pulumi-gcp 7.8.0a1706829616__py3-none-any.whl → 7.8.0a1706905467__py3-none-any.whl

pulumi_gcp/securityposture/_inputs.py

@@ -0,0 +1,1364 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+from .. import _utilities
+
+__all__ = [
+    'PosturePolicySetArgs',
+    'PosturePolicySetPolicyArgs',
+    'PosturePolicySetPolicyComplianceStandardArgs',
+    'PosturePolicySetPolicyConstraintArgs',
+    'PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs',
+    'PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs',
+    'PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs',
+    'PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs',
+    'PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleExprArgs',
+    'PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValuesArgs',
+    'PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs',
+    'PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleExprArgs',
+    'PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValuesArgs',
+    'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs',
+    'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs',
+    'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs',
+    'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs',
+    'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs',
+    'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs',
+    'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs',
+    'PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs',
+]
+
+@pulumi.input_type
+class PosturePolicySetArgs:
+    def __init__(__self__, *,
+                 policy_set_id: pulumi.Input[str],
+                 description: Optional[pulumi.Input[str]] = None,
+                 policies: Optional[pulumi.Input[Sequence[pulumi.Input['PosturePolicySetPolicyArgs']]]] = None):
+        """
+        :param pulumi.Input[str] policy_set_id: ID of the policy set.
+        :param pulumi.Input[str] description: Description of the policy set.
+        :param pulumi.Input[Sequence[pulumi.Input['PosturePolicySetPolicyArgs']]] policies: List of security policy
+               Structure is documented below.
+        """
+        pulumi.set(__self__, "policy_set_id", policy_set_id)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if policies is not None:
+            pulumi.set(__self__, "policies", policies)
+
+    @property
+    @pulumi.getter(name="policySetId")
+    def policy_set_id(self) -> pulumi.Input[str]:
+        """
+        ID of the policy set.
+        """
+        return pulumi.get(self, "policy_set_id")
+
+    @policy_set_id.setter
+    def policy_set_id(self, value: pulumi.Input[str]):
+        pulumi.set(self, "policy_set_id", value)
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[pulumi.Input[str]]:
+        """
+        Description of the policy set.
+        """
+        return pulumi.get(self, "description")
+
+    @description.setter
+    def description(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "description", value)
+
+    @property
+    @pulumi.getter
+    def policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['PosturePolicySetPolicyArgs']]]]:
+        """
+        List of security policy
+        Structure is documented below.
+        """
+        return pulumi.get(self, "policies")
+
+    @policies.setter
+    def policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['PosturePolicySetPolicyArgs']]]]):
+        pulumi.set(self, "policies", value)
+
+
+@pulumi.input_type
+class PosturePolicySetPolicyArgs:
+    def __init__(__self__, *,
+                 constraint: pulumi.Input['PosturePolicySetPolicyConstraintArgs'],
+                 policy_id: pulumi.Input[str],
+                 compliance_standards: Optional[pulumi.Input[Sequence[pulumi.Input['PosturePolicySetPolicyComplianceStandardArgs']]]] = None,
+                 description: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input['PosturePolicySetPolicyConstraintArgs'] constraint: Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule
+               Structure is documented below.
+        :param pulumi.Input[str] policy_id: ID of the policy.
+        :param pulumi.Input[Sequence[pulumi.Input['PosturePolicySetPolicyComplianceStandardArgs']]] compliance_standards: Mapping for policy to security standards and controls.
+               Structure is documented below.
+        :param pulumi.Input[str] description: Description of the policy.
+        """
+        pulumi.set(__self__, "constraint", constraint)
+        pulumi.set(__self__, "policy_id", policy_id)
+        if compliance_standards is not None:
+            pulumi.set(__self__, "compliance_standards", compliance_standards)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+
+    @property
+    @pulumi.getter
+    def constraint(self) -> pulumi.Input['PosturePolicySetPolicyConstraintArgs']:
+        """
+        Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule
+        Structure is documented below.
+        """
+        return pulumi.get(self, "constraint")
+
+    @constraint.setter
+    def constraint(self, value: pulumi.Input['PosturePolicySetPolicyConstraintArgs']):
+        pulumi.set(self, "constraint", value)
+
+    @property
+    @pulumi.getter(name="policyId")
+    def policy_id(self) -> pulumi.Input[str]:
+        """
+        ID of the policy.
+        """
+        return pulumi.get(self, "policy_id")
+
+    @policy_id.setter
+    def policy_id(self, value: pulumi.Input[str]):
+        pulumi.set(self, "policy_id", value)
+
+    @property
+    @pulumi.getter(name="complianceStandards")
+    def compliance_standards(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['PosturePolicySetPolicyComplianceStandardArgs']]]]:
+        """
+        Mapping for policy to security standards and controls.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "compliance_standards")
+
+    @compliance_standards.setter
+    def compliance_standards(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['PosturePolicySetPolicyComplianceStandardArgs']]]]):
+        pulumi.set(self, "compliance_standards", value)
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[pulumi.Input[str]]:
+        """
+        Description of the policy.
+        """
+        return pulumi.get(self, "description")
+
+    @description.setter
+    def description(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "description", value)
+
+
+@pulumi.input_type
+class PosturePolicySetPolicyComplianceStandardArgs:
+    def __init__(__self__, *,
+                 control: Optional[pulumi.Input[str]] = None,
+                 standard: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] control: Mapping of security controls for the policy.
+        :param pulumi.Input[str] standard: Mapping of compliance standards for the policy.
+        """
+        if control is not None:
+            pulumi.set(__self__, "control", control)
+        if standard is not None:
+            pulumi.set(__self__, "standard", standard)
+
+    @property
+    @pulumi.getter
+    def control(self) -> Optional[pulumi.Input[str]]:
+        """
+        Mapping of security controls for the policy.
+        """
+        return pulumi.get(self, "control")
+
+    @control.setter
+    def control(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "control", value)
+
+    @property
+    @pulumi.getter
+    def standard(self) -> Optional[pulumi.Input[str]]:
+        """
+        Mapping of compliance standards for the policy.
+        """
+        return pulumi.get(self, "standard")
+
+    @standard.setter
+    def standard(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "standard", value)
+
+
+@pulumi.input_type
+class PosturePolicySetPolicyConstraintArgs:
+    def __init__(__self__, *,
+                 org_policy_constraint: Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs']] = None,
+                 org_policy_constraint_custom: Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs']] = None,
+                 security_health_analytics_custom_module: Optional[pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs']] = None,
+                 security_health_analytics_module: Optional[pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs']] = None):
+        """
+        :param pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs'] org_policy_constraint: Organization policy canned constraint definition.
+               Structure is documented below.
+        :param pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs'] org_policy_constraint_custom: Organization policy custom constraint policy definition.
+               Structure is documented below.
+        :param pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs'] security_health_analytics_custom_module: Definition of Security Health Analytics Custom Module.
+               Structure is documented below.
+        :param pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs'] security_health_analytics_module: Security Health Analytics built-in detector definition.
+               Structure is documented below.
+        """
+        if org_policy_constraint is not None:
+            pulumi.set(__self__, "org_policy_constraint", org_policy_constraint)
+        if org_policy_constraint_custom is not None:
+            pulumi.set(__self__, "org_policy_constraint_custom", org_policy_constraint_custom)
+        if security_health_analytics_custom_module is not None:
+            pulumi.set(__self__, "security_health_analytics_custom_module", security_health_analytics_custom_module)
+        if security_health_analytics_module is not None:
+            pulumi.set(__self__, "security_health_analytics_module", security_health_analytics_module)
+
+    @property
+    @pulumi.getter(name="orgPolicyConstraint")
+    def org_policy_constraint(self) -> Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs']]:
+        """
+        Organization policy canned constraint definition.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "org_policy_constraint")
+
+    @org_policy_constraint.setter
+    def org_policy_constraint(self, value: Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs']]):
+        pulumi.set(self, "org_policy_constraint", value)
+
+    @property
+    @pulumi.getter(name="orgPolicyConstraintCustom")
+    def org_policy_constraint_custom(self) -> Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs']]:
+        """
+        Organization policy custom constraint policy definition.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "org_policy_constraint_custom")
+
+    @org_policy_constraint_custom.setter
+    def org_policy_constraint_custom(self, value: Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs']]):
+        pulumi.set(self, "org_policy_constraint_custom", value)
+
+    @property
+    @pulumi.getter(name="securityHealthAnalyticsCustomModule")
+    def security_health_analytics_custom_module(self) -> Optional[pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs']]:
+        """
+        Definition of Security Health Analytics Custom Module.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "security_health_analytics_custom_module")
+
+    @security_health_analytics_custom_module.setter
+    def security_health_analytics_custom_module(self, value: Optional[pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs']]):
+        pulumi.set(self, "security_health_analytics_custom_module", value)
+
+    @property
+    @pulumi.getter(name="securityHealthAnalyticsModule")
+    def security_health_analytics_module(self) -> Optional[pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs']]:
+        """
+        Security Health Analytics built-in detector definition.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "security_health_analytics_module")
+
+    @security_health_analytics_module.setter
+    def security_health_analytics_module(self, value: Optional[pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs']]):
+        pulumi.set(self, "security_health_analytics_module", value)
+
+
+@pulumi.input_type
+class PosturePolicySetPolicyConstraintOrgPolicyConstraintArgs:
+    def __init__(__self__, *,
+                 canned_constraint_id: pulumi.Input[str],
+                 policy_rules: pulumi.Input[Sequence[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs']]]):
+        """
+        :param pulumi.Input[str] canned_constraint_id: Organization policy canned constraint Id
+        :param pulumi.Input[Sequence[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs']]] policy_rules: Definition of policy rules
+               Structure is documented below.
+        """
+        pulumi.set(__self__, "canned_constraint_id", canned_constraint_id)
+        pulumi.set(__self__, "policy_rules", policy_rules)
+
+    @property
+    @pulumi.getter(name="cannedConstraintId")
+    def canned_constraint_id(self) -> pulumi.Input[str]:
+        """
+        Organization policy canned constraint Id
+        """
+        return pulumi.get(self, "canned_constraint_id")
+
+    @canned_constraint_id.setter
+    def canned_constraint_id(self, value: pulumi.Input[str]):
+        pulumi.set(self, "canned_constraint_id", value)
+
+    @property
+    @pulumi.getter(name="policyRules")
+    def policy_rules(self) -> pulumi.Input[Sequence[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs']]]:
+        """
+        Definition of policy rules
+        Structure is documented below.
+        """
+        return pulumi.get(self, "policy_rules")
+
+    @policy_rules.setter
+    def policy_rules(self, value: pulumi.Input[Sequence[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs']]]):
+        pulumi.set(self, "policy_rules", value)
+
+
+@pulumi.input_type
+class PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomArgs:
+    def __init__(__self__, *,
+                 policy_rules: pulumi.Input[Sequence[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs']]],
+                 custom_constraint: Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs']] = None):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs']]] policy_rules: Definition of policy rules
+               Structure is documented below.
+        :param pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs'] custom_constraint: Organization policy custom constraint definition.
+               Structure is documented below.
+        """
+        pulumi.set(__self__, "policy_rules", policy_rules)
+        if custom_constraint is not None:
+            pulumi.set(__self__, "custom_constraint", custom_constraint)
+
+    @property
+    @pulumi.getter(name="policyRules")
+    def policy_rules(self) -> pulumi.Input[Sequence[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs']]]:
+        """
+        Definition of policy rules
+        Structure is documented below.
+        """
+        return pulumi.get(self, "policy_rules")
+
+    @policy_rules.setter
+    def policy_rules(self, value: pulumi.Input[Sequence[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs']]]):
+        pulumi.set(self, "policy_rules", value)
+
+    @property
+    @pulumi.getter(name="customConstraint")
+    def custom_constraint(self) -> Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs']]:
+        """
+        Organization policy custom constraint definition.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "custom_constraint")
+
+    @custom_constraint.setter
+    def custom_constraint(self, value: Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs']]):
+        pulumi.set(self, "custom_constraint", value)
+
+
+@pulumi.input_type
+class PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomCustomConstraintArgs:
+    def __init__(__self__, *,
+                 action_type: pulumi.Input[str],
+                 condition: pulumi.Input[str],
+                 method_types: pulumi.Input[Sequence[pulumi.Input[str]]],
+                 name: pulumi.Input[str],
+                 resource_types: pulumi.Input[Sequence[pulumi.Input[str]]],
+                 description: Optional[pulumi.Input[str]] = None,
+                 display_name: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] action_type: The action to take if the condition is met.
+               Possible values are: `ALLOW`, `DENY`.
+        :param pulumi.Input[str] condition: A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] method_types: A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).
+        :param pulumi.Input[str] name: Immutable. The name of the custom constraint. This is unique within the organization.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] resource_types: Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`.
+        :param pulumi.Input[str] description: A human-friendly description of the constraint to display as an error message when the policy is violated.
+        :param pulumi.Input[str] display_name: A human-friendly name for the constraint.
+        """
+        pulumi.set(__self__, "action_type", action_type)
+        pulumi.set(__self__, "condition", condition)
+        pulumi.set(__self__, "method_types", method_types)
+        pulumi.set(__self__, "name", name)
+        pulumi.set(__self__, "resource_types", resource_types)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if display_name is not None:
+            pulumi.set(__self__, "display_name", display_name)
+
+    @property
+    @pulumi.getter(name="actionType")
+    def action_type(self) -> pulumi.Input[str]:
+        """
+        The action to take if the condition is met.
+        Possible values are: `ALLOW`, `DENY`.
+        """
+        return pulumi.get(self, "action_type")
+
+    @action_type.setter
+    def action_type(self, value: pulumi.Input[str]):
+        pulumi.set(self, "action_type", value)
+
+    @property
+    @pulumi.getter
+    def condition(self) -> pulumi.Input[str]:
+        """
+        A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).
+        """
+        return pulumi.get(self, "condition")
+
+    @condition.setter
+    def condition(self, value: pulumi.Input[str]):
+        pulumi.set(self, "condition", value)
+
+    @property
+    @pulumi.getter(name="methodTypes")
+    def method_types(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
+        """
+        A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).
+        """
+        return pulumi.get(self, "method_types")
+
+    @method_types.setter
+    def method_types(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        pulumi.set(self, "method_types", value)
+
+    @property
+    @pulumi.getter
+    def name(self) -> pulumi.Input[str]:
+        """
+        Immutable. The name of the custom constraint. This is unique within the organization.
+        """
+        return pulumi.get(self, "name")
+
+    @name.setter
+    def name(self, value: pulumi.Input[str]):
+        pulumi.set(self, "name", value)
+
+    @property
+    @pulumi.getter(name="resourceTypes")
+    def resource_types(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
+        """
+        Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`.
+        """
+        return pulumi.get(self, "resource_types")
+
+    @resource_types.setter
+    def resource_types(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        pulumi.set(self, "resource_types", value)
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[pulumi.Input[str]]:
+        """
+        A human-friendly description of the constraint to display as an error message when the policy is violated.
+        """
+        return pulumi.get(self, "description")
+
+    @description.setter
+    def description(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "description", value)
+
+    @property
+    @pulumi.getter(name="displayName")
+    def display_name(self) -> Optional[pulumi.Input[str]]:
+        """
+        A human-friendly name for the constraint.
+        """
+        return pulumi.get(self, "display_name")
+
+    @display_name.setter
+    def display_name(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "display_name", value)
+
+
+@pulumi.input_type
+class PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleArgs:
+    def __init__(__self__, *,
+                 allow_all: Optional[pulumi.Input[bool]] = None,
+                 deny_all: Optional[pulumi.Input[bool]] = None,
+                 enforce: Optional[pulumi.Input[bool]] = None,
+                 expr: Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleExprArgs']] = None,
+                 values: Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValuesArgs']] = None):
+        """
+        :param pulumi.Input[bool] allow_all: Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
+        :param pulumi.Input[bool] deny_all: Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
+        :param pulumi.Input[bool] enforce: If `true`, then the policy is enforced. If `false`, then any configuration is acceptable.
+               This field can be set only in policies for boolean constraints.
+        :param pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleExprArgs'] expr: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.
+               This page details the objects and attributes that are used to the build the CEL expressions for
+               custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.
+               Structure is documented below.
+        :param pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValuesArgs'] values: List of values to be used for this policy rule. This field can be set only in policies for list constraints.
+               Structure is documented below.
+        """
+        if allow_all is not None:
+            pulumi.set(__self__, "allow_all", allow_all)
+        if deny_all is not None:
+            pulumi.set(__self__, "deny_all", deny_all)
+        if enforce is not None:
+            pulumi.set(__self__, "enforce", enforce)
+        if expr is not None:
+            pulumi.set(__self__, "expr", expr)
+        if values is not None:
+            pulumi.set(__self__, "values", values)
+
+    @property
+    @pulumi.getter(name="allowAll")
+    def allow_all(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
+        """
+        return pulumi.get(self, "allow_all")
+
+    @allow_all.setter
+    def allow_all(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "allow_all", value)
+
+    @property
+    @pulumi.getter(name="denyAll")
+    def deny_all(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
+        """
+        return pulumi.get(self, "deny_all")
+
+    @deny_all.setter
+    def deny_all(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "deny_all", value)
+
+    @property
+    @pulumi.getter
+    def enforce(self) -> Optional[pulumi.Input[bool]]:
+        """
+        If `true`, then the policy is enforced. If `false`, then any configuration is acceptable.
+        This field can be set only in policies for boolean constraints.
+        """
+        return pulumi.get(self, "enforce")
+
+    @enforce.setter
+    def enforce(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "enforce", value)
+
+    @property
+    @pulumi.getter
+    def expr(self) -> Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleExprArgs']]:
+        """
+        Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.
+        This page details the objects and attributes that are used to the build the CEL expressions for
+        custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "expr")
+
+    @expr.setter
+    def expr(self, value: Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleExprArgs']]):
+        pulumi.set(self, "expr", value)
+
+    @property
+    @pulumi.getter
+    def values(self) -> Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValuesArgs']]:
+        """
+        List of values to be used for this policy rule. This field can be set only in policies for list constraints.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "values")
+
+    @values.setter
+    def values(self, value: Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValuesArgs']]):
+        pulumi.set(self, "values", value)
+
+
+@pulumi.input_type
+class PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleExprArgs:
+    def __init__(__self__, *,
+                 expression: pulumi.Input[str],
+                 description: Optional[pulumi.Input[str]] = None,
+                 location: Optional[pulumi.Input[str]] = None,
+                 title: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] expression: Textual representation of an expression in Common Expression Language syntax.
+        :param pulumi.Input[str] description: Description of the expression
+        :param pulumi.Input[str] location: String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
+        :param pulumi.Input[str] title: Title for the expression, i.e. a short string describing its purpose.
+        """
+        pulumi.set(__self__, "expression", expression)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if location is not None:
+            pulumi.set(__self__, "location", location)
+        if title is not None:
+            pulumi.set(__self__, "title", title)
+
+    @property
+    @pulumi.getter
+    def expression(self) -> pulumi.Input[str]:
+        """
+        Textual representation of an expression in Common Expression Language syntax.
+        """
+        return pulumi.get(self, "expression")
+
+    @expression.setter
+    def expression(self, value: pulumi.Input[str]):
+        pulumi.set(self, "expression", value)
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[pulumi.Input[str]]:
+        """
+        Description of the expression
+        """
+        return pulumi.get(self, "description")
+
+    @description.setter
+    def description(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "description", value)
+
+    @property
+    @pulumi.getter
+    def location(self) -> Optional[pulumi.Input[str]]:
+        """
+        String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
+        """
+        return pulumi.get(self, "location")
+
+    @location.setter
+    def location(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "location", value)
+
+    @property
+    @pulumi.getter
+    def title(self) -> Optional[pulumi.Input[str]]:
+        """
+        Title for the expression, i.e. a short string describing its purpose.
+        """
+        return pulumi.get(self, "title")
+
+    @title.setter
+    def title(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "title", value)
+
+
+@pulumi.input_type
+class PosturePolicySetPolicyConstraintOrgPolicyConstraintCustomPolicyRuleValuesArgs:
+    def __init__(__self__, *,
+                 allowed_values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 denied_values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_values: List of values allowed at this resource.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] denied_values: List of values denied at this resource.
+        """
+        if allowed_values is not None:
+            pulumi.set(__self__, "allowed_values", allowed_values)
+        if denied_values is not None:
+            pulumi.set(__self__, "denied_values", denied_values)
+
+    @property
+    @pulumi.getter(name="allowedValues")
+    def allowed_values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        List of values allowed at this resource.
+        """
+        return pulumi.get(self, "allowed_values")
+
+    @allowed_values.setter
+    def allowed_values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "allowed_values", value)
+
+    @property
+    @pulumi.getter(name="deniedValues")
+    def denied_values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        List of values denied at this resource.
+        """
+        return pulumi.get(self, "denied_values")
+
+    @denied_values.setter
+    def denied_values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "denied_values", value)
+
+
+@pulumi.input_type
+class PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleArgs:
+    def __init__(__self__, *,
+                 allow_all: Optional[pulumi.Input[bool]] = None,
+                 deny_all: Optional[pulumi.Input[bool]] = None,
+                 enforce: Optional[pulumi.Input[bool]] = None,
+                 expr: Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleExprArgs']] = None,
+                 values: Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValuesArgs']] = None):
+        """
+        :param pulumi.Input[bool] allow_all: Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
+        :param pulumi.Input[bool] deny_all: Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
+        :param pulumi.Input[bool] enforce: If `true`, then the policy is enforced. If `false`, then any configuration is acceptable.
+               This field can be set only in policies for boolean constraints.
+        :param pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleExprArgs'] expr: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.
+               This page details the objects and attributes that are used to the build the CEL expressions for
+               custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.
+               Structure is documented below.
+        :param pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValuesArgs'] values: List of values to be used for this policy rule. This field can be set only in policies for list constraints.
+               Structure is documented below.
+        """
+        if allow_all is not None:
+            pulumi.set(__self__, "allow_all", allow_all)
+        if deny_all is not None:
+            pulumi.set(__self__, "deny_all", deny_all)
+        if enforce is not None:
+            pulumi.set(__self__, "enforce", enforce)
+        if expr is not None:
+            pulumi.set(__self__, "expr", expr)
+        if values is not None:
+            pulumi.set(__self__, "values", values)
+
+    @property
+    @pulumi.getter(name="allowAll")
+    def allow_all(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.
+        """
+        return pulumi.get(self, "allow_all")
+
+    @allow_all.setter
+    def allow_all(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "allow_all", value)
+
+    @property
+    @pulumi.getter(name="denyAll")
+    def deny_all(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Setting this to true means that all values are denied. This field can be set only in policies for list constraints.
+        """
+        return pulumi.get(self, "deny_all")
+
+    @deny_all.setter
+    def deny_all(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "deny_all", value)
+
+    @property
+    @pulumi.getter
+    def enforce(self) -> Optional[pulumi.Input[bool]]:
+        """
+        If `true`, then the policy is enforced. If `false`, then any configuration is acceptable.
+        This field can be set only in policies for boolean constraints.
+        """
+        return pulumi.get(self, "enforce")
+
+    @enforce.setter
+    def enforce(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "enforce", value)
+
+    @property
+    @pulumi.getter
+    def expr(self) -> Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleExprArgs']]:
+        """
+        Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.
+        This page details the objects and attributes that are used to the build the CEL expressions for
+        custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "expr")
+
+    @expr.setter
+    def expr(self, value: Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleExprArgs']]):
+        pulumi.set(self, "expr", value)
+
+    @property
+    @pulumi.getter
+    def values(self) -> Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValuesArgs']]:
+        """
+        List of values to be used for this policy rule. This field can be set only in policies for list constraints.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "values")
+
+    @values.setter
+    def values(self, value: Optional[pulumi.Input['PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValuesArgs']]):
+        pulumi.set(self, "values", value)
+
+
+@pulumi.input_type
+class PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleExprArgs:
+    def __init__(__self__, *,
+                 expression: pulumi.Input[str],
+                 description: Optional[pulumi.Input[str]] = None,
+                 location: Optional[pulumi.Input[str]] = None,
+                 title: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] expression: Textual representation of an expression in Common Expression Language syntax.
+        :param pulumi.Input[str] description: Description of the expression
+        :param pulumi.Input[str] location: String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
+        :param pulumi.Input[str] title: Title for the expression, i.e. a short string describing its purpose.
+        """
+        pulumi.set(__self__, "expression", expression)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if location is not None:
+            pulumi.set(__self__, "location", location)
+        if title is not None:
+            pulumi.set(__self__, "title", title)
+
+    @property
+    @pulumi.getter
+    def expression(self) -> pulumi.Input[str]:
+        """
+        Textual representation of an expression in Common Expression Language syntax.
+        """
+        return pulumi.get(self, "expression")
+
+    @expression.setter
+    def expression(self, value: pulumi.Input[str]):
+        pulumi.set(self, "expression", value)
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[pulumi.Input[str]]:
+        """
+        Description of the expression
+        """
+        return pulumi.get(self, "description")
+
+    @description.setter
+    def description(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "description", value)
+
+    @property
+    @pulumi.getter
+    def location(self) -> Optional[pulumi.Input[str]]:
+        """
+        String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
+        """
+        return pulumi.get(self, "location")
+
+    @location.setter
+    def location(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "location", value)
+
+    @property
+    @pulumi.getter
+    def title(self) -> Optional[pulumi.Input[str]]:
+        """
+        Title for the expression, i.e. a short string describing its purpose.
+        """
+        return pulumi.get(self, "title")
+
+    @title.setter
+    def title(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "title", value)
+
+
+@pulumi.input_type
+class PosturePolicySetPolicyConstraintOrgPolicyConstraintPolicyRuleValuesArgs:
+    def __init__(__self__, *,
+                 allowed_values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 denied_values: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_values: List of values allowed at this resource.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] denied_values: List of values denied at this resource.
+        """
+        if allowed_values is not None:
+            pulumi.set(__self__, "allowed_values", allowed_values)
+        if denied_values is not None:
+            pulumi.set(__self__, "denied_values", denied_values)
+
+    @property
+    @pulumi.getter(name="allowedValues")
+    def allowed_values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        List of values allowed at this resource.
+        """
+        return pulumi.get(self, "allowed_values")
+
+    @allowed_values.setter
+    def allowed_values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "allowed_values", value)
+
+    @property
+    @pulumi.getter(name="deniedValues")
+    def denied_values(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        List of values denied at this resource.
+        """
+        return pulumi.get(self, "denied_values")
+
+    @denied_values.setter
+    def denied_values(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "denied_values", value)
+
+
+@pulumi.input_type
+class PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleArgs:
+    def __init__(__self__, *,
+                 config: pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs'],
+                 display_name: Optional[pulumi.Input[str]] = None,
+                 id: Optional[pulumi.Input[str]] = None,
+                 module_enablement_state: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs'] config: Custom module details.
+               Structure is documented below.
+        :param pulumi.Input[str] display_name: The display name of the Security Health Analytics custom module. This
+               display name becomes the finding category for all findings that are
+               returned by this custom module.
+        :param pulumi.Input[str] id: (Output)
+               A server generated id of custom module.
+        :param pulumi.Input[str] module_enablement_state: The state of enablement for the module at its level of the resource hierarchy.
+               Possible values are: `ENABLEMENT_STATE_UNSPECIFIED`, `ENABLED`, `DISABLED`.
+        """
+        pulumi.set(__self__, "config", config)
+        if display_name is not None:
+            pulumi.set(__self__, "display_name", display_name)
+        if id is not None:
+            pulumi.set(__self__, "id", id)
+        if module_enablement_state is not None:
+            pulumi.set(__self__, "module_enablement_state", module_enablement_state)
+
+    @property
+    @pulumi.getter
+    def config(self) -> pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs']:
+        """
+        Custom module details.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "config")
+
+    @config.setter
+    def config(self, value: pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs']):
+        pulumi.set(self, "config", value)
+
+    @property
+    @pulumi.getter(name="displayName")
+    def display_name(self) -> Optional[pulumi.Input[str]]:
+        """
+        The display name of the Security Health Analytics custom module. This
+        display name becomes the finding category for all findings that are
+        returned by this custom module.
+        """
+        return pulumi.get(self, "display_name")
+
+    @display_name.setter
+    def display_name(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "display_name", value)
+
+    @property
+    @pulumi.getter
+    def id(self) -> Optional[pulumi.Input[str]]:
+        """
+        (Output)
+        A server generated id of custom module.
+        """
+        return pulumi.get(self, "id")
+
+    @id.setter
+    def id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "id", value)
+
+    @property
+    @pulumi.getter(name="moduleEnablementState")
+    def module_enablement_state(self) -> Optional[pulumi.Input[str]]:
+        """
+        The state of enablement for the module at its level of the resource hierarchy.
+        Possible values are: `ENABLEMENT_STATE_UNSPECIFIED`, `ENABLED`, `DISABLED`.
+        """
+        return pulumi.get(self, "module_enablement_state")
+
+    @module_enablement_state.setter
+    def module_enablement_state(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "module_enablement_state", value)
+
+
+@pulumi.input_type
+class PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigArgs:
+    def __init__(__self__, *,
+                 predicate: pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs'],
+                 resource_selector: pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs'],
+                 severity: pulumi.Input[str],
+                 custom_output: Optional[pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs']] = None,
+                 description: Optional[pulumi.Input[str]] = None,
+                 recommendation: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs'] predicate: The CEL expression to evaluate to produce findings.When the expression
+               evaluates to true against a resource, a finding is generated.
+               Structure is documented below.
+        :param pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs'] resource_selector: The resource types that the custom module operates on. Each custom module
+               can specify up to 5 resource types.
+               Structure is documented below.
+        :param pulumi.Input[str] severity: The severity to assign to findings generated by the module.
+               Possible values are: `SEVERITY_UNSPECIFIED`, `CRITICAL`, `HIGH`, `MEDIUM`, `LOW`.
+        :param pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs'] custom_output: Custom output properties. A set of optional name-value pairs that define custom source properties to
+               return with each finding that is generated by the custom module. The custom
+               source properties that are defined here are included in the finding JSON
+               under `sourceProperties`.
+               Structure is documented below.
+        :param pulumi.Input[str] description: Text that describes the vulnerability or misconfiguration that the custom
+               module detects.
+        :param pulumi.Input[str] recommendation: An explanation of the recommended steps that security teams can take to
+               resolve the detected issue
+        """
+        pulumi.set(__self__, "predicate", predicate)
+        pulumi.set(__self__, "resource_selector", resource_selector)
+        pulumi.set(__self__, "severity", severity)
+        if custom_output is not None:
+            pulumi.set(__self__, "custom_output", custom_output)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if recommendation is not None:
+            pulumi.set(__self__, "recommendation", recommendation)
+
+    @property
+    @pulumi.getter
+    def predicate(self) -> pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs']:
+        """
+        The CEL expression to evaluate to produce findings.When the expression
+        evaluates to true against a resource, a finding is generated.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "predicate")
+
+    @predicate.setter
+    def predicate(self, value: pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs']):
+        pulumi.set(self, "predicate", value)
+
+    @property
+    @pulumi.getter(name="resourceSelector")
+    def resource_selector(self) -> pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs']:
+        """
+        The resource types that the custom module operates on. Each custom module
+        can specify up to 5 resource types.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "resource_selector")
+
+    @resource_selector.setter
+    def resource_selector(self, value: pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs']):
+        pulumi.set(self, "resource_selector", value)
+
+    @property
+    @pulumi.getter
+    def severity(self) -> pulumi.Input[str]:
+        """
+        The severity to assign to findings generated by the module.
+        Possible values are: `SEVERITY_UNSPECIFIED`, `CRITICAL`, `HIGH`, `MEDIUM`, `LOW`.
+        """
+        return pulumi.get(self, "severity")
+
+    @severity.setter
+    def severity(self, value: pulumi.Input[str]):
+        pulumi.set(self, "severity", value)
+
+    @property
+    @pulumi.getter(name="customOutput")
+    def custom_output(self) -> Optional[pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs']]:
+        """
+        Custom output properties. A set of optional name-value pairs that define custom source properties to
+        return with each finding that is generated by the custom module. The custom
+        source properties that are defined here are included in the finding JSON
+        under `sourceProperties`.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "custom_output")
+
+    @custom_output.setter
+    def custom_output(self, value: Optional[pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs']]):
+        pulumi.set(self, "custom_output", value)
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[pulumi.Input[str]]:
+        """
+        Text that describes the vulnerability or misconfiguration that the custom
+        module detects.
+        """
+        return pulumi.get(self, "description")
+
+    @description.setter
+    def description(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "description", value)
+
+    @property
+    @pulumi.getter
+    def recommendation(self) -> Optional[pulumi.Input[str]]:
+        """
+        An explanation of the recommended steps that security teams can take to
+        resolve the detected issue
+        """
+        return pulumi.get(self, "recommendation")
+
+    @recommendation.setter
+    def recommendation(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "recommendation", value)
+
+
+@pulumi.input_type
+class PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputArgs:
+    def __init__(__self__, *,
+                 properties: Optional[pulumi.Input[Sequence[pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs']]]] = None):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs']]] properties: A list of custom output properties to add to the finding.
+               Structure is documented below.
+        """
+        if properties is not None:
+            pulumi.set(__self__, "properties", properties)
+
+    @property
+    @pulumi.getter
+    def properties(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs']]]]:
+        """
+        A list of custom output properties to add to the finding.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "properties")
+
+    @properties.setter
+    def properties(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs']]]]):
+        pulumi.set(self, "properties", value)
+
+
+@pulumi.input_type
+class PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyArgs:
+    def __init__(__self__, *,
+                 name: pulumi.Input[str],
+                 value_expression: Optional[pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs']] = None):
+        """
+        :param pulumi.Input[str] name: Name of the property for the custom output.
+        :param pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs'] value_expression: The CEL expression for the custom output. A resource property can be
+               specified to return the value of the property or a text string enclosed
+               in quotation marks.
+               Structure is documented below.
+        """
+        pulumi.set(__self__, "name", name)
+        if value_expression is not None:
+            pulumi.set(__self__, "value_expression", value_expression)
+
+    @property
+    @pulumi.getter
+    def name(self) -> pulumi.Input[str]:
+        """
+        Name of the property for the custom output.
+        """
+        return pulumi.get(self, "name")
+
+    @name.setter
+    def name(self, value: pulumi.Input[str]):
+        pulumi.set(self, "name", value)
+
+    @property
+    @pulumi.getter(name="valueExpression")
+    def value_expression(self) -> Optional[pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs']]:
+        """
+        The CEL expression for the custom output. A resource property can be
+        specified to return the value of the property or a text string enclosed
+        in quotation marks.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "value_expression")
+
+    @value_expression.setter
+    def value_expression(self, value: Optional[pulumi.Input['PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs']]):
+        pulumi.set(self, "value_expression", value)
+
+
+@pulumi.input_type
+class PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigCustomOutputPropertyValueExpressionArgs:
+    def __init__(__self__, *,
+                 expression: pulumi.Input[str],
+                 description: Optional[pulumi.Input[str]] = None,
+                 location: Optional[pulumi.Input[str]] = None,
+                 title: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] expression: Textual representation of an expression in Common Expression Language syntax.
+        :param pulumi.Input[str] description: Description of the expression
+        :param pulumi.Input[str] location: String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
+        :param pulumi.Input[str] title: Title for the expression, i.e. a short string describing its purpose.
+        """
+        pulumi.set(__self__, "expression", expression)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if location is not None:
+            pulumi.set(__self__, "location", location)
+        if title is not None:
+            pulumi.set(__self__, "title", title)
+
+    @property
+    @pulumi.getter
+    def expression(self) -> pulumi.Input[str]:
+        """
+        Textual representation of an expression in Common Expression Language syntax.
+        """
+        return pulumi.get(self, "expression")
+
+    @expression.setter
+    def expression(self, value: pulumi.Input[str]):
+        pulumi.set(self, "expression", value)
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[pulumi.Input[str]]:
+        """
+        Description of the expression
+        """
+        return pulumi.get(self, "description")
+
+    @description.setter
+    def description(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "description", value)
+
+    @property
+    @pulumi.getter
+    def location(self) -> Optional[pulumi.Input[str]]:
+        """
+        String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
+        """
+        return pulumi.get(self, "location")
+
+    @location.setter
+    def location(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "location", value)
+
+    @property
+    @pulumi.getter
+    def title(self) -> Optional[pulumi.Input[str]]:
+        """
+        Title for the expression, i.e. a short string describing its purpose.
+        """
+        return pulumi.get(self, "title")
+
+    @title.setter
+    def title(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "title", value)
+
+
+@pulumi.input_type
+class PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigPredicateArgs:
+    def __init__(__self__, *,
+                 expression: pulumi.Input[str],
+                 description: Optional[pulumi.Input[str]] = None,
+                 location: Optional[pulumi.Input[str]] = None,
+                 title: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] expression: Textual representation of an expression in Common Expression Language syntax.
+        :param pulumi.Input[str] description: Description of the expression
+        :param pulumi.Input[str] location: String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
+        :param pulumi.Input[str] title: Title for the expression, i.e. a short string describing its purpose.
+        """
+        pulumi.set(__self__, "expression", expression)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if location is not None:
+            pulumi.set(__self__, "location", location)
+        if title is not None:
+            pulumi.set(__self__, "title", title)
+
+    @property
+    @pulumi.getter
+    def expression(self) -> pulumi.Input[str]:
+        """
+        Textual representation of an expression in Common Expression Language syntax.
+        """
+        return pulumi.get(self, "expression")
+
+    @expression.setter
+    def expression(self, value: pulumi.Input[str]):
+        pulumi.set(self, "expression", value)
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[pulumi.Input[str]]:
+        """
+        Description of the expression
+        """
+        return pulumi.get(self, "description")
+
+    @description.setter
+    def description(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "description", value)
+
+    @property
+    @pulumi.getter
+    def location(self) -> Optional[pulumi.Input[str]]:
+        """
+        String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
+        """
+        return pulumi.get(self, "location")
+
+    @location.setter
+    def location(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "location", value)
+
+    @property
+    @pulumi.getter
+    def title(self) -> Optional[pulumi.Input[str]]:
+        """
+        Title for the expression, i.e. a short string describing its purpose.
+        """
+        return pulumi.get(self, "title")
+
+    @title.setter
+    def title(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "title", value)
+
+
+@pulumi.input_type
+class PosturePolicySetPolicyConstraintSecurityHealthAnalyticsCustomModuleConfigResourceSelectorArgs:
+    def __init__(__self__, *,
+                 resource_types: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] resource_types: The resource types to run the detector on.
+        """
+        pulumi.set(__self__, "resource_types", resource_types)
+
+    @property
+    @pulumi.getter(name="resourceTypes")
+    def resource_types(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
+        """
+        The resource types to run the detector on.
+        """
+        return pulumi.get(self, "resource_types")
+
+    @resource_types.setter
+    def resource_types(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        pulumi.set(self, "resource_types", value)
+
+
+@pulumi.input_type
+class PosturePolicySetPolicyConstraintSecurityHealthAnalyticsModuleArgs:
+    def __init__(__self__, *,
+                 module_name: pulumi.Input[str],
+                 module_enablement_state: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] module_name: The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.
+        :param pulumi.Input[str] module_enablement_state: The state of enablement for the module at its level of the resource hierarchy.
+               Possible values are: `ENABLEMENT_STATE_UNSPECIFIED`, `ENABLED`, `DISABLED`.
+        """
+        pulumi.set(__self__, "module_name", module_name)
+        if module_enablement_state is not None:
+            pulumi.set(__self__, "module_enablement_state", module_enablement_state)
+
+    @property
+    @pulumi.getter(name="moduleName")
+    def module_name(self) -> pulumi.Input[str]:
+        """
+        The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.
+        """
+        return pulumi.get(self, "module_name")
+
+    @module_name.setter
+    def module_name(self, value: pulumi.Input[str]):
+        pulumi.set(self, "module_name", value)
+
+    @property
+    @pulumi.getter(name="moduleEnablementState")
+    def module_enablement_state(self) -> Optional[pulumi.Input[str]]:
+        """
+        The state of enablement for the module at its level of the resource hierarchy.
+        Possible values are: `ENABLEMENT_STATE_UNSPECIFIED`, `ENABLED`, `DISABLED`.
+        """
+        return pulumi.get(self, "module_enablement_state")
+
+    @module_enablement_state.setter
+    def module_enablement_state(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "module_enablement_state", value)
+
+