pulumi-gcp 7.7.0a1706207981__py3-none-any.whl → 7.8.0__py3-none-any.whl

pulumi_gcp/securityposture/outputs.py

@@ -0,0 +1,1372 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+from .. import _utilities
+from . import outputs
+
+__all__ = [
+    'PosturePolicySet',
+    'PosturePolicySetPolicy',
+    'PosturePolicySetPolicyComplianceStandard',
+    'PosturePolicySetPolicyConstraint',
+    'PosturePolicySetPolicyConstraintOrgPolicyConstraint',
+    'PosturePolicySetPolicyConstraintOrgPolicyConstraintCustom',
+    'PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraint',
+    'PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRule',
+    'PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleExpr',
+    'PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValues',
+    'PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRule',
+    'PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleExpr',
+    'PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValues',
+    'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModule',
+    'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfig',
+    'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutput',
+    'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputProperty',
+    'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpression',
+    'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicate',
+    'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelector',
+    'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModule',
+]
+
+@pulumi.output_type
+class PosturePolicySet(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "policySetId":
+            suggest = "policy_set_id"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in PosturePolicySet. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        PosturePolicySet.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        PosturePolicySet.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 policy_set_id: str,
+                 description: Optional[str] = None,
+                 policies: Optional[Sequence['outputs.PosturePolicySetPolicy']] = None):
+        """
+        :param str policy_set_id: ID of the policy set.
+        :param str description: Description of the policy set.
+        :param Sequence['PosturePolicySetPolicyArgs'] policies: List of security policy
+               Structure is documented below.
+        """
+        pulumi.set(__self__, "policy_set_id", policy_set_id)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if policies is not None:
+            pulumi.set(__self__, "policies", policies)
+
+    @property
+    @pulumi.getter(name="policySetId")
+    def policy_set_id(self) -> str:
+        """
+        ID of the policy set.
+        """
+        return pulumi.get(self, "policy_set_id")
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[str]:
+        """
+        Description of the policy set.
+        """
+        return pulumi.get(self, "description")
+
+    @property
+    @pulumi.getter
+    def policies(self) -> Optional[Sequence['outputs.PosturePolicySetPolicy']]:
+        """
+        List of security policy
+        Structure is documented below.
+        """
+        return pulumi.get(self, "policies")
+
+
+@pulumi.output_type
+class PosturePolicySetPolicy(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "policyId":
+            suggest = "policy_id"
+        elif key == "complianceStandards":
+            suggest = "compliance_standards"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in PosturePolicySetPolicy. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        PosturePolicySetPolicy.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        PosturePolicySetPolicy.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 constraint: 'outputs.PosturePolicySetPolicyConstraint',
+                 policy_id: str,
+                 compliance_standards: Optional[Sequence['outputs.PosturePolicySetPolicyComplianceStandard']] = None,
+                 description: Optional[str] = None):
+        """
+        :param 'PosturePolicySetPolicyConstraintArgs' constraint: Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule
+               Structure is documented below.
+        :param str policy_id: ID of the policy.
+        :param Sequence['PosturePolicySetPolicyComplianceStandardArgs'] compliance_standards: Mapping for policy to security standards and controls.
+               Structure is documented below.
+        :param str description: Description of the policy.
+        """
+        pulumi.set(__self__, "constraint", constraint)
+        pulumi.set(__self__, "policy_id", policy_id)
+        if compliance_standards is not None:
+            pulumi.set(__self__, "compliance_standards", compliance_standards)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+
+    @property
+    @pulumi.getter
+    def constraint(self) -> 'outputs.PosturePolicySetPolicyConstraint':
+        """
+        Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule
+        Structure is documented below.
+        """
+        return pulumi.get(self, "constraint")
+
+    @property
+    @pulumi.getter(name="policyId")
+    def policy_id(self) -> str:
+        """
+        ID of the policy.
+        """
+        return pulumi.get(self, "policy_id")
+
+    @property
+    @pulumi.getter(name="complianceStandards")
+    def compliance_standards(self) -> Optional[Sequence['outputs.PosturePolicySetPolicyComplianceStandard']]:
+        """
+        Mapping for policy to security standards and controls.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "compliance_standards")
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[str]:
+        """
+        Description of the policy.
+        """
+        return pulumi.get(self, "description")
+
+
+@pulumi.output_type
+class PosturePolicySetPolicyComplianceStandard(dict):
+    def __init__(__self__, *,
+                 control: Optional[str] = None,
+                 standard: Optional[str] = None):
+        """
+        :param str control: Mapping of security controls for the policy.
+        :param str standard: Mapping of compliance standards for the policy.
+        """
+        if control is not None:
+            pulumi.set(__self__, "control", control)
+        if standard is not None:
+            pulumi.set(__self__, "standard", standard)
+
+    @property
+    @pulumi.getter
+    def control(self) -> Optional[str]:
+        """
+        Mapping of security controls for the policy.
+        """
+        return pulumi.get(self, "control")
+
+    @property
+    @pulumi.getter
+    def standard(self) -> Optional[str]:
+        """
+        Mapping of compliance standards for the policy.
+        """
+        return pulumi.get(self, "standard")
+
+
+@pulumi.output_type
+class PosturePolicySetPolicyConstraint(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "orgPolicyConstraint":
+            suggest = "org_policy_constraint"
+        elif key == "orgPolicyConstraintCustom":
+            suggest = "org_policy_constraint_custom"
+        elif key == "securityHealthAnalyticsCustomModule":
+            suggest = "security_health_analytics_custom_module"
+        elif key == "securityHealthAnalyticsModule":
+            suggest = "security_health_analytics_module"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in PosturePolicySetPolicyConstraint. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        PosturePolicySetPolicyConstraint.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        PosturePolicySetPolicyConstraint.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 org_policy_constraint: Optional['outputs.PosturePolicySetPolicyConstraintOrgPolicyConstraint'] = None,
+                 org_policy_constraint_custom: Optional['outputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustom'] = None,
+                 security_health_analytics_custom_module: Optional['outputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModule'] = None,
+                 security_health_analytics_module: Optional['outputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModule'] = None):
+        """
+        :param 'PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs' org_policy_constraint: Organization policy canned constraint definition.
+               Structure is documented below.
+        :param 'PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs' org_policy_constraint_custom: Organization policy custom constraint policy definition.
+               Structure is documented below.
+        :param 'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs' security_health_analytics_custom_module: Definition of Security Health Analytics Custom Module.
+               Structure is documented below.
+        :param 'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs' security_health_analytics_module: Security Health Analytics built-in detector definition.
+               Structure is documented below.
+        """
+        if org_policy_constraint is not None:
+            pulumi.set(__self__, "org_policy_constraint", org_policy_constraint)
+        if org_policy_constraint_custom is not None:
+            pulumi.set(__self__, "org_policy_constraint_custom", org_policy_constraint_custom)
+        if security_health_analytics_custom_module is not None:
+            pulumi.set(__self__, "security_health_analytics_custom_module", security_health_analytics_custom_module)
+        if security_health_analytics_module is not None:
+            pulumi.set(__self__, "security_health_analytics_module", security_health_analytics_module)
+
+    @property
+    @pulumi.getter(name="orgPolicyConstraint")
+    def org_policy_constraint(self) -> Optional['outputs.PosturePolicySetPolicyConstraintOrgPolicyConstraint']:
+        """
+        Organization policy canned constraint definition.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "org_policy_constraint")
+
+    @property
+    @pulumi.getter(name="orgPolicyConstraintCustom")
+    def org_policy_constraint_custom(self) -> Optional['outputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustom']:
+        """
+        Organization policy custom constraint policy definition.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "org_policy_constraint_custom")
+
+    @property
+    @pulumi.getter(name="securityHealthAnalyticsCustomModule")
+    def security_health_analytics_custom_module(self) -> Optional['outputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModule']:
+        """
+        Definition of Security Health Analytics Custom Module.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "security_health_analytics_custom_module")
+
+    @property
+    @pulumi.getter(name="securityHealthAnalyticsModule")
+    def security_health_analytics_module(self) -> Optional['outputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModule']:
+        """
+        Security Health Analytics built-in detector definition.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "security_health_analytics_module")
+
+
+@pulumi.output_type
+class PosturePolicySetPolicyConstraintOrgPolicyConstraint(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "cannedConstraintId":
+            suggest = "canned_constraint_id"
+        elif key == "policyRules":
+            suggest = "policy_rules"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in PosturePolicySetPolicyConstraintOrgPolicyConstraint. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        PosturePolicySetPolicyConstraintOrgPolicyConstraint.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        PosturePolicySetPolicyConstraintOrgPolicyConstraint.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 canned_constraint_id: str,
+                 policy_rules: Sequence['outputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRule']):
+        """
+        :param str canned_constraint_id: Organization policy canned constraint Id
+        :param Sequence['PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs'] policy_rules: Definition of policy rules
+               Structure is documented below.
+        """
+        pulumi.set(__self__, "canned_constraint_id", canned_constraint_id)
+        pulumi.set(__self__, "policy_rules", policy_rules)
+
+    @property
+    @pulumi.getter(name="cannedConstraintId")
+    def canned_constraint_id(self) -> str:
+        """
+        Organization policy canned constraint Id
+        """
+        return pulumi.get(self, "canned_constraint_id")
+
+    @property
+    @pulumi.getter(name="policyRules")
+    def policy_rules(self) -> Sequence['outputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRule']:
+        """
+        Definition of policy rules
+        Structure is documented below.
+        """
+        return pulumi.get(self, "policy_rules")
+
+
+@pulumi.output_type
+class PosturePolicySetPolicyConstraintOrgPolicyConstraintCustom(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "policyRules":
+            suggest = "policy_rules"
+        elif key == "customConstraint":
+            suggest = "custom_constraint"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in PosturePolicySetPolicyConstraintOrgPolicyConstraintCustom. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        PosturePolicySetPolicyConstraintOrgPolicyConstraintCustom.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        PosturePolicySetPolicyConstraintOrgPolicyConstraintCustom.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 policy_rules: Sequence['outputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRule'],
+                 custom_constraint: Optional['outputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraint'] = None):
+        """
+        :param Sequence['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs'] policy_rules: Definition of policy rules
+               Structure is documented below.
+        :param 'PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs' custom_constraint: Organization policy custom constraint definition.
+               Structure is documented below.
+        """
+        pulumi.set(__self__, "policy_rules", policy_rules)
+        if custom_constraint is not None:
+            pulumi.set(__self__, "custom_constraint", custom_constraint)
+
+    @property
+    @pulumi.getter(name="policyRules")
+    def policy_rules(self) -> Sequence['outputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRule']:
+        """
+        Definition of policy rules
+        Structure is documented below.
+        """
+        return pulumi.get(self, "policy_rules")
+
+    @property
+    @pulumi.getter(name="customConstraint")
+    def custom_constraint(self) -> Optional['outputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraint']:
+        """
+        Organization policy custom constraint definition.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "custom_constraint")
+
+
+@pulumi.output_type
+class PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraint(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "actionType":
+            suggest = "action_type"
+        elif key == "methodTypes":
+            suggest = "method_types"
+        elif key == "resourceTypes":
+            suggest = "resource_types"
+        elif key == "displayName":
+            suggest = "display_name"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraint. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraint.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraint.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 action_type: str,
+                 condition: str,
+                 method_types: Sequence[str],
+                 name: str,
+                 resource_types: Sequence[str],
+                 description: Optional[str] = None,
+                 display_name: Optional[str] = None):
+        """
+        :param str action_type: The action to take if the condition is met.
+               Possible values are: `ALLOW`, `DENY`.
+        :param str condition: A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).
+        :param Sequence[str] method_types: A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).
+        :param str name: Immutable. The name of the custom constraint. This is unique within the organization.
+        :param Sequence[str] resource_types: Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`.
+        :param str description: A human-friendly description of the constraint to display as an error message when the policy is violated.
+        :param str display_name: A human-friendly name for the constraint.
+        """
+        pulumi.set(__self__, "action_type", action_type)
+        pulumi.set(__self__, "condition", condition)
+        pulumi.set(__self__, "method_types", method_types)
+        pulumi.set(__self__, "name", name)
+        pulumi.set(__self__, "resource_types", resource_types)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if display_name is not None:
+            pulumi.set(__self__, "display_name", display_name)
+
+    @property
+    @pulumi.getter(name="actionType")
+    def action_type(self) -> str:
+        """
+        The action to take if the condition is met.
+        Possible values are: `ALLOW`, `DENY`.
+        """
+        return pulumi.get(self, "action_type")
+
+    @property
+    @pulumi.getter
+    def condition(self) -> str:
+        """
+        A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).
+        """
+        return pulumi.get(self, "condition")
+
+    @property
+    @pulumi.getter(name="methodTypes")
+    def method_types(self) -> Sequence[str]:
+        """
+        A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).
+        """
+        return pulumi.get(self, "method_types")
+
+    @property
+    @pulumi.getter
+    def name(self) -> str:
+        """
+        Immutable. The name of the custom constraint. This is unique within the organization.
+        """
+        return pulumi.get(self, "name")
+
+    @property
+    @pulumi.getter(name="resourceTypes")
+    def resource_types(self) -> Sequence[str]:
+        """
+        Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`.
+        """
+        return pulumi.get(self, "resource_types")
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[str]:
+        """
+        A human-friendly description of the constraint to display as an error message when the policy is violated.
+        """
+        return pulumi.get(self, "description")
+
+    @property
+    @pulumi.getter(name="displayName")
+    def display_name(self) -> Optional[str]:
+        """
+        A human-friendly name for the constraint.
+        """
+        return pulumi.get(self, "display_name")
+
+
+@pulumi.output_type
+class PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRule(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "allowAll":
+            suggest = "allow_all"
+        elif key == "denyAll":
+            suggest = "deny_all"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRule. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRule.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRule.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 allow_all: Optional[bool] = None,
+                 deny_all: Optional[bool] = None,
+                 enforce: Optional[bool] = None,
+                 expr: Optional['outputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleExpr'] = None,
+                 values: Optional['outputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValues'] = None):
+        """
+        :param bool allow_all: Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
+        :param bool deny_all: Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
+        :param bool enforce: If `true`, then the policy is enforced. If `false`, then any configuration is acceptable.
+               This field can be set only in policies for boolean constraints.
+        :param 'PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleExprArgs' expr: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.
+               This page details the objects and attributes that are used to the build the CEL expressions for
+               custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.
+               Structure is documented below.
+        :param 'PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValuesArgs' values: List of values to be used for this policy rule. This field can be set only in policies for list constraints.
+               Structure is documented below.
+        """
+        if allow_all is not None:
+            pulumi.set(__self__, "allow_all", allow_all)
+        if deny_all is not None:
+            pulumi.set(__self__, "deny_all", deny_all)
+        if enforce is not None:
+            pulumi.set(__self__, "enforce", enforce)
+        if expr is not None:
+            pulumi.set(__self__, "expr", expr)
+        if values is not None:
+            pulumi.set(__self__, "values", values)
+
+    @property
+    @pulumi.getter(name="allowAll")
+    def allow_all(self) -> Optional[bool]:
+        """
+        Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
+        """
+        return pulumi.get(self, "allow_all")
+
+    @property
+    @pulumi.getter(name="denyAll")
+    def deny_all(self) -> Optional[bool]:
+        """
+        Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
+        """
+        return pulumi.get(self, "deny_all")
+
+    @property
+    @pulumi.getter
+    def enforce(self) -> Optional[bool]:
+        """
+        If `true`, then the policy is enforced. If `false`, then any configuration is acceptable.
+        This field can be set only in policies for boolean constraints.
+        """
+        return pulumi.get(self, "enforce")
+
+    @property
+    @pulumi.getter
+    def expr(self) -> Optional['outputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleExpr']:
+        """
+        Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.
+        This page details the objects and attributes that are used to the build the CEL expressions for
+        custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "expr")
+
+    @property
+    @pulumi.getter
+    def values(self) -> Optional['outputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValues']:
+        """
+        List of values to be used for this policy rule. This field can be set only in policies for list constraints.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "values")
+
+
+@pulumi.output_type
+class PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleExpr(dict):
+    def __init__(__self__, *,
+                 expression: str,
+                 description: Optional[str] = None,
+                 location: Optional[str] = None,
+                 title: Optional[str] = None):
+        """
+        :param str expression: Textual representation of an expression in Common Expression Language syntax.
+        :param str description: Description of the expression
+        :param str location: String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
+        :param str title: Title for the expression, i.e. a short string describing its purpose.
+        """
+        pulumi.set(__self__, "expression", expression)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if location is not None:
+            pulumi.set(__self__, "location", location)
+        if title is not None:
+            pulumi.set(__self__, "title", title)
+
+    @property
+    @pulumi.getter
+    def expression(self) -> str:
+        """
+        Textual representation of an expression in Common Expression Language syntax.
+        """
+        return pulumi.get(self, "expression")
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[str]:
+        """
+        Description of the expression
+        """
+        return pulumi.get(self, "description")
+
+    @property
+    @pulumi.getter
+    def location(self) -> Optional[str]:
+        """
+        String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
+        """
+        return pulumi.get(self, "location")
+
+    @property
+    @pulumi.getter
+    def title(self) -> Optional[str]:
+        """
+        Title for the expression, i.e. a short string describing its purpose.
+        """
+        return pulumi.get(self, "title")
+
+
+@pulumi.output_type
+class PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValues(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "allowedValues":
+            suggest = "allowed_values"
+        elif key == "deniedValues":
+            suggest = "denied_values"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValues. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValues.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValues.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 allowed_values: Optional[Sequence[str]] = None,
+                 denied_values: Optional[Sequence[str]] = None):
+        """
+        :param Sequence[str] allowed_values: List of values allowed at this resource.
+        :param Sequence[str] denied_values: List of values denied at this resource.
+        """
+        if allowed_values is not None:
+            pulumi.set(__self__, "allowed_values", allowed_values)
+        if denied_values is not None:
+            pulumi.set(__self__, "denied_values", denied_values)
+
+    @property
+    @pulumi.getter(name="allowedValues")
+    def allowed_values(self) -> Optional[Sequence[str]]:
+        """
+        List of values allowed at this resource.
+        """
+        return pulumi.get(self, "allowed_values")
+
+    @property
+    @pulumi.getter(name="deniedValues")
+    def denied_values(self) -> Optional[Sequence[str]]:
+        """
+        List of values denied at this resource.
+        """
+        return pulumi.get(self, "denied_values")
+
+
+@pulumi.output_type
+class PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRule(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "allowAll":
+            suggest = "allow_all"
+        elif key == "denyAll":
+            suggest = "deny_all"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRule. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRule.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRule.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 allow_all: Optional[bool] = None,
+                 deny_all: Optional[bool] = None,
+                 enforce: Optional[bool] = None,
+                 expr: Optional['outputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleExpr'] = None,
+                 values: Optional['outputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValues'] = None):
+        """
+        :param bool allow_all: Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
+        :param bool deny_all: Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
+        :param bool enforce: If `true`, then the policy is enforced. If `false`, then any configuration is acceptable.
+               This field can be set only in policies for boolean constraints.
+        :param 'PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleExprArgs' expr: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.
+               This page details the objects and attributes that are used to the build the CEL expressions for
+               custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.
+               Structure is documented below.
+        :param 'PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValuesArgs' values: List of values to be used for this policy rule. This field can be set only in policies for list constraints.
+               Structure is documented below.
+        """
+        if allow_all is not None:
+            pulumi.set(__self__, "allow_all", allow_all)
+        if deny_all is not None:
+            pulumi.set(__self__, "deny_all", deny_all)
+        if enforce is not None:
+            pulumi.set(__self__, "enforce", enforce)
+        if expr is not None:
+            pulumi.set(__self__, "expr", expr)
+        if values is not None:
+            pulumi.set(__self__, "values", values)
+
+    @property
+    @pulumi.getter(name="allowAll")
+    def allow_all(self) -> Optional[bool]:
+        """
+        Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
+        """
+        return pulumi.get(self, "allow_all")
+
+    @property
+    @pulumi.getter(name="denyAll")
+    def deny_all(self) -> Optional[bool]:
+        """
+        Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
+        """
+        return pulumi.get(self, "deny_all")
+
+    @property
+    @pulumi.getter
+    def enforce(self) -> Optional[bool]:
+        """
+        If `true`, then the policy is enforced. If `false`, then any configuration is acceptable.
+        This field can be set only in policies for boolean constraints.
+        """
+        return pulumi.get(self, "enforce")
+
+    @property
+    @pulumi.getter
+    def expr(self) -> Optional['outputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleExpr']:
+        """
+        Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.
+        This page details the objects and attributes that are used to the build the CEL expressions for
+        custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "expr")
+
+    @property
+    @pulumi.getter
+    def values(self) -> Optional['outputs.PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValues']:
+        """
+        List of values to be used for this policy rule. This field can be set only in policies for list constraints.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "values")
+
+
+@pulumi.output_type
+class PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleExpr(dict):
+    def __init__(__self__, *,
+                 expression: str,
+                 description: Optional[str] = None,
+                 location: Optional[str] = None,
+                 title: Optional[str] = None):
+        """
+        :param str expression: Textual representation of an expression in Common Expression Language syntax.
+        :param str description: Description of the expression
+        :param str location: String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
+        :param str title: Title for the expression, i.e. a short string describing its purpose.
+        """
+        pulumi.set(__self__, "expression", expression)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if location is not None:
+            pulumi.set(__self__, "location", location)
+        if title is not None:
+            pulumi.set(__self__, "title", title)
+
+    @property
+    @pulumi.getter
+    def expression(self) -> str:
+        """
+        Textual representation of an expression in Common Expression Language syntax.
+        """
+        return pulumi.get(self, "expression")
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[str]:
+        """
+        Description of the expression
+        """
+        return pulumi.get(self, "description")
+
+    @property
+    @pulumi.getter
+    def location(self) -> Optional[str]:
+        """
+        String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
+        """
+        return pulumi.get(self, "location")
+
+    @property
+    @pulumi.getter
+    def title(self) -> Optional[str]:
+        """
+        Title for the expression, i.e. a short string describing its purpose.
+        """
+        return pulumi.get(self, "title")
+
+
+@pulumi.output_type
+class PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValues(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "allowedValues":
+            suggest = "allowed_values"
+        elif key == "deniedValues":
+            suggest = "denied_values"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValues. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValues.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValues.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 allowed_values: Optional[Sequence[str]] = None,
+                 denied_values: Optional[Sequence[str]] = None):
+        """
+        :param Sequence[str] allowed_values: List of values allowed at this resource.
+        :param Sequence[str] denied_values: List of values denied at this resource.
+        """
+        if allowed_values is not None:
+            pulumi.set(__self__, "allowed_values", allowed_values)
+        if denied_values is not None:
+            pulumi.set(__self__, "denied_values", denied_values)
+
+    @property
+    @pulumi.getter(name="allowedValues")
+    def allowed_values(self) -> Optional[Sequence[str]]:
+        """
+        List of values allowed at this resource.
+        """
+        return pulumi.get(self, "allowed_values")
+
+    @property
+    @pulumi.getter(name="deniedValues")
+    def denied_values(self) -> Optional[Sequence[str]]:
+        """
+        List of values denied at this resource.
+        """
+        return pulumi.get(self, "denied_values")
+
+
+@pulumi.output_type
+class PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModule(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "displayName":
+            suggest = "display_name"
+        elif key == "moduleEnablementState":
+            suggest = "module_enablement_state"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModule. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModule.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModule.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 config: 'outputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfig',
+                 display_name: Optional[str] = None,
+                 id: Optional[str] = None,
+                 module_enablement_state: Optional[str] = None):
+        """
+        :param 'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs' config: Custom module details.
+               Structure is documented below.
+        :param str display_name: The display name of the Security Health Analytics custom module. This
+               display name becomes the finding category for all findings that are
+               returned by this custom module.
+        :param str id: (Output)
+               A server generated id of custom module.
+        :param str module_enablement_state: The state of enablement for the module at its level of the resource hierarchy.
+               Possible values are: `ENABLEMENT_STATE_UNSPECIFIED`, `ENABLED`, `DISABLED`.
+        """
+        pulumi.set(__self__, "config", config)
+        if display_name is not None:
+            pulumi.set(__self__, "display_name", display_name)
+        if id is not None:
+            pulumi.set(__self__, "id", id)
+        if module_enablement_state is not None:
+            pulumi.set(__self__, "module_enablement_state", module_enablement_state)
+
+    @property
+    @pulumi.getter
+    def config(self) -> 'outputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfig':
+        """
+        Custom module details.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "config")
+
+    @property
+    @pulumi.getter(name="displayName")
+    def display_name(self) -> Optional[str]:
+        """
+        The display name of the Security Health Analytics custom module. This
+        display name becomes the finding category for all findings that are
+        returned by this custom module.
+        """
+        return pulumi.get(self, "display_name")
+
+    @property
+    @pulumi.getter
+    def id(self) -> Optional[str]:
+        """
+        (Output)
+        A server generated id of custom module.
+        """
+        return pulumi.get(self, "id")
+
+    @property
+    @pulumi.getter(name="moduleEnablementState")
+    def module_enablement_state(self) -> Optional[str]:
+        """
+        The state of enablement for the module at its level of the resource hierarchy.
+        Possible values are: `ENABLEMENT_STATE_UNSPECIFIED`, `ENABLED`, `DISABLED`.
+        """
+        return pulumi.get(self, "module_enablement_state")
+
+
+@pulumi.output_type
+class PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfig(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "resourceSelector":
+            suggest = "resource_selector"
+        elif key == "customOutput":
+            suggest = "custom_output"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfig. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfig.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfig.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 predicate: 'outputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicate',
+                 resource_selector: 'outputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelector',
+                 severity: str,
+                 custom_output: Optional['outputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutput'] = None,
+                 description: Optional[str] = None,
+                 recommendation: Optional[str] = None):
+        """
+        :param 'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs' predicate: The CEL expression to evaluate to produce findings.When the expression
+               evaluates to true against a resource, a finding is generated.
+               Structure is documented below.
+        :param 'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs' resource_selector: The resource types that the custom module operates on. Each custom module
+               can specify up to 5 resource types.
+               Structure is documented below.
+        :param str severity: The severity to assign to findings generated by the module.
+               Possible values are: `SEVERITY_UNSPECIFIED`, `CRITICAL`, `HIGH`, `MEDIUM`, `LOW`.
+        :param 'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs' custom_output: Custom output properties. A set of optional name-value pairs that define custom source properties to
+               return with each finding that is generated by the custom module. The custom
+               source properties that are defined here are included in the finding JSON
+               under `sourceProperties`.
+               Structure is documented below.
+        :param str description: Text that describes the vulnerability or misconfiguration that the custom
+               module detects.
+        :param str recommendation: An explanation of the recommended steps that security teams can take to
+               resolve the detected issue
+        """
+        pulumi.set(__self__, "predicate", predicate)
+        pulumi.set(__self__, "resource_selector", resource_selector)
+        pulumi.set(__self__, "severity", severity)
+        if custom_output is not None:
+            pulumi.set(__self__, "custom_output", custom_output)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if recommendation is not None:
+            pulumi.set(__self__, "recommendation", recommendation)
+
+    @property
+    @pulumi.getter
+    def predicate(self) -> 'outputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicate':
+        """
+        The CEL expression to evaluate to produce findings.When the expression
+        evaluates to true against a resource, a finding is generated.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "predicate")
+
+    @property
+    @pulumi.getter(name="resourceSelector")
+    def resource_selector(self) -> 'outputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelector':
+        """
+        The resource types that the custom module operates on. Each custom module
+        can specify up to 5 resource types.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "resource_selector")
+
+    @property
+    @pulumi.getter
+    def severity(self) -> str:
+        """
+        The severity to assign to findings generated by the module.
+        Possible values are: `SEVERITY_UNSPECIFIED`, `CRITICAL`, `HIGH`, `MEDIUM`, `LOW`.
+        """
+        return pulumi.get(self, "severity")
+
+    @property
+    @pulumi.getter(name="customOutput")
+    def custom_output(self) -> Optional['outputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutput']:
+        """
+        Custom output properties. A set of optional name-value pairs that define custom source properties to
+        return with each finding that is generated by the custom module. The custom
+        source properties that are defined here are included in the finding JSON
+        under `sourceProperties`.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "custom_output")
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[str]:
+        """
+        Text that describes the vulnerability or misconfiguration that the custom
+        module detects.
+        """
+        return pulumi.get(self, "description")
+
+    @property
+    @pulumi.getter
+    def recommendation(self) -> Optional[str]:
+        """
+        An explanation of the recommended steps that security teams can take to
+        resolve the detected issue
+        """
+        return pulumi.get(self, "recommendation")
+
+
+@pulumi.output_type
+class PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutput(dict):
+    def __init__(__self__, *,
+                 properties: Optional[Sequence['outputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputProperty']] = None):
+        """
+        :param Sequence['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs'] properties: A list of custom output properties to add to the finding.
+               Structure is documented below.
+        """
+        if properties is not None:
+            pulumi.set(__self__, "properties", properties)
+
+    @property
+    @pulumi.getter
+    def properties(self) -> Optional[Sequence['outputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputProperty']]:
+        """
+        A list of custom output properties to add to the finding.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "properties")
+
+
+@pulumi.output_type
+class PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputProperty(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "valueExpression":
+            suggest = "value_expression"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputProperty. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputProperty.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputProperty.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 name: str,
+                 value_expression: Optional['outputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpression'] = None):
+        """
+        :param str name: Name of the property for the custom output.
+        :param 'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs' value_expression: The CEL expression for the custom output. A resource property can be
+               specified to return the value of the property or a text string enclosed
+               in quotation marks.
+               Structure is documented below.
+        """
+        pulumi.set(__self__, "name", name)
+        if value_expression is not None:
+            pulumi.set(__self__, "value_expression", value_expression)
+
+    @property
+    @pulumi.getter
+    def name(self) -> str:
+        """
+        Name of the property for the custom output.
+        """
+        return pulumi.get(self, "name")
+
+    @property
+    @pulumi.getter(name="valueExpression")
+    def value_expression(self) -> Optional['outputs.PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpression']:
+        """
+        The CEL expression for the custom output. A resource property can be
+        specified to return the value of the property or a text string enclosed
+        in quotation marks.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "value_expression")
+
+
+@pulumi.output_type
+class PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpression(dict):
+    def __init__(__self__, *,
+                 expression: str,
+                 description: Optional[str] = None,
+                 location: Optional[str] = None,
+                 title: Optional[str] = None):
+        """
+        :param str expression: Textual representation of an expression in Common Expression Language syntax.
+        :param str description: Description of the expression
+        :param str location: String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
+        :param str title: Title for the expression, i.e. a short string describing its purpose.
+        """
+        pulumi.set(__self__, "expression", expression)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if location is not None:
+            pulumi.set(__self__, "location", location)
+        if title is not None:
+            pulumi.set(__self__, "title", title)
+
+    @property
+    @pulumi.getter
+    def expression(self) -> str:
+        """
+        Textual representation of an expression in Common Expression Language syntax.
+        """
+        return pulumi.get(self, "expression")
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[str]:
+        """
+        Description of the expression
+        """
+        return pulumi.get(self, "description")
+
+    @property
+    @pulumi.getter
+    def location(self) -> Optional[str]:
+        """
+        String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
+        """
+        return pulumi.get(self, "location")
+
+    @property
+    @pulumi.getter
+    def title(self) -> Optional[str]:
+        """
+        Title for the expression, i.e. a short string describing its purpose.
+        """
+        return pulumi.get(self, "title")
+
+
+@pulumi.output_type
+class PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicate(dict):
+    def __init__(__self__, *,
+                 expression: str,
+                 description: Optional[str] = None,
+                 location: Optional[str] = None,
+                 title: Optional[str] = None):
+        """
+        :param str expression: Textual representation of an expression in Common Expression Language syntax.
+        :param str description: Description of the expression
+        :param str location: String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
+        :param str title: Title for the expression, i.e. a short string describing its purpose.
+        """
+        pulumi.set(__self__, "expression", expression)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if location is not None:
+            pulumi.set(__self__, "location", location)
+        if title is not None:
+            pulumi.set(__self__, "title", title)
+
+    @property
+    @pulumi.getter
+    def expression(self) -> str:
+        """
+        Textual representation of an expression in Common Expression Language syntax.
+        """
+        return pulumi.get(self, "expression")
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[str]:
+        """
+        Description of the expression
+        """
+        return pulumi.get(self, "description")
+
+    @property
+    @pulumi.getter
+    def location(self) -> Optional[str]:
+        """
+        String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
+        """
+        return pulumi.get(self, "location")
+
+    @property
+    @pulumi.getter
+    def title(self) -> Optional[str]:
+        """
+        Title for the expression, i.e. a short string describing its purpose.
+        """
+        return pulumi.get(self, "title")
+
+
+@pulumi.output_type
+class PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelector(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "resourceTypes":
+            suggest = "resource_types"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelector. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelector.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelector.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 resource_types: Sequence[str]):
+        """
+        :param Sequence[str] resource_types: The resource types to run the detector on.
+        """
+        pulumi.set(__self__, "resource_types", resource_types)
+
+    @property
+    @pulumi.getter(name="resourceTypes")
+    def resource_types(self) -> Sequence[str]:
+        """
+        The resource types to run the detector on.
+        """
+        return pulumi.get(self, "resource_types")
+
+
+@pulumi.output_type
+class PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModule(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "moduleName":
+            suggest = "module_name"
+        elif key == "moduleEnablementState":
+            suggest = "module_enablement_state"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModule. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModule.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModule.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 module_name: str,
+                 module_enablement_state: Optional[str] = None):
+        """
+        :param str module_name: The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.
+        :param str module_enablement_state: The state of enablement for the module at its level of the resource hierarchy.
+               Possible values are: `ENABLEMENT_STATE_UNSPECIFIED`, `ENABLED`, `DISABLED`.
+        """
+        pulumi.set(__self__, "module_name", module_name)
+        if module_enablement_state is not None:
+            pulumi.set(__self__, "module_enablement_state", module_enablement_state)
+
+    @property
+    @pulumi.getter(name="moduleName")
+    def module_name(self) -> str:
+        """
+        The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.
+        """
+        return pulumi.get(self, "module_name")
+
+    @property
+    @pulumi.getter(name="moduleEnablementState")
+    def module_enablement_state(self) -> Optional[str]:
+        """
+        The state of enablement for the module at its level of the resource hierarchy.
+        Possible values are: `ENABLEMENT_STATE_UNSPECIFIED`, `ENABLED`, `DISABLED`.
+        """
+        return pulumi.get(self, "module_enablement_state")
+
+