pulumi-gcp 7.22.0a1715345822__py3-none-any.whl → 7.22.0a1715611725__py3-none-any.whl

pulumi_gcp/privilegedaccessmanager/_inputs.py

@@ -0,0 +1,420 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+from .. import _utilities
+
+__all__ = [
+    'EntitlementAdditionalNotificationTargetsArgs',
+    'EntitlementApprovalWorkflowArgs',
+    'EntitlementApprovalWorkflowManualApprovalsArgs',
+    'EntitlementApprovalWorkflowManualApprovalsStepArgs',
+    'EntitlementApprovalWorkflowManualApprovalsStepApproversArgs',
+    'EntitlementEligibleUserArgs',
+    'EntitlementPrivilegedAccessArgs',
+    'EntitlementPrivilegedAccessGcpIamAccessArgs',
+    'EntitlementPrivilegedAccessGcpIamAccessRoleBindingArgs',
+    'EntitlementRequesterJustificationConfigArgs',
+    'EntitlementRequesterJustificationConfigNotMandatoryArgs',
+    'EntitlementRequesterJustificationConfigUnstructuredArgs',
+]
+
+@pulumi.input_type
+class EntitlementAdditionalNotificationTargetsArgs:
+    def __init__(__self__, *,
+                 admin_email_recipients: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 requester_email_recipients: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] admin_email_recipients: Optional. Additional email addresses to be notified when a principal(requester) is granted access.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] requester_email_recipients: Optional. Additional email address to be notified about an eligible entitlement.
+        """
+        if admin_email_recipients is not None:
+            pulumi.set(__self__, "admin_email_recipients", admin_email_recipients)
+        if requester_email_recipients is not None:
+            pulumi.set(__self__, "requester_email_recipients", requester_email_recipients)
+
+    @property
+    @pulumi.getter(name="adminEmailRecipients")
+    def admin_email_recipients(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Optional. Additional email addresses to be notified when a principal(requester) is granted access.
+        """
+        return pulumi.get(self, "admin_email_recipients")
+
+    @admin_email_recipients.setter
+    def admin_email_recipients(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "admin_email_recipients", value)
+
+    @property
+    @pulumi.getter(name="requesterEmailRecipients")
+    def requester_email_recipients(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Optional. Additional email address to be notified about an eligible entitlement.
+        """
+        return pulumi.get(self, "requester_email_recipients")
+
+    @requester_email_recipients.setter
+    def requester_email_recipients(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "requester_email_recipients", value)
+
+
+@pulumi.input_type
+class EntitlementApprovalWorkflowArgs:
+    def __init__(__self__, *,
+                 manual_approvals: pulumi.Input['EntitlementApprovalWorkflowManualApprovalsArgs']):
+        """
+        :param pulumi.Input['EntitlementApprovalWorkflowManualApprovalsArgs'] manual_approvals: A manual approval workflow where users who are designated as approvers need to call the ApproveGrant/DenyGrant APIs for an Grant.
+               The workflow can consist of multiple serial steps where each step defines who can act as Approver in that step and how many of those users should approve before the workflow moves to the next step.
+               This can be used to create approval workflows such as
+               * Require an approval from any user in a group G.
+               * Require an approval from any k number of users from a Group G.
+               * Require an approval from any user in a group G and then from a user U. etc.
+               A single user might be part of `approvers` ACL for multiple steps in this workflow but they can only approve once and that approval will only be considered to satisfy the approval step at which it was granted.
+               Structure is documented below.
+        """
+        pulumi.set(__self__, "manual_approvals", manual_approvals)
+
+    @property
+    @pulumi.getter(name="manualApprovals")
+    def manual_approvals(self) -> pulumi.Input['EntitlementApprovalWorkflowManualApprovalsArgs']:
+        """
+        A manual approval workflow where users who are designated as approvers need to call the ApproveGrant/DenyGrant APIs for an Grant.
+        The workflow can consist of multiple serial steps where each step defines who can act as Approver in that step and how many of those users should approve before the workflow moves to the next step.
+        This can be used to create approval workflows such as
+        * Require an approval from any user in a group G.
+        * Require an approval from any k number of users from a Group G.
+        * Require an approval from any user in a group G and then from a user U. etc.
+        A single user might be part of `approvers` ACL for multiple steps in this workflow but they can only approve once and that approval will only be considered to satisfy the approval step at which it was granted.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "manual_approvals")
+
+    @manual_approvals.setter
+    def manual_approvals(self, value: pulumi.Input['EntitlementApprovalWorkflowManualApprovalsArgs']):
+        pulumi.set(self, "manual_approvals", value)
+
+
+@pulumi.input_type
+class EntitlementApprovalWorkflowManualApprovalsArgs:
+    def __init__(__self__, *,
+                 steps: pulumi.Input[Sequence[pulumi.Input['EntitlementApprovalWorkflowManualApprovalsStepArgs']]],
+                 require_approver_justification: Optional[pulumi.Input[bool]] = None):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input['EntitlementApprovalWorkflowManualApprovalsStepArgs']]] steps: List of approval steps in this workflow. These steps would be followed in the specified order sequentially.  1 step is supported for now.
+               Structure is documented below.
+        :param pulumi.Input[bool] require_approver_justification: Optional. Do the approvers need to provide a justification for their actions?
+        """
+        pulumi.set(__self__, "steps", steps)
+        if require_approver_justification is not None:
+            pulumi.set(__self__, "require_approver_justification", require_approver_justification)
+
+    @property
+    @pulumi.getter
+    def steps(self) -> pulumi.Input[Sequence[pulumi.Input['EntitlementApprovalWorkflowManualApprovalsStepArgs']]]:
+        """
+        List of approval steps in this workflow. These steps would be followed in the specified order sequentially.  1 step is supported for now.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "steps")
+
+    @steps.setter
+    def steps(self, value: pulumi.Input[Sequence[pulumi.Input['EntitlementApprovalWorkflowManualApprovalsStepArgs']]]):
+        pulumi.set(self, "steps", value)
+
+    @property
+    @pulumi.getter(name="requireApproverJustification")
+    def require_approver_justification(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Optional. Do the approvers need to provide a justification for their actions?
+        """
+        return pulumi.get(self, "require_approver_justification")
+
+    @require_approver_justification.setter
+    def require_approver_justification(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "require_approver_justification", value)
+
+
+@pulumi.input_type
+class EntitlementApprovalWorkflowManualApprovalsStepArgs:
+    def __init__(__self__, *,
+                 approvers: pulumi.Input['EntitlementApprovalWorkflowManualApprovalsStepApproversArgs'],
+                 approvals_needed: Optional[pulumi.Input[int]] = None,
+                 approver_email_recipients: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
+        """
+        :param pulumi.Input['EntitlementApprovalWorkflowManualApprovalsStepApproversArgs'] approvers: The potential set of approvers in this step. This list should contain at only one entry.
+               Structure is documented below.
+        :param pulumi.Input[int] approvals_needed: How many users from the above list need to approve.
+               If there are not enough distinct users in the list above then the workflow
+               will indefinitely block. Should always be greater than 0. Currently 1 is the only
+               supported value.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] approver_email_recipients: Optional. Additional email addresses to be notified when a grant is pending approval.
+        """
+        pulumi.set(__self__, "approvers", approvers)
+        if approvals_needed is not None:
+            pulumi.set(__self__, "approvals_needed", approvals_needed)
+        if approver_email_recipients is not None:
+            pulumi.set(__self__, "approver_email_recipients", approver_email_recipients)
+
+    @property
+    @pulumi.getter
+    def approvers(self) -> pulumi.Input['EntitlementApprovalWorkflowManualApprovalsStepApproversArgs']:
+        """
+        The potential set of approvers in this step. This list should contain at only one entry.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "approvers")
+
+    @approvers.setter
+    def approvers(self, value: pulumi.Input['EntitlementApprovalWorkflowManualApprovalsStepApproversArgs']):
+        pulumi.set(self, "approvers", value)
+
+    @property
+    @pulumi.getter(name="approvalsNeeded")
+    def approvals_needed(self) -> Optional[pulumi.Input[int]]:
+        """
+        How many users from the above list need to approve.
+        If there are not enough distinct users in the list above then the workflow
+        will indefinitely block. Should always be greater than 0. Currently 1 is the only
+        supported value.
+        """
+        return pulumi.get(self, "approvals_needed")
+
+    @approvals_needed.setter
+    def approvals_needed(self, value: Optional[pulumi.Input[int]]):
+        pulumi.set(self, "approvals_needed", value)
+
+    @property
+    @pulumi.getter(name="approverEmailRecipients")
+    def approver_email_recipients(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Optional. Additional email addresses to be notified when a grant is pending approval.
+        """
+        return pulumi.get(self, "approver_email_recipients")
+
+    @approver_email_recipients.setter
+    def approver_email_recipients(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "approver_email_recipients", value)
+
+
+@pulumi.input_type
+class EntitlementApprovalWorkflowManualApprovalsStepApproversArgs:
+    def __init__(__self__, *,
+                 principals: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] principals: Users who are being allowed for the operation. Each entry should be a valid v1 IAM Principal Identifier. Format for these is documented at: https://cloud.google.com/iam/docs/principal-identifiers#v1
+        """
+        pulumi.set(__self__, "principals", principals)
+
+    @property
+    @pulumi.getter
+    def principals(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
+        """
+        Users who are being allowed for the operation. Each entry should be a valid v1 IAM Principal Identifier. Format for these is documented at: https://cloud.google.com/iam/docs/principal-identifiers#v1
+        """
+        return pulumi.get(self, "principals")
+
+    @principals.setter
+    def principals(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        pulumi.set(self, "principals", value)
+
+
+@pulumi.input_type
+class EntitlementEligibleUserArgs:
+    def __init__(__self__, *,
+                 principals: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] principals: Users who are being allowed for the operation. Each entry should be a valid v1 IAM Principal Identifier. Format for these is documented at "https://cloud.google.com/iam/docs/principal-identifiers#v1"
+        """
+        pulumi.set(__self__, "principals", principals)
+
+    @property
+    @pulumi.getter
+    def principals(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
+        """
+        Users who are being allowed for the operation. Each entry should be a valid v1 IAM Principal Identifier. Format for these is documented at "https://cloud.google.com/iam/docs/principal-identifiers#v1"
+        """
+        return pulumi.get(self, "principals")
+
+    @principals.setter
+    def principals(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        pulumi.set(self, "principals", value)
+
+
+@pulumi.input_type
+class EntitlementPrivilegedAccessArgs:
+    def __init__(__self__, *,
+                 gcp_iam_access: pulumi.Input['EntitlementPrivilegedAccessGcpIamAccessArgs']):
+        """
+        :param pulumi.Input['EntitlementPrivilegedAccessGcpIamAccessArgs'] gcp_iam_access: GcpIamAccess represents IAM based access control on a GCP resource. Refer to https://cloud.google.com/iam/docs to understand more about IAM.
+               Structure is documented below.
+        """
+        pulumi.set(__self__, "gcp_iam_access", gcp_iam_access)
+
+    @property
+    @pulumi.getter(name="gcpIamAccess")
+    def gcp_iam_access(self) -> pulumi.Input['EntitlementPrivilegedAccessGcpIamAccessArgs']:
+        """
+        GcpIamAccess represents IAM based access control on a GCP resource. Refer to https://cloud.google.com/iam/docs to understand more about IAM.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "gcp_iam_access")
+
+    @gcp_iam_access.setter
+    def gcp_iam_access(self, value: pulumi.Input['EntitlementPrivilegedAccessGcpIamAccessArgs']):
+        pulumi.set(self, "gcp_iam_access", value)
+
+
+@pulumi.input_type
+class EntitlementPrivilegedAccessGcpIamAccessArgs:
+    def __init__(__self__, *,
+                 resource: pulumi.Input[str],
+                 resource_type: pulumi.Input[str],
+                 role_bindings: pulumi.Input[Sequence[pulumi.Input['EntitlementPrivilegedAccessGcpIamAccessRoleBindingArgs']]]):
+        """
+        :param pulumi.Input[str] resource: Name of the resource.
+        :param pulumi.Input[str] resource_type: The type of this resource.
+        :param pulumi.Input[Sequence[pulumi.Input['EntitlementPrivilegedAccessGcpIamAccessRoleBindingArgs']]] role_bindings: Role bindings to be created on successful grant.
+               Structure is documented below.
+        """
+        pulumi.set(__self__, "resource", resource)
+        pulumi.set(__self__, "resource_type", resource_type)
+        pulumi.set(__self__, "role_bindings", role_bindings)
+
+    @property
+    @pulumi.getter
+    def resource(self) -> pulumi.Input[str]:
+        """
+        Name of the resource.
+        """
+        return pulumi.get(self, "resource")
+
+    @resource.setter
+    def resource(self, value: pulumi.Input[str]):
+        pulumi.set(self, "resource", value)
+
+    @property
+    @pulumi.getter(name="resourceType")
+    def resource_type(self) -> pulumi.Input[str]:
+        """
+        The type of this resource.
+        """
+        return pulumi.get(self, "resource_type")
+
+    @resource_type.setter
+    def resource_type(self, value: pulumi.Input[str]):
+        pulumi.set(self, "resource_type", value)
+
+    @property
+    @pulumi.getter(name="roleBindings")
+    def role_bindings(self) -> pulumi.Input[Sequence[pulumi.Input['EntitlementPrivilegedAccessGcpIamAccessRoleBindingArgs']]]:
+        """
+        Role bindings to be created on successful grant.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "role_bindings")
+
+    @role_bindings.setter
+    def role_bindings(self, value: pulumi.Input[Sequence[pulumi.Input['EntitlementPrivilegedAccessGcpIamAccessRoleBindingArgs']]]):
+        pulumi.set(self, "role_bindings", value)
+
+
+@pulumi.input_type
+class EntitlementPrivilegedAccessGcpIamAccessRoleBindingArgs:
+    def __init__(__self__, *,
+                 role: pulumi.Input[str],
+                 condition_expression: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] role: IAM role to be granted. https://cloud.google.com/iam/docs/roles-overview.
+        :param pulumi.Input[str] condition_expression: The expression field of the IAM condition to be associated with the role. If specified, a user with an active grant for this entitlement would be able to access the resource only if this condition evaluates to true for their request.
+               https://cloud.google.com/iam/docs/conditions-overview#attributes.
+        """
+        pulumi.set(__self__, "role", role)
+        if condition_expression is not None:
+            pulumi.set(__self__, "condition_expression", condition_expression)
+
+    @property
+    @pulumi.getter
+    def role(self) -> pulumi.Input[str]:
+        """
+        IAM role to be granted. https://cloud.google.com/iam/docs/roles-overview.
+        """
+        return pulumi.get(self, "role")
+
+    @role.setter
+    def role(self, value: pulumi.Input[str]):
+        pulumi.set(self, "role", value)
+
+    @property
+    @pulumi.getter(name="conditionExpression")
+    def condition_expression(self) -> Optional[pulumi.Input[str]]:
+        """
+        The expression field of the IAM condition to be associated with the role. If specified, a user with an active grant for this entitlement would be able to access the resource only if this condition evaluates to true for their request.
+        https://cloud.google.com/iam/docs/conditions-overview#attributes.
+        """
+        return pulumi.get(self, "condition_expression")
+
+    @condition_expression.setter
+    def condition_expression(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "condition_expression", value)
+
+
+@pulumi.input_type
+class EntitlementRequesterJustificationConfigArgs:
+    def __init__(__self__, *,
+                 not_mandatory: Optional[pulumi.Input['EntitlementRequesterJustificationConfigNotMandatoryArgs']] = None,
+                 unstructured: Optional[pulumi.Input['EntitlementRequesterJustificationConfigUnstructuredArgs']] = None):
+        """
+        :param pulumi.Input['EntitlementRequesterJustificationConfigNotMandatoryArgs'] not_mandatory: The justification is not mandatory but can be provided in any of the supported formats.
+        :param pulumi.Input['EntitlementRequesterJustificationConfigUnstructuredArgs'] unstructured: The requester has to provide a justification in the form of free flowing text.
+               
+               - - -
+        """
+        if not_mandatory is not None:
+            pulumi.set(__self__, "not_mandatory", not_mandatory)
+        if unstructured is not None:
+            pulumi.set(__self__, "unstructured", unstructured)
+
+    @property
+    @pulumi.getter(name="notMandatory")
+    def not_mandatory(self) -> Optional[pulumi.Input['EntitlementRequesterJustificationConfigNotMandatoryArgs']]:
+        """
+        The justification is not mandatory but can be provided in any of the supported formats.
+        """
+        return pulumi.get(self, "not_mandatory")
+
+    @not_mandatory.setter
+    def not_mandatory(self, value: Optional[pulumi.Input['EntitlementRequesterJustificationConfigNotMandatoryArgs']]):
+        pulumi.set(self, "not_mandatory", value)
+
+    @property
+    @pulumi.getter
+    def unstructured(self) -> Optional[pulumi.Input['EntitlementRequesterJustificationConfigUnstructuredArgs']]:
+        """
+        The requester has to provide a justification in the form of free flowing text.
+
+        - - -
+        """
+        return pulumi.get(self, "unstructured")
+
+    @unstructured.setter
+    def unstructured(self, value: Optional[pulumi.Input['EntitlementRequesterJustificationConfigUnstructuredArgs']]):
+        pulumi.set(self, "unstructured", value)
+
+
+@pulumi.input_type
+class EntitlementRequesterJustificationConfigNotMandatoryArgs:
+    def __init__(__self__):
+        pass
+
+
+@pulumi.input_type
+class EntitlementRequesterJustificationConfigUnstructuredArgs:
+    def __init__(__self__):
+        pass
+
+