/
servicePerimeter.go
194 lines (162 loc) · 13.4 KB
/
servicePerimeter.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
// Code generated by the Pulumi SDK Generator DO NOT EDIT.
// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! ***
package v1
import (
"context"
"reflect"
"errors"
"github.com/pulumi/pulumi-google-native/sdk/go/google/internal"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
// Creates a service perimeter. The long-running operation from this RPC has a successful status after the service perimeter propagates to long-lasting storage. If a service perimeter contains errors, an error response is returned for the first error encountered.
type ServicePerimeter struct {
pulumi.CustomResourceState
AccessPolicyId pulumi.StringOutput `pulumi:"accessPolicyId"`
// Description of the `ServicePerimeter` and its use. Does not affect behavior.
Description pulumi.StringOutput `pulumi:"description"`
// Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
Name pulumi.StringOutput `pulumi:"name"`
// Perimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty.
PerimeterType pulumi.StringOutput `pulumi:"perimeterType"`
// Proposed (or dry run) ServicePerimeter configuration. This configuration allows to specify and test ServicePerimeter configuration without enforcing actual access restrictions. Only allowed to be set when the "use_explicit_dry_run_spec" flag is set.
Spec ServicePerimeterConfigResponseOutput `pulumi:"spec"`
// Current ServicePerimeter configuration. Specifies sets of resources, restricted services and access levels that determine perimeter content and boundaries.
Status ServicePerimeterConfigResponseOutput `pulumi:"status"`
// Human readable title. Must be unique within the Policy.
Title pulumi.StringOutput `pulumi:"title"`
// Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration ("spec") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config ("status") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values.
UseExplicitDryRunSpec pulumi.BoolOutput `pulumi:"useExplicitDryRunSpec"`
}
// NewServicePerimeter registers a new resource with the given unique name, arguments, and options.
func NewServicePerimeter(ctx *pulumi.Context,
name string, args *ServicePerimeterArgs, opts ...pulumi.ResourceOption) (*ServicePerimeter, error) {
if args == nil {
return nil, errors.New("missing one or more required arguments")
}
if args.AccessPolicyId == nil {
return nil, errors.New("invalid value for required argument 'AccessPolicyId'")
}
replaceOnChanges := pulumi.ReplaceOnChanges([]string{
"accessPolicyId",
})
opts = append(opts, replaceOnChanges)
opts = internal.PkgResourceDefaultOpts(opts)
var resource ServicePerimeter
err := ctx.RegisterResource("google-native:accesscontextmanager/v1:ServicePerimeter", name, args, &resource, opts...)
if err != nil {
return nil, err
}
return &resource, nil
}
// GetServicePerimeter gets an existing ServicePerimeter resource's state with the given name, ID, and optional
// state properties that are used to uniquely qualify the lookup (nil if not required).
func GetServicePerimeter(ctx *pulumi.Context,
name string, id pulumi.IDInput, state *ServicePerimeterState, opts ...pulumi.ResourceOption) (*ServicePerimeter, error) {
var resource ServicePerimeter
err := ctx.ReadResource("google-native:accesscontextmanager/v1:ServicePerimeter", name, id, state, &resource, opts...)
if err != nil {
return nil, err
}
return &resource, nil
}
// Input properties used for looking up and filtering ServicePerimeter resources.
type servicePerimeterState struct {
}
type ServicePerimeterState struct {
}
func (ServicePerimeterState) ElementType() reflect.Type {
return reflect.TypeOf((*servicePerimeterState)(nil)).Elem()
}
type servicePerimeterArgs struct {
AccessPolicyId string `pulumi:"accessPolicyId"`
// Description of the `ServicePerimeter` and its use. Does not affect behavior.
Description *string `pulumi:"description"`
// Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
Name *string `pulumi:"name"`
// Perimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty.
PerimeterType *ServicePerimeterPerimeterType `pulumi:"perimeterType"`
// Proposed (or dry run) ServicePerimeter configuration. This configuration allows to specify and test ServicePerimeter configuration without enforcing actual access restrictions. Only allowed to be set when the "use_explicit_dry_run_spec" flag is set.
Spec *ServicePerimeterConfig `pulumi:"spec"`
// Human readable title. Must be unique within the Policy.
Title *string `pulumi:"title"`
// Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration ("spec") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config ("status") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values.
UseExplicitDryRunSpec *bool `pulumi:"useExplicitDryRunSpec"`
}
// The set of arguments for constructing a ServicePerimeter resource.
type ServicePerimeterArgs struct {
AccessPolicyId pulumi.StringInput
// Description of the `ServicePerimeter` and its use. Does not affect behavior.
Description pulumi.StringPtrInput
// Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
Name pulumi.StringPtrInput
// Perimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty.
PerimeterType ServicePerimeterPerimeterTypePtrInput
// Proposed (or dry run) ServicePerimeter configuration. This configuration allows to specify and test ServicePerimeter configuration without enforcing actual access restrictions. Only allowed to be set when the "use_explicit_dry_run_spec" flag is set.
Spec ServicePerimeterConfigPtrInput
// Human readable title. Must be unique within the Policy.
Title pulumi.StringPtrInput
// Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration ("spec") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config ("status") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values.
UseExplicitDryRunSpec pulumi.BoolPtrInput
}
func (ServicePerimeterArgs) ElementType() reflect.Type {
return reflect.TypeOf((*servicePerimeterArgs)(nil)).Elem()
}
type ServicePerimeterInput interface {
pulumi.Input
ToServicePerimeterOutput() ServicePerimeterOutput
ToServicePerimeterOutputWithContext(ctx context.Context) ServicePerimeterOutput
}
func (*ServicePerimeter) ElementType() reflect.Type {
return reflect.TypeOf((**ServicePerimeter)(nil)).Elem()
}
func (i *ServicePerimeter) ToServicePerimeterOutput() ServicePerimeterOutput {
return i.ToServicePerimeterOutputWithContext(context.Background())
}
func (i *ServicePerimeter) ToServicePerimeterOutputWithContext(ctx context.Context) ServicePerimeterOutput {
return pulumi.ToOutputWithContext(ctx, i).(ServicePerimeterOutput)
}
type ServicePerimeterOutput struct{ *pulumi.OutputState }
func (ServicePerimeterOutput) ElementType() reflect.Type {
return reflect.TypeOf((**ServicePerimeter)(nil)).Elem()
}
func (o ServicePerimeterOutput) ToServicePerimeterOutput() ServicePerimeterOutput {
return o
}
func (o ServicePerimeterOutput) ToServicePerimeterOutputWithContext(ctx context.Context) ServicePerimeterOutput {
return o
}
func (o ServicePerimeterOutput) AccessPolicyId() pulumi.StringOutput {
return o.ApplyT(func(v *ServicePerimeter) pulumi.StringOutput { return v.AccessPolicyId }).(pulumi.StringOutput)
}
// Description of the `ServicePerimeter` and its use. Does not affect behavior.
func (o ServicePerimeterOutput) Description() pulumi.StringOutput {
return o.ApplyT(func(v *ServicePerimeter) pulumi.StringOutput { return v.Description }).(pulumi.StringOutput)
}
// Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.
func (o ServicePerimeterOutput) Name() pulumi.StringOutput {
return o.ApplyT(func(v *ServicePerimeter) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput)
}
// Perimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty.
func (o ServicePerimeterOutput) PerimeterType() pulumi.StringOutput {
return o.ApplyT(func(v *ServicePerimeter) pulumi.StringOutput { return v.PerimeterType }).(pulumi.StringOutput)
}
// Proposed (or dry run) ServicePerimeter configuration. This configuration allows to specify and test ServicePerimeter configuration without enforcing actual access restrictions. Only allowed to be set when the "use_explicit_dry_run_spec" flag is set.
func (o ServicePerimeterOutput) Spec() ServicePerimeterConfigResponseOutput {
return o.ApplyT(func(v *ServicePerimeter) ServicePerimeterConfigResponseOutput { return v.Spec }).(ServicePerimeterConfigResponseOutput)
}
// Current ServicePerimeter configuration. Specifies sets of resources, restricted services and access levels that determine perimeter content and boundaries.
func (o ServicePerimeterOutput) Status() ServicePerimeterConfigResponseOutput {
return o.ApplyT(func(v *ServicePerimeter) ServicePerimeterConfigResponseOutput { return v.Status }).(ServicePerimeterConfigResponseOutput)
}
// Human readable title. Must be unique within the Policy.
func (o ServicePerimeterOutput) Title() pulumi.StringOutput {
return o.ApplyT(func(v *ServicePerimeter) pulumi.StringOutput { return v.Title }).(pulumi.StringOutput)
}
// Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration ("spec") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config ("status") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values.
func (o ServicePerimeterOutput) UseExplicitDryRunSpec() pulumi.BoolOutput {
return o.ApplyT(func(v *ServicePerimeter) pulumi.BoolOutput { return v.UseExplicitDryRunSpec }).(pulumi.BoolOutput)
}
func init() {
pulumi.RegisterInputType(reflect.TypeOf((*ServicePerimeterInput)(nil)).Elem(), &ServicePerimeter{})
pulumi.RegisterOutputType(ServicePerimeterOutput{})
}