Class ServicePerimeterResource
Allows configuring a single GCP resource that should be inside of a service perimeter.
This resource is intended to be used in cases where it is not possible to compile a full list
of projects to include in a gcp.accesscontextmanager.ServicePerimeter resource,
to enable them to be added separately.
Note: If this resource is used alongside a
gcp.accesscontextmanager.ServicePerimeterresource, the service perimeter resource must have alifecycleblock withignore_changes = [status[0].resources]so they don't fight over which resources should be in the policy.
To get more information about ServicePerimeterResource, see:
- API documentation
- How-to Guides
- Service Perimeter Quickstart
Example Usage - Access Context Manager Service Perimeter Resource Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var access_policy = new Gcp.AccessContextManager.AccessPolicy("access-policy", new Gcp.AccessContextManager.AccessPolicyArgs
{
Parent = "organizations/123456789",
Title = "my policy",
});
var service_perimeter_resourceServicePerimeter = new Gcp.AccessContextManager.ServicePerimeter("service-perimeter-resourceServicePerimeter", new Gcp.AccessContextManager.ServicePerimeterArgs
{
Parent = access_policy.Name.Apply(name => $"accessPolicies/{name}"),
Title = "restrict_all",
Status = new Gcp.AccessContextManager.Inputs.ServicePerimeterStatusArgs
{
RestrictedServices =
{
"storage.googleapis.com",
},
},
});
var service_perimeter_resourceServicePerimeterResource = new Gcp.AccessContextManager.ServicePerimeterResource("service-perimeter-resourceServicePerimeterResource", new Gcp.AccessContextManager.ServicePerimeterResourceArgs
{
PerimeterName = service_perimeter_resourceServicePerimeter.Name,
Resource = "projects/987654321",
});
}
}
Inherited Members
Namespace: Pulumi.Gcp.AccessContextManager
Assembly: Pulumi.Gcp.dll
Syntax
public class ServicePerimeterResource : CustomResourceConstructors
View SourceServicePerimeterResource(String, ServicePerimeterResourceArgs, CustomResourceOptions)
Create a ServicePerimeterResource resource with the given unique name, arguments, and options.
Declaration
public ServicePerimeterResource(string name, ServicePerimeterResourceArgs args, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resource |
| ServicePerimeterResourceArgs | args | The arguments used to populate this resource's properties |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Properties
View SourcePerimeterName
The name of the Service Perimeter to add this resource to.
Declaration
public Output<string> PerimeterName { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Resource
A GCP resource that is inside of the service perimeter. Currently only projects are allowed. Format: projects/{project_number}
Declaration
public Output<string> Resource { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Methods
View SourceGet(String, Input<String>, ServicePerimeterResourceState, CustomResourceOptions)
Get an existing ServicePerimeterResource resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
Declaration
public static ServicePerimeterResource Get(string name, Input<string> id, ServicePerimeterResourceState state = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resulting resource. |
| Input<System.String> | id | The unique provider ID of the resource to lookup. |
| ServicePerimeterResourceState | state | Any extra arguments used during the lookup. |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Returns
| Type | Description |
|---|---|
| ServicePerimeterResource |