Package com.hashicorp.cdktf.providers.google.iam_deny_policy

Interface IamDenyPolicyRulesDenyRule

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

IamDenyPolicyRulesDenyRule.Jsii$Proxy

@Generated(value="jsii-pacmak/1.102.0 (build e354887)",
           date="2024-08-31T03:59:21.557Z")
@Stability(Stable)
public interface IamDenyPolicyRulesDenyRule
extends software.amazon.jsii.JsiiSerializable

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static class	IamDenyPolicyRulesDenyRule.Builder	A builder for IamDenyPolicyRulesDenyRule
static class	IamDenyPolicyRulesDenyRule.Jsii$Proxy	An implementation for IamDenyPolicyRulesDenyRule

Method Summary

Modifier and Type	Method	Description
static IamDenyPolicyRulesDenyRule.Builder	builder()
default IamDenyPolicyRulesDenyRuleDenialCondition	getDenialCondition()	denial_condition block.
default List<String>	getDeniedPermissions()	The permissions that are explicitly denied by this rule.
default List<String>	getDeniedPrincipals()	The identities that are prevented from using one or more permissions on Google Cloud resources.
default List<String>	getExceptionPermissions()	Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions.
default List<String>	getExceptionPrincipals()	The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Detail

getDenialCondition

@Stability(Stable)
@Nullable
default IamDenyPolicyRulesDenyRuleDenialCondition getDenialCondition()

denial_condition block.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/5.43.1/docs/resources/iam_deny_policy#denial_condition IamDenyPolicy#denial_condition}

getDeniedPermissions

@Stability(Stable)
@Nullable
default List<String> getDeniedPermissions()

The permissions that are explicitly denied by this rule.

Each permission uses the format '{service-fqdn}/{resource}.{verb}', where '{service-fqdn}' is the fully qualified domain name for the service. For example, 'iam.googleapis.com/roles.list'. Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/5.43.1/docs/resources/iam_deny_policy#denied_permissions IamDenyPolicy#denied_permissions}

getDeniedPrincipals

@Stability(Stable)
@Nullable
default List<String> getDeniedPrincipals()

The identities that are prevented from using one or more permissions on Google Cloud resources.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/5.43.1/docs/resources/iam_deny_policy#denied_principals IamDenyPolicy#denied_principals}

getExceptionPermissions

@Stability(Stable)
@Nullable
default List<String> getExceptionPermissions()

Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions.

If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied. The excluded permissions can be specified using the same syntax as deniedPermissions. Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/5.43.1/docs/resources/iam_deny_policy#exception_permissions IamDenyPolicy#exception_permissions}

getExceptionPrincipals

@Stability(Stable)
@Nullable
default List<String> getExceptionPrincipals()

The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals.

For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group. Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/google/5.43.1/docs/resources/iam_deny_policy#exception_principals IamDenyPolicy#exception_principals}

builder

@Stability(Stable)
static IamDenyPolicyRulesDenyRule.Builder builder()

Returns:

a IamDenyPolicyRulesDenyRule.Builder of IamDenyPolicyRulesDenyRule