projects

package
v4.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 10, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessApprovalSettings 

type AccessApprovalSettings struct {
	pulumi.CustomResourceState

	// If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors
	// of the Project.
	EnrolledAncestor pulumi.BoolOutput `pulumi:"enrolledAncestor"`
	// A list of Google Cloud Services for which the given resource has Access Approval enrolled. Access requests for the
	// resource given by name against any of these services contained here will be required to have explicit approval.
	// Enrollment can only be done on an all or nothing basis. A maximum of 10 enrolled services will be enforced, to be
	// expanded as the set of supported services is expanded.
	EnrolledServices AccessApprovalSettingsEnrolledServiceArrayOutput `pulumi:"enrolledServices"`
	// The resource name of the settings. Format is "projects/{project_id}/accessApprovalSettings"
	Name pulumi.StringOutput `pulumi:"name"`
	// A list of email addresses to which notifications relating to approval requests should be sent. Notifications relating to
	// a resource will be sent to all emails in the settings of ancestor resources of that resource. A maximum of 50 email
	// addresses are allowed.
	NotificationEmails pulumi.StringArrayOutput `pulumi:"notificationEmails"`
	// Deprecated in favor of 'project_id'
	//
	// Deprecated: Deprecated in favor of `project_id`
	Project pulumi.StringPtrOutput `pulumi:"project"`
	// ID of the project of the access approval settings.
	ProjectId pulumi.StringOutput `pulumi:"projectId"`
}

func GetAccessApprovalSettings 

func GetAccessApprovalSettings(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AccessApprovalSettingsState, opts ...pulumi.ResourceOption) (*AccessApprovalSettings, error)

GetAccessApprovalSettings gets an existing AccessApprovalSettings resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAccessApprovalSettings 

func NewAccessApprovalSettings(ctx *pulumi.Context,
	name string, args *AccessApprovalSettingsArgs, opts ...pulumi.ResourceOption) (*AccessApprovalSettings, error)

NewAccessApprovalSettings registers a new resource with the given unique name, arguments, and options.

func (*AccessApprovalSettings) ElementType added in v4.4.0 

func (*AccessApprovalSettings) ElementType() reflect.Type

func (*AccessApprovalSettings) ToAccessApprovalSettingsOutput added in v4.4.0 

func (i *AccessApprovalSettings) ToAccessApprovalSettingsOutput() AccessApprovalSettingsOutput

func (*AccessApprovalSettings) ToAccessApprovalSettingsOutputWithContext added in v4.4.0 

func (i *AccessApprovalSettings) ToAccessApprovalSettingsOutputWithContext(ctx context.Context) AccessApprovalSettingsOutput

type AccessApprovalSettingsArgs 

type AccessApprovalSettingsArgs struct {
	// A list of Google Cloud Services for which the given resource has Access Approval enrolled. Access requests for the
	// resource given by name against any of these services contained here will be required to have explicit approval.
	// Enrollment can only be done on an all or nothing basis. A maximum of 10 enrolled services will be enforced, to be
	// expanded as the set of supported services is expanded.
	EnrolledServices AccessApprovalSettingsEnrolledServiceArrayInput
	// A list of email addresses to which notifications relating to approval requests should be sent. Notifications relating to
	// a resource will be sent to all emails in the settings of ancestor resources of that resource. A maximum of 50 email
	// addresses are allowed.
	NotificationEmails pulumi.StringArrayInput
	// Deprecated in favor of 'project_id'
	//
	// Deprecated: Deprecated in favor of `project_id`
	Project pulumi.StringPtrInput
	// ID of the project of the access approval settings.
	ProjectId pulumi.StringInput
}

The set of arguments for constructing a AccessApprovalSettings resource.

func (AccessApprovalSettingsArgs) ElementType 

func (AccessApprovalSettingsArgs) ElementType() reflect.Type

type AccessApprovalSettingsEnrolledService 

type AccessApprovalSettingsEnrolledService struct {
	CloudProduct    string  `pulumi:"cloudProduct"`
	EnrollmentLevel *string `pulumi:"enrollmentLevel"`
}

type AccessApprovalSettingsEnrolledServiceArgs 

type AccessApprovalSettingsEnrolledServiceArgs struct {
	CloudProduct    pulumi.StringInput    `pulumi:"cloudProduct"`
	EnrollmentLevel pulumi.StringPtrInput `pulumi:"enrollmentLevel"`
}

func (AccessApprovalSettingsEnrolledServiceArgs) ElementType 

func (AccessApprovalSettingsEnrolledServiceArgs) ElementType() reflect.Type

func (AccessApprovalSettingsEnrolledServiceArgs) ToAccessApprovalSettingsEnrolledServiceOutput 

func (i AccessApprovalSettingsEnrolledServiceArgs) ToAccessApprovalSettingsEnrolledServiceOutput() AccessApprovalSettingsEnrolledServiceOutput

func (AccessApprovalSettingsEnrolledServiceArgs) ToAccessApprovalSettingsEnrolledServiceOutputWithContext 

func (i AccessApprovalSettingsEnrolledServiceArgs) ToAccessApprovalSettingsEnrolledServiceOutputWithContext(ctx context.Context) AccessApprovalSettingsEnrolledServiceOutput

type AccessApprovalSettingsEnrolledServiceArray 

type AccessApprovalSettingsEnrolledServiceArray []AccessApprovalSettingsEnrolledServiceInput

func (AccessApprovalSettingsEnrolledServiceArray) ElementType 

func (AccessApprovalSettingsEnrolledServiceArray) ElementType() reflect.Type

func (AccessApprovalSettingsEnrolledServiceArray) ToAccessApprovalSettingsEnrolledServiceArrayOutput 

func (i AccessApprovalSettingsEnrolledServiceArray) ToAccessApprovalSettingsEnrolledServiceArrayOutput() AccessApprovalSettingsEnrolledServiceArrayOutput

func (AccessApprovalSettingsEnrolledServiceArray) ToAccessApprovalSettingsEnrolledServiceArrayOutputWithContext 

func (i AccessApprovalSettingsEnrolledServiceArray) ToAccessApprovalSettingsEnrolledServiceArrayOutputWithContext(ctx context.Context) AccessApprovalSettingsEnrolledServiceArrayOutput

type AccessApprovalSettingsEnrolledServiceArrayInput 

type AccessApprovalSettingsEnrolledServiceArrayInput interface {
	pulumi.Input

	ToAccessApprovalSettingsEnrolledServiceArrayOutput() AccessApprovalSettingsEnrolledServiceArrayOutput
	ToAccessApprovalSettingsEnrolledServiceArrayOutputWithContext(context.Context) AccessApprovalSettingsEnrolledServiceArrayOutput
}

AccessApprovalSettingsEnrolledServiceArrayInput is an input type that accepts AccessApprovalSettingsEnrolledServiceArray and AccessApprovalSettingsEnrolledServiceArrayOutput values. You can construct a concrete instance of `AccessApprovalSettingsEnrolledServiceArrayInput` via: 

AccessApprovalSettingsEnrolledServiceArray{ AccessApprovalSettingsEnrolledServiceArgs{...} }

type AccessApprovalSettingsEnrolledServiceArrayOutput 

type AccessApprovalSettingsEnrolledServiceArrayOutput struct{ *pulumi.OutputState }

func (AccessApprovalSettingsEnrolledServiceArrayOutput) ElementType 

func (AccessApprovalSettingsEnrolledServiceArrayOutput) ElementType() reflect.Type

func (AccessApprovalSettingsEnrolledServiceArrayOutput) Index 

func (o AccessApprovalSettingsEnrolledServiceArrayOutput) Index(i pulumi.IntInput) AccessApprovalSettingsEnrolledServiceOutput

func (AccessApprovalSettingsEnrolledServiceArrayOutput) ToAccessApprovalSettingsEnrolledServiceArrayOutput 

func (o AccessApprovalSettingsEnrolledServiceArrayOutput) ToAccessApprovalSettingsEnrolledServiceArrayOutput() AccessApprovalSettingsEnrolledServiceArrayOutput

func (AccessApprovalSettingsEnrolledServiceArrayOutput) ToAccessApprovalSettingsEnrolledServiceArrayOutputWithContext 

func (o AccessApprovalSettingsEnrolledServiceArrayOutput) ToAccessApprovalSettingsEnrolledServiceArrayOutputWithContext(ctx context.Context) AccessApprovalSettingsEnrolledServiceArrayOutput

type AccessApprovalSettingsEnrolledServiceInput 

type AccessApprovalSettingsEnrolledServiceInput interface {
	pulumi.Input

	ToAccessApprovalSettingsEnrolledServiceOutput() AccessApprovalSettingsEnrolledServiceOutput
	ToAccessApprovalSettingsEnrolledServiceOutputWithContext(context.Context) AccessApprovalSettingsEnrolledServiceOutput
}

AccessApprovalSettingsEnrolledServiceInput is an input type that accepts AccessApprovalSettingsEnrolledServiceArgs and AccessApprovalSettingsEnrolledServiceOutput values. You can construct a concrete instance of `AccessApprovalSettingsEnrolledServiceInput` via: 

AccessApprovalSettingsEnrolledServiceArgs{...}

type AccessApprovalSettingsEnrolledServiceOutput 

type AccessApprovalSettingsEnrolledServiceOutput struct{ *pulumi.OutputState }

func (AccessApprovalSettingsEnrolledServiceOutput) CloudProduct 

func (o AccessApprovalSettingsEnrolledServiceOutput) CloudProduct() pulumi.StringOutput

func (AccessApprovalSettingsEnrolledServiceOutput) ElementType 

func (AccessApprovalSettingsEnrolledServiceOutput) ElementType() reflect.Type

func (AccessApprovalSettingsEnrolledServiceOutput) EnrollmentLevel 

func (o AccessApprovalSettingsEnrolledServiceOutput) EnrollmentLevel() pulumi.StringPtrOutput

func (AccessApprovalSettingsEnrolledServiceOutput) ToAccessApprovalSettingsEnrolledServiceOutput 

func (o AccessApprovalSettingsEnrolledServiceOutput) ToAccessApprovalSettingsEnrolledServiceOutput() AccessApprovalSettingsEnrolledServiceOutput

func (AccessApprovalSettingsEnrolledServiceOutput) ToAccessApprovalSettingsEnrolledServiceOutputWithContext 

func (o AccessApprovalSettingsEnrolledServiceOutput) ToAccessApprovalSettingsEnrolledServiceOutputWithContext(ctx context.Context) AccessApprovalSettingsEnrolledServiceOutput

type AccessApprovalSettingsInput added in v4.4.0 

type AccessApprovalSettingsInput interface {
	pulumi.Input

	ToAccessApprovalSettingsOutput() AccessApprovalSettingsOutput
	ToAccessApprovalSettingsOutputWithContext(ctx context.Context) AccessApprovalSettingsOutput
}

type AccessApprovalSettingsOutput added in v4.4.0 

type AccessApprovalSettingsOutput struct {
	*pulumi.OutputState
}

func (AccessApprovalSettingsOutput) ElementType added in v4.4.0 

func (AccessApprovalSettingsOutput) ElementType() reflect.Type

func (AccessApprovalSettingsOutput) ToAccessApprovalSettingsOutput added in v4.4.0 

func (o AccessApprovalSettingsOutput) ToAccessApprovalSettingsOutput() AccessApprovalSettingsOutput

func (AccessApprovalSettingsOutput) ToAccessApprovalSettingsOutputWithContext added in v4.4.0 

func (o AccessApprovalSettingsOutput) ToAccessApprovalSettingsOutputWithContext(ctx context.Context) AccessApprovalSettingsOutput

type AccessApprovalSettingsState 

type AccessApprovalSettingsState struct {
	// If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors
	// of the Project.
	EnrolledAncestor pulumi.BoolPtrInput
	// A list of Google Cloud Services for which the given resource has Access Approval enrolled. Access requests for the
	// resource given by name against any of these services contained here will be required to have explicit approval.
	// Enrollment can only be done on an all or nothing basis. A maximum of 10 enrolled services will be enforced, to be
	// expanded as the set of supported services is expanded.
	EnrolledServices AccessApprovalSettingsEnrolledServiceArrayInput
	// The resource name of the settings. Format is "projects/{project_id}/accessApprovalSettings"
	Name pulumi.StringPtrInput
	// A list of email addresses to which notifications relating to approval requests should be sent. Notifications relating to
	// a resource will be sent to all emails in the settings of ancestor resources of that resource. A maximum of 50 email
	// addresses are allowed.
	NotificationEmails pulumi.StringArrayInput
	// Deprecated in favor of 'project_id'
	//
	// Deprecated: Deprecated in favor of `project_id`
	Project pulumi.StringPtrInput
	// ID of the project of the access approval settings.
	ProjectId pulumi.StringPtrInput
}

func (AccessApprovalSettingsState) ElementType 

func (AccessApprovalSettingsState) ElementType() reflect.Type

type DefaultServiceAccounts added in v4.3.0 

type DefaultServiceAccounts struct {
	pulumi.CustomResourceState

	// The action to be performed in the default service accounts. Valid values are: `DEPRIVILEGE`, `DELETE`, `DISABLE`. Note that `DEPRIVILEGE` action will ignore the REVERT configuration in the restore_policy
	Action pulumi.StringOutput `pulumi:"action"`
	// The project ID where service accounts are created.
	Project pulumi.StringOutput `pulumi:"project"`
	// The action to be performed in the default service accounts on the resource destroy.
	// Valid values are NONE, REVERT and REVERT_AND_IGNORE_FAILURE. It is applied for any action but in the DEPRIVILEGE.
	// If set to REVERT it attempts to restore all default SAs but the DEPRIVILEGE action.
	// If set to REVERT_AND_IGNORE_FAILURE it is the same behavior as REVERT but ignores errors returned by the API.
	RestorePolicy pulumi.StringPtrOutput `pulumi:"restorePolicy"`
	// The Service Accounts changed by this resource. It is used for `REVERT` the `action` on the destroy.
	ServiceAccounts pulumi.MapOutput `pulumi:"serviceAccounts"`
}

Allows management of Google Cloud Platform project default service accounts.

When certain service APIs are enabled, Google Cloud Platform automatically creates service accounts to help get started, but this is not recommended for production environments as per [Google's documentation](https://cloud.google.com/iam/docs/service-accounts#default). See the [Organization documentation](https://cloud.google.com/resource-manager/docs/quickstarts) for more details.

> **WARNING** Some Google Cloud products do not work if the default service accounts are deleted so it is better to `DEPRIVILEGE` as Google **CAN NOT** recover service accounts that have been deleted for more than 30 days. Also Google recommends using the `constraints/iam.automaticIamGrantsForDefaultServiceAccounts` [constraint](https://www.terraform.io/docs/providers/google/r/google_organization_policy.html) to disable automatic IAM Grants to default service accounts.

> This resource works on a best-effort basis, as no API formally describes the default service accounts and it is for users who are unable to use constraints. If the default service accounts change their name or additional service accounts are added, this resource will need to be updated.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewDefaultServiceAccounts(ctx, "myProject", &projects.DefaultServiceAccountsArgs{
			Action:  pulumi.String("DELETE"),
			Project: pulumi.String("my-project-id"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

To enable the default service accounts on the resource destroy:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewDefaultServiceAccounts(ctx, "myProject", &projects.DefaultServiceAccountsArgs{
			Action:        pulumi.String("DISABLE"),
			Project:       pulumi.String("my-project-id"),
			RestorePolicy: pulumi.String("REVERT"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

This resource does not support import

func GetDefaultServiceAccounts added in v4.3.0 

func GetDefaultServiceAccounts(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DefaultServiceAccountsState, opts ...pulumi.ResourceOption) (*DefaultServiceAccounts, error)

GetDefaultServiceAccounts gets an existing DefaultServiceAccounts resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDefaultServiceAccounts added in v4.3.0 

func NewDefaultServiceAccounts(ctx *pulumi.Context,
	name string, args *DefaultServiceAccountsArgs, opts ...pulumi.ResourceOption) (*DefaultServiceAccounts, error)

NewDefaultServiceAccounts registers a new resource with the given unique name, arguments, and options.

func (*DefaultServiceAccounts) ElementType added in v4.4.0 

func (*DefaultServiceAccounts) ElementType() reflect.Type

func (*DefaultServiceAccounts) ToDefaultServiceAccountsOutput added in v4.4.0 

func (i *DefaultServiceAccounts) ToDefaultServiceAccountsOutput() DefaultServiceAccountsOutput

func (*DefaultServiceAccounts) ToDefaultServiceAccountsOutputWithContext added in v4.4.0 

func (i *DefaultServiceAccounts) ToDefaultServiceAccountsOutputWithContext(ctx context.Context) DefaultServiceAccountsOutput

type DefaultServiceAccountsArgs added in v4.3.0 

type DefaultServiceAccountsArgs struct {
	// The action to be performed in the default service accounts. Valid values are: `DEPRIVILEGE`, `DELETE`, `DISABLE`. Note that `DEPRIVILEGE` action will ignore the REVERT configuration in the restore_policy
	Action pulumi.StringInput
	// The project ID where service accounts are created.
	Project pulumi.StringInput
	// The action to be performed in the default service accounts on the resource destroy.
	// Valid values are NONE, REVERT and REVERT_AND_IGNORE_FAILURE. It is applied for any action but in the DEPRIVILEGE.
	// If set to REVERT it attempts to restore all default SAs but the DEPRIVILEGE action.
	// If set to REVERT_AND_IGNORE_FAILURE it is the same behavior as REVERT but ignores errors returned by the API.
	RestorePolicy pulumi.StringPtrInput
}

The set of arguments for constructing a DefaultServiceAccounts resource.

func (DefaultServiceAccountsArgs) ElementType added in v4.3.0 

func (DefaultServiceAccountsArgs) ElementType() reflect.Type

type DefaultServiceAccountsInput added in v4.4.0 

type DefaultServiceAccountsInput interface {
	pulumi.Input

	ToDefaultServiceAccountsOutput() DefaultServiceAccountsOutput
	ToDefaultServiceAccountsOutputWithContext(ctx context.Context) DefaultServiceAccountsOutput
}

type DefaultServiceAccountsOutput added in v4.4.0 

type DefaultServiceAccountsOutput struct {
	*pulumi.OutputState
}

func (DefaultServiceAccountsOutput) ElementType added in v4.4.0 

func (DefaultServiceAccountsOutput) ElementType() reflect.Type

func (DefaultServiceAccountsOutput) ToDefaultServiceAccountsOutput added in v4.4.0 

func (o DefaultServiceAccountsOutput) ToDefaultServiceAccountsOutput() DefaultServiceAccountsOutput

func (DefaultServiceAccountsOutput) ToDefaultServiceAccountsOutputWithContext added in v4.4.0 

func (o DefaultServiceAccountsOutput) ToDefaultServiceAccountsOutputWithContext(ctx context.Context) DefaultServiceAccountsOutput

type DefaultServiceAccountsState added in v4.3.0 

type DefaultServiceAccountsState struct {
	// The action to be performed in the default service accounts. Valid values are: `DEPRIVILEGE`, `DELETE`, `DISABLE`. Note that `DEPRIVILEGE` action will ignore the REVERT configuration in the restore_policy
	Action pulumi.StringPtrInput
	// The project ID where service accounts are created.
	Project pulumi.StringPtrInput
	// The action to be performed in the default service accounts on the resource destroy.
	// Valid values are NONE, REVERT and REVERT_AND_IGNORE_FAILURE. It is applied for any action but in the DEPRIVILEGE.
	// If set to REVERT it attempts to restore all default SAs but the DEPRIVILEGE action.
	// If set to REVERT_AND_IGNORE_FAILURE it is the same behavior as REVERT but ignores errors returned by the API.
	RestorePolicy pulumi.StringPtrInput
	// The Service Accounts changed by this resource. It is used for `REVERT` the `action` on the destroy.
	ServiceAccounts pulumi.MapInput
}

func (DefaultServiceAccountsState) ElementType added in v4.3.0 

func (DefaultServiceAccountsState) ElementType() reflect.Type

type GetOrganizationPolicyBooleanPolicy 

type GetOrganizationPolicyBooleanPolicy struct {
	Enforced bool `pulumi:"enforced"`
}

type GetOrganizationPolicyBooleanPolicyArgs 

type GetOrganizationPolicyBooleanPolicyArgs struct {
	Enforced pulumi.BoolInput `pulumi:"enforced"`
}

func (GetOrganizationPolicyBooleanPolicyArgs) ElementType 

func (GetOrganizationPolicyBooleanPolicyArgs) ElementType() reflect.Type

func (GetOrganizationPolicyBooleanPolicyArgs) ToGetOrganizationPolicyBooleanPolicyOutput 

func (i GetOrganizationPolicyBooleanPolicyArgs) ToGetOrganizationPolicyBooleanPolicyOutput() GetOrganizationPolicyBooleanPolicyOutput

func (GetOrganizationPolicyBooleanPolicyArgs) ToGetOrganizationPolicyBooleanPolicyOutputWithContext 

func (i GetOrganizationPolicyBooleanPolicyArgs) ToGetOrganizationPolicyBooleanPolicyOutputWithContext(ctx context.Context) GetOrganizationPolicyBooleanPolicyOutput

type GetOrganizationPolicyBooleanPolicyArray 

type GetOrganizationPolicyBooleanPolicyArray []GetOrganizationPolicyBooleanPolicyInput

func (GetOrganizationPolicyBooleanPolicyArray) ElementType 

func (GetOrganizationPolicyBooleanPolicyArray) ElementType() reflect.Type

func (GetOrganizationPolicyBooleanPolicyArray) ToGetOrganizationPolicyBooleanPolicyArrayOutput 

func (i GetOrganizationPolicyBooleanPolicyArray) ToGetOrganizationPolicyBooleanPolicyArrayOutput() GetOrganizationPolicyBooleanPolicyArrayOutput

func (GetOrganizationPolicyBooleanPolicyArray) ToGetOrganizationPolicyBooleanPolicyArrayOutputWithContext 

func (i GetOrganizationPolicyBooleanPolicyArray) ToGetOrganizationPolicyBooleanPolicyArrayOutputWithContext(ctx context.Context) GetOrganizationPolicyBooleanPolicyArrayOutput

type GetOrganizationPolicyBooleanPolicyArrayInput 

type GetOrganizationPolicyBooleanPolicyArrayInput interface {
	pulumi.Input

	ToGetOrganizationPolicyBooleanPolicyArrayOutput() GetOrganizationPolicyBooleanPolicyArrayOutput
	ToGetOrganizationPolicyBooleanPolicyArrayOutputWithContext(context.Context) GetOrganizationPolicyBooleanPolicyArrayOutput
}

GetOrganizationPolicyBooleanPolicyArrayInput is an input type that accepts GetOrganizationPolicyBooleanPolicyArray and GetOrganizationPolicyBooleanPolicyArrayOutput values. You can construct a concrete instance of `GetOrganizationPolicyBooleanPolicyArrayInput` via: 

GetOrganizationPolicyBooleanPolicyArray{ GetOrganizationPolicyBooleanPolicyArgs{...} }

type GetOrganizationPolicyBooleanPolicyArrayOutput 

type GetOrganizationPolicyBooleanPolicyArrayOutput struct{ *pulumi.OutputState }

func (GetOrganizationPolicyBooleanPolicyArrayOutput) ElementType 

func (GetOrganizationPolicyBooleanPolicyArrayOutput) ElementType() reflect.Type

func (GetOrganizationPolicyBooleanPolicyArrayOutput) Index 

func (o GetOrganizationPolicyBooleanPolicyArrayOutput) Index(i pulumi.IntInput) GetOrganizationPolicyBooleanPolicyOutput

func (GetOrganizationPolicyBooleanPolicyArrayOutput) ToGetOrganizationPolicyBooleanPolicyArrayOutput 

func (o GetOrganizationPolicyBooleanPolicyArrayOutput) ToGetOrganizationPolicyBooleanPolicyArrayOutput() GetOrganizationPolicyBooleanPolicyArrayOutput

func (GetOrganizationPolicyBooleanPolicyArrayOutput) ToGetOrganizationPolicyBooleanPolicyArrayOutputWithContext 

func (o GetOrganizationPolicyBooleanPolicyArrayOutput) ToGetOrganizationPolicyBooleanPolicyArrayOutputWithContext(ctx context.Context) GetOrganizationPolicyBooleanPolicyArrayOutput

type GetOrganizationPolicyBooleanPolicyInput 

type GetOrganizationPolicyBooleanPolicyInput interface {
	pulumi.Input

	ToGetOrganizationPolicyBooleanPolicyOutput() GetOrganizationPolicyBooleanPolicyOutput
	ToGetOrganizationPolicyBooleanPolicyOutputWithContext(context.Context) GetOrganizationPolicyBooleanPolicyOutput
}

GetOrganizationPolicyBooleanPolicyInput is an input type that accepts GetOrganizationPolicyBooleanPolicyArgs and GetOrganizationPolicyBooleanPolicyOutput values. You can construct a concrete instance of `GetOrganizationPolicyBooleanPolicyInput` via: 

GetOrganizationPolicyBooleanPolicyArgs{...}

type GetOrganizationPolicyBooleanPolicyOutput 

type GetOrganizationPolicyBooleanPolicyOutput struct{ *pulumi.OutputState }

func (GetOrganizationPolicyBooleanPolicyOutput) ElementType 

func (GetOrganizationPolicyBooleanPolicyOutput) ElementType() reflect.Type

func (GetOrganizationPolicyBooleanPolicyOutput) Enforced 

func (o GetOrganizationPolicyBooleanPolicyOutput) Enforced() pulumi.BoolOutput

func (GetOrganizationPolicyBooleanPolicyOutput) ToGetOrganizationPolicyBooleanPolicyOutput 

func (o GetOrganizationPolicyBooleanPolicyOutput) ToGetOrganizationPolicyBooleanPolicyOutput() GetOrganizationPolicyBooleanPolicyOutput

func (GetOrganizationPolicyBooleanPolicyOutput) ToGetOrganizationPolicyBooleanPolicyOutputWithContext 

func (o GetOrganizationPolicyBooleanPolicyOutput) ToGetOrganizationPolicyBooleanPolicyOutputWithContext(ctx context.Context) GetOrganizationPolicyBooleanPolicyOutput

type GetOrganizationPolicyListPolicy 

type GetOrganizationPolicyListPolicy struct {
	Allows            []GetOrganizationPolicyListPolicyAllow `pulumi:"allows"`
	Denies            []GetOrganizationPolicyListPolicyDeny  `pulumi:"denies"`
	InheritFromParent bool                                   `pulumi:"inheritFromParent"`
	SuggestedValue    string                                 `pulumi:"suggestedValue"`
}

type GetOrganizationPolicyListPolicyAllow 

type GetOrganizationPolicyListPolicyAllow struct {
	All    bool     `pulumi:"all"`
	Values []string `pulumi:"values"`
}

type GetOrganizationPolicyListPolicyAllowArgs 

type GetOrganizationPolicyListPolicyAllowArgs struct {
	All    pulumi.BoolInput        `pulumi:"all"`
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (GetOrganizationPolicyListPolicyAllowArgs) ElementType 

func (GetOrganizationPolicyListPolicyAllowArgs) ElementType() reflect.Type

func (GetOrganizationPolicyListPolicyAllowArgs) ToGetOrganizationPolicyListPolicyAllowOutput 

func (i GetOrganizationPolicyListPolicyAllowArgs) ToGetOrganizationPolicyListPolicyAllowOutput() GetOrganizationPolicyListPolicyAllowOutput

func (GetOrganizationPolicyListPolicyAllowArgs) ToGetOrganizationPolicyListPolicyAllowOutputWithContext 

func (i GetOrganizationPolicyListPolicyAllowArgs) ToGetOrganizationPolicyListPolicyAllowOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyAllowOutput

type GetOrganizationPolicyListPolicyAllowArray 

type GetOrganizationPolicyListPolicyAllowArray []GetOrganizationPolicyListPolicyAllowInput

func (GetOrganizationPolicyListPolicyAllowArray) ElementType 

func (GetOrganizationPolicyListPolicyAllowArray) ElementType() reflect.Type

func (GetOrganizationPolicyListPolicyAllowArray) ToGetOrganizationPolicyListPolicyAllowArrayOutput 

func (i GetOrganizationPolicyListPolicyAllowArray) ToGetOrganizationPolicyListPolicyAllowArrayOutput() GetOrganizationPolicyListPolicyAllowArrayOutput

func (GetOrganizationPolicyListPolicyAllowArray) ToGetOrganizationPolicyListPolicyAllowArrayOutputWithContext 

func (i GetOrganizationPolicyListPolicyAllowArray) ToGetOrganizationPolicyListPolicyAllowArrayOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyAllowArrayOutput

type GetOrganizationPolicyListPolicyAllowArrayInput 

type GetOrganizationPolicyListPolicyAllowArrayInput interface {
	pulumi.Input

	ToGetOrganizationPolicyListPolicyAllowArrayOutput() GetOrganizationPolicyListPolicyAllowArrayOutput
	ToGetOrganizationPolicyListPolicyAllowArrayOutputWithContext(context.Context) GetOrganizationPolicyListPolicyAllowArrayOutput
}

GetOrganizationPolicyListPolicyAllowArrayInput is an input type that accepts GetOrganizationPolicyListPolicyAllowArray and GetOrganizationPolicyListPolicyAllowArrayOutput values. You can construct a concrete instance of `GetOrganizationPolicyListPolicyAllowArrayInput` via: 

GetOrganizationPolicyListPolicyAllowArray{ GetOrganizationPolicyListPolicyAllowArgs{...} }

type GetOrganizationPolicyListPolicyAllowArrayOutput 

type GetOrganizationPolicyListPolicyAllowArrayOutput struct{ *pulumi.OutputState }

func (GetOrganizationPolicyListPolicyAllowArrayOutput) ElementType 

func (GetOrganizationPolicyListPolicyAllowArrayOutput) ElementType() reflect.Type

func (GetOrganizationPolicyListPolicyAllowArrayOutput) Index 

func (o GetOrganizationPolicyListPolicyAllowArrayOutput) Index(i pulumi.IntInput) GetOrganizationPolicyListPolicyAllowOutput

func (GetOrganizationPolicyListPolicyAllowArrayOutput) ToGetOrganizationPolicyListPolicyAllowArrayOutput 

func (o GetOrganizationPolicyListPolicyAllowArrayOutput) ToGetOrganizationPolicyListPolicyAllowArrayOutput() GetOrganizationPolicyListPolicyAllowArrayOutput

func (GetOrganizationPolicyListPolicyAllowArrayOutput) ToGetOrganizationPolicyListPolicyAllowArrayOutputWithContext 

func (o GetOrganizationPolicyListPolicyAllowArrayOutput) ToGetOrganizationPolicyListPolicyAllowArrayOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyAllowArrayOutput

type GetOrganizationPolicyListPolicyAllowInput 

type GetOrganizationPolicyListPolicyAllowInput interface {
	pulumi.Input

	ToGetOrganizationPolicyListPolicyAllowOutput() GetOrganizationPolicyListPolicyAllowOutput
	ToGetOrganizationPolicyListPolicyAllowOutputWithContext(context.Context) GetOrganizationPolicyListPolicyAllowOutput
}

GetOrganizationPolicyListPolicyAllowInput is an input type that accepts GetOrganizationPolicyListPolicyAllowArgs and GetOrganizationPolicyListPolicyAllowOutput values. You can construct a concrete instance of `GetOrganizationPolicyListPolicyAllowInput` via: 

GetOrganizationPolicyListPolicyAllowArgs{...}

type GetOrganizationPolicyListPolicyAllowOutput 

type GetOrganizationPolicyListPolicyAllowOutput struct{ *pulumi.OutputState }

func (GetOrganizationPolicyListPolicyAllowOutput) All 

func (o GetOrganizationPolicyListPolicyAllowOutput) All() pulumi.BoolOutput

func (GetOrganizationPolicyListPolicyAllowOutput) ElementType 

func (GetOrganizationPolicyListPolicyAllowOutput) ElementType() reflect.Type

func (GetOrganizationPolicyListPolicyAllowOutput) ToGetOrganizationPolicyListPolicyAllowOutput 

func (o GetOrganizationPolicyListPolicyAllowOutput) ToGetOrganizationPolicyListPolicyAllowOutput() GetOrganizationPolicyListPolicyAllowOutput

func (GetOrganizationPolicyListPolicyAllowOutput) ToGetOrganizationPolicyListPolicyAllowOutputWithContext 

func (o GetOrganizationPolicyListPolicyAllowOutput) ToGetOrganizationPolicyListPolicyAllowOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyAllowOutput

func (GetOrganizationPolicyListPolicyAllowOutput) Values 

func (o GetOrganizationPolicyListPolicyAllowOutput) Values() pulumi.StringArrayOutput

type GetOrganizationPolicyListPolicyArgs 

type GetOrganizationPolicyListPolicyArgs struct {
	Allows            GetOrganizationPolicyListPolicyAllowArrayInput `pulumi:"allows"`
	Denies            GetOrganizationPolicyListPolicyDenyArrayInput  `pulumi:"denies"`
	InheritFromParent pulumi.BoolInput                               `pulumi:"inheritFromParent"`
	SuggestedValue    pulumi.StringInput                             `pulumi:"suggestedValue"`
}

func (GetOrganizationPolicyListPolicyArgs) ElementType 

func (GetOrganizationPolicyListPolicyArgs) ElementType() reflect.Type

func (GetOrganizationPolicyListPolicyArgs) ToGetOrganizationPolicyListPolicyOutput 

func (i GetOrganizationPolicyListPolicyArgs) ToGetOrganizationPolicyListPolicyOutput() GetOrganizationPolicyListPolicyOutput

func (GetOrganizationPolicyListPolicyArgs) ToGetOrganizationPolicyListPolicyOutputWithContext 

func (i GetOrganizationPolicyListPolicyArgs) ToGetOrganizationPolicyListPolicyOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyOutput

type GetOrganizationPolicyListPolicyArray 

type GetOrganizationPolicyListPolicyArray []GetOrganizationPolicyListPolicyInput

func (GetOrganizationPolicyListPolicyArray) ElementType 

func (GetOrganizationPolicyListPolicyArray) ElementType() reflect.Type

func (GetOrganizationPolicyListPolicyArray) ToGetOrganizationPolicyListPolicyArrayOutput 

func (i GetOrganizationPolicyListPolicyArray) ToGetOrganizationPolicyListPolicyArrayOutput() GetOrganizationPolicyListPolicyArrayOutput

func (GetOrganizationPolicyListPolicyArray) ToGetOrganizationPolicyListPolicyArrayOutputWithContext 

func (i GetOrganizationPolicyListPolicyArray) ToGetOrganizationPolicyListPolicyArrayOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyArrayOutput

type GetOrganizationPolicyListPolicyArrayInput 

type GetOrganizationPolicyListPolicyArrayInput interface {
	pulumi.Input

	ToGetOrganizationPolicyListPolicyArrayOutput() GetOrganizationPolicyListPolicyArrayOutput
	ToGetOrganizationPolicyListPolicyArrayOutputWithContext(context.Context) GetOrganizationPolicyListPolicyArrayOutput
}

GetOrganizationPolicyListPolicyArrayInput is an input type that accepts GetOrganizationPolicyListPolicyArray and GetOrganizationPolicyListPolicyArrayOutput values. You can construct a concrete instance of `GetOrganizationPolicyListPolicyArrayInput` via: 

GetOrganizationPolicyListPolicyArray{ GetOrganizationPolicyListPolicyArgs{...} }

type GetOrganizationPolicyListPolicyArrayOutput 

type GetOrganizationPolicyListPolicyArrayOutput struct{ *pulumi.OutputState }

func (GetOrganizationPolicyListPolicyArrayOutput) ElementType 

func (GetOrganizationPolicyListPolicyArrayOutput) ElementType() reflect.Type

func (GetOrganizationPolicyListPolicyArrayOutput) Index 

func (o GetOrganizationPolicyListPolicyArrayOutput) Index(i pulumi.IntInput) GetOrganizationPolicyListPolicyOutput

func (GetOrganizationPolicyListPolicyArrayOutput) ToGetOrganizationPolicyListPolicyArrayOutput 

func (o GetOrganizationPolicyListPolicyArrayOutput) ToGetOrganizationPolicyListPolicyArrayOutput() GetOrganizationPolicyListPolicyArrayOutput

func (GetOrganizationPolicyListPolicyArrayOutput) ToGetOrganizationPolicyListPolicyArrayOutputWithContext 

func (o GetOrganizationPolicyListPolicyArrayOutput) ToGetOrganizationPolicyListPolicyArrayOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyArrayOutput

type GetOrganizationPolicyListPolicyDeny 

type GetOrganizationPolicyListPolicyDeny struct {
	All    bool     `pulumi:"all"`
	Values []string `pulumi:"values"`
}

type GetOrganizationPolicyListPolicyDenyArgs 

type GetOrganizationPolicyListPolicyDenyArgs struct {
	All    pulumi.BoolInput        `pulumi:"all"`
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (GetOrganizationPolicyListPolicyDenyArgs) ElementType 

func (GetOrganizationPolicyListPolicyDenyArgs) ElementType() reflect.Type

func (GetOrganizationPolicyListPolicyDenyArgs) ToGetOrganizationPolicyListPolicyDenyOutput 

func (i GetOrganizationPolicyListPolicyDenyArgs) ToGetOrganizationPolicyListPolicyDenyOutput() GetOrganizationPolicyListPolicyDenyOutput

func (GetOrganizationPolicyListPolicyDenyArgs) ToGetOrganizationPolicyListPolicyDenyOutputWithContext 

func (i GetOrganizationPolicyListPolicyDenyArgs) ToGetOrganizationPolicyListPolicyDenyOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyDenyOutput

type GetOrganizationPolicyListPolicyDenyArray 

type GetOrganizationPolicyListPolicyDenyArray []GetOrganizationPolicyListPolicyDenyInput

func (GetOrganizationPolicyListPolicyDenyArray) ElementType 

func (GetOrganizationPolicyListPolicyDenyArray) ElementType() reflect.Type

func (GetOrganizationPolicyListPolicyDenyArray) ToGetOrganizationPolicyListPolicyDenyArrayOutput 

func (i GetOrganizationPolicyListPolicyDenyArray) ToGetOrganizationPolicyListPolicyDenyArrayOutput() GetOrganizationPolicyListPolicyDenyArrayOutput

func (GetOrganizationPolicyListPolicyDenyArray) ToGetOrganizationPolicyListPolicyDenyArrayOutputWithContext 

func (i GetOrganizationPolicyListPolicyDenyArray) ToGetOrganizationPolicyListPolicyDenyArrayOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyDenyArrayOutput

type GetOrganizationPolicyListPolicyDenyArrayInput 

type GetOrganizationPolicyListPolicyDenyArrayInput interface {
	pulumi.Input

	ToGetOrganizationPolicyListPolicyDenyArrayOutput() GetOrganizationPolicyListPolicyDenyArrayOutput
	ToGetOrganizationPolicyListPolicyDenyArrayOutputWithContext(context.Context) GetOrganizationPolicyListPolicyDenyArrayOutput
}

GetOrganizationPolicyListPolicyDenyArrayInput is an input type that accepts GetOrganizationPolicyListPolicyDenyArray and GetOrganizationPolicyListPolicyDenyArrayOutput values. You can construct a concrete instance of `GetOrganizationPolicyListPolicyDenyArrayInput` via: 

GetOrganizationPolicyListPolicyDenyArray{ GetOrganizationPolicyListPolicyDenyArgs{...} }

type GetOrganizationPolicyListPolicyDenyArrayOutput 

type GetOrganizationPolicyListPolicyDenyArrayOutput struct{ *pulumi.OutputState }

func (GetOrganizationPolicyListPolicyDenyArrayOutput) ElementType 

func (GetOrganizationPolicyListPolicyDenyArrayOutput) ElementType() reflect.Type

func (GetOrganizationPolicyListPolicyDenyArrayOutput) Index 

func (o GetOrganizationPolicyListPolicyDenyArrayOutput) Index(i pulumi.IntInput) GetOrganizationPolicyListPolicyDenyOutput

func (GetOrganizationPolicyListPolicyDenyArrayOutput) ToGetOrganizationPolicyListPolicyDenyArrayOutput 

func (o GetOrganizationPolicyListPolicyDenyArrayOutput) ToGetOrganizationPolicyListPolicyDenyArrayOutput() GetOrganizationPolicyListPolicyDenyArrayOutput

func (GetOrganizationPolicyListPolicyDenyArrayOutput) ToGetOrganizationPolicyListPolicyDenyArrayOutputWithContext 

func (o GetOrganizationPolicyListPolicyDenyArrayOutput) ToGetOrganizationPolicyListPolicyDenyArrayOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyDenyArrayOutput

type GetOrganizationPolicyListPolicyDenyInput 

type GetOrganizationPolicyListPolicyDenyInput interface {
	pulumi.Input

	ToGetOrganizationPolicyListPolicyDenyOutput() GetOrganizationPolicyListPolicyDenyOutput
	ToGetOrganizationPolicyListPolicyDenyOutputWithContext(context.Context) GetOrganizationPolicyListPolicyDenyOutput
}

GetOrganizationPolicyListPolicyDenyInput is an input type that accepts GetOrganizationPolicyListPolicyDenyArgs and GetOrganizationPolicyListPolicyDenyOutput values. You can construct a concrete instance of `GetOrganizationPolicyListPolicyDenyInput` via: 

GetOrganizationPolicyListPolicyDenyArgs{...}

type GetOrganizationPolicyListPolicyDenyOutput 

type GetOrganizationPolicyListPolicyDenyOutput struct{ *pulumi.OutputState }

func (GetOrganizationPolicyListPolicyDenyOutput) All 

func (o GetOrganizationPolicyListPolicyDenyOutput) All() pulumi.BoolOutput

func (GetOrganizationPolicyListPolicyDenyOutput) ElementType 

func (GetOrganizationPolicyListPolicyDenyOutput) ElementType() reflect.Type

func (GetOrganizationPolicyListPolicyDenyOutput) ToGetOrganizationPolicyListPolicyDenyOutput 

func (o GetOrganizationPolicyListPolicyDenyOutput) ToGetOrganizationPolicyListPolicyDenyOutput() GetOrganizationPolicyListPolicyDenyOutput

func (GetOrganizationPolicyListPolicyDenyOutput) ToGetOrganizationPolicyListPolicyDenyOutputWithContext 

func (o GetOrganizationPolicyListPolicyDenyOutput) ToGetOrganizationPolicyListPolicyDenyOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyDenyOutput

func (GetOrganizationPolicyListPolicyDenyOutput) Values 

func (o GetOrganizationPolicyListPolicyDenyOutput) Values() pulumi.StringArrayOutput

type GetOrganizationPolicyListPolicyInput 

type GetOrganizationPolicyListPolicyInput interface {
	pulumi.Input

	ToGetOrganizationPolicyListPolicyOutput() GetOrganizationPolicyListPolicyOutput
	ToGetOrganizationPolicyListPolicyOutputWithContext(context.Context) GetOrganizationPolicyListPolicyOutput
}

GetOrganizationPolicyListPolicyInput is an input type that accepts GetOrganizationPolicyListPolicyArgs and GetOrganizationPolicyListPolicyOutput values. You can construct a concrete instance of `GetOrganizationPolicyListPolicyInput` via: 

GetOrganizationPolicyListPolicyArgs{...}

type GetOrganizationPolicyListPolicyOutput 

type GetOrganizationPolicyListPolicyOutput struct{ *pulumi.OutputState }

func (GetOrganizationPolicyListPolicyOutput) Allows 

func (o GetOrganizationPolicyListPolicyOutput) Allows() GetOrganizationPolicyListPolicyAllowArrayOutput

func (GetOrganizationPolicyListPolicyOutput) Denies 

func (o GetOrganizationPolicyListPolicyOutput) Denies() GetOrganizationPolicyListPolicyDenyArrayOutput

func (GetOrganizationPolicyListPolicyOutput) ElementType 

func (GetOrganizationPolicyListPolicyOutput) ElementType() reflect.Type

func (GetOrganizationPolicyListPolicyOutput) InheritFromParent 

func (o GetOrganizationPolicyListPolicyOutput) InheritFromParent() pulumi.BoolOutput

func (GetOrganizationPolicyListPolicyOutput) SuggestedValue 

func (o GetOrganizationPolicyListPolicyOutput) SuggestedValue() pulumi.StringOutput

func (GetOrganizationPolicyListPolicyOutput) ToGetOrganizationPolicyListPolicyOutput 

func (o GetOrganizationPolicyListPolicyOutput) ToGetOrganizationPolicyListPolicyOutput() GetOrganizationPolicyListPolicyOutput

func (GetOrganizationPolicyListPolicyOutput) ToGetOrganizationPolicyListPolicyOutputWithContext 

func (o GetOrganizationPolicyListPolicyOutput) ToGetOrganizationPolicyListPolicyOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyOutput

type GetOrganizationPolicyRestorePolicy 

type GetOrganizationPolicyRestorePolicy struct {
	Default bool `pulumi:"default"`
}

type GetOrganizationPolicyRestorePolicyArgs 

type GetOrganizationPolicyRestorePolicyArgs struct {
	Default pulumi.BoolInput `pulumi:"default"`
}

func (GetOrganizationPolicyRestorePolicyArgs) ElementType 

func (GetOrganizationPolicyRestorePolicyArgs) ElementType() reflect.Type

func (GetOrganizationPolicyRestorePolicyArgs) ToGetOrganizationPolicyRestorePolicyOutput 

func (i GetOrganizationPolicyRestorePolicyArgs) ToGetOrganizationPolicyRestorePolicyOutput() GetOrganizationPolicyRestorePolicyOutput

func (GetOrganizationPolicyRestorePolicyArgs) ToGetOrganizationPolicyRestorePolicyOutputWithContext 

func (i GetOrganizationPolicyRestorePolicyArgs) ToGetOrganizationPolicyRestorePolicyOutputWithContext(ctx context.Context) GetOrganizationPolicyRestorePolicyOutput

type GetOrganizationPolicyRestorePolicyArray 

type GetOrganizationPolicyRestorePolicyArray []GetOrganizationPolicyRestorePolicyInput

func (GetOrganizationPolicyRestorePolicyArray) ElementType 

func (GetOrganizationPolicyRestorePolicyArray) ElementType() reflect.Type

func (GetOrganizationPolicyRestorePolicyArray) ToGetOrganizationPolicyRestorePolicyArrayOutput 

func (i GetOrganizationPolicyRestorePolicyArray) ToGetOrganizationPolicyRestorePolicyArrayOutput() GetOrganizationPolicyRestorePolicyArrayOutput

func (GetOrganizationPolicyRestorePolicyArray) ToGetOrganizationPolicyRestorePolicyArrayOutputWithContext 

func (i GetOrganizationPolicyRestorePolicyArray) ToGetOrganizationPolicyRestorePolicyArrayOutputWithContext(ctx context.Context) GetOrganizationPolicyRestorePolicyArrayOutput

type GetOrganizationPolicyRestorePolicyArrayInput 

type GetOrganizationPolicyRestorePolicyArrayInput interface {
	pulumi.Input

	ToGetOrganizationPolicyRestorePolicyArrayOutput() GetOrganizationPolicyRestorePolicyArrayOutput
	ToGetOrganizationPolicyRestorePolicyArrayOutputWithContext(context.Context) GetOrganizationPolicyRestorePolicyArrayOutput
}

GetOrganizationPolicyRestorePolicyArrayInput is an input type that accepts GetOrganizationPolicyRestorePolicyArray and GetOrganizationPolicyRestorePolicyArrayOutput values. You can construct a concrete instance of `GetOrganizationPolicyRestorePolicyArrayInput` via: 

GetOrganizationPolicyRestorePolicyArray{ GetOrganizationPolicyRestorePolicyArgs{...} }

type GetOrganizationPolicyRestorePolicyArrayOutput 

type GetOrganizationPolicyRestorePolicyArrayOutput struct{ *pulumi.OutputState }

func (GetOrganizationPolicyRestorePolicyArrayOutput) ElementType 

func (GetOrganizationPolicyRestorePolicyArrayOutput) ElementType() reflect.Type

func (GetOrganizationPolicyRestorePolicyArrayOutput) Index 

func (o GetOrganizationPolicyRestorePolicyArrayOutput) Index(i pulumi.IntInput) GetOrganizationPolicyRestorePolicyOutput

func (GetOrganizationPolicyRestorePolicyArrayOutput) ToGetOrganizationPolicyRestorePolicyArrayOutput 

func (o GetOrganizationPolicyRestorePolicyArrayOutput) ToGetOrganizationPolicyRestorePolicyArrayOutput() GetOrganizationPolicyRestorePolicyArrayOutput

func (GetOrganizationPolicyRestorePolicyArrayOutput) ToGetOrganizationPolicyRestorePolicyArrayOutputWithContext 

func (o GetOrganizationPolicyRestorePolicyArrayOutput) ToGetOrganizationPolicyRestorePolicyArrayOutputWithContext(ctx context.Context) GetOrganizationPolicyRestorePolicyArrayOutput

type GetOrganizationPolicyRestorePolicyInput 

type GetOrganizationPolicyRestorePolicyInput interface {
	pulumi.Input

	ToGetOrganizationPolicyRestorePolicyOutput() GetOrganizationPolicyRestorePolicyOutput
	ToGetOrganizationPolicyRestorePolicyOutputWithContext(context.Context) GetOrganizationPolicyRestorePolicyOutput
}

GetOrganizationPolicyRestorePolicyInput is an input type that accepts GetOrganizationPolicyRestorePolicyArgs and GetOrganizationPolicyRestorePolicyOutput values. You can construct a concrete instance of `GetOrganizationPolicyRestorePolicyInput` via: 

GetOrganizationPolicyRestorePolicyArgs{...}

type GetOrganizationPolicyRestorePolicyOutput 

type GetOrganizationPolicyRestorePolicyOutput struct{ *pulumi.OutputState }

func (GetOrganizationPolicyRestorePolicyOutput) Default 

func (o GetOrganizationPolicyRestorePolicyOutput) Default() pulumi.BoolOutput

func (GetOrganizationPolicyRestorePolicyOutput) ElementType 

func (GetOrganizationPolicyRestorePolicyOutput) ElementType() reflect.Type

func (GetOrganizationPolicyRestorePolicyOutput) ToGetOrganizationPolicyRestorePolicyOutput 

func (o GetOrganizationPolicyRestorePolicyOutput) ToGetOrganizationPolicyRestorePolicyOutput() GetOrganizationPolicyRestorePolicyOutput

func (GetOrganizationPolicyRestorePolicyOutput) ToGetOrganizationPolicyRestorePolicyOutputWithContext 

func (o GetOrganizationPolicyRestorePolicyOutput) ToGetOrganizationPolicyRestorePolicyOutputWithContext(ctx context.Context) GetOrganizationPolicyRestorePolicyOutput

type GetProjectArgs 

type GetProjectArgs struct {
	// A string filter as defined in the [REST API](https://cloud.google.com/resource-manager/reference/rest/v1/projects/list#query-parameters).
	Filter string `pulumi:"filter"`
}

A collection of arguments for invoking getProject.

type GetProjectProject 

type GetProjectProject struct {
	CreateTime     string            `pulumi:"createTime"`
	Labels         map[string]string `pulumi:"labels"`
	LifecycleState string            `pulumi:"lifecycleState"`
	Name           string            `pulumi:"name"`
	Number         string            `pulumi:"number"`
	Parent         map[string]string `pulumi:"parent"`
	// The project id of the project.
	ProjectId string `pulumi:"projectId"`
}

type GetProjectProjectArgs 

type GetProjectProjectArgs struct {
	CreateTime     pulumi.StringInput    `pulumi:"createTime"`
	Labels         pulumi.StringMapInput `pulumi:"labels"`
	LifecycleState pulumi.StringInput    `pulumi:"lifecycleState"`
	Name           pulumi.StringInput    `pulumi:"name"`
	Number         pulumi.StringInput    `pulumi:"number"`
	Parent         pulumi.StringMapInput `pulumi:"parent"`
	// The project id of the project.
	ProjectId pulumi.StringInput `pulumi:"projectId"`
}

func (GetProjectProjectArgs) ElementType 

func (GetProjectProjectArgs) ElementType() reflect.Type

func (GetProjectProjectArgs) ToGetProjectProjectOutput 

func (i GetProjectProjectArgs) ToGetProjectProjectOutput() GetProjectProjectOutput

func (GetProjectProjectArgs) ToGetProjectProjectOutputWithContext 

func (i GetProjectProjectArgs) ToGetProjectProjectOutputWithContext(ctx context.Context) GetProjectProjectOutput

type GetProjectProjectArray 

type GetProjectProjectArray []GetProjectProjectInput

func (GetProjectProjectArray) ElementType 

func (GetProjectProjectArray) ElementType() reflect.Type

func (GetProjectProjectArray) ToGetProjectProjectArrayOutput 

func (i GetProjectProjectArray) ToGetProjectProjectArrayOutput() GetProjectProjectArrayOutput

func (GetProjectProjectArray) ToGetProjectProjectArrayOutputWithContext 

func (i GetProjectProjectArray) ToGetProjectProjectArrayOutputWithContext(ctx context.Context) GetProjectProjectArrayOutput

type GetProjectProjectArrayInput 

type GetProjectProjectArrayInput interface {
	pulumi.Input

	ToGetProjectProjectArrayOutput() GetProjectProjectArrayOutput
	ToGetProjectProjectArrayOutputWithContext(context.Context) GetProjectProjectArrayOutput
}

GetProjectProjectArrayInput is an input type that accepts GetProjectProjectArray and GetProjectProjectArrayOutput values. You can construct a concrete instance of `GetProjectProjectArrayInput` via: 

GetProjectProjectArray{ GetProjectProjectArgs{...} }

type GetProjectProjectArrayOutput 

type GetProjectProjectArrayOutput struct{ *pulumi.OutputState }

func (GetProjectProjectArrayOutput) ElementType 

func (GetProjectProjectArrayOutput) ElementType() reflect.Type

func (GetProjectProjectArrayOutput) Index 

func (o GetProjectProjectArrayOutput) Index(i pulumi.IntInput) GetProjectProjectOutput

func (GetProjectProjectArrayOutput) ToGetProjectProjectArrayOutput 

func (o GetProjectProjectArrayOutput) ToGetProjectProjectArrayOutput() GetProjectProjectArrayOutput

func (GetProjectProjectArrayOutput) ToGetProjectProjectArrayOutputWithContext 

func (o GetProjectProjectArrayOutput) ToGetProjectProjectArrayOutputWithContext(ctx context.Context) GetProjectProjectArrayOutput

type GetProjectProjectInput 

type GetProjectProjectInput interface {
	pulumi.Input

	ToGetProjectProjectOutput() GetProjectProjectOutput
	ToGetProjectProjectOutputWithContext(context.Context) GetProjectProjectOutput
}

GetProjectProjectInput is an input type that accepts GetProjectProjectArgs and GetProjectProjectOutput values. You can construct a concrete instance of `GetProjectProjectInput` via: 

GetProjectProjectArgs{...}

type GetProjectProjectOutput 

type GetProjectProjectOutput struct{ *pulumi.OutputState }

func (GetProjectProjectOutput) CreateTime 

func (o GetProjectProjectOutput) CreateTime() pulumi.StringOutput

func (GetProjectProjectOutput) ElementType 

func (GetProjectProjectOutput) ElementType() reflect.Type

func (GetProjectProjectOutput) Labels 

func (o GetProjectProjectOutput) Labels() pulumi.StringMapOutput

func (GetProjectProjectOutput) LifecycleState 

func (o GetProjectProjectOutput) LifecycleState() pulumi.StringOutput

func (GetProjectProjectOutput) Name 

func (o GetProjectProjectOutput) Name() pulumi.StringOutput

func (GetProjectProjectOutput) Number 

func (o GetProjectProjectOutput) Number() pulumi.StringOutput

func (GetProjectProjectOutput) Parent 

func (o GetProjectProjectOutput) Parent() pulumi.StringMapOutput

func (GetProjectProjectOutput) ProjectId 

func (o GetProjectProjectOutput) ProjectId() pulumi.StringOutput

The project id of the project.

func (GetProjectProjectOutput) ToGetProjectProjectOutput 

func (o GetProjectProjectOutput) ToGetProjectProjectOutput() GetProjectProjectOutput

func (GetProjectProjectOutput) ToGetProjectProjectOutputWithContext 

func (o GetProjectProjectOutput) ToGetProjectProjectOutputWithContext(ctx context.Context) GetProjectProjectOutput

type GetProjectResult 

type GetProjectResult struct {
	Filter string `pulumi:"filter"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// A list of projects matching the provided filter. Structure is defined below.
	Projects []GetProjectProject `pulumi:"projects"`
}

A collection of values returned by getProject.

func GetProject 

func GetProject(ctx *pulumi.Context, args *GetProjectArgs, opts ...pulumi.InvokeOption) (*GetProjectResult, error)

Retrieve information about a set of projects based on a filter. See the [REST API](https://cloud.google.com/resource-manager/reference/rest/v1/projects/list) for more details.

## Example Usage ### Searching For Projects About To Be Deleted In An Org

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		my_org_projects, err := projects.GetProject(ctx, &projects.GetProjectArgs{
			Filter: "parent.id:012345678910 lifecycleState:DELETE_REQUESTED",
		}, nil)
		if err != nil {
			return err
		}
		opt0 := my_org_projects.Projects[0].ProjectId
		_, err = organizations.LookupProject(ctx, &organizations.LookupProjectArgs{
			ProjectId: &opt0,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type IAMAuditConfig 

type IAMAuditConfig struct {
	pulumi.CustomResourceState

	// The configuration for logging of each type of permission.  This can be specified multiple times.  Structure is documented below.
	AuditLogConfigs IAMAuditConfigAuditLogConfigArrayOutput `pulumi:"auditLogConfigs"`
	// (Computed) The etag of the project's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The project ID. If not specified for `projects.IAMBinding`, `projects.IAMMember`, or `projects.IAMAuditConfig`, uses the ID of the project configured with the provider.
	// Required for `projects.IAMPolicy` - you must explicitly set the project, and it
	// will not be inferred from the provider.
	Project pulumi.StringOutput `pulumi:"project"`
	// Service which will be enabled for audit logging.  The special value `allServices` covers all services.  Note that if there are google\_project\_iam\_audit\_config resources covering both `allServices` and a specific service then the union of the two AuditConfigs is used for that service: the `logTypes` specified in each `auditLogConfig` are enabled, and the `exemptedMembers` in each `auditLogConfig` are exempted.
	Service pulumi.StringOutput `pulumi:"service"`
}

Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:

* `projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached. * `projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved. * `projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved. * `projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.

> **Note:** `projects.IAMPolicy` **cannot** be used in conjunction with `projects.IAMBinding`, `projects.IAMMember`, or `projects.IAMAuditConfig` or they will fight over what your policy should be.

> **Note:** `projects.IAMPolicy` **cannot** be used in conjunction with `projects.IAMBinding`, `projects.IAMMember`, or `projects.IAMAuditConfig` or they will fight over what your policy should be.

> **Note:** `projects.IAMBinding` resources **can be** used in conjunction with `projects.IAMMember` resources **only if** they do not grant privilege to the same role.

> **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, 

IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.

## google\_project\_iam\_policy

> **Be careful!** You can accidentally lock yourself out of your project 

using this resource. Deleting a `projects.IAMPolicy` removes access
from anyone without organization-level access to the project. Proceed with caution.
It's not recommended to use `projects.IAMPolicy` with your provider project
to avoid locking yourself out, and it should generally only be used with projects
fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before
applying the change.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/editor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = projects.NewIAMPolicy(ctx, "project", &projects.IAMPolicyArgs{
			Project:    pulumi.String("your-project-id"),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Condition: organizations.GetIAMPolicyBindingCondition{
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
						Title:       "expires_after_2019_12_31",
					},
					Members: []string{
						"user:jane@example.com",
					},
					Role: "roles/compute.admin",
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = projects.NewIAMPolicy(ctx, "project", &projects.IAMPolicyArgs{
			PolicyData: pulumi.String(admin.PolicyData),
			Project:    pulumi.String("your-project-id"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_project\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMBinding(ctx, "project", &projects.IAMBindingArgs{
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Project: pulumi.String("your-project-id"),
			Role:    pulumi.String("roles/editor"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMBinding(ctx, "project", &projects.IAMBindingArgs{
			Condition: &projects.IAMBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Project: pulumi.String("your-project-id"),
			Role:    pulumi.String("roles/container.admin"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_project\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMMember(ctx, "project", &projects.IAMMemberArgs{
			Member:  pulumi.String("user:jane@example.com"),
			Project: pulumi.String("your-project-id"),
			Role:    pulumi.String("roles/editor"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMMember(ctx, "project", &projects.IAMMemberArgs{
			Condition: &projects.IAMMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Member:  pulumi.String("user:jane@example.com"),
			Project: pulumi.String("your-project-id"),
			Role:    pulumi.String("roles/firebase.admin"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_project\_iam\_audit\_config

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMAuditConfig(ctx, "project", &projects.IAMAuditConfigArgs{
			AuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{
				&projects.IAMAuditConfigAuditLogConfigArgs{
					LogType: pulumi.String("ADMIN_READ"),
				},
				&projects.IAMAuditConfigAuditLogConfigArgs{
					ExemptedMembers: pulumi.StringArray{
						pulumi.String("user:joebloggs@hashicorp.com"),
					},
					LogType: pulumi.String("DATA_READ"),
				},
			},
			Project: pulumi.String("your-project-id"),
			Service: pulumi.String("allServices"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

IAM member imports use space-delimited identifiers; the resource in question, the role, and the account.

This member resource can be imported using the `project_id`, role, and member e.g.

```sh 

$ pulumi import gcp:projects/iAMAuditConfig:IAMAuditConfig my_project "your-project-id roles/viewer user:foo@example.com"

``` 

IAM binding imports use space-delimited identifiers; the resource in question and the role.

This binding resource can be imported using the `project_id` and role, e.g.

```sh 

$ pulumi import gcp:projects/iAMAuditConfig:IAMAuditConfig my_project "your-project-id roles/viewer"

``` 

IAM policy imports use the identifier of the resource in question.

This policy resource can be imported using the `project_id`.

```sh 

$ pulumi import gcp:projects/iAMAuditConfig:IAMAuditConfig my_project your-project-id

``` 

IAM audit config imports use the identifier of the resource in question and the service, e.g.

```sh 

$ pulumi import gcp:projects/iAMAuditConfig:IAMAuditConfig my_project "your-project-id foo.googleapis.com"

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetIAMAuditConfig 

func GetIAMAuditConfig(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMAuditConfigState, opts ...pulumi.ResourceOption) (*IAMAuditConfig, error)

GetIAMAuditConfig gets an existing IAMAuditConfig resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMAuditConfig 

func NewIAMAuditConfig(ctx *pulumi.Context,
	name string, args *IAMAuditConfigArgs, opts ...pulumi.ResourceOption) (*IAMAuditConfig, error)

NewIAMAuditConfig registers a new resource with the given unique name, arguments, and options.

func (*IAMAuditConfig) ElementType added in v4.4.0 

func (*IAMAuditConfig) ElementType() reflect.Type

func (*IAMAuditConfig) ToIAMAuditConfigOutput added in v4.4.0 

func (i *IAMAuditConfig) ToIAMAuditConfigOutput() IAMAuditConfigOutput

func (*IAMAuditConfig) ToIAMAuditConfigOutputWithContext added in v4.4.0 

func (i *IAMAuditConfig) ToIAMAuditConfigOutputWithContext(ctx context.Context) IAMAuditConfigOutput

type IAMAuditConfigArgs 

type IAMAuditConfigArgs struct {
	// The configuration for logging of each type of permission.  This can be specified multiple times.  Structure is documented below.
	AuditLogConfigs IAMAuditConfigAuditLogConfigArrayInput
	// The project ID. If not specified for `projects.IAMBinding`, `projects.IAMMember`, or `projects.IAMAuditConfig`, uses the ID of the project configured with the provider.
	// Required for `projects.IAMPolicy` - you must explicitly set the project, and it
	// will not be inferred from the provider.
	Project pulumi.StringPtrInput
	// Service which will be enabled for audit logging.  The special value `allServices` covers all services.  Note that if there are google\_project\_iam\_audit\_config resources covering both `allServices` and a specific service then the union of the two AuditConfigs is used for that service: the `logTypes` specified in each `auditLogConfig` are enabled, and the `exemptedMembers` in each `auditLogConfig` are exempted.
	Service pulumi.StringInput
}

The set of arguments for constructing a IAMAuditConfig resource.

func (IAMAuditConfigArgs) ElementType 

func (IAMAuditConfigArgs) ElementType() reflect.Type

type IAMAuditConfigAuditLogConfig 

type IAMAuditConfigAuditLogConfig struct {
	// Identities that do not cause logging for this type of permission.  The format is the same as that for `members`.
	ExemptedMembers []string `pulumi:"exemptedMembers"`
	// Permission type for which logging is to be configured.  Must be one of `DATA_READ`, `DATA_WRITE`, or `ADMIN_READ`.
	LogType string `pulumi:"logType"`
}

type IAMAuditConfigAuditLogConfigArgs 

type IAMAuditConfigAuditLogConfigArgs struct {
	// Identities that do not cause logging for this type of permission.  The format is the same as that for `members`.
	ExemptedMembers pulumi.StringArrayInput `pulumi:"exemptedMembers"`
	// Permission type for which logging is to be configured.  Must be one of `DATA_READ`, `DATA_WRITE`, or `ADMIN_READ`.
	LogType pulumi.StringInput `pulumi:"logType"`
}

func (IAMAuditConfigAuditLogConfigArgs) ElementType 

func (IAMAuditConfigAuditLogConfigArgs) ElementType() reflect.Type

func (IAMAuditConfigAuditLogConfigArgs) ToIAMAuditConfigAuditLogConfigOutput 

func (i IAMAuditConfigAuditLogConfigArgs) ToIAMAuditConfigAuditLogConfigOutput() IAMAuditConfigAuditLogConfigOutput

func (IAMAuditConfigAuditLogConfigArgs) ToIAMAuditConfigAuditLogConfigOutputWithContext 

func (i IAMAuditConfigAuditLogConfigArgs) ToIAMAuditConfigAuditLogConfigOutputWithContext(ctx context.Context) IAMAuditConfigAuditLogConfigOutput

type IAMAuditConfigAuditLogConfigArray 

type IAMAuditConfigAuditLogConfigArray []IAMAuditConfigAuditLogConfigInput

func (IAMAuditConfigAuditLogConfigArray) ElementType 

func (IAMAuditConfigAuditLogConfigArray) ElementType() reflect.Type

func (IAMAuditConfigAuditLogConfigArray) ToIAMAuditConfigAuditLogConfigArrayOutput 

func (i IAMAuditConfigAuditLogConfigArray) ToIAMAuditConfigAuditLogConfigArrayOutput() IAMAuditConfigAuditLogConfigArrayOutput

func (IAMAuditConfigAuditLogConfigArray) ToIAMAuditConfigAuditLogConfigArrayOutputWithContext 

func (i IAMAuditConfigAuditLogConfigArray) ToIAMAuditConfigAuditLogConfigArrayOutputWithContext(ctx context.Context) IAMAuditConfigAuditLogConfigArrayOutput

type IAMAuditConfigAuditLogConfigArrayInput 

type IAMAuditConfigAuditLogConfigArrayInput interface {
	pulumi.Input

	ToIAMAuditConfigAuditLogConfigArrayOutput() IAMAuditConfigAuditLogConfigArrayOutput
	ToIAMAuditConfigAuditLogConfigArrayOutputWithContext(context.Context) IAMAuditConfigAuditLogConfigArrayOutput
}

IAMAuditConfigAuditLogConfigArrayInput is an input type that accepts IAMAuditConfigAuditLogConfigArray and IAMAuditConfigAuditLogConfigArrayOutput values. You can construct a concrete instance of `IAMAuditConfigAuditLogConfigArrayInput` via: 

IAMAuditConfigAuditLogConfigArray{ IAMAuditConfigAuditLogConfigArgs{...} }

type IAMAuditConfigAuditLogConfigArrayOutput 

type IAMAuditConfigAuditLogConfigArrayOutput struct{ *pulumi.OutputState }

func (IAMAuditConfigAuditLogConfigArrayOutput) ElementType 

func (IAMAuditConfigAuditLogConfigArrayOutput) ElementType() reflect.Type

func (IAMAuditConfigAuditLogConfigArrayOutput) Index 

func (o IAMAuditConfigAuditLogConfigArrayOutput) Index(i pulumi.IntInput) IAMAuditConfigAuditLogConfigOutput

func (IAMAuditConfigAuditLogConfigArrayOutput) ToIAMAuditConfigAuditLogConfigArrayOutput 

func (o IAMAuditConfigAuditLogConfigArrayOutput) ToIAMAuditConfigAuditLogConfigArrayOutput() IAMAuditConfigAuditLogConfigArrayOutput

func (IAMAuditConfigAuditLogConfigArrayOutput) ToIAMAuditConfigAuditLogConfigArrayOutputWithContext 

func (o IAMAuditConfigAuditLogConfigArrayOutput) ToIAMAuditConfigAuditLogConfigArrayOutputWithContext(ctx context.Context) IAMAuditConfigAuditLogConfigArrayOutput

type IAMAuditConfigAuditLogConfigInput 

type IAMAuditConfigAuditLogConfigInput interface {
	pulumi.Input

	ToIAMAuditConfigAuditLogConfigOutput() IAMAuditConfigAuditLogConfigOutput
	ToIAMAuditConfigAuditLogConfigOutputWithContext(context.Context) IAMAuditConfigAuditLogConfigOutput
}

IAMAuditConfigAuditLogConfigInput is an input type that accepts IAMAuditConfigAuditLogConfigArgs and IAMAuditConfigAuditLogConfigOutput values. You can construct a concrete instance of `IAMAuditConfigAuditLogConfigInput` via: 

IAMAuditConfigAuditLogConfigArgs{...}

type IAMAuditConfigAuditLogConfigOutput 

type IAMAuditConfigAuditLogConfigOutput struct{ *pulumi.OutputState }

func (IAMAuditConfigAuditLogConfigOutput) ElementType 

func (IAMAuditConfigAuditLogConfigOutput) ElementType() reflect.Type

func (IAMAuditConfigAuditLogConfigOutput) ExemptedMembers 

func (o IAMAuditConfigAuditLogConfigOutput) ExemptedMembers() pulumi.StringArrayOutput

Identities that do not cause logging for this type of permission. The format is the same as that for `members`.

func (IAMAuditConfigAuditLogConfigOutput) LogType 

func (o IAMAuditConfigAuditLogConfigOutput) LogType() pulumi.StringOutput

Permission type for which logging is to be configured. Must be one of `DATA_READ`, `DATA_WRITE`, or `ADMIN_READ`.

func (IAMAuditConfigAuditLogConfigOutput) ToIAMAuditConfigAuditLogConfigOutput 

func (o IAMAuditConfigAuditLogConfigOutput) ToIAMAuditConfigAuditLogConfigOutput() IAMAuditConfigAuditLogConfigOutput

func (IAMAuditConfigAuditLogConfigOutput) ToIAMAuditConfigAuditLogConfigOutputWithContext 

func (o IAMAuditConfigAuditLogConfigOutput) ToIAMAuditConfigAuditLogConfigOutputWithContext(ctx context.Context) IAMAuditConfigAuditLogConfigOutput

type IAMAuditConfigInput added in v4.4.0 

type IAMAuditConfigInput interface {
	pulumi.Input

	ToIAMAuditConfigOutput() IAMAuditConfigOutput
	ToIAMAuditConfigOutputWithContext(ctx context.Context) IAMAuditConfigOutput
}

type IAMAuditConfigOutput added in v4.4.0 

type IAMAuditConfigOutput struct {
	*pulumi.OutputState
}

func (IAMAuditConfigOutput) ElementType added in v4.4.0 

func (IAMAuditConfigOutput) ElementType() reflect.Type

func (IAMAuditConfigOutput) ToIAMAuditConfigOutput added in v4.4.0 

func (o IAMAuditConfigOutput) ToIAMAuditConfigOutput() IAMAuditConfigOutput

func (IAMAuditConfigOutput) ToIAMAuditConfigOutputWithContext added in v4.4.0 

func (o IAMAuditConfigOutput) ToIAMAuditConfigOutputWithContext(ctx context.Context) IAMAuditConfigOutput

type IAMAuditConfigState 

type IAMAuditConfigState struct {
	// The configuration for logging of each type of permission.  This can be specified multiple times.  Structure is documented below.
	AuditLogConfigs IAMAuditConfigAuditLogConfigArrayInput
	// (Computed) The etag of the project's IAM policy.
	Etag pulumi.StringPtrInput
	// The project ID. If not specified for `projects.IAMBinding`, `projects.IAMMember`, or `projects.IAMAuditConfig`, uses the ID of the project configured with the provider.
	// Required for `projects.IAMPolicy` - you must explicitly set the project, and it
	// will not be inferred from the provider.
	Project pulumi.StringPtrInput
	// Service which will be enabled for audit logging.  The special value `allServices` covers all services.  Note that if there are google\_project\_iam\_audit\_config resources covering both `allServices` and a specific service then the union of the two AuditConfigs is used for that service: the `logTypes` specified in each `auditLogConfig` are enabled, and the `exemptedMembers` in each `auditLogConfig` are exempted.
	Service pulumi.StringPtrInput
}

func (IAMAuditConfigState) ElementType 

func (IAMAuditConfigState) ElementType() reflect.Type

type IAMBinding 

type IAMBinding struct {
	pulumi.CustomResourceState

	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMBindingConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the project's IAM policy.
	Etag    pulumi.StringOutput      `pulumi:"etag"`
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The project ID. If not specified for `projects.IAMBinding`, `projects.IAMMember`, or `projects.IAMAuditConfig`, uses the ID of the project configured with the provider.
	// Required for `projects.IAMPolicy` - you must explicitly set the project, and it
	// will not be inferred from the provider.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `projects.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:

* `projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached. * `projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved. * `projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved. * `projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.

> **Note:** `projects.IAMPolicy` **cannot** be used in conjunction with `projects.IAMBinding`, `projects.IAMMember`, or `projects.IAMAuditConfig` or they will fight over what your policy should be.

> **Note:** `projects.IAMPolicy` **cannot** be used in conjunction with `projects.IAMBinding`, `projects.IAMMember`, or `projects.IAMAuditConfig` or they will fight over what your policy should be.

> **Note:** `projects.IAMBinding` resources **can be** used in conjunction with `projects.IAMMember` resources **only if** they do not grant privilege to the same role.

> **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, 

IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.

## google\_project\_iam\_policy

> **Be careful!** You can accidentally lock yourself out of your project 

using this resource. Deleting a `projects.IAMPolicy` removes access
from anyone without organization-level access to the project. Proceed with caution.
It's not recommended to use `projects.IAMPolicy` with your provider project
to avoid locking yourself out, and it should generally only be used with projects
fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before
applying the change.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/editor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = projects.NewIAMPolicy(ctx, "project", &projects.IAMPolicyArgs{
			Project:    pulumi.String("your-project-id"),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Condition: organizations.GetIAMPolicyBindingCondition{
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
						Title:       "expires_after_2019_12_31",
					},
					Members: []string{
						"user:jane@example.com",
					},
					Role: "roles/compute.admin",
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = projects.NewIAMPolicy(ctx, "project", &projects.IAMPolicyArgs{
			PolicyData: pulumi.String(admin.PolicyData),
			Project:    pulumi.String("your-project-id"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_project\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMBinding(ctx, "project", &projects.IAMBindingArgs{
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Project: pulumi.String("your-project-id"),
			Role:    pulumi.String("roles/editor"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMBinding(ctx, "project", &projects.IAMBindingArgs{
			Condition: &projects.IAMBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Project: pulumi.String("your-project-id"),
			Role:    pulumi.String("roles/container.admin"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_project\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMMember(ctx, "project", &projects.IAMMemberArgs{
			Member:  pulumi.String("user:jane@example.com"),
			Project: pulumi.String("your-project-id"),
			Role:    pulumi.String("roles/editor"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMMember(ctx, "project", &projects.IAMMemberArgs{
			Condition: &projects.IAMMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Member:  pulumi.String("user:jane@example.com"),
			Project: pulumi.String("your-project-id"),
			Role:    pulumi.String("roles/firebase.admin"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_project\_iam\_audit\_config

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMAuditConfig(ctx, "project", &projects.IAMAuditConfigArgs{
			AuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{
				&projects.IAMAuditConfigAuditLogConfigArgs{
					LogType: pulumi.String("ADMIN_READ"),
				},
				&projects.IAMAuditConfigAuditLogConfigArgs{
					ExemptedMembers: pulumi.StringArray{
						pulumi.String("user:joebloggs@hashicorp.com"),
					},
					LogType: pulumi.String("DATA_READ"),
				},
			},
			Project: pulumi.String("your-project-id"),
			Service: pulumi.String("allServices"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

IAM member imports use space-delimited identifiers; the resource in question, the role, and the account.

This member resource can be imported using the `project_id`, role, and member e.g.

```sh 

$ pulumi import gcp:projects/iAMBinding:IAMBinding my_project "your-project-id roles/viewer user:foo@example.com"

``` 

IAM binding imports use space-delimited identifiers; the resource in question and the role.

This binding resource can be imported using the `project_id` and role, e.g.

```sh 

$ pulumi import gcp:projects/iAMBinding:IAMBinding my_project "your-project-id roles/viewer"

``` 

IAM policy imports use the identifier of the resource in question.

This policy resource can be imported using the `project_id`.

```sh 

$ pulumi import gcp:projects/iAMBinding:IAMBinding my_project your-project-id

``` 

IAM audit config imports use the identifier of the resource in question and the service, e.g.

```sh 

$ pulumi import gcp:projects/iAMBinding:IAMBinding my_project "your-project-id foo.googleapis.com"

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetIAMBinding 

func GetIAMBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMBindingState, opts ...pulumi.ResourceOption) (*IAMBinding, error)

GetIAMBinding gets an existing IAMBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMBinding 

func NewIAMBinding(ctx *pulumi.Context,
	name string, args *IAMBindingArgs, opts ...pulumi.ResourceOption) (*IAMBinding, error)

NewIAMBinding registers a new resource with the given unique name, arguments, and options.

func (*IAMBinding) ElementType added in v4.4.0 

func (*IAMBinding) ElementType() reflect.Type

func (*IAMBinding) ToIAMBindingOutput added in v4.4.0 

func (i *IAMBinding) ToIAMBindingOutput() IAMBindingOutput

func (*IAMBinding) ToIAMBindingOutputWithContext added in v4.4.0 

func (i *IAMBinding) ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput

type IAMBindingArgs 

type IAMBindingArgs struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMBindingConditionPtrInput
	Members   pulumi.StringArrayInput
	// The project ID. If not specified for `projects.IAMBinding`, `projects.IAMMember`, or `projects.IAMAuditConfig`, uses the ID of the project configured with the provider.
	// Required for `projects.IAMPolicy` - you must explicitly set the project, and it
	// will not be inferred from the provider.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `projects.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a IAMBinding resource.

func (IAMBindingArgs) ElementType 

func (IAMBindingArgs) ElementType() reflect.Type

type IAMBindingCondition 

type IAMBindingCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type IAMBindingConditionArgs 

type IAMBindingConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (IAMBindingConditionArgs) ElementType 

func (IAMBindingConditionArgs) ElementType() reflect.Type

func (IAMBindingConditionArgs) ToIAMBindingConditionOutput 

func (i IAMBindingConditionArgs) ToIAMBindingConditionOutput() IAMBindingConditionOutput

func (IAMBindingConditionArgs) ToIAMBindingConditionOutputWithContext 

func (i IAMBindingConditionArgs) ToIAMBindingConditionOutputWithContext(ctx context.Context) IAMBindingConditionOutput

func (IAMBindingConditionArgs) ToIAMBindingConditionPtrOutput 

func (i IAMBindingConditionArgs) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput

func (IAMBindingConditionArgs) ToIAMBindingConditionPtrOutputWithContext 

func (i IAMBindingConditionArgs) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput

type IAMBindingConditionInput 

type IAMBindingConditionInput interface {
	pulumi.Input

	ToIAMBindingConditionOutput() IAMBindingConditionOutput
	ToIAMBindingConditionOutputWithContext(context.Context) IAMBindingConditionOutput
}

IAMBindingConditionInput is an input type that accepts IAMBindingConditionArgs and IAMBindingConditionOutput values. You can construct a concrete instance of `IAMBindingConditionInput` via: 

IAMBindingConditionArgs{...}

type IAMBindingConditionOutput 

type IAMBindingConditionOutput struct{ *pulumi.OutputState }

func (IAMBindingConditionOutput) Description 

func (o IAMBindingConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (IAMBindingConditionOutput) ElementType 

func (IAMBindingConditionOutput) ElementType() reflect.Type

func (IAMBindingConditionOutput) Expression 

func (o IAMBindingConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (IAMBindingConditionOutput) Title 

func (o IAMBindingConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (IAMBindingConditionOutput) ToIAMBindingConditionOutput 

func (o IAMBindingConditionOutput) ToIAMBindingConditionOutput() IAMBindingConditionOutput

func (IAMBindingConditionOutput) ToIAMBindingConditionOutputWithContext 

func (o IAMBindingConditionOutput) ToIAMBindingConditionOutputWithContext(ctx context.Context) IAMBindingConditionOutput

func (IAMBindingConditionOutput) ToIAMBindingConditionPtrOutput 

func (o IAMBindingConditionOutput) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput

func (IAMBindingConditionOutput) ToIAMBindingConditionPtrOutputWithContext 

func (o IAMBindingConditionOutput) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput

type IAMBindingConditionPtrInput 

type IAMBindingConditionPtrInput interface {
	pulumi.Input

	ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput
	ToIAMBindingConditionPtrOutputWithContext(context.Context) IAMBindingConditionPtrOutput
}

IAMBindingConditionPtrInput is an input type that accepts IAMBindingConditionArgs, IAMBindingConditionPtr and IAMBindingConditionPtrOutput values. You can construct a concrete instance of `IAMBindingConditionPtrInput` via: 

        IAMBindingConditionArgs{...}

or:

        nil

func IAMBindingConditionPtr 

func IAMBindingConditionPtr(v *IAMBindingConditionArgs) IAMBindingConditionPtrInput

type IAMBindingConditionPtrOutput 

type IAMBindingConditionPtrOutput struct{ *pulumi.OutputState }

func (IAMBindingConditionPtrOutput) Description 

func (o IAMBindingConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (IAMBindingConditionPtrOutput) Elem 

func (o IAMBindingConditionPtrOutput) Elem() IAMBindingConditionOutput

func (IAMBindingConditionPtrOutput) ElementType 

func (IAMBindingConditionPtrOutput) ElementType() reflect.Type

func (IAMBindingConditionPtrOutput) Expression 

func (o IAMBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (IAMBindingConditionPtrOutput) Title 

func (o IAMBindingConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutput 

func (o IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput

func (IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutputWithContext 

func (o IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput

type IAMBindingInput added in v4.4.0 

type IAMBindingInput interface {
	pulumi.Input

	ToIAMBindingOutput() IAMBindingOutput
	ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput
}

type IAMBindingOutput added in v4.4.0 

type IAMBindingOutput struct {
	*pulumi.OutputState
}

func (IAMBindingOutput) ElementType added in v4.4.0 

func (IAMBindingOutput) ElementType() reflect.Type

func (IAMBindingOutput) ToIAMBindingOutput added in v4.4.0 

func (o IAMBindingOutput) ToIAMBindingOutput() IAMBindingOutput

func (IAMBindingOutput) ToIAMBindingOutputWithContext added in v4.4.0 

func (o IAMBindingOutput) ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput

type IAMBindingState 

type IAMBindingState struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMBindingConditionPtrInput
	// (Computed) The etag of the project's IAM policy.
	Etag    pulumi.StringPtrInput
	Members pulumi.StringArrayInput
	// The project ID. If not specified for `projects.IAMBinding`, `projects.IAMMember`, or `projects.IAMAuditConfig`, uses the ID of the project configured with the provider.
	// Required for `projects.IAMPolicy` - you must explicitly set the project, and it
	// will not be inferred from the provider.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `projects.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (IAMBindingState) ElementType 

func (IAMBindingState) ElementType() reflect.Type

type IAMCustomRole 

type IAMCustomRole struct {
	pulumi.CustomResourceState

	// (Optional) The current deleted state of the role.
	Deleted pulumi.BoolOutput `pulumi:"deleted"`
	// A human-readable description for the role.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The name of the role in the format `projects/{{project}}/roles/{{role_id}}`. Like `id`, this field can be used as a reference in other resources such as IAM role bindings.
	Name pulumi.StringOutput `pulumi:"name"`
	// The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.
	Permissions pulumi.StringArrayOutput `pulumi:"permissions"`
	// The project that the service account will be created in.
	// Defaults to the provider project configuration.
	Project pulumi.StringOutput `pulumi:"project"`
	// The camel case role id to use for this role. Cannot contain `-` characters.
	RoleId pulumi.StringOutput `pulumi:"roleId"`
	// The current launch stage of the role.
	// Defaults to `GA`.
	// List of possible stages is [here](https://cloud.google.com/iam/reference/rest/v1/organizations.roles#Role.RoleLaunchStage).
	Stage pulumi.StringPtrOutput `pulumi:"stage"`
	// A human-readable title for the role.
	Title pulumi.StringOutput `pulumi:"title"`
}

Allows management of a customized Cloud IAM project role. For more information see [the official documentation](https://cloud.google.com/iam/docs/understanding-custom-roles) and [API](https://cloud.google.com/iam/reference/rest/v1/projects.roles).

> **Warning:** Note that custom roles in GCP have the concept of a soft-delete. There are two issues that may arise 

from this and how roles are propagated. 1) creating a role may involve undeleting and then updating a role with the
same name, possibly causing confusing behavior between undelete and update. 2) A deleted role is permanently deleted
after 7 days, but it can take up to 30 more days (i.e. between 7 and 37 days after deletion) before the role name is
made available again. This means a deleted role that has been deleted for more than 7 days cannot be changed at all
by the provider, and new roles cannot share that name.

## Example Usage

This snippet creates a customized IAM role.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMCustomRole(ctx, "my_custom_role", &projects.IAMCustomRoleArgs{
			Description: pulumi.String("A description"),
			Permissions: pulumi.StringArray{
				pulumi.String("iam.roles.list"),
				pulumi.String("iam.roles.create"),
				pulumi.String("iam.roles.delete"),
			},
			RoleId: pulumi.String("myCustomRole"),
			Title:  pulumi.String("My Custom Role"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Custom Roles can be imported using any of these accepted formats

```sh 

$ pulumi import gcp:projects/iAMCustomRole:IAMCustomRole default projects/{{project}}/roles/{{role_id}}

```

```sh 

$ pulumi import gcp:projects/iAMCustomRole:IAMCustomRole default {{project}}/{{role_id}}

```

```sh 

$ pulumi import gcp:projects/iAMCustomRole:IAMCustomRole default {{role_id}}

```

func GetIAMCustomRole 

func GetIAMCustomRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMCustomRoleState, opts ...pulumi.ResourceOption) (*IAMCustomRole, error)

GetIAMCustomRole gets an existing IAMCustomRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMCustomRole 

func NewIAMCustomRole(ctx *pulumi.Context,
	name string, args *IAMCustomRoleArgs, opts ...pulumi.ResourceOption) (*IAMCustomRole, error)

NewIAMCustomRole registers a new resource with the given unique name, arguments, and options.

func (*IAMCustomRole) ElementType added in v4.4.0 

func (*IAMCustomRole) ElementType() reflect.Type

func (*IAMCustomRole) ToIAMCustomRoleOutput added in v4.4.0 

func (i *IAMCustomRole) ToIAMCustomRoleOutput() IAMCustomRoleOutput

func (*IAMCustomRole) ToIAMCustomRoleOutputWithContext added in v4.4.0 

func (i *IAMCustomRole) ToIAMCustomRoleOutputWithContext(ctx context.Context) IAMCustomRoleOutput

type IAMCustomRoleArgs 

type IAMCustomRoleArgs struct {
	// A human-readable description for the role.
	Description pulumi.StringPtrInput
	// The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.
	Permissions pulumi.StringArrayInput
	// The project that the service account will be created in.
	// Defaults to the provider project configuration.
	Project pulumi.StringPtrInput
	// The camel case role id to use for this role. Cannot contain `-` characters.
	RoleId pulumi.StringInput
	// The current launch stage of the role.
	// Defaults to `GA`.
	// List of possible stages is [here](https://cloud.google.com/iam/reference/rest/v1/organizations.roles#Role.RoleLaunchStage).
	Stage pulumi.StringPtrInput
	// A human-readable title for the role.
	Title pulumi.StringInput
}

The set of arguments for constructing a IAMCustomRole resource.

func (IAMCustomRoleArgs) ElementType 

func (IAMCustomRoleArgs) ElementType() reflect.Type

type IAMCustomRoleInput added in v4.4.0 

type IAMCustomRoleInput interface {
	pulumi.Input

	ToIAMCustomRoleOutput() IAMCustomRoleOutput
	ToIAMCustomRoleOutputWithContext(ctx context.Context) IAMCustomRoleOutput
}

type IAMCustomRoleOutput added in v4.4.0 

type IAMCustomRoleOutput struct {
	*pulumi.OutputState
}

func (IAMCustomRoleOutput) ElementType added in v4.4.0 

func (IAMCustomRoleOutput) ElementType() reflect.Type

func (IAMCustomRoleOutput) ToIAMCustomRoleOutput added in v4.4.0 

func (o IAMCustomRoleOutput) ToIAMCustomRoleOutput() IAMCustomRoleOutput

func (IAMCustomRoleOutput) ToIAMCustomRoleOutputWithContext added in v4.4.0 

func (o IAMCustomRoleOutput) ToIAMCustomRoleOutputWithContext(ctx context.Context) IAMCustomRoleOutput

type IAMCustomRoleState 

type IAMCustomRoleState struct {
	// (Optional) The current deleted state of the role.
	Deleted pulumi.BoolPtrInput
	// A human-readable description for the role.
	Description pulumi.StringPtrInput
	// The name of the role in the format `projects/{{project}}/roles/{{role_id}}`. Like `id`, this field can be used as a reference in other resources such as IAM role bindings.
	Name pulumi.StringPtrInput
	// The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.
	Permissions pulumi.StringArrayInput
	// The project that the service account will be created in.
	// Defaults to the provider project configuration.
	Project pulumi.StringPtrInput
	// The camel case role id to use for this role. Cannot contain `-` characters.
	RoleId pulumi.StringPtrInput
	// The current launch stage of the role.
	// Defaults to `GA`.
	// List of possible stages is [here](https://cloud.google.com/iam/reference/rest/v1/organizations.roles#Role.RoleLaunchStage).
	Stage pulumi.StringPtrInput
	// A human-readable title for the role.
	Title pulumi.StringPtrInput
}

func (IAMCustomRoleState) ElementType 

func (IAMCustomRoleState) ElementType() reflect.Type

type IAMMember 

type IAMMember struct {
	pulumi.CustomResourceState

	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMMemberConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the project's IAM policy.
	Etag   pulumi.StringOutput `pulumi:"etag"`
	Member pulumi.StringOutput `pulumi:"member"`
	// The project ID. If not specified for `projects.IAMBinding`, `projects.IAMMember`, or `projects.IAMAuditConfig`, uses the ID of the project configured with the provider.
	// Required for `projects.IAMPolicy` - you must explicitly set the project, and it
	// will not be inferred from the provider.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `projects.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:

* `projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached. * `projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved. * `projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved. * `projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.

> **Note:** `projects.IAMPolicy` **cannot** be used in conjunction with `projects.IAMBinding`, `projects.IAMMember`, or `projects.IAMAuditConfig` or they will fight over what your policy should be.

> **Note:** `projects.IAMPolicy` **cannot** be used in conjunction with `projects.IAMBinding`, `projects.IAMMember`, or `projects.IAMAuditConfig` or they will fight over what your policy should be.

> **Note:** `projects.IAMBinding` resources **can be** used in conjunction with `projects.IAMMember` resources **only if** they do not grant privilege to the same role.

> **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, 

IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.

## google\_project\_iam\_policy

> **Be careful!** You can accidentally lock yourself out of your project 

using this resource. Deleting a `projects.IAMPolicy` removes access
from anyone without organization-level access to the project. Proceed with caution.
It's not recommended to use `projects.IAMPolicy` with your provider project
to avoid locking yourself out, and it should generally only be used with projects
fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before
applying the change.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/editor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = projects.NewIAMPolicy(ctx, "project", &projects.IAMPolicyArgs{
			Project:    pulumi.String("your-project-id"),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Condition: organizations.GetIAMPolicyBindingCondition{
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
						Title:       "expires_after_2019_12_31",
					},
					Members: []string{
						"user:jane@example.com",
					},
					Role: "roles/compute.admin",
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = projects.NewIAMPolicy(ctx, "project", &projects.IAMPolicyArgs{
			PolicyData: pulumi.String(admin.PolicyData),
			Project:    pulumi.String("your-project-id"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_project\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMBinding(ctx, "project", &projects.IAMBindingArgs{
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Project: pulumi.String("your-project-id"),
			Role:    pulumi.String("roles/editor"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMBinding(ctx, "project", &projects.IAMBindingArgs{
			Condition: &projects.IAMBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Project: pulumi.String("your-project-id"),
			Role:    pulumi.String("roles/container.admin"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_project\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMMember(ctx, "project", &projects.IAMMemberArgs{
			Member:  pulumi.String("user:jane@example.com"),
			Project: pulumi.String("your-project-id"),
			Role:    pulumi.String("roles/editor"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMMember(ctx, "project", &projects.IAMMemberArgs{
			Condition: &projects.IAMMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Member:  pulumi.String("user:jane@example.com"),
			Project: pulumi.String("your-project-id"),
			Role:    pulumi.String("roles/firebase.admin"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_project\_iam\_audit\_config

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMAuditConfig(ctx, "project", &projects.IAMAuditConfigArgs{
			AuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{
				&projects.IAMAuditConfigAuditLogConfigArgs{
					LogType: pulumi.String("ADMIN_READ"),
				},
				&projects.IAMAuditConfigAuditLogConfigArgs{
					ExemptedMembers: pulumi.StringArray{
						pulumi.String("user:joebloggs@hashicorp.com"),
					},
					LogType: pulumi.String("DATA_READ"),
				},
			},
			Project: pulumi.String("your-project-id"),
			Service: pulumi.String("allServices"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

IAM member imports use space-delimited identifiers; the resource in question, the role, and the account.

This member resource can be imported using the `project_id`, role, and member e.g.

```sh 

$ pulumi import gcp:projects/iAMMember:IAMMember my_project "your-project-id roles/viewer user:foo@example.com"

``` 

IAM binding imports use space-delimited identifiers; the resource in question and the role.

This binding resource can be imported using the `project_id` and role, e.g.

```sh 

$ pulumi import gcp:projects/iAMMember:IAMMember my_project "your-project-id roles/viewer"

``` 

IAM policy imports use the identifier of the resource in question.

This policy resource can be imported using the `project_id`.

```sh 

$ pulumi import gcp:projects/iAMMember:IAMMember my_project your-project-id

``` 

IAM audit config imports use the identifier of the resource in question and the service, e.g.

```sh 

$ pulumi import gcp:projects/iAMMember:IAMMember my_project "your-project-id foo.googleapis.com"

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetIAMMember 

func GetIAMMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMMemberState, opts ...pulumi.ResourceOption) (*IAMMember, error)

GetIAMMember gets an existing IAMMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMMember 

func NewIAMMember(ctx *pulumi.Context,
	name string, args *IAMMemberArgs, opts ...pulumi.ResourceOption) (*IAMMember, error)

NewIAMMember registers a new resource with the given unique name, arguments, and options.

func (*IAMMember) ElementType added in v4.4.0 

func (*IAMMember) ElementType() reflect.Type

func (*IAMMember) ToIAMMemberOutput added in v4.4.0 

func (i *IAMMember) ToIAMMemberOutput() IAMMemberOutput

func (*IAMMember) ToIAMMemberOutputWithContext added in v4.4.0 

func (i *IAMMember) ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput

type IAMMemberArgs 

type IAMMemberArgs struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMMemberConditionPtrInput
	Member    pulumi.StringInput
	// The project ID. If not specified for `projects.IAMBinding`, `projects.IAMMember`, or `projects.IAMAuditConfig`, uses the ID of the project configured with the provider.
	// Required for `projects.IAMPolicy` - you must explicitly set the project, and it
	// will not be inferred from the provider.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `projects.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a IAMMember resource.

func (IAMMemberArgs) ElementType 

func (IAMMemberArgs) ElementType() reflect.Type

type IAMMemberCondition 

type IAMMemberCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type IAMMemberConditionArgs 

type IAMMemberConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (IAMMemberConditionArgs) ElementType 

func (IAMMemberConditionArgs) ElementType() reflect.Type

func (IAMMemberConditionArgs) ToIAMMemberConditionOutput 

func (i IAMMemberConditionArgs) ToIAMMemberConditionOutput() IAMMemberConditionOutput

func (IAMMemberConditionArgs) ToIAMMemberConditionOutputWithContext 

func (i IAMMemberConditionArgs) ToIAMMemberConditionOutputWithContext(ctx context.Context) IAMMemberConditionOutput

func (IAMMemberConditionArgs) ToIAMMemberConditionPtrOutput 

func (i IAMMemberConditionArgs) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput

func (IAMMemberConditionArgs) ToIAMMemberConditionPtrOutputWithContext 

func (i IAMMemberConditionArgs) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput

type IAMMemberConditionInput 

type IAMMemberConditionInput interface {
	pulumi.Input

	ToIAMMemberConditionOutput() IAMMemberConditionOutput
	ToIAMMemberConditionOutputWithContext(context.Context) IAMMemberConditionOutput
}

IAMMemberConditionInput is an input type that accepts IAMMemberConditionArgs and IAMMemberConditionOutput values. You can construct a concrete instance of `IAMMemberConditionInput` via: 

IAMMemberConditionArgs{...}

type IAMMemberConditionOutput 

type IAMMemberConditionOutput struct{ *pulumi.OutputState }

func (IAMMemberConditionOutput) Description 

func (o IAMMemberConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (IAMMemberConditionOutput) ElementType 

func (IAMMemberConditionOutput) ElementType() reflect.Type

func (IAMMemberConditionOutput) Expression 

func (o IAMMemberConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (IAMMemberConditionOutput) Title 

func (o IAMMemberConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (IAMMemberConditionOutput) ToIAMMemberConditionOutput 

func (o IAMMemberConditionOutput) ToIAMMemberConditionOutput() IAMMemberConditionOutput

func (IAMMemberConditionOutput) ToIAMMemberConditionOutputWithContext 

func (o IAMMemberConditionOutput) ToIAMMemberConditionOutputWithContext(ctx context.Context) IAMMemberConditionOutput

func (IAMMemberConditionOutput) ToIAMMemberConditionPtrOutput 

func (o IAMMemberConditionOutput) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput

func (IAMMemberConditionOutput) ToIAMMemberConditionPtrOutputWithContext 

func (o IAMMemberConditionOutput) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput

type IAMMemberConditionPtrInput 

type IAMMemberConditionPtrInput interface {
	pulumi.Input

	ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput
	ToIAMMemberConditionPtrOutputWithContext(context.Context) IAMMemberConditionPtrOutput
}

IAMMemberConditionPtrInput is an input type that accepts IAMMemberConditionArgs, IAMMemberConditionPtr and IAMMemberConditionPtrOutput values. You can construct a concrete instance of `IAMMemberConditionPtrInput` via: 

        IAMMemberConditionArgs{...}

or:

        nil

func IAMMemberConditionPtr 

func IAMMemberConditionPtr(v *IAMMemberConditionArgs) IAMMemberConditionPtrInput

type IAMMemberConditionPtrOutput 

type IAMMemberConditionPtrOutput struct{ *pulumi.OutputState }

func (IAMMemberConditionPtrOutput) Description 

func (o IAMMemberConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (IAMMemberConditionPtrOutput) Elem 

func (o IAMMemberConditionPtrOutput) Elem() IAMMemberConditionOutput

func (IAMMemberConditionPtrOutput) ElementType 

func (IAMMemberConditionPtrOutput) ElementType() reflect.Type

func (IAMMemberConditionPtrOutput) Expression 

func (o IAMMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (IAMMemberConditionPtrOutput) Title 

func (o IAMMemberConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutput 

func (o IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput

func (IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutputWithContext 

func (o IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput

type IAMMemberInput added in v4.4.0 

type IAMMemberInput interface {
	pulumi.Input

	ToIAMMemberOutput() IAMMemberOutput
	ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput
}

type IAMMemberOutput added in v4.4.0 

type IAMMemberOutput struct {
	*pulumi.OutputState
}

func (IAMMemberOutput) ElementType added in v4.4.0 

func (IAMMemberOutput) ElementType() reflect.Type

func (IAMMemberOutput) ToIAMMemberOutput added in v4.4.0 

func (o IAMMemberOutput) ToIAMMemberOutput() IAMMemberOutput

func (IAMMemberOutput) ToIAMMemberOutputWithContext added in v4.4.0 

func (o IAMMemberOutput) ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput

type IAMMemberState 

type IAMMemberState struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMMemberConditionPtrInput
	// (Computed) The etag of the project's IAM policy.
	Etag   pulumi.StringPtrInput
	Member pulumi.StringPtrInput
	// The project ID. If not specified for `projects.IAMBinding`, `projects.IAMMember`, or `projects.IAMAuditConfig`, uses the ID of the project configured with the provider.
	// Required for `projects.IAMPolicy` - you must explicitly set the project, and it
	// will not be inferred from the provider.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `projects.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (IAMMemberState) ElementType 

func (IAMMemberState) ElementType() reflect.Type

type IAMPolicy 

type IAMPolicy struct {
	pulumi.CustomResourceState

	// (Computed) The etag of the project's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The `organizations.getIAMPolicy` data source that represents
	// the IAM policy that will be applied to the project. The policy will be
	// merged with any existing policy applied to the project.
	PolicyData pulumi.StringOutput `pulumi:"policyData"`
	// The project ID. If not specified for `projects.IAMBinding`, `projects.IAMMember`, or `projects.IAMAuditConfig`, uses the ID of the project configured with the provider.
	// Required for `projects.IAMPolicy` - you must explicitly set the project, and it
	// will not be inferred from the provider.
	Project pulumi.StringOutput `pulumi:"project"`
}

Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:

* `projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached. * `projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved. * `projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved. * `projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.

> **Note:** `projects.IAMPolicy` **cannot** be used in conjunction with `projects.IAMBinding`, `projects.IAMMember`, or `projects.IAMAuditConfig` or they will fight over what your policy should be.

> **Note:** `projects.IAMPolicy` **cannot** be used in conjunction with `projects.IAMBinding`, `projects.IAMMember`, or `projects.IAMAuditConfig` or they will fight over what your policy should be.

> **Note:** `projects.IAMBinding` resources **can be** used in conjunction with `projects.IAMMember` resources **only if** they do not grant privilege to the same role.

> **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, 

IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.

## google\_project\_iam\_policy

> **Be careful!** You can accidentally lock yourself out of your project 

using this resource. Deleting a `projects.IAMPolicy` removes access
from anyone without organization-level access to the project. Proceed with caution.
It's not recommended to use `projects.IAMPolicy` with your provider project
to avoid locking yourself out, and it should generally only be used with projects
fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before
applying the change.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/editor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = projects.NewIAMPolicy(ctx, "project", &projects.IAMPolicyArgs{
			Project:    pulumi.String("your-project-id"),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Condition: organizations.GetIAMPolicyBindingCondition{
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
						Title:       "expires_after_2019_12_31",
					},
					Members: []string{
						"user:jane@example.com",
					},
					Role: "roles/compute.admin",
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = projects.NewIAMPolicy(ctx, "project", &projects.IAMPolicyArgs{
			PolicyData: pulumi.String(admin.PolicyData),
			Project:    pulumi.String("your-project-id"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_project\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMBinding(ctx, "project", &projects.IAMBindingArgs{
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Project: pulumi.String("your-project-id"),
			Role:    pulumi.String("roles/editor"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMBinding(ctx, "project", &projects.IAMBindingArgs{
			Condition: &projects.IAMBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Project: pulumi.String("your-project-id"),
			Role:    pulumi.String("roles/container.admin"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_project\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMMember(ctx, "project", &projects.IAMMemberArgs{
			Member:  pulumi.String("user:jane@example.com"),
			Project: pulumi.String("your-project-id"),
			Role:    pulumi.String("roles/editor"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMMember(ctx, "project", &projects.IAMMemberArgs{
			Condition: &projects.IAMMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Member:  pulumi.String("user:jane@example.com"),
			Project: pulumi.String("your-project-id"),
			Role:    pulumi.String("roles/firebase.admin"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_project\_iam\_audit\_config

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewIAMAuditConfig(ctx, "project", &projects.IAMAuditConfigArgs{
			AuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{
				&projects.IAMAuditConfigAuditLogConfigArgs{
					LogType: pulumi.String("ADMIN_READ"),
				},
				&projects.IAMAuditConfigAuditLogConfigArgs{
					ExemptedMembers: pulumi.StringArray{
						pulumi.String("user:joebloggs@hashicorp.com"),
					},
					LogType: pulumi.String("DATA_READ"),
				},
			},
			Project: pulumi.String("your-project-id"),
			Service: pulumi.String("allServices"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

IAM member imports use space-delimited identifiers; the resource in question, the role, and the account.

This member resource can be imported using the `project_id`, role, and member e.g.

```sh 

$ pulumi import gcp:projects/iAMPolicy:IAMPolicy my_project "your-project-id roles/viewer user:foo@example.com"

``` 

IAM binding imports use space-delimited identifiers; the resource in question and the role.

This binding resource can be imported using the `project_id` and role, e.g.

```sh 

$ pulumi import gcp:projects/iAMPolicy:IAMPolicy my_project "your-project-id roles/viewer"

``` 

IAM policy imports use the identifier of the resource in question.

This policy resource can be imported using the `project_id`.

```sh 

$ pulumi import gcp:projects/iAMPolicy:IAMPolicy my_project your-project-id

``` 

IAM audit config imports use the identifier of the resource in question and the service, e.g.

```sh 

$ pulumi import gcp:projects/iAMPolicy:IAMPolicy my_project "your-project-id foo.googleapis.com"

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetIAMPolicy 

func GetIAMPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMPolicyState, opts ...pulumi.ResourceOption) (*IAMPolicy, error)

GetIAMPolicy gets an existing IAMPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMPolicy 

func NewIAMPolicy(ctx *pulumi.Context,
	name string, args *IAMPolicyArgs, opts ...pulumi.ResourceOption) (*IAMPolicy, error)

NewIAMPolicy registers a new resource with the given unique name, arguments, and options.

func (*IAMPolicy) ElementType added in v4.4.0 

func (*IAMPolicy) ElementType() reflect.Type

func (*IAMPolicy) ToIAMPolicyOutput added in v4.4.0 

func (i *IAMPolicy) ToIAMPolicyOutput() IAMPolicyOutput

func (*IAMPolicy) ToIAMPolicyOutputWithContext added in v4.4.0 

func (i *IAMPolicy) ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput

type IAMPolicyArgs 

type IAMPolicyArgs struct {
	// The `organizations.getIAMPolicy` data source that represents
	// the IAM policy that will be applied to the project. The policy will be
	// merged with any existing policy applied to the project.
	PolicyData pulumi.StringInput
	// The project ID. If not specified for `projects.IAMBinding`, `projects.IAMMember`, or `projects.IAMAuditConfig`, uses the ID of the project configured with the provider.
	// Required for `projects.IAMPolicy` - you must explicitly set the project, and it
	// will not be inferred from the provider.
	Project pulumi.StringInput
}

The set of arguments for constructing a IAMPolicy resource.

func (IAMPolicyArgs) ElementType 

func (IAMPolicyArgs) ElementType() reflect.Type

type IAMPolicyInput added in v4.4.0 

type IAMPolicyInput interface {
	pulumi.Input

	ToIAMPolicyOutput() IAMPolicyOutput
	ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput
}

type IAMPolicyOutput added in v4.4.0 

type IAMPolicyOutput struct {
	*pulumi.OutputState
}

func (IAMPolicyOutput) ElementType added in v4.4.0 

func (IAMPolicyOutput) ElementType() reflect.Type

func (IAMPolicyOutput) ToIAMPolicyOutput added in v4.4.0 

func (o IAMPolicyOutput) ToIAMPolicyOutput() IAMPolicyOutput

func (IAMPolicyOutput) ToIAMPolicyOutputWithContext added in v4.4.0 

func (o IAMPolicyOutput) ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput

type IAMPolicyState 

type IAMPolicyState struct {
	// (Computed) The etag of the project's IAM policy.
	Etag pulumi.StringPtrInput
	// The `organizations.getIAMPolicy` data source that represents
	// the IAM policy that will be applied to the project. The policy will be
	// merged with any existing policy applied to the project.
	PolicyData pulumi.StringPtrInput
	// The project ID. If not specified for `projects.IAMBinding`, `projects.IAMMember`, or `projects.IAMAuditConfig`, uses the ID of the project configured with the provider.
	// Required for `projects.IAMPolicy` - you must explicitly set the project, and it
	// will not be inferred from the provider.
	Project pulumi.StringPtrInput
}

func (IAMPolicyState) ElementType 

func (IAMPolicyState) ElementType() reflect.Type

type LookupOrganizationPolicyArgs 

type LookupOrganizationPolicyArgs struct {
	// (Required) The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).
	Constraint string `pulumi:"constraint"`
	// The project ID.
	Project string `pulumi:"project"`
}

A collection of arguments for invoking getOrganizationPolicy.

type LookupOrganizationPolicyResult 

type LookupOrganizationPolicyResult struct {
	BooleanPolicies []GetOrganizationPolicyBooleanPolicy `pulumi:"booleanPolicies"`
	Constraint      string                               `pulumi:"constraint"`
	Etag            string                               `pulumi:"etag"`
	// The provider-assigned unique ID for this managed resource.
	Id              string                               `pulumi:"id"`
	ListPolicies    []GetOrganizationPolicyListPolicy    `pulumi:"listPolicies"`
	Project         string                               `pulumi:"project"`
	RestorePolicies []GetOrganizationPolicyRestorePolicy `pulumi:"restorePolicies"`
	UpdateTime      string                               `pulumi:"updateTime"`
	Version         int                                  `pulumi:"version"`
}

A collection of values returned by getOrganizationPolicy.

func LookupOrganizationPolicy 

func LookupOrganizationPolicy(ctx *pulumi.Context, args *LookupOrganizationPolicyArgs, opts ...pulumi.InvokeOption) (*LookupOrganizationPolicyResult, error)

Allows management of Organization policies for a Google Project. For more information see [the official documentation](https://cloud.google.com/resource-manager/docs/organization-policy/overview)

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		policy, err := projects.LookupOrganizationPolicy(ctx, &projects.LookupOrganizationPolicyArgs{
			Project:    "project-id",
			Constraint: "constraints/serviceuser.services",
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("version", policy.Version)
		return nil
	})
}

```

type OrganizationPolicy 

type OrganizationPolicy struct {
	pulumi.CustomResourceState

	// A boolean policy is a constraint that is either enforced or not. Structure is documented below.
	BooleanPolicy OrganizationPolicyBooleanPolicyPtrOutput `pulumi:"booleanPolicy"`
	// The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).
	Constraint pulumi.StringOutput `pulumi:"constraint"`
	// (Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
	ListPolicy OrganizationPolicyListPolicyPtrOutput `pulumi:"listPolicy"`
	// The project id of the project to set the policy for.
	Project pulumi.StringOutput `pulumi:"project"`
	// A restore policy is a constraint to restore the default policy. Structure is documented below.
	RestorePolicy OrganizationPolicyRestorePolicyPtrOutput `pulumi:"restorePolicy"`
	// (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
	UpdateTime pulumi.StringOutput `pulumi:"updateTime"`
	// Version of the Policy. Default version is 0.
	Version pulumi.IntOutput `pulumi:"version"`
}

Allows management of Organization policies for a Google Project. For more information see [the official documentation](https://cloud.google.com/resource-manager/docs/organization-policy/overview) and [API](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setOrgPolicy).

## Example Usage

To set policy with a [boolean constraint](https://cloud.google.com/resource-manager/docs/organization-policy/quickstart-boolean-constraints):

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewOrganizationPolicy(ctx, "serialPortPolicy", &projects.OrganizationPolicyArgs{
			BooleanPolicy: &projects.OrganizationPolicyBooleanPolicyArgs{
				Enforced: pulumi.Bool(true),
			},
			Constraint: pulumi.String("compute.disableSerialPortAccess"),
			Project:    pulumi.String("your-project-id"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

To set a policy with a [list constraint](https://cloud.google.com/resource-manager/docs/organization-policy/quickstart-list-constraints):

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewOrganizationPolicy(ctx, "servicesPolicy", &projects.OrganizationPolicyArgs{
			Constraint: pulumi.String("serviceuser.services"),
			ListPolicy: &projects.OrganizationPolicyListPolicyArgs{
				Allow: &projects.OrganizationPolicyListPolicyAllowArgs{
					All: pulumi.Bool(true),
				},
			},
			Project: pulumi.String("your-project-id"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

Or to deny some services, use the following instead:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewOrganizationPolicy(ctx, "servicesPolicy", &projects.OrganizationPolicyArgs{
			Constraint: pulumi.String("serviceuser.services"),
			ListPolicy: &projects.OrganizationPolicyListPolicyArgs{
				Deny: &projects.OrganizationPolicyListPolicyDenyArgs{
					Values: pulumi.StringArray{
						pulumi.String("cloudresourcemanager.googleapis.com"),
					},
				},
				SuggestedValue: pulumi.String("compute.googleapis.com"),
			},
			Project: pulumi.String("your-project-id"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

To restore the default project organization policy, use the following instead:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewOrganizationPolicy(ctx, "servicesPolicy", &projects.OrganizationPolicyArgs{
			Constraint: pulumi.String("serviceuser.services"),
			Project:    pulumi.String("your-project-id"),
			RestorePolicy: &projects.OrganizationPolicyRestorePolicyArgs{
				Default: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Project organization policies can be imported using any of the follow formats

```sh 

$ pulumi import gcp:projects/organizationPolicy:OrganizationPolicy policy projects/test-project:constraints/serviceuser.services

```

```sh 

$ pulumi import gcp:projects/organizationPolicy:OrganizationPolicy policy test-project:constraints/serviceuser.services

```

```sh 

$ pulumi import gcp:projects/organizationPolicy:OrganizationPolicy policy test-project:serviceuser.services

```

func GetOrganizationPolicy 

func GetOrganizationPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *OrganizationPolicyState, opts ...pulumi.ResourceOption) (*OrganizationPolicy, error)

GetOrganizationPolicy gets an existing OrganizationPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewOrganizationPolicy 

func NewOrganizationPolicy(ctx *pulumi.Context,
	name string, args *OrganizationPolicyArgs, opts ...pulumi.ResourceOption) (*OrganizationPolicy, error)

NewOrganizationPolicy registers a new resource with the given unique name, arguments, and options.

func (*OrganizationPolicy) ElementType added in v4.4.0 

func (*OrganizationPolicy) ElementType() reflect.Type

func (*OrganizationPolicy) ToOrganizationPolicyOutput added in v4.4.0 

func (i *OrganizationPolicy) ToOrganizationPolicyOutput() OrganizationPolicyOutput

func (*OrganizationPolicy) ToOrganizationPolicyOutputWithContext added in v4.4.0 

func (i *OrganizationPolicy) ToOrganizationPolicyOutputWithContext(ctx context.Context) OrganizationPolicyOutput

type OrganizationPolicyArgs 

type OrganizationPolicyArgs struct {
	// A boolean policy is a constraint that is either enforced or not. Structure is documented below.
	BooleanPolicy OrganizationPolicyBooleanPolicyPtrInput
	// The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).
	Constraint pulumi.StringInput
	// A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
	ListPolicy OrganizationPolicyListPolicyPtrInput
	// The project id of the project to set the policy for.
	Project pulumi.StringInput
	// A restore policy is a constraint to restore the default policy. Structure is documented below.
	RestorePolicy OrganizationPolicyRestorePolicyPtrInput
	// Version of the Policy. Default version is 0.
	Version pulumi.IntPtrInput
}

The set of arguments for constructing a OrganizationPolicy resource.

func (OrganizationPolicyArgs) ElementType 

func (OrganizationPolicyArgs) ElementType() reflect.Type

type OrganizationPolicyBooleanPolicy 

type OrganizationPolicyBooleanPolicy struct {
	// If true, then the Policy is enforced. If false, then any configuration is acceptable.
	Enforced bool `pulumi:"enforced"`
}

type OrganizationPolicyBooleanPolicyArgs 

type OrganizationPolicyBooleanPolicyArgs struct {
	// If true, then the Policy is enforced. If false, then any configuration is acceptable.
	Enforced pulumi.BoolInput `pulumi:"enforced"`
}

func (OrganizationPolicyBooleanPolicyArgs) ElementType 

func (OrganizationPolicyBooleanPolicyArgs) ElementType() reflect.Type

func (OrganizationPolicyBooleanPolicyArgs) ToOrganizationPolicyBooleanPolicyOutput 

func (i OrganizationPolicyBooleanPolicyArgs) ToOrganizationPolicyBooleanPolicyOutput() OrganizationPolicyBooleanPolicyOutput

func (OrganizationPolicyBooleanPolicyArgs) ToOrganizationPolicyBooleanPolicyOutputWithContext 

func (i OrganizationPolicyBooleanPolicyArgs) ToOrganizationPolicyBooleanPolicyOutputWithContext(ctx context.Context) OrganizationPolicyBooleanPolicyOutput

func (OrganizationPolicyBooleanPolicyArgs) ToOrganizationPolicyBooleanPolicyPtrOutput 

func (i OrganizationPolicyBooleanPolicyArgs) ToOrganizationPolicyBooleanPolicyPtrOutput() OrganizationPolicyBooleanPolicyPtrOutput

func (OrganizationPolicyBooleanPolicyArgs) ToOrganizationPolicyBooleanPolicyPtrOutputWithContext 

func (i OrganizationPolicyBooleanPolicyArgs) ToOrganizationPolicyBooleanPolicyPtrOutputWithContext(ctx context.Context) OrganizationPolicyBooleanPolicyPtrOutput

type OrganizationPolicyBooleanPolicyInput 

type OrganizationPolicyBooleanPolicyInput interface {
	pulumi.Input

	ToOrganizationPolicyBooleanPolicyOutput() OrganizationPolicyBooleanPolicyOutput
	ToOrganizationPolicyBooleanPolicyOutputWithContext(context.Context) OrganizationPolicyBooleanPolicyOutput
}

OrganizationPolicyBooleanPolicyInput is an input type that accepts OrganizationPolicyBooleanPolicyArgs and OrganizationPolicyBooleanPolicyOutput values. You can construct a concrete instance of `OrganizationPolicyBooleanPolicyInput` via: 

OrganizationPolicyBooleanPolicyArgs{...}

type OrganizationPolicyBooleanPolicyOutput 

type OrganizationPolicyBooleanPolicyOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyBooleanPolicyOutput) ElementType 

func (OrganizationPolicyBooleanPolicyOutput) ElementType() reflect.Type

func (OrganizationPolicyBooleanPolicyOutput) Enforced 

func (o OrganizationPolicyBooleanPolicyOutput) Enforced() pulumi.BoolOutput

If true, then the Policy is enforced. If false, then any configuration is acceptable.

func (OrganizationPolicyBooleanPolicyOutput) ToOrganizationPolicyBooleanPolicyOutput 

func (o OrganizationPolicyBooleanPolicyOutput) ToOrganizationPolicyBooleanPolicyOutput() OrganizationPolicyBooleanPolicyOutput

func (OrganizationPolicyBooleanPolicyOutput) ToOrganizationPolicyBooleanPolicyOutputWithContext 

func (o OrganizationPolicyBooleanPolicyOutput) ToOrganizationPolicyBooleanPolicyOutputWithContext(ctx context.Context) OrganizationPolicyBooleanPolicyOutput

func (OrganizationPolicyBooleanPolicyOutput) ToOrganizationPolicyBooleanPolicyPtrOutput 

func (o OrganizationPolicyBooleanPolicyOutput) ToOrganizationPolicyBooleanPolicyPtrOutput() OrganizationPolicyBooleanPolicyPtrOutput

func (OrganizationPolicyBooleanPolicyOutput) ToOrganizationPolicyBooleanPolicyPtrOutputWithContext 

func (o OrganizationPolicyBooleanPolicyOutput) ToOrganizationPolicyBooleanPolicyPtrOutputWithContext(ctx context.Context) OrganizationPolicyBooleanPolicyPtrOutput

type OrganizationPolicyBooleanPolicyPtrInput 

type OrganizationPolicyBooleanPolicyPtrInput interface {
	pulumi.Input

	ToOrganizationPolicyBooleanPolicyPtrOutput() OrganizationPolicyBooleanPolicyPtrOutput
	ToOrganizationPolicyBooleanPolicyPtrOutputWithContext(context.Context) OrganizationPolicyBooleanPolicyPtrOutput
}

OrganizationPolicyBooleanPolicyPtrInput is an input type that accepts OrganizationPolicyBooleanPolicyArgs, OrganizationPolicyBooleanPolicyPtr and OrganizationPolicyBooleanPolicyPtrOutput values. You can construct a concrete instance of `OrganizationPolicyBooleanPolicyPtrInput` via: 

        OrganizationPolicyBooleanPolicyArgs{...}

or:

        nil

func OrganizationPolicyBooleanPolicyPtr 

func OrganizationPolicyBooleanPolicyPtr(v *OrganizationPolicyBooleanPolicyArgs) OrganizationPolicyBooleanPolicyPtrInput

type OrganizationPolicyBooleanPolicyPtrOutput 

type OrganizationPolicyBooleanPolicyPtrOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyBooleanPolicyPtrOutput) Elem 

func (o OrganizationPolicyBooleanPolicyPtrOutput) Elem() OrganizationPolicyBooleanPolicyOutput

func (OrganizationPolicyBooleanPolicyPtrOutput) ElementType 

func (OrganizationPolicyBooleanPolicyPtrOutput) ElementType() reflect.Type

func (OrganizationPolicyBooleanPolicyPtrOutput) Enforced 

func (o OrganizationPolicyBooleanPolicyPtrOutput) Enforced() pulumi.BoolPtrOutput

If true, then the Policy is enforced. If false, then any configuration is acceptable.

func (OrganizationPolicyBooleanPolicyPtrOutput) ToOrganizationPolicyBooleanPolicyPtrOutput 

func (o OrganizationPolicyBooleanPolicyPtrOutput) ToOrganizationPolicyBooleanPolicyPtrOutput() OrganizationPolicyBooleanPolicyPtrOutput

func (OrganizationPolicyBooleanPolicyPtrOutput) ToOrganizationPolicyBooleanPolicyPtrOutputWithContext 

func (o OrganizationPolicyBooleanPolicyPtrOutput) ToOrganizationPolicyBooleanPolicyPtrOutputWithContext(ctx context.Context) OrganizationPolicyBooleanPolicyPtrOutput

type OrganizationPolicyInput added in v4.4.0 

type OrganizationPolicyInput interface {
	pulumi.Input

	ToOrganizationPolicyOutput() OrganizationPolicyOutput
	ToOrganizationPolicyOutputWithContext(ctx context.Context) OrganizationPolicyOutput
}

type OrganizationPolicyListPolicy 

type OrganizationPolicyListPolicy struct {
	// or `deny` - (Optional) One or the other must be set.
	Allow *OrganizationPolicyListPolicyAllow `pulumi:"allow"`
	Deny  *OrganizationPolicyListPolicyDeny  `pulumi:"deny"`
	// If set to true, the values from the effective Policy of the parent resource
	// are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
	InheritFromParent *bool `pulumi:"inheritFromParent"`
	// The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
	SuggestedValue *string `pulumi:"suggestedValue"`
}

type OrganizationPolicyListPolicyAllow 

type OrganizationPolicyListPolicyAllow struct {
	// The policy allows or denies all values.
	All *bool `pulumi:"all"`
	// The policy can define specific values that are allowed or denied.
	Values []string `pulumi:"values"`
}

type OrganizationPolicyListPolicyAllowArgs 

type OrganizationPolicyListPolicyAllowArgs struct {
	// The policy allows or denies all values.
	All pulumi.BoolPtrInput `pulumi:"all"`
	// The policy can define specific values that are allowed or denied.
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (OrganizationPolicyListPolicyAllowArgs) ElementType 

func (OrganizationPolicyListPolicyAllowArgs) ElementType() reflect.Type

func (OrganizationPolicyListPolicyAllowArgs) ToOrganizationPolicyListPolicyAllowOutput 

func (i OrganizationPolicyListPolicyAllowArgs) ToOrganizationPolicyListPolicyAllowOutput() OrganizationPolicyListPolicyAllowOutput

func (OrganizationPolicyListPolicyAllowArgs) ToOrganizationPolicyListPolicyAllowOutputWithContext 

func (i OrganizationPolicyListPolicyAllowArgs) ToOrganizationPolicyListPolicyAllowOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyAllowOutput

func (OrganizationPolicyListPolicyAllowArgs) ToOrganizationPolicyListPolicyAllowPtrOutput 

func (i OrganizationPolicyListPolicyAllowArgs) ToOrganizationPolicyListPolicyAllowPtrOutput() OrganizationPolicyListPolicyAllowPtrOutput

func (OrganizationPolicyListPolicyAllowArgs) ToOrganizationPolicyListPolicyAllowPtrOutputWithContext 

func (i OrganizationPolicyListPolicyAllowArgs) ToOrganizationPolicyListPolicyAllowPtrOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyAllowPtrOutput

type OrganizationPolicyListPolicyAllowInput 

type OrganizationPolicyListPolicyAllowInput interface {
	pulumi.Input

	ToOrganizationPolicyListPolicyAllowOutput() OrganizationPolicyListPolicyAllowOutput
	ToOrganizationPolicyListPolicyAllowOutputWithContext(context.Context) OrganizationPolicyListPolicyAllowOutput
}

OrganizationPolicyListPolicyAllowInput is an input type that accepts OrganizationPolicyListPolicyAllowArgs and OrganizationPolicyListPolicyAllowOutput values. You can construct a concrete instance of `OrganizationPolicyListPolicyAllowInput` via: 

OrganizationPolicyListPolicyAllowArgs{...}

type OrganizationPolicyListPolicyAllowOutput 

type OrganizationPolicyListPolicyAllowOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyListPolicyAllowOutput) All 

func (o OrganizationPolicyListPolicyAllowOutput) All() pulumi.BoolPtrOutput

The policy allows or denies all values.

func (OrganizationPolicyListPolicyAllowOutput) ElementType 

func (OrganizationPolicyListPolicyAllowOutput) ElementType() reflect.Type

func (OrganizationPolicyListPolicyAllowOutput) ToOrganizationPolicyListPolicyAllowOutput 

func (o OrganizationPolicyListPolicyAllowOutput) ToOrganizationPolicyListPolicyAllowOutput() OrganizationPolicyListPolicyAllowOutput

func (OrganizationPolicyListPolicyAllowOutput) ToOrganizationPolicyListPolicyAllowOutputWithContext 

func (o OrganizationPolicyListPolicyAllowOutput) ToOrganizationPolicyListPolicyAllowOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyAllowOutput

func (OrganizationPolicyListPolicyAllowOutput) ToOrganizationPolicyListPolicyAllowPtrOutput 

func (o OrganizationPolicyListPolicyAllowOutput) ToOrganizationPolicyListPolicyAllowPtrOutput() OrganizationPolicyListPolicyAllowPtrOutput

func (OrganizationPolicyListPolicyAllowOutput) ToOrganizationPolicyListPolicyAllowPtrOutputWithContext 

func (o OrganizationPolicyListPolicyAllowOutput) ToOrganizationPolicyListPolicyAllowPtrOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyAllowPtrOutput

func (OrganizationPolicyListPolicyAllowOutput) Values 

func (o OrganizationPolicyListPolicyAllowOutput) Values() pulumi.StringArrayOutput

The policy can define specific values that are allowed or denied.

type OrganizationPolicyListPolicyAllowPtrInput 

type OrganizationPolicyListPolicyAllowPtrInput interface {
	pulumi.Input

	ToOrganizationPolicyListPolicyAllowPtrOutput() OrganizationPolicyListPolicyAllowPtrOutput
	ToOrganizationPolicyListPolicyAllowPtrOutputWithContext(context.Context) OrganizationPolicyListPolicyAllowPtrOutput
}

OrganizationPolicyListPolicyAllowPtrInput is an input type that accepts OrganizationPolicyListPolicyAllowArgs, OrganizationPolicyListPolicyAllowPtr and OrganizationPolicyListPolicyAllowPtrOutput values. You can construct a concrete instance of `OrganizationPolicyListPolicyAllowPtrInput` via: 

        OrganizationPolicyListPolicyAllowArgs{...}

or:

        nil

func OrganizationPolicyListPolicyAllowPtr 

func OrganizationPolicyListPolicyAllowPtr(v *OrganizationPolicyListPolicyAllowArgs) OrganizationPolicyListPolicyAllowPtrInput

type OrganizationPolicyListPolicyAllowPtrOutput 

type OrganizationPolicyListPolicyAllowPtrOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyListPolicyAllowPtrOutput) All 

func (o OrganizationPolicyListPolicyAllowPtrOutput) All() pulumi.BoolPtrOutput

The policy allows or denies all values.

func (OrganizationPolicyListPolicyAllowPtrOutput) Elem 

func (o OrganizationPolicyListPolicyAllowPtrOutput) Elem() OrganizationPolicyListPolicyAllowOutput

func (OrganizationPolicyListPolicyAllowPtrOutput) ElementType 

func (OrganizationPolicyListPolicyAllowPtrOutput) ElementType() reflect.Type

func (OrganizationPolicyListPolicyAllowPtrOutput) ToOrganizationPolicyListPolicyAllowPtrOutput 

func (o OrganizationPolicyListPolicyAllowPtrOutput) ToOrganizationPolicyListPolicyAllowPtrOutput() OrganizationPolicyListPolicyAllowPtrOutput

func (OrganizationPolicyListPolicyAllowPtrOutput) ToOrganizationPolicyListPolicyAllowPtrOutputWithContext 

func (o OrganizationPolicyListPolicyAllowPtrOutput) ToOrganizationPolicyListPolicyAllowPtrOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyAllowPtrOutput

func (OrganizationPolicyListPolicyAllowPtrOutput) Values 

func (o OrganizationPolicyListPolicyAllowPtrOutput) Values() pulumi.StringArrayOutput

The policy can define specific values that are allowed or denied.

type OrganizationPolicyListPolicyArgs 

type OrganizationPolicyListPolicyArgs struct {
	// or `deny` - (Optional) One or the other must be set.
	Allow OrganizationPolicyListPolicyAllowPtrInput `pulumi:"allow"`
	Deny  OrganizationPolicyListPolicyDenyPtrInput  `pulumi:"deny"`
	// If set to true, the values from the effective Policy of the parent resource
	// are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
	InheritFromParent pulumi.BoolPtrInput `pulumi:"inheritFromParent"`
	// The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
	SuggestedValue pulumi.StringPtrInput `pulumi:"suggestedValue"`
}

func (OrganizationPolicyListPolicyArgs) ElementType 

func (OrganizationPolicyListPolicyArgs) ElementType() reflect.Type

func (OrganizationPolicyListPolicyArgs) ToOrganizationPolicyListPolicyOutput 

func (i OrganizationPolicyListPolicyArgs) ToOrganizationPolicyListPolicyOutput() OrganizationPolicyListPolicyOutput

func (OrganizationPolicyListPolicyArgs) ToOrganizationPolicyListPolicyOutputWithContext 

func (i OrganizationPolicyListPolicyArgs) ToOrganizationPolicyListPolicyOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyOutput

func (OrganizationPolicyListPolicyArgs) ToOrganizationPolicyListPolicyPtrOutput 

func (i OrganizationPolicyListPolicyArgs) ToOrganizationPolicyListPolicyPtrOutput() OrganizationPolicyListPolicyPtrOutput

func (OrganizationPolicyListPolicyArgs) ToOrganizationPolicyListPolicyPtrOutputWithContext 

func (i OrganizationPolicyListPolicyArgs) ToOrganizationPolicyListPolicyPtrOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyPtrOutput

type OrganizationPolicyListPolicyDeny 

type OrganizationPolicyListPolicyDeny struct {
	// The policy allows or denies all values.
	All *bool `pulumi:"all"`
	// The policy can define specific values that are allowed or denied.
	Values []string `pulumi:"values"`
}

type OrganizationPolicyListPolicyDenyArgs 

type OrganizationPolicyListPolicyDenyArgs struct {
	// The policy allows or denies all values.
	All pulumi.BoolPtrInput `pulumi:"all"`
	// The policy can define specific values that are allowed or denied.
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (OrganizationPolicyListPolicyDenyArgs) ElementType 

func (OrganizationPolicyListPolicyDenyArgs) ElementType() reflect.Type

func (OrganizationPolicyListPolicyDenyArgs) ToOrganizationPolicyListPolicyDenyOutput 

func (i OrganizationPolicyListPolicyDenyArgs) ToOrganizationPolicyListPolicyDenyOutput() OrganizationPolicyListPolicyDenyOutput

func (OrganizationPolicyListPolicyDenyArgs) ToOrganizationPolicyListPolicyDenyOutputWithContext 

func (i OrganizationPolicyListPolicyDenyArgs) ToOrganizationPolicyListPolicyDenyOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyDenyOutput

func (OrganizationPolicyListPolicyDenyArgs) ToOrganizationPolicyListPolicyDenyPtrOutput 

func (i OrganizationPolicyListPolicyDenyArgs) ToOrganizationPolicyListPolicyDenyPtrOutput() OrganizationPolicyListPolicyDenyPtrOutput

func (OrganizationPolicyListPolicyDenyArgs) ToOrganizationPolicyListPolicyDenyPtrOutputWithContext 

func (i OrganizationPolicyListPolicyDenyArgs) ToOrganizationPolicyListPolicyDenyPtrOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyDenyPtrOutput

type OrganizationPolicyListPolicyDenyInput 

type OrganizationPolicyListPolicyDenyInput interface {
	pulumi.Input

	ToOrganizationPolicyListPolicyDenyOutput() OrganizationPolicyListPolicyDenyOutput
	ToOrganizationPolicyListPolicyDenyOutputWithContext(context.Context) OrganizationPolicyListPolicyDenyOutput
}

OrganizationPolicyListPolicyDenyInput is an input type that accepts OrganizationPolicyListPolicyDenyArgs and OrganizationPolicyListPolicyDenyOutput values. You can construct a concrete instance of `OrganizationPolicyListPolicyDenyInput` via: 

OrganizationPolicyListPolicyDenyArgs{...}

type OrganizationPolicyListPolicyDenyOutput 

type OrganizationPolicyListPolicyDenyOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyListPolicyDenyOutput) All 

func (o OrganizationPolicyListPolicyDenyOutput) All() pulumi.BoolPtrOutput

The policy allows or denies all values.

func (OrganizationPolicyListPolicyDenyOutput) ElementType 

func (OrganizationPolicyListPolicyDenyOutput) ElementType() reflect.Type

func (OrganizationPolicyListPolicyDenyOutput) ToOrganizationPolicyListPolicyDenyOutput 

func (o OrganizationPolicyListPolicyDenyOutput) ToOrganizationPolicyListPolicyDenyOutput() OrganizationPolicyListPolicyDenyOutput

func (OrganizationPolicyListPolicyDenyOutput) ToOrganizationPolicyListPolicyDenyOutputWithContext 

func (o OrganizationPolicyListPolicyDenyOutput) ToOrganizationPolicyListPolicyDenyOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyDenyOutput

func (OrganizationPolicyListPolicyDenyOutput) ToOrganizationPolicyListPolicyDenyPtrOutput 

func (o OrganizationPolicyListPolicyDenyOutput) ToOrganizationPolicyListPolicyDenyPtrOutput() OrganizationPolicyListPolicyDenyPtrOutput

func (OrganizationPolicyListPolicyDenyOutput) ToOrganizationPolicyListPolicyDenyPtrOutputWithContext 

func (o OrganizationPolicyListPolicyDenyOutput) ToOrganizationPolicyListPolicyDenyPtrOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyDenyPtrOutput

func (OrganizationPolicyListPolicyDenyOutput) Values 

func (o OrganizationPolicyListPolicyDenyOutput) Values() pulumi.StringArrayOutput

The policy can define specific values that are allowed or denied.

type OrganizationPolicyListPolicyDenyPtrInput 

type OrganizationPolicyListPolicyDenyPtrInput interface {
	pulumi.Input

	ToOrganizationPolicyListPolicyDenyPtrOutput() OrganizationPolicyListPolicyDenyPtrOutput
	ToOrganizationPolicyListPolicyDenyPtrOutputWithContext(context.Context) OrganizationPolicyListPolicyDenyPtrOutput
}

OrganizationPolicyListPolicyDenyPtrInput is an input type that accepts OrganizationPolicyListPolicyDenyArgs, OrganizationPolicyListPolicyDenyPtr and OrganizationPolicyListPolicyDenyPtrOutput values. You can construct a concrete instance of `OrganizationPolicyListPolicyDenyPtrInput` via: 

        OrganizationPolicyListPolicyDenyArgs{...}

or:

        nil

func OrganizationPolicyListPolicyDenyPtr 

func OrganizationPolicyListPolicyDenyPtr(v *OrganizationPolicyListPolicyDenyArgs) OrganizationPolicyListPolicyDenyPtrInput

type OrganizationPolicyListPolicyDenyPtrOutput 

type OrganizationPolicyListPolicyDenyPtrOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyListPolicyDenyPtrOutput) All 

func (o OrganizationPolicyListPolicyDenyPtrOutput) All() pulumi.BoolPtrOutput

The policy allows or denies all values.

func (OrganizationPolicyListPolicyDenyPtrOutput) Elem 

func (o OrganizationPolicyListPolicyDenyPtrOutput) Elem() OrganizationPolicyListPolicyDenyOutput

func (OrganizationPolicyListPolicyDenyPtrOutput) ElementType 

func (OrganizationPolicyListPolicyDenyPtrOutput) ElementType() reflect.Type

func (OrganizationPolicyListPolicyDenyPtrOutput) ToOrganizationPolicyListPolicyDenyPtrOutput 

func (o OrganizationPolicyListPolicyDenyPtrOutput) ToOrganizationPolicyListPolicyDenyPtrOutput() OrganizationPolicyListPolicyDenyPtrOutput

func (OrganizationPolicyListPolicyDenyPtrOutput) ToOrganizationPolicyListPolicyDenyPtrOutputWithContext 

func (o OrganizationPolicyListPolicyDenyPtrOutput) ToOrganizationPolicyListPolicyDenyPtrOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyDenyPtrOutput

func (OrganizationPolicyListPolicyDenyPtrOutput) Values 

func (o OrganizationPolicyListPolicyDenyPtrOutput) Values() pulumi.StringArrayOutput

The policy can define specific values that are allowed or denied.

type OrganizationPolicyListPolicyInput 

type OrganizationPolicyListPolicyInput interface {
	pulumi.Input

	ToOrganizationPolicyListPolicyOutput() OrganizationPolicyListPolicyOutput
	ToOrganizationPolicyListPolicyOutputWithContext(context.Context) OrganizationPolicyListPolicyOutput
}

OrganizationPolicyListPolicyInput is an input type that accepts OrganizationPolicyListPolicyArgs and OrganizationPolicyListPolicyOutput values. You can construct a concrete instance of `OrganizationPolicyListPolicyInput` via: 

OrganizationPolicyListPolicyArgs{...}

type OrganizationPolicyListPolicyOutput 

type OrganizationPolicyListPolicyOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyListPolicyOutput) Allow 

func (o OrganizationPolicyListPolicyOutput) Allow() OrganizationPolicyListPolicyAllowPtrOutput

or `deny` - (Optional) One or the other must be set.

func (OrganizationPolicyListPolicyOutput) Deny 

func (o OrganizationPolicyListPolicyOutput) Deny() OrganizationPolicyListPolicyDenyPtrOutput

func (OrganizationPolicyListPolicyOutput) ElementType 

func (OrganizationPolicyListPolicyOutput) ElementType() reflect.Type

func (OrganizationPolicyListPolicyOutput) InheritFromParent 

func (o OrganizationPolicyListPolicyOutput) InheritFromParent() pulumi.BoolPtrOutput

If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.

func (OrganizationPolicyListPolicyOutput) SuggestedValue 

func (o OrganizationPolicyListPolicyOutput) SuggestedValue() pulumi.StringPtrOutput

The Google Cloud Console will try to default to a configuration that matches the value specified in this field.

func (OrganizationPolicyListPolicyOutput) ToOrganizationPolicyListPolicyOutput 

func (o OrganizationPolicyListPolicyOutput) ToOrganizationPolicyListPolicyOutput() OrganizationPolicyListPolicyOutput

func (OrganizationPolicyListPolicyOutput) ToOrganizationPolicyListPolicyOutputWithContext 

func (o OrganizationPolicyListPolicyOutput) ToOrganizationPolicyListPolicyOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyOutput

func (OrganizationPolicyListPolicyOutput) ToOrganizationPolicyListPolicyPtrOutput 

func (o OrganizationPolicyListPolicyOutput) ToOrganizationPolicyListPolicyPtrOutput() OrganizationPolicyListPolicyPtrOutput

func (OrganizationPolicyListPolicyOutput) ToOrganizationPolicyListPolicyPtrOutputWithContext 

func (o OrganizationPolicyListPolicyOutput) ToOrganizationPolicyListPolicyPtrOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyPtrOutput

type OrganizationPolicyListPolicyPtrInput 

type OrganizationPolicyListPolicyPtrInput interface {
	pulumi.Input

	ToOrganizationPolicyListPolicyPtrOutput() OrganizationPolicyListPolicyPtrOutput
	ToOrganizationPolicyListPolicyPtrOutputWithContext(context.Context) OrganizationPolicyListPolicyPtrOutput
}

OrganizationPolicyListPolicyPtrInput is an input type that accepts OrganizationPolicyListPolicyArgs, OrganizationPolicyListPolicyPtr and OrganizationPolicyListPolicyPtrOutput values. You can construct a concrete instance of `OrganizationPolicyListPolicyPtrInput` via: 

        OrganizationPolicyListPolicyArgs{...}

or:

        nil

func OrganizationPolicyListPolicyPtr 

func OrganizationPolicyListPolicyPtr(v *OrganizationPolicyListPolicyArgs) OrganizationPolicyListPolicyPtrInput

type OrganizationPolicyListPolicyPtrOutput 

type OrganizationPolicyListPolicyPtrOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyListPolicyPtrOutput) Allow 

func (o OrganizationPolicyListPolicyPtrOutput) Allow() OrganizationPolicyListPolicyAllowPtrOutput

or `deny` - (Optional) One or the other must be set.

func (OrganizationPolicyListPolicyPtrOutput) Deny 

func (o OrganizationPolicyListPolicyPtrOutput) Deny() OrganizationPolicyListPolicyDenyPtrOutput

func (OrganizationPolicyListPolicyPtrOutput) Elem 

func (o OrganizationPolicyListPolicyPtrOutput) Elem() OrganizationPolicyListPolicyOutput

func (OrganizationPolicyListPolicyPtrOutput) ElementType 

func (OrganizationPolicyListPolicyPtrOutput) ElementType() reflect.Type

func (OrganizationPolicyListPolicyPtrOutput) InheritFromParent 

func (o OrganizationPolicyListPolicyPtrOutput) InheritFromParent() pulumi.BoolPtrOutput

If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.

func (OrganizationPolicyListPolicyPtrOutput) SuggestedValue 

func (o OrganizationPolicyListPolicyPtrOutput) SuggestedValue() pulumi.StringPtrOutput

The Google Cloud Console will try to default to a configuration that matches the value specified in this field.

func (OrganizationPolicyListPolicyPtrOutput) ToOrganizationPolicyListPolicyPtrOutput 

func (o OrganizationPolicyListPolicyPtrOutput) ToOrganizationPolicyListPolicyPtrOutput() OrganizationPolicyListPolicyPtrOutput

func (OrganizationPolicyListPolicyPtrOutput) ToOrganizationPolicyListPolicyPtrOutputWithContext 

func (o OrganizationPolicyListPolicyPtrOutput) ToOrganizationPolicyListPolicyPtrOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyPtrOutput

type OrganizationPolicyOutput added in v4.4.0 

type OrganizationPolicyOutput struct {
	*pulumi.OutputState
}

func (OrganizationPolicyOutput) ElementType added in v4.4.0 

func (OrganizationPolicyOutput) ElementType() reflect.Type

func (OrganizationPolicyOutput) ToOrganizationPolicyOutput added in v4.4.0 

func (o OrganizationPolicyOutput) ToOrganizationPolicyOutput() OrganizationPolicyOutput

func (OrganizationPolicyOutput) ToOrganizationPolicyOutputWithContext added in v4.4.0 

func (o OrganizationPolicyOutput) ToOrganizationPolicyOutputWithContext(ctx context.Context) OrganizationPolicyOutput

type OrganizationPolicyRestorePolicy 

type OrganizationPolicyRestorePolicy struct {
	// May only be set to true. If set, then the default Policy is restored.
	Default bool `pulumi:"default"`
}

type OrganizationPolicyRestorePolicyArgs 

type OrganizationPolicyRestorePolicyArgs struct {
	// May only be set to true. If set, then the default Policy is restored.
	Default pulumi.BoolInput `pulumi:"default"`
}

func (OrganizationPolicyRestorePolicyArgs) ElementType 

func (OrganizationPolicyRestorePolicyArgs) ElementType() reflect.Type

func (OrganizationPolicyRestorePolicyArgs) ToOrganizationPolicyRestorePolicyOutput 

func (i OrganizationPolicyRestorePolicyArgs) ToOrganizationPolicyRestorePolicyOutput() OrganizationPolicyRestorePolicyOutput

func (OrganizationPolicyRestorePolicyArgs) ToOrganizationPolicyRestorePolicyOutputWithContext 

func (i OrganizationPolicyRestorePolicyArgs) ToOrganizationPolicyRestorePolicyOutputWithContext(ctx context.Context) OrganizationPolicyRestorePolicyOutput

func (OrganizationPolicyRestorePolicyArgs) ToOrganizationPolicyRestorePolicyPtrOutput 

func (i OrganizationPolicyRestorePolicyArgs) ToOrganizationPolicyRestorePolicyPtrOutput() OrganizationPolicyRestorePolicyPtrOutput

func (OrganizationPolicyRestorePolicyArgs) ToOrganizationPolicyRestorePolicyPtrOutputWithContext 

func (i OrganizationPolicyRestorePolicyArgs) ToOrganizationPolicyRestorePolicyPtrOutputWithContext(ctx context.Context) OrganizationPolicyRestorePolicyPtrOutput

type OrganizationPolicyRestorePolicyInput 

type OrganizationPolicyRestorePolicyInput interface {
	pulumi.Input

	ToOrganizationPolicyRestorePolicyOutput() OrganizationPolicyRestorePolicyOutput
	ToOrganizationPolicyRestorePolicyOutputWithContext(context.Context) OrganizationPolicyRestorePolicyOutput
}

OrganizationPolicyRestorePolicyInput is an input type that accepts OrganizationPolicyRestorePolicyArgs and OrganizationPolicyRestorePolicyOutput values. You can construct a concrete instance of `OrganizationPolicyRestorePolicyInput` via: 

OrganizationPolicyRestorePolicyArgs{...}

type OrganizationPolicyRestorePolicyOutput 

type OrganizationPolicyRestorePolicyOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyRestorePolicyOutput) Default 

func (o OrganizationPolicyRestorePolicyOutput) Default() pulumi.BoolOutput

May only be set to true. If set, then the default Policy is restored.

func (OrganizationPolicyRestorePolicyOutput) ElementType 

func (OrganizationPolicyRestorePolicyOutput) ElementType() reflect.Type

func (OrganizationPolicyRestorePolicyOutput) ToOrganizationPolicyRestorePolicyOutput 

func (o OrganizationPolicyRestorePolicyOutput) ToOrganizationPolicyRestorePolicyOutput() OrganizationPolicyRestorePolicyOutput

func (OrganizationPolicyRestorePolicyOutput) ToOrganizationPolicyRestorePolicyOutputWithContext 

func (o OrganizationPolicyRestorePolicyOutput) ToOrganizationPolicyRestorePolicyOutputWithContext(ctx context.Context) OrganizationPolicyRestorePolicyOutput

func (OrganizationPolicyRestorePolicyOutput) ToOrganizationPolicyRestorePolicyPtrOutput 

func (o OrganizationPolicyRestorePolicyOutput) ToOrganizationPolicyRestorePolicyPtrOutput() OrganizationPolicyRestorePolicyPtrOutput

func (OrganizationPolicyRestorePolicyOutput) ToOrganizationPolicyRestorePolicyPtrOutputWithContext 

func (o OrganizationPolicyRestorePolicyOutput) ToOrganizationPolicyRestorePolicyPtrOutputWithContext(ctx context.Context) OrganizationPolicyRestorePolicyPtrOutput

type OrganizationPolicyRestorePolicyPtrInput 

type OrganizationPolicyRestorePolicyPtrInput interface {
	pulumi.Input

	ToOrganizationPolicyRestorePolicyPtrOutput() OrganizationPolicyRestorePolicyPtrOutput
	ToOrganizationPolicyRestorePolicyPtrOutputWithContext(context.Context) OrganizationPolicyRestorePolicyPtrOutput
}

OrganizationPolicyRestorePolicyPtrInput is an input type that accepts OrganizationPolicyRestorePolicyArgs, OrganizationPolicyRestorePolicyPtr and OrganizationPolicyRestorePolicyPtrOutput values. You can construct a concrete instance of `OrganizationPolicyRestorePolicyPtrInput` via: 

        OrganizationPolicyRestorePolicyArgs{...}

or:

        nil

func OrganizationPolicyRestorePolicyPtr 

func OrganizationPolicyRestorePolicyPtr(v *OrganizationPolicyRestorePolicyArgs) OrganizationPolicyRestorePolicyPtrInput

type OrganizationPolicyRestorePolicyPtrOutput 

type OrganizationPolicyRestorePolicyPtrOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyRestorePolicyPtrOutput) Default 

func (o OrganizationPolicyRestorePolicyPtrOutput) Default() pulumi.BoolPtrOutput

May only be set to true. If set, then the default Policy is restored.

func (OrganizationPolicyRestorePolicyPtrOutput) Elem 

func (o OrganizationPolicyRestorePolicyPtrOutput) Elem() OrganizationPolicyRestorePolicyOutput

func (OrganizationPolicyRestorePolicyPtrOutput) ElementType 

func (OrganizationPolicyRestorePolicyPtrOutput) ElementType() reflect.Type

func (OrganizationPolicyRestorePolicyPtrOutput) ToOrganizationPolicyRestorePolicyPtrOutput 

func (o OrganizationPolicyRestorePolicyPtrOutput) ToOrganizationPolicyRestorePolicyPtrOutput() OrganizationPolicyRestorePolicyPtrOutput

func (OrganizationPolicyRestorePolicyPtrOutput) ToOrganizationPolicyRestorePolicyPtrOutputWithContext 

func (o OrganizationPolicyRestorePolicyPtrOutput) ToOrganizationPolicyRestorePolicyPtrOutputWithContext(ctx context.Context) OrganizationPolicyRestorePolicyPtrOutput

type OrganizationPolicyState 

type OrganizationPolicyState struct {
	// A boolean policy is a constraint that is either enforced or not. Structure is documented below.
	BooleanPolicy OrganizationPolicyBooleanPolicyPtrInput
	// The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).
	Constraint pulumi.StringPtrInput
	// (Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
	Etag pulumi.StringPtrInput
	// A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
	ListPolicy OrganizationPolicyListPolicyPtrInput
	// The project id of the project to set the policy for.
	Project pulumi.StringPtrInput
	// A restore policy is a constraint to restore the default policy. Structure is documented below.
	RestorePolicy OrganizationPolicyRestorePolicyPtrInput
	// (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
	UpdateTime pulumi.StringPtrInput
	// Version of the Policy. Default version is 0.
	Version pulumi.IntPtrInput
}

func (OrganizationPolicyState) ElementType 

func (OrganizationPolicyState) ElementType() reflect.Type

type Service 

type Service struct {
	pulumi.CustomResourceState

	// If `true`, services that are enabled and which depend on this service should also be disabled when this service is destroyed.
	// If `false` or unset, an error will be generated if any enabled services depend on this service when destroying it.
	DisableDependentServices pulumi.BoolPtrOutput `pulumi:"disableDependentServices"`
	// If true, disable the service when the resource is destroyed.  Defaults to true.  May be useful in the event that a project is long-lived but the infrastructure running in that project changes frequently.
	DisableOnDestroy pulumi.BoolPtrOutput `pulumi:"disableOnDestroy"`
	// The project ID. If not provided, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The service to enable.
	Service pulumi.StringOutput `pulumi:"service"`
}

Allows management of a single API service for an existing Google Cloud Platform project.

For a list of services available, visit the [API library page](https://console.cloud.google.com/apis/library) or run `gcloud services list --available`.

Requires [Service Usage API](https://console.cloud.google.com/apis/library/serviceusage.googleapis.com).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := projects.NewService(ctx, "project", &projects.ServiceArgs{
			DisableDependentServices: pulumi.Bool(true),
			Project:                  pulumi.String("your-project-id"),
			Service:                  pulumi.String("iam.googleapis.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Project services can be imported using the `project_id` and `service`, e.g.

```sh 

$ pulumi import gcp:projects/service:Service my_project your-project-id/iam.googleapis.com

``` 

Note that unlike other resources that fail if they already exist, `terraform apply` can be successfully used to verify already enabled services. This means that when importing existing resources into Terraform, you can either import the `google_project_service` resources or treat them as new infrastructure and run `terraform apply` to add them to state.

func GetService 

func GetService(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ServiceState, opts ...pulumi.ResourceOption) (*Service, error)

GetService gets an existing Service resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewService 

func NewService(ctx *pulumi.Context,
	name string, args *ServiceArgs, opts ...pulumi.ResourceOption) (*Service, error)

NewService registers a new resource with the given unique name, arguments, and options.

func (*Service) ElementType added in v4.4.0 

func (*Service) ElementType() reflect.Type

func (*Service) ToServiceOutput added in v4.4.0 

func (i *Service) ToServiceOutput() ServiceOutput

func (*Service) ToServiceOutputWithContext added in v4.4.0 

func (i *Service) ToServiceOutputWithContext(ctx context.Context) ServiceOutput

type ServiceArgs 

type ServiceArgs struct {
	// If `true`, services that are enabled and which depend on this service should also be disabled when this service is destroyed.
	// If `false` or unset, an error will be generated if any enabled services depend on this service when destroying it.
	DisableDependentServices pulumi.BoolPtrInput
	// If true, disable the service when the resource is destroyed.  Defaults to true.  May be useful in the event that a project is long-lived but the infrastructure running in that project changes frequently.
	DisableOnDestroy pulumi.BoolPtrInput
	// The project ID. If not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// The service to enable.
	Service pulumi.StringInput
}

The set of arguments for constructing a Service resource.

func (ServiceArgs) ElementType 

func (ServiceArgs) ElementType() reflect.Type

type ServiceIdentity 

type ServiceIdentity struct {
	pulumi.CustomResourceState

	// The email address of the Google managed service account.
	Email pulumi.StringOutput `pulumi:"email"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The service to generate identity for.
	Service pulumi.StringOutput `pulumi:"service"`
}

Generate service identity for a service.

> **Note**: Once created, this resource cannot be updated or destroyed. These actions are a no-op.

> **Note**: This resource can be used to retrieve the emails of the [Google-managed service accounts](https://cloud.google.com/iam/docs/service-agents) of the APIs that Google has configured with a Service Identity. You can run `gcloud beta services identity create --service SERVICE_NAME.googleapis.com` to verify if an API supports this.

To get more information about Service Identity, see:

* [API documentation](https://cloud.google.com/service-usage/docs/reference/rest/v1beta1/services/generateServiceIdentity)

## Example Usage ### Service Identity Basic

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/projects"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		project, err := organizations.LookupProject(ctx, nil, nil)
		if err != nil {
			return err
		}
		hcSa, err := projects.NewServiceIdentity(ctx, "hcSa", &projects.ServiceIdentityArgs{
			Project: pulumi.String(project.ProjectId),
			Service: pulumi.String("healthcare.googleapis.com"),
		}, pulumi.Provider(google_beta))
		if err != nil {
			return err
		}
		_, err = projects.NewIAMMember(ctx, "hcSaBqJobuser", &projects.IAMMemberArgs{
			Project: pulumi.String(project.ProjectId),
			Role:    pulumi.String("roles/bigquery.jobUser"),
			Member: hcSa.Email.ApplyT(func(email string) (string, error) {
				return fmt.Sprintf("%v%v", "serviceAccount:", email), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

This resource does not support import.

func GetServiceIdentity 

func GetServiceIdentity(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ServiceIdentityState, opts ...pulumi.ResourceOption) (*ServiceIdentity, error)

GetServiceIdentity gets an existing ServiceIdentity resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewServiceIdentity 

func NewServiceIdentity(ctx *pulumi.Context,
	name string, args *ServiceIdentityArgs, opts ...pulumi.ResourceOption) (*ServiceIdentity, error)

NewServiceIdentity registers a new resource with the given unique name, arguments, and options.

func (*ServiceIdentity) ElementType added in v4.4.0 

func (*ServiceIdentity) ElementType() reflect.Type

func (*ServiceIdentity) ToServiceIdentityOutput added in v4.4.0 

func (i *ServiceIdentity) ToServiceIdentityOutput() ServiceIdentityOutput

func (*ServiceIdentity) ToServiceIdentityOutputWithContext added in v4.4.0 

func (i *ServiceIdentity) ToServiceIdentityOutputWithContext(ctx context.Context) ServiceIdentityOutput

type ServiceIdentityArgs 

type ServiceIdentityArgs struct {
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// The service to generate identity for.
	Service pulumi.StringInput
}

The set of arguments for constructing a ServiceIdentity resource.

func (ServiceIdentityArgs) ElementType 

func (ServiceIdentityArgs) ElementType() reflect.Type

type ServiceIdentityInput added in v4.4.0 

type ServiceIdentityInput interface {
	pulumi.Input

	ToServiceIdentityOutput() ServiceIdentityOutput
	ToServiceIdentityOutputWithContext(ctx context.Context) ServiceIdentityOutput
}

type ServiceIdentityOutput added in v4.4.0 

type ServiceIdentityOutput struct {
	*pulumi.OutputState
}

func (ServiceIdentityOutput) ElementType added in v4.4.0 

func (ServiceIdentityOutput) ElementType() reflect.Type

func (ServiceIdentityOutput) ToServiceIdentityOutput added in v4.4.0 

func (o ServiceIdentityOutput) ToServiceIdentityOutput() ServiceIdentityOutput

func (ServiceIdentityOutput) ToServiceIdentityOutputWithContext added in v4.4.0 

func (o ServiceIdentityOutput) ToServiceIdentityOutputWithContext(ctx context.Context) ServiceIdentityOutput

type ServiceIdentityState 

type ServiceIdentityState struct {
	// The email address of the Google managed service account.
	Email pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// The service to generate identity for.
	Service pulumi.StringPtrInput
}

func (ServiceIdentityState) ElementType 

func (ServiceIdentityState) ElementType() reflect.Type

type ServiceInput added in v4.4.0 

type ServiceInput interface {
	pulumi.Input

	ToServiceOutput() ServiceOutput
	ToServiceOutputWithContext(ctx context.Context) ServiceOutput
}

type ServiceOutput added in v4.4.0 

type ServiceOutput struct {
	*pulumi.OutputState
}

func (ServiceOutput) ElementType added in v4.4.0 

func (ServiceOutput) ElementType() reflect.Type

func (ServiceOutput) ToServiceOutput added in v4.4.0 

func (o ServiceOutput) ToServiceOutput() ServiceOutput

func (ServiceOutput) ToServiceOutputWithContext added in v4.4.0 

func (o ServiceOutput) ToServiceOutputWithContext(ctx context.Context) ServiceOutput

type ServiceState 

type ServiceState struct {
	// If `true`, services that are enabled and which depend on this service should also be disabled when this service is destroyed.
	// If `false` or unset, an error will be generated if any enabled services depend on this service when destroying it.
	DisableDependentServices pulumi.BoolPtrInput
	// If true, disable the service when the resource is destroyed.  Defaults to true.  May be useful in the event that a project is long-lived but the infrastructure running in that project changes frequently.
	DisableOnDestroy pulumi.BoolPtrInput
	// The project ID. If not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// The service to enable.
	Service pulumi.StringPtrInput
}

func (ServiceState) ElementType 

func (ServiceState) ElementType() reflect.Type

type UsageExportBucket 

type UsageExportBucket struct {
	pulumi.CustomResourceState

	// The bucket to store reports in.
	BucketName pulumi.StringOutput `pulumi:"bucketName"`
	// A prefix for the reports, for instance, the project name.
	Prefix pulumi.StringPtrOutput `pulumi:"prefix"`
	// The project to set the export bucket on. If it is not provided, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
}

## Import

Projects can be imported using the `project_id`, e.g.

```sh 

$ pulumi import gcp:projects/usageExportBucket:UsageExportBucket my_project your-project-id

```

func GetUsageExportBucket 

func GetUsageExportBucket(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *UsageExportBucketState, opts ...pulumi.ResourceOption) (*UsageExportBucket, error)

GetUsageExportBucket gets an existing UsageExportBucket resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewUsageExportBucket 

func NewUsageExportBucket(ctx *pulumi.Context,
	name string, args *UsageExportBucketArgs, opts ...pulumi.ResourceOption) (*UsageExportBucket, error)

NewUsageExportBucket registers a new resource with the given unique name, arguments, and options.

func (*UsageExportBucket) ElementType added in v4.4.0 

func (*UsageExportBucket) ElementType() reflect.Type

func (*UsageExportBucket) ToUsageExportBucketOutput added in v4.4.0 

func (i *UsageExportBucket) ToUsageExportBucketOutput() UsageExportBucketOutput

func (*UsageExportBucket) ToUsageExportBucketOutputWithContext added in v4.4.0 

func (i *UsageExportBucket) ToUsageExportBucketOutputWithContext(ctx context.Context) UsageExportBucketOutput

type UsageExportBucketArgs 

type UsageExportBucketArgs struct {
	// The bucket to store reports in.
	BucketName pulumi.StringInput
	// A prefix for the reports, for instance, the project name.
	Prefix pulumi.StringPtrInput
	// The project to set the export bucket on. If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
}

The set of arguments for constructing a UsageExportBucket resource.

func (UsageExportBucketArgs) ElementType 

func (UsageExportBucketArgs) ElementType() reflect.Type

type UsageExportBucketInput added in v4.4.0 

type UsageExportBucketInput interface {
	pulumi.Input

	ToUsageExportBucketOutput() UsageExportBucketOutput
	ToUsageExportBucketOutputWithContext(ctx context.Context) UsageExportBucketOutput
}

type UsageExportBucketOutput added in v4.4.0 

type UsageExportBucketOutput struct {
	*pulumi.OutputState
}

func (UsageExportBucketOutput) ElementType added in v4.4.0 

func (UsageExportBucketOutput) ElementType() reflect.Type

func (UsageExportBucketOutput) ToUsageExportBucketOutput added in v4.4.0 

func (o UsageExportBucketOutput) ToUsageExportBucketOutput() UsageExportBucketOutput

func (UsageExportBucketOutput) ToUsageExportBucketOutputWithContext added in v4.4.0 

func (o UsageExportBucketOutput) ToUsageExportBucketOutputWithContext(ctx context.Context) UsageExportBucketOutput

type UsageExportBucketState 

type UsageExportBucketState struct {
	// The bucket to store reports in.
	BucketName pulumi.StringPtrInput
	// A prefix for the reports, for instance, the project name.
	Prefix pulumi.StringPtrInput
	// The project to set the export bucket on. If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
}

func (UsageExportBucketState) ElementType 

func (UsageExportBucketState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.