123456789")
                .title("Scoped Access Policy")
                .scopes(project.number().applyValue(number -> String.format("projects/%s", number)))
                .build());
    
        }
    }
    
    resources:
      project:
        type: gcp:organizations:Project
        properties:
          projectId: my-project-name
          name: my-project-name
          orgId: '123456789'
          deletionPolicy: DELETE
      access-policy:
        type: gcp:accesscontextmanager:AccessPolicy
        properties:
          parent: organizations/123456789
          title: Scoped Access Policy
          scopes: projects/${project.number}
    

    Create AccessPolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AccessPolicy(name: string, args: AccessPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def AccessPolicy(resource_name: str,
                     args: AccessPolicyArgs,
                     opts: Optional[ResourceOptions] = None)
    
    @overload
    def AccessPolicy(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     parent: Optional[str] = None,
                     title: Optional[str] = None,
                     scopes: Optional[str] = None)
    func NewAccessPolicy(ctx *Context, name string, args AccessPolicyArgs, opts ...ResourceOption) (*AccessPolicy, error)
    public AccessPolicy(string name, AccessPolicyArgs args, CustomResourceOptions? opts = null)
    public AccessPolicy(String name, AccessPolicyArgs args)
    public AccessPolicy(String name, AccessPolicyArgs args, CustomResourceOptions options)
    
    type: gcp:accesscontextmanager:AccessPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AccessPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AccessPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AccessPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AccessPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AccessPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var accessPolicyResource = new Gcp.AccessContextManager.AccessPolicy("accessPolicyResource", new()
    {
        Parent = "string",
        Title = "string",
        Scopes = "string",
    });
    
    example, err := accesscontextmanager.NewAccessPolicy(ctx, "accessPolicyResource", &accesscontextmanager.AccessPolicyArgs{
    	Parent: pulumi.String("string"),
    	Title:  pulumi.String("string"),
    	Scopes: pulumi.String("string"),
    })
    
    var accessPolicyResource = new AccessPolicy("accessPolicyResource", AccessPolicyArgs.builder()
        .parent("string")
        .title("string")
        .scopes("string")
        .build());
    
    access_policy_resource = gcp.accesscontextmanager.AccessPolicy("accessPolicyResource",
        parent="string",
        title="string",
        scopes="string")
    
    const accessPolicyResource = new gcp.accesscontextmanager.AccessPolicy("accessPolicyResource", {
        parent: "string",
        title: "string",
        scopes: "string",
    });
    
    type: gcp:accesscontextmanager:AccessPolicy
    properties:
        parent: string
        scopes: string
        title: string
    

    AccessPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The AccessPolicy resource accepts the following input properties:

    Parent string
    The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: 'organizations/{{organization_id}}'
    Title string
    Human readable title. Does not affect behavior.


    Scopes string
    Folder or project on which this policy is applicable. Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}'
    Parent string
    The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: 'organizations/{{organization_id}}'
    Title string
    Human readable title. Does not affect behavior.


    Scopes string
    Folder or project on which this policy is applicable. Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}'
    parent String
    The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: 'organizations/{{organization_id}}'
    title String
    Human readable title. Does not affect behavior.


    scopes String
    Folder or project on which this policy is applicable. Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}'
    parent string
    The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: 'organizations/{{organization_id}}'
    title string
    Human readable title. Does not affect behavior.


    scopes string
    Folder or project on which this policy is applicable. Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}'
    parent str
    The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: 'organizations/{{organization_id}}'
    title str
    Human readable title. Does not affect behavior.


    scopes str
    Folder or project on which this policy is applicable. Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}'
    parent String
    The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: 'organizations/{{organization_id}}'
    title String
    Human readable title. Does not affect behavior.


    scopes String
    Folder or project on which this policy is applicable. Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}'

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AccessPolicy resource produces the following output properties:

    CreateTime string
    Time the AccessPolicy was created in UTC.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    Resource name of the AccessPolicy. Format: '{{policy_id}}'
    UpdateTime string
    Time the AccessPolicy was updated in UTC.
    CreateTime string
    Time the AccessPolicy was created in UTC.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    Resource name of the AccessPolicy. Format: '{{policy_id}}'
    UpdateTime string
    Time the AccessPolicy was updated in UTC.
    createTime String
    Time the AccessPolicy was created in UTC.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    Resource name of the AccessPolicy. Format: '{{policy_id}}'
    updateTime String
    Time the AccessPolicy was updated in UTC.
    createTime string
    Time the AccessPolicy was created in UTC.
    id string
    The provider-assigned unique ID for this managed resource.
    name string
    Resource name of the AccessPolicy. Format: '{{policy_id}}'
    updateTime string
    Time the AccessPolicy was updated in UTC.
    create_time str
    Time the AccessPolicy was created in UTC.
    id str
    The provider-assigned unique ID for this managed resource.
    name str
    Resource name of the AccessPolicy. Format: '{{policy_id}}'
    update_time str
    Time the AccessPolicy was updated in UTC.
    createTime String
    Time the AccessPolicy was created in UTC.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    Resource name of the AccessPolicy. Format: '{{policy_id}}'
    updateTime String
    Time the AccessPolicy was updated in UTC.

    Look up Existing AccessPolicy Resource

    Get an existing AccessPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AccessPolicyState, opts?: CustomResourceOptions): AccessPolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            create_time: Optional[str] = None,
            name: Optional[str] = None,
            parent: Optional[str] = None,
            scopes: Optional[str] = None,
            title: Optional[str] = None,
            update_time: Optional[str] = None) -> AccessPolicy
    func GetAccessPolicy(ctx *Context, name string, id IDInput, state *AccessPolicyState, opts ...ResourceOption) (*AccessPolicy, error)
    public static AccessPolicy Get(string name, Input<string> id, AccessPolicyState? state, CustomResourceOptions? opts = null)
    public static AccessPolicy get(String name, Output<String> id, AccessPolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    CreateTime string
    Time the AccessPolicy was created in UTC.
    Name string
    Resource name of the AccessPolicy. Format: '{{policy_id}}'
    Parent string
    The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: 'organizations/{{organization_id}}'
    Scopes string
    Folder or project on which this policy is applicable. Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}'
    Title string
    Human readable title. Does not affect behavior.


    UpdateTime string
    Time the AccessPolicy was updated in UTC.
    CreateTime string
    Time the AccessPolicy was created in UTC.
    Name string
    Resource name of the AccessPolicy. Format: '{{policy_id}}'
    Parent string
    The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: 'organizations/{{organization_id}}'
    Scopes string
    Folder or project on which this policy is applicable. Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}'
    Title string
    Human readable title. Does not affect behavior.


    UpdateTime string
    Time the AccessPolicy was updated in UTC.
    createTime String
    Time the AccessPolicy was created in UTC.
    name String
    Resource name of the AccessPolicy. Format: '{{policy_id}}'
    parent String
    The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: 'organizations/{{organization_id}}'
    scopes String
    Folder or project on which this policy is applicable. Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}'
    title String
    Human readable title. Does not affect behavior.


    updateTime String
    Time the AccessPolicy was updated in UTC.
    createTime string
    Time the AccessPolicy was created in UTC.
    name string
    Resource name of the AccessPolicy. Format: '{{policy_id}}'
    parent string
    The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: 'organizations/{{organization_id}}'
    scopes string
    Folder or project on which this policy is applicable. Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}'
    title string
    Human readable title. Does not affect behavior.


    updateTime string
    Time the AccessPolicy was updated in UTC.
    create_time str
    Time the AccessPolicy was created in UTC.
    name str
    Resource name of the AccessPolicy. Format: '{{policy_id}}'
    parent str
    The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: 'organizations/{{organization_id}}'
    scopes str
    Folder or project on which this policy is applicable. Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}'
    title str
    Human readable title. Does not affect behavior.


    update_time str
    Time the AccessPolicy was updated in UTC.
    createTime String
    Time the AccessPolicy was created in UTC.
    name String
    Resource name of the AccessPolicy. Format: '{{policy_id}}'
    parent String
    The parent of this AccessPolicy in the Cloud Resource Hierarchy. Format: 'organizations/{{organization_id}}'
    scopes String
    Folder or project on which this policy is applicable. Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}'
    title String
    Human readable title. Does not affect behavior.


    updateTime String
    Time the AccessPolicy was updated in UTC.

    Import

    AccessPolicy can be imported using any of these accepted formats:

    • {{name}}

    When using the pulumi import command, AccessPolicy can be imported using one of the formats above. For example:

    $ pulumi import gcp:accesscontextmanager/accessPolicy:AccessPolicy default {{name}}
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi