The highest tagged major version is
Documentation
¶
Index ¶
- type AppEngineServiceIamBinding
- func (AppEngineServiceIamBinding) ElementType() reflect.Type
- func (i AppEngineServiceIamBinding) ToAppEngineServiceIamBindingOutput() AppEngineServiceIamBindingOutput
- func (i AppEngineServiceIamBinding) ToAppEngineServiceIamBindingOutputWithContext(ctx context.Context) AppEngineServiceIamBindingOutput
- type AppEngineServiceIamBindingArgs
- type AppEngineServiceIamBindingCondition
- type AppEngineServiceIamBindingConditionArgs
- func (AppEngineServiceIamBindingConditionArgs) ElementType() reflect.Type
- func (i AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionOutput() AppEngineServiceIamBindingConditionOutput
- func (i AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionOutput
- func (i AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionPtrOutput() AppEngineServiceIamBindingConditionPtrOutput
- func (i AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionPtrOutput
- type AppEngineServiceIamBindingConditionInput
- type AppEngineServiceIamBindingConditionOutput
- func (o AppEngineServiceIamBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (AppEngineServiceIamBindingConditionOutput) ElementType() reflect.Type
- func (o AppEngineServiceIamBindingConditionOutput) Expression() pulumi.StringOutput
- func (o AppEngineServiceIamBindingConditionOutput) Title() pulumi.StringOutput
- func (o AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionOutput() AppEngineServiceIamBindingConditionOutput
- func (o AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionOutput
- func (o AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionPtrOutput() AppEngineServiceIamBindingConditionPtrOutput
- func (o AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionPtrOutput
- type AppEngineServiceIamBindingConditionPtrInput
- type AppEngineServiceIamBindingConditionPtrOutput
- func (o AppEngineServiceIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o AppEngineServiceIamBindingConditionPtrOutput) Elem() AppEngineServiceIamBindingConditionOutput
- func (AppEngineServiceIamBindingConditionPtrOutput) ElementType() reflect.Type
- func (o AppEngineServiceIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o AppEngineServiceIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o AppEngineServiceIamBindingConditionPtrOutput) ToAppEngineServiceIamBindingConditionPtrOutput() AppEngineServiceIamBindingConditionPtrOutput
- func (o AppEngineServiceIamBindingConditionPtrOutput) ToAppEngineServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionPtrOutput
- type AppEngineServiceIamBindingInput
- type AppEngineServiceIamBindingOutput
- func (AppEngineServiceIamBindingOutput) ElementType() reflect.Type
- func (o AppEngineServiceIamBindingOutput) ToAppEngineServiceIamBindingOutput() AppEngineServiceIamBindingOutput
- func (o AppEngineServiceIamBindingOutput) ToAppEngineServiceIamBindingOutputWithContext(ctx context.Context) AppEngineServiceIamBindingOutput
- type AppEngineServiceIamBindingState
- type AppEngineServiceIamMember
- type AppEngineServiceIamMemberArgs
- type AppEngineServiceIamMemberCondition
- type AppEngineServiceIamMemberConditionArgs
- func (AppEngineServiceIamMemberConditionArgs) ElementType() reflect.Type
- func (i AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionOutput() AppEngineServiceIamMemberConditionOutput
- func (i AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionOutput
- func (i AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionPtrOutput() AppEngineServiceIamMemberConditionPtrOutput
- func (i AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionPtrOutput
- type AppEngineServiceIamMemberConditionInput
- type AppEngineServiceIamMemberConditionOutput
- func (o AppEngineServiceIamMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (AppEngineServiceIamMemberConditionOutput) ElementType() reflect.Type
- func (o AppEngineServiceIamMemberConditionOutput) Expression() pulumi.StringOutput
- func (o AppEngineServiceIamMemberConditionOutput) Title() pulumi.StringOutput
- func (o AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionOutput() AppEngineServiceIamMemberConditionOutput
- func (o AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionOutput
- func (o AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionPtrOutput() AppEngineServiceIamMemberConditionPtrOutput
- func (o AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionPtrOutput
- type AppEngineServiceIamMemberConditionPtrInput
- type AppEngineServiceIamMemberConditionPtrOutput
- func (o AppEngineServiceIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o AppEngineServiceIamMemberConditionPtrOutput) Elem() AppEngineServiceIamMemberConditionOutput
- func (AppEngineServiceIamMemberConditionPtrOutput) ElementType() reflect.Type
- func (o AppEngineServiceIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o AppEngineServiceIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o AppEngineServiceIamMemberConditionPtrOutput) ToAppEngineServiceIamMemberConditionPtrOutput() AppEngineServiceIamMemberConditionPtrOutput
- func (o AppEngineServiceIamMemberConditionPtrOutput) ToAppEngineServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionPtrOutput
- type AppEngineServiceIamMemberInput
- type AppEngineServiceIamMemberOutput
- func (AppEngineServiceIamMemberOutput) ElementType() reflect.Type
- func (o AppEngineServiceIamMemberOutput) ToAppEngineServiceIamMemberOutput() AppEngineServiceIamMemberOutput
- func (o AppEngineServiceIamMemberOutput) ToAppEngineServiceIamMemberOutputWithContext(ctx context.Context) AppEngineServiceIamMemberOutput
- type AppEngineServiceIamMemberState
- type AppEngineServiceIamPolicy
- type AppEngineServiceIamPolicyArgs
- type AppEngineServiceIamPolicyInput
- type AppEngineServiceIamPolicyOutput
- func (AppEngineServiceIamPolicyOutput) ElementType() reflect.Type
- func (o AppEngineServiceIamPolicyOutput) ToAppEngineServiceIamPolicyOutput() AppEngineServiceIamPolicyOutput
- func (o AppEngineServiceIamPolicyOutput) ToAppEngineServiceIamPolicyOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyOutput
- type AppEngineServiceIamPolicyState
- type AppEngineVersionIamBinding
- func (AppEngineVersionIamBinding) ElementType() reflect.Type
- func (i AppEngineVersionIamBinding) ToAppEngineVersionIamBindingOutput() AppEngineVersionIamBindingOutput
- func (i AppEngineVersionIamBinding) ToAppEngineVersionIamBindingOutputWithContext(ctx context.Context) AppEngineVersionIamBindingOutput
- type AppEngineVersionIamBindingArgs
- type AppEngineVersionIamBindingCondition
- type AppEngineVersionIamBindingConditionArgs
- func (AppEngineVersionIamBindingConditionArgs) ElementType() reflect.Type
- func (i AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionOutput() AppEngineVersionIamBindingConditionOutput
- func (i AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionOutput
- func (i AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionPtrOutput() AppEngineVersionIamBindingConditionPtrOutput
- func (i AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionPtrOutput
- type AppEngineVersionIamBindingConditionInput
- type AppEngineVersionIamBindingConditionOutput
- func (o AppEngineVersionIamBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (AppEngineVersionIamBindingConditionOutput) ElementType() reflect.Type
- func (o AppEngineVersionIamBindingConditionOutput) Expression() pulumi.StringOutput
- func (o AppEngineVersionIamBindingConditionOutput) Title() pulumi.StringOutput
- func (o AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionOutput() AppEngineVersionIamBindingConditionOutput
- func (o AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionOutput
- func (o AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionPtrOutput() AppEngineVersionIamBindingConditionPtrOutput
- func (o AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionPtrOutput
- type AppEngineVersionIamBindingConditionPtrInput
- type AppEngineVersionIamBindingConditionPtrOutput
- func (o AppEngineVersionIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o AppEngineVersionIamBindingConditionPtrOutput) Elem() AppEngineVersionIamBindingConditionOutput
- func (AppEngineVersionIamBindingConditionPtrOutput) ElementType() reflect.Type
- func (o AppEngineVersionIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o AppEngineVersionIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o AppEngineVersionIamBindingConditionPtrOutput) ToAppEngineVersionIamBindingConditionPtrOutput() AppEngineVersionIamBindingConditionPtrOutput
- func (o AppEngineVersionIamBindingConditionPtrOutput) ToAppEngineVersionIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionPtrOutput
- type AppEngineVersionIamBindingInput
- type AppEngineVersionIamBindingOutput
- func (AppEngineVersionIamBindingOutput) ElementType() reflect.Type
- func (o AppEngineVersionIamBindingOutput) ToAppEngineVersionIamBindingOutput() AppEngineVersionIamBindingOutput
- func (o AppEngineVersionIamBindingOutput) ToAppEngineVersionIamBindingOutputWithContext(ctx context.Context) AppEngineVersionIamBindingOutput
- type AppEngineVersionIamBindingState
- type AppEngineVersionIamMember
- type AppEngineVersionIamMemberArgs
- type AppEngineVersionIamMemberCondition
- type AppEngineVersionIamMemberConditionArgs
- func (AppEngineVersionIamMemberConditionArgs) ElementType() reflect.Type
- func (i AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionOutput() AppEngineVersionIamMemberConditionOutput
- func (i AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionOutput
- func (i AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionPtrOutput() AppEngineVersionIamMemberConditionPtrOutput
- func (i AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionPtrOutput
- type AppEngineVersionIamMemberConditionInput
- type AppEngineVersionIamMemberConditionOutput
- func (o AppEngineVersionIamMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (AppEngineVersionIamMemberConditionOutput) ElementType() reflect.Type
- func (o AppEngineVersionIamMemberConditionOutput) Expression() pulumi.StringOutput
- func (o AppEngineVersionIamMemberConditionOutput) Title() pulumi.StringOutput
- func (o AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionOutput() AppEngineVersionIamMemberConditionOutput
- func (o AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionOutput
- func (o AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionPtrOutput() AppEngineVersionIamMemberConditionPtrOutput
- func (o AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionPtrOutput
- type AppEngineVersionIamMemberConditionPtrInput
- type AppEngineVersionIamMemberConditionPtrOutput
- func (o AppEngineVersionIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o AppEngineVersionIamMemberConditionPtrOutput) Elem() AppEngineVersionIamMemberConditionOutput
- func (AppEngineVersionIamMemberConditionPtrOutput) ElementType() reflect.Type
- func (o AppEngineVersionIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o AppEngineVersionIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o AppEngineVersionIamMemberConditionPtrOutput) ToAppEngineVersionIamMemberConditionPtrOutput() AppEngineVersionIamMemberConditionPtrOutput
- func (o AppEngineVersionIamMemberConditionPtrOutput) ToAppEngineVersionIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionPtrOutput
- type AppEngineVersionIamMemberInput
- type AppEngineVersionIamMemberOutput
- func (AppEngineVersionIamMemberOutput) ElementType() reflect.Type
- func (o AppEngineVersionIamMemberOutput) ToAppEngineVersionIamMemberOutput() AppEngineVersionIamMemberOutput
- func (o AppEngineVersionIamMemberOutput) ToAppEngineVersionIamMemberOutputWithContext(ctx context.Context) AppEngineVersionIamMemberOutput
- type AppEngineVersionIamMemberState
- type AppEngineVersionIamPolicy
- type AppEngineVersionIamPolicyArgs
- type AppEngineVersionIamPolicyInput
- type AppEngineVersionIamPolicyOutput
- func (AppEngineVersionIamPolicyOutput) ElementType() reflect.Type
- func (o AppEngineVersionIamPolicyOutput) ToAppEngineVersionIamPolicyOutput() AppEngineVersionIamPolicyOutput
- func (o AppEngineVersionIamPolicyOutput) ToAppEngineVersionIamPolicyOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyOutput
- type AppEngineVersionIamPolicyState
- type Brand
- type BrandArgs
- type BrandInput
- type BrandOutput
- type BrandState
- type Client
- type ClientArgs
- type ClientInput
- type ClientOutput
- type ClientState
- type TunnelIamBinding
- type TunnelIamBindingArgs
- type TunnelIamBindingCondition
- type TunnelIamBindingConditionArgs
- func (TunnelIamBindingConditionArgs) ElementType() reflect.Type
- func (i TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionOutput() TunnelIamBindingConditionOutput
- func (i TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionOutputWithContext(ctx context.Context) TunnelIamBindingConditionOutput
- func (i TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionPtrOutput() TunnelIamBindingConditionPtrOutput
- func (i TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionPtrOutputWithContext(ctx context.Context) TunnelIamBindingConditionPtrOutput
- type TunnelIamBindingConditionInput
- type TunnelIamBindingConditionOutput
- func (o TunnelIamBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (TunnelIamBindingConditionOutput) ElementType() reflect.Type
- func (o TunnelIamBindingConditionOutput) Expression() pulumi.StringOutput
- func (o TunnelIamBindingConditionOutput) Title() pulumi.StringOutput
- func (o TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionOutput() TunnelIamBindingConditionOutput
- func (o TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionOutputWithContext(ctx context.Context) TunnelIamBindingConditionOutput
- func (o TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionPtrOutput() TunnelIamBindingConditionPtrOutput
- func (o TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionPtrOutputWithContext(ctx context.Context) TunnelIamBindingConditionPtrOutput
- type TunnelIamBindingConditionPtrInput
- type TunnelIamBindingConditionPtrOutput
- func (o TunnelIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o TunnelIamBindingConditionPtrOutput) Elem() TunnelIamBindingConditionOutput
- func (TunnelIamBindingConditionPtrOutput) ElementType() reflect.Type
- func (o TunnelIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o TunnelIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o TunnelIamBindingConditionPtrOutput) ToTunnelIamBindingConditionPtrOutput() TunnelIamBindingConditionPtrOutput
- func (o TunnelIamBindingConditionPtrOutput) ToTunnelIamBindingConditionPtrOutputWithContext(ctx context.Context) TunnelIamBindingConditionPtrOutput
- type TunnelIamBindingInput
- type TunnelIamBindingOutput
- type TunnelIamBindingState
- type TunnelIamMember
- type TunnelIamMemberArgs
- type TunnelIamMemberCondition
- type TunnelIamMemberConditionArgs
- func (TunnelIamMemberConditionArgs) ElementType() reflect.Type
- func (i TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionOutput() TunnelIamMemberConditionOutput
- func (i TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionOutputWithContext(ctx context.Context) TunnelIamMemberConditionOutput
- func (i TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionPtrOutput() TunnelIamMemberConditionPtrOutput
- func (i TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionPtrOutputWithContext(ctx context.Context) TunnelIamMemberConditionPtrOutput
- type TunnelIamMemberConditionInput
- type TunnelIamMemberConditionOutput
- func (o TunnelIamMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (TunnelIamMemberConditionOutput) ElementType() reflect.Type
- func (o TunnelIamMemberConditionOutput) Expression() pulumi.StringOutput
- func (o TunnelIamMemberConditionOutput) Title() pulumi.StringOutput
- func (o TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionOutput() TunnelIamMemberConditionOutput
- func (o TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionOutputWithContext(ctx context.Context) TunnelIamMemberConditionOutput
- func (o TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionPtrOutput() TunnelIamMemberConditionPtrOutput
- func (o TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionPtrOutputWithContext(ctx context.Context) TunnelIamMemberConditionPtrOutput
- type TunnelIamMemberConditionPtrInput
- type TunnelIamMemberConditionPtrOutput
- func (o TunnelIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o TunnelIamMemberConditionPtrOutput) Elem() TunnelIamMemberConditionOutput
- func (TunnelIamMemberConditionPtrOutput) ElementType() reflect.Type
- func (o TunnelIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o TunnelIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o TunnelIamMemberConditionPtrOutput) ToTunnelIamMemberConditionPtrOutput() TunnelIamMemberConditionPtrOutput
- func (o TunnelIamMemberConditionPtrOutput) ToTunnelIamMemberConditionPtrOutputWithContext(ctx context.Context) TunnelIamMemberConditionPtrOutput
- type TunnelIamMemberInput
- type TunnelIamMemberOutput
- type TunnelIamMemberState
- type TunnelIamPolicy
- type TunnelIamPolicyArgs
- type TunnelIamPolicyInput
- type TunnelIamPolicyOutput
- type TunnelIamPolicyState
- type TunnelInstanceIAMBinding
- type TunnelInstanceIAMBindingArgs
- type TunnelInstanceIAMBindingCondition
- type TunnelInstanceIAMBindingConditionArgs
- func (TunnelInstanceIAMBindingConditionArgs) ElementType() reflect.Type
- func (i TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionOutput() TunnelInstanceIAMBindingConditionOutput
- func (i TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionOutput
- func (i TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionPtrOutput() TunnelInstanceIAMBindingConditionPtrOutput
- func (i TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionPtrOutput
- type TunnelInstanceIAMBindingConditionInput
- type TunnelInstanceIAMBindingConditionOutput
- func (o TunnelInstanceIAMBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (TunnelInstanceIAMBindingConditionOutput) ElementType() reflect.Type
- func (o TunnelInstanceIAMBindingConditionOutput) Expression() pulumi.StringOutput
- func (o TunnelInstanceIAMBindingConditionOutput) Title() pulumi.StringOutput
- func (o TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionOutput() TunnelInstanceIAMBindingConditionOutput
- func (o TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionOutput
- func (o TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionPtrOutput() TunnelInstanceIAMBindingConditionPtrOutput
- func (o TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionPtrOutput
- type TunnelInstanceIAMBindingConditionPtrInput
- type TunnelInstanceIAMBindingConditionPtrOutput
- func (o TunnelInstanceIAMBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o TunnelInstanceIAMBindingConditionPtrOutput) Elem() TunnelInstanceIAMBindingConditionOutput
- func (TunnelInstanceIAMBindingConditionPtrOutput) ElementType() reflect.Type
- func (o TunnelInstanceIAMBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o TunnelInstanceIAMBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o TunnelInstanceIAMBindingConditionPtrOutput) ToTunnelInstanceIAMBindingConditionPtrOutput() TunnelInstanceIAMBindingConditionPtrOutput
- func (o TunnelInstanceIAMBindingConditionPtrOutput) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionPtrOutput
- type TunnelInstanceIAMBindingInput
- type TunnelInstanceIAMBindingOutput
- func (TunnelInstanceIAMBindingOutput) ElementType() reflect.Type
- func (o TunnelInstanceIAMBindingOutput) ToTunnelInstanceIAMBindingOutput() TunnelInstanceIAMBindingOutput
- func (o TunnelInstanceIAMBindingOutput) ToTunnelInstanceIAMBindingOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingOutput
- type TunnelInstanceIAMBindingState
- type TunnelInstanceIAMMember
- type TunnelInstanceIAMMemberArgs
- type TunnelInstanceIAMMemberCondition
- type TunnelInstanceIAMMemberConditionArgs
- func (TunnelInstanceIAMMemberConditionArgs) ElementType() reflect.Type
- func (i TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionOutput() TunnelInstanceIAMMemberConditionOutput
- func (i TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionOutput
- func (i TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionPtrOutput() TunnelInstanceIAMMemberConditionPtrOutput
- func (i TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionPtrOutput
- type TunnelInstanceIAMMemberConditionInput
- type TunnelInstanceIAMMemberConditionOutput
- func (o TunnelInstanceIAMMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (TunnelInstanceIAMMemberConditionOutput) ElementType() reflect.Type
- func (o TunnelInstanceIAMMemberConditionOutput) Expression() pulumi.StringOutput
- func (o TunnelInstanceIAMMemberConditionOutput) Title() pulumi.StringOutput
- func (o TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionOutput() TunnelInstanceIAMMemberConditionOutput
- func (o TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionOutput
- func (o TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionPtrOutput() TunnelInstanceIAMMemberConditionPtrOutput
- func (o TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionPtrOutput
- type TunnelInstanceIAMMemberConditionPtrInput
- type TunnelInstanceIAMMemberConditionPtrOutput
- func (o TunnelInstanceIAMMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o TunnelInstanceIAMMemberConditionPtrOutput) Elem() TunnelInstanceIAMMemberConditionOutput
- func (TunnelInstanceIAMMemberConditionPtrOutput) ElementType() reflect.Type
- func (o TunnelInstanceIAMMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o TunnelInstanceIAMMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o TunnelInstanceIAMMemberConditionPtrOutput) ToTunnelInstanceIAMMemberConditionPtrOutput() TunnelInstanceIAMMemberConditionPtrOutput
- func (o TunnelInstanceIAMMemberConditionPtrOutput) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionPtrOutput
- type TunnelInstanceIAMMemberInput
- type TunnelInstanceIAMMemberOutput
- type TunnelInstanceIAMMemberState
- type TunnelInstanceIAMPolicy
- type TunnelInstanceIAMPolicyArgs
- type TunnelInstanceIAMPolicyInput
- type TunnelInstanceIAMPolicyOutput
- type TunnelInstanceIAMPolicyState
- type WebBackendServiceIamBinding
- func (WebBackendServiceIamBinding) ElementType() reflect.Type
- func (i WebBackendServiceIamBinding) ToWebBackendServiceIamBindingOutput() WebBackendServiceIamBindingOutput
- func (i WebBackendServiceIamBinding) ToWebBackendServiceIamBindingOutputWithContext(ctx context.Context) WebBackendServiceIamBindingOutput
- type WebBackendServiceIamBindingArgs
- type WebBackendServiceIamBindingCondition
- type WebBackendServiceIamBindingConditionArgs
- func (WebBackendServiceIamBindingConditionArgs) ElementType() reflect.Type
- func (i WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionOutput() WebBackendServiceIamBindingConditionOutput
- func (i WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionOutput
- func (i WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionPtrOutput() WebBackendServiceIamBindingConditionPtrOutput
- func (i WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionPtrOutput
- type WebBackendServiceIamBindingConditionInput
- type WebBackendServiceIamBindingConditionOutput
- func (o WebBackendServiceIamBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (WebBackendServiceIamBindingConditionOutput) ElementType() reflect.Type
- func (o WebBackendServiceIamBindingConditionOutput) Expression() pulumi.StringOutput
- func (o WebBackendServiceIamBindingConditionOutput) Title() pulumi.StringOutput
- func (o WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionOutput() WebBackendServiceIamBindingConditionOutput
- func (o WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionOutput
- func (o WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionPtrOutput() WebBackendServiceIamBindingConditionPtrOutput
- func (o WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionPtrOutput
- type WebBackendServiceIamBindingConditionPtrInput
- type WebBackendServiceIamBindingConditionPtrOutput
- func (o WebBackendServiceIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o WebBackendServiceIamBindingConditionPtrOutput) Elem() WebBackendServiceIamBindingConditionOutput
- func (WebBackendServiceIamBindingConditionPtrOutput) ElementType() reflect.Type
- func (o WebBackendServiceIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o WebBackendServiceIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o WebBackendServiceIamBindingConditionPtrOutput) ToWebBackendServiceIamBindingConditionPtrOutput() WebBackendServiceIamBindingConditionPtrOutput
- func (o WebBackendServiceIamBindingConditionPtrOutput) ToWebBackendServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionPtrOutput
- type WebBackendServiceIamBindingInput
- type WebBackendServiceIamBindingOutput
- func (WebBackendServiceIamBindingOutput) ElementType() reflect.Type
- func (o WebBackendServiceIamBindingOutput) ToWebBackendServiceIamBindingOutput() WebBackendServiceIamBindingOutput
- func (o WebBackendServiceIamBindingOutput) ToWebBackendServiceIamBindingOutputWithContext(ctx context.Context) WebBackendServiceIamBindingOutput
- type WebBackendServiceIamBindingState
- type WebBackendServiceIamMember
- func (WebBackendServiceIamMember) ElementType() reflect.Type
- func (i WebBackendServiceIamMember) ToWebBackendServiceIamMemberOutput() WebBackendServiceIamMemberOutput
- func (i WebBackendServiceIamMember) ToWebBackendServiceIamMemberOutputWithContext(ctx context.Context) WebBackendServiceIamMemberOutput
- type WebBackendServiceIamMemberArgs
- type WebBackendServiceIamMemberCondition
- type WebBackendServiceIamMemberConditionArgs
- func (WebBackendServiceIamMemberConditionArgs) ElementType() reflect.Type
- func (i WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionOutput() WebBackendServiceIamMemberConditionOutput
- func (i WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionOutput
- func (i WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionPtrOutput() WebBackendServiceIamMemberConditionPtrOutput
- func (i WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionPtrOutput
- type WebBackendServiceIamMemberConditionInput
- type WebBackendServiceIamMemberConditionOutput
- func (o WebBackendServiceIamMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (WebBackendServiceIamMemberConditionOutput) ElementType() reflect.Type
- func (o WebBackendServiceIamMemberConditionOutput) Expression() pulumi.StringOutput
- func (o WebBackendServiceIamMemberConditionOutput) Title() pulumi.StringOutput
- func (o WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionOutput() WebBackendServiceIamMemberConditionOutput
- func (o WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionOutput
- func (o WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionPtrOutput() WebBackendServiceIamMemberConditionPtrOutput
- func (o WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionPtrOutput
- type WebBackendServiceIamMemberConditionPtrInput
- type WebBackendServiceIamMemberConditionPtrOutput
- func (o WebBackendServiceIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o WebBackendServiceIamMemberConditionPtrOutput) Elem() WebBackendServiceIamMemberConditionOutput
- func (WebBackendServiceIamMemberConditionPtrOutput) ElementType() reflect.Type
- func (o WebBackendServiceIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o WebBackendServiceIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o WebBackendServiceIamMemberConditionPtrOutput) ToWebBackendServiceIamMemberConditionPtrOutput() WebBackendServiceIamMemberConditionPtrOutput
- func (o WebBackendServiceIamMemberConditionPtrOutput) ToWebBackendServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionPtrOutput
- type WebBackendServiceIamMemberInput
- type WebBackendServiceIamMemberOutput
- func (WebBackendServiceIamMemberOutput) ElementType() reflect.Type
- func (o WebBackendServiceIamMemberOutput) ToWebBackendServiceIamMemberOutput() WebBackendServiceIamMemberOutput
- func (o WebBackendServiceIamMemberOutput) ToWebBackendServiceIamMemberOutputWithContext(ctx context.Context) WebBackendServiceIamMemberOutput
- type WebBackendServiceIamMemberState
- type WebBackendServiceIamPolicy
- func (WebBackendServiceIamPolicy) ElementType() reflect.Type
- func (i WebBackendServiceIamPolicy) ToWebBackendServiceIamPolicyOutput() WebBackendServiceIamPolicyOutput
- func (i WebBackendServiceIamPolicy) ToWebBackendServiceIamPolicyOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyOutput
- type WebBackendServiceIamPolicyArgs
- type WebBackendServiceIamPolicyInput
- type WebBackendServiceIamPolicyOutput
- func (WebBackendServiceIamPolicyOutput) ElementType() reflect.Type
- func (o WebBackendServiceIamPolicyOutput) ToWebBackendServiceIamPolicyOutput() WebBackendServiceIamPolicyOutput
- func (o WebBackendServiceIamPolicyOutput) ToWebBackendServiceIamPolicyOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyOutput
- type WebBackendServiceIamPolicyState
- type WebIamBinding
- type WebIamBindingArgs
- type WebIamBindingCondition
- type WebIamBindingConditionArgs
- func (WebIamBindingConditionArgs) ElementType() reflect.Type
- func (i WebIamBindingConditionArgs) ToWebIamBindingConditionOutput() WebIamBindingConditionOutput
- func (i WebIamBindingConditionArgs) ToWebIamBindingConditionOutputWithContext(ctx context.Context) WebIamBindingConditionOutput
- func (i WebIamBindingConditionArgs) ToWebIamBindingConditionPtrOutput() WebIamBindingConditionPtrOutput
- func (i WebIamBindingConditionArgs) ToWebIamBindingConditionPtrOutputWithContext(ctx context.Context) WebIamBindingConditionPtrOutput
- type WebIamBindingConditionInput
- type WebIamBindingConditionOutput
- func (o WebIamBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (WebIamBindingConditionOutput) ElementType() reflect.Type
- func (o WebIamBindingConditionOutput) Expression() pulumi.StringOutput
- func (o WebIamBindingConditionOutput) Title() pulumi.StringOutput
- func (o WebIamBindingConditionOutput) ToWebIamBindingConditionOutput() WebIamBindingConditionOutput
- func (o WebIamBindingConditionOutput) ToWebIamBindingConditionOutputWithContext(ctx context.Context) WebIamBindingConditionOutput
- func (o WebIamBindingConditionOutput) ToWebIamBindingConditionPtrOutput() WebIamBindingConditionPtrOutput
- func (o WebIamBindingConditionOutput) ToWebIamBindingConditionPtrOutputWithContext(ctx context.Context) WebIamBindingConditionPtrOutput
- type WebIamBindingConditionPtrInput
- type WebIamBindingConditionPtrOutput
- func (o WebIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o WebIamBindingConditionPtrOutput) Elem() WebIamBindingConditionOutput
- func (WebIamBindingConditionPtrOutput) ElementType() reflect.Type
- func (o WebIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o WebIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o WebIamBindingConditionPtrOutput) ToWebIamBindingConditionPtrOutput() WebIamBindingConditionPtrOutput
- func (o WebIamBindingConditionPtrOutput) ToWebIamBindingConditionPtrOutputWithContext(ctx context.Context) WebIamBindingConditionPtrOutput
- type WebIamBindingInput
- type WebIamBindingOutput
- type WebIamBindingState
- type WebIamMember
- type WebIamMemberArgs
- type WebIamMemberCondition
- type WebIamMemberConditionArgs
- func (WebIamMemberConditionArgs) ElementType() reflect.Type
- func (i WebIamMemberConditionArgs) ToWebIamMemberConditionOutput() WebIamMemberConditionOutput
- func (i WebIamMemberConditionArgs) ToWebIamMemberConditionOutputWithContext(ctx context.Context) WebIamMemberConditionOutput
- func (i WebIamMemberConditionArgs) ToWebIamMemberConditionPtrOutput() WebIamMemberConditionPtrOutput
- func (i WebIamMemberConditionArgs) ToWebIamMemberConditionPtrOutputWithContext(ctx context.Context) WebIamMemberConditionPtrOutput
- type WebIamMemberConditionInput
- type WebIamMemberConditionOutput
- func (o WebIamMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (WebIamMemberConditionOutput) ElementType() reflect.Type
- func (o WebIamMemberConditionOutput) Expression() pulumi.StringOutput
- func (o WebIamMemberConditionOutput) Title() pulumi.StringOutput
- func (o WebIamMemberConditionOutput) ToWebIamMemberConditionOutput() WebIamMemberConditionOutput
- func (o WebIamMemberConditionOutput) ToWebIamMemberConditionOutputWithContext(ctx context.Context) WebIamMemberConditionOutput
- func (o WebIamMemberConditionOutput) ToWebIamMemberConditionPtrOutput() WebIamMemberConditionPtrOutput
- func (o WebIamMemberConditionOutput) ToWebIamMemberConditionPtrOutputWithContext(ctx context.Context) WebIamMemberConditionPtrOutput
- type WebIamMemberConditionPtrInput
- type WebIamMemberConditionPtrOutput
- func (o WebIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o WebIamMemberConditionPtrOutput) Elem() WebIamMemberConditionOutput
- func (WebIamMemberConditionPtrOutput) ElementType() reflect.Type
- func (o WebIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o WebIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o WebIamMemberConditionPtrOutput) ToWebIamMemberConditionPtrOutput() WebIamMemberConditionPtrOutput
- func (o WebIamMemberConditionPtrOutput) ToWebIamMemberConditionPtrOutputWithContext(ctx context.Context) WebIamMemberConditionPtrOutput
- type WebIamMemberInput
- type WebIamMemberOutput
- type WebIamMemberState
- type WebIamPolicy
- type WebIamPolicyArgs
- type WebIamPolicyInput
- type WebIamPolicyOutput
- type WebIamPolicyState
- type WebTypeAppEngingIamBinding
- func (WebTypeAppEngingIamBinding) ElementType() reflect.Type
- func (i WebTypeAppEngingIamBinding) ToWebTypeAppEngingIamBindingOutput() WebTypeAppEngingIamBindingOutput
- func (i WebTypeAppEngingIamBinding) ToWebTypeAppEngingIamBindingOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingOutput
- type WebTypeAppEngingIamBindingArgs
- type WebTypeAppEngingIamBindingCondition
- type WebTypeAppEngingIamBindingConditionArgs
- func (WebTypeAppEngingIamBindingConditionArgs) ElementType() reflect.Type
- func (i WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionOutput() WebTypeAppEngingIamBindingConditionOutput
- func (i WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionOutput
- func (i WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionPtrOutput() WebTypeAppEngingIamBindingConditionPtrOutput
- func (i WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionPtrOutput
- type WebTypeAppEngingIamBindingConditionInput
- type WebTypeAppEngingIamBindingConditionOutput
- func (o WebTypeAppEngingIamBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (WebTypeAppEngingIamBindingConditionOutput) ElementType() reflect.Type
- func (o WebTypeAppEngingIamBindingConditionOutput) Expression() pulumi.StringOutput
- func (o WebTypeAppEngingIamBindingConditionOutput) Title() pulumi.StringOutput
- func (o WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionOutput() WebTypeAppEngingIamBindingConditionOutput
- func (o WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionOutput
- func (o WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionPtrOutput() WebTypeAppEngingIamBindingConditionPtrOutput
- func (o WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionPtrOutput
- type WebTypeAppEngingIamBindingConditionPtrInput
- type WebTypeAppEngingIamBindingConditionPtrOutput
- func (o WebTypeAppEngingIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o WebTypeAppEngingIamBindingConditionPtrOutput) Elem() WebTypeAppEngingIamBindingConditionOutput
- func (WebTypeAppEngingIamBindingConditionPtrOutput) ElementType() reflect.Type
- func (o WebTypeAppEngingIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o WebTypeAppEngingIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o WebTypeAppEngingIamBindingConditionPtrOutput) ToWebTypeAppEngingIamBindingConditionPtrOutput() WebTypeAppEngingIamBindingConditionPtrOutput
- func (o WebTypeAppEngingIamBindingConditionPtrOutput) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionPtrOutput
- type WebTypeAppEngingIamBindingInput
- type WebTypeAppEngingIamBindingOutput
- func (WebTypeAppEngingIamBindingOutput) ElementType() reflect.Type
- func (o WebTypeAppEngingIamBindingOutput) ToWebTypeAppEngingIamBindingOutput() WebTypeAppEngingIamBindingOutput
- func (o WebTypeAppEngingIamBindingOutput) ToWebTypeAppEngingIamBindingOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingOutput
- type WebTypeAppEngingIamBindingState
- type WebTypeAppEngingIamMember
- type WebTypeAppEngingIamMemberArgs
- type WebTypeAppEngingIamMemberCondition
- type WebTypeAppEngingIamMemberConditionArgs
- func (WebTypeAppEngingIamMemberConditionArgs) ElementType() reflect.Type
- func (i WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionOutput() WebTypeAppEngingIamMemberConditionOutput
- func (i WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionOutput
- func (i WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionPtrOutput() WebTypeAppEngingIamMemberConditionPtrOutput
- func (i WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionPtrOutput
- type WebTypeAppEngingIamMemberConditionInput
- type WebTypeAppEngingIamMemberConditionOutput
- func (o WebTypeAppEngingIamMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (WebTypeAppEngingIamMemberConditionOutput) ElementType() reflect.Type
- func (o WebTypeAppEngingIamMemberConditionOutput) Expression() pulumi.StringOutput
- func (o WebTypeAppEngingIamMemberConditionOutput) Title() pulumi.StringOutput
- func (o WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionOutput() WebTypeAppEngingIamMemberConditionOutput
- func (o WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionOutput
- func (o WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionPtrOutput() WebTypeAppEngingIamMemberConditionPtrOutput
- func (o WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionPtrOutput
- type WebTypeAppEngingIamMemberConditionPtrInput
- type WebTypeAppEngingIamMemberConditionPtrOutput
- func (o WebTypeAppEngingIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o WebTypeAppEngingIamMemberConditionPtrOutput) Elem() WebTypeAppEngingIamMemberConditionOutput
- func (WebTypeAppEngingIamMemberConditionPtrOutput) ElementType() reflect.Type
- func (o WebTypeAppEngingIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o WebTypeAppEngingIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o WebTypeAppEngingIamMemberConditionPtrOutput) ToWebTypeAppEngingIamMemberConditionPtrOutput() WebTypeAppEngingIamMemberConditionPtrOutput
- func (o WebTypeAppEngingIamMemberConditionPtrOutput) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionPtrOutput
- type WebTypeAppEngingIamMemberInput
- type WebTypeAppEngingIamMemberOutput
- func (WebTypeAppEngingIamMemberOutput) ElementType() reflect.Type
- func (o WebTypeAppEngingIamMemberOutput) ToWebTypeAppEngingIamMemberOutput() WebTypeAppEngingIamMemberOutput
- func (o WebTypeAppEngingIamMemberOutput) ToWebTypeAppEngingIamMemberOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberOutput
- type WebTypeAppEngingIamMemberState
- type WebTypeAppEngingIamPolicy
- type WebTypeAppEngingIamPolicyArgs
- type WebTypeAppEngingIamPolicyInput
- type WebTypeAppEngingIamPolicyOutput
- func (WebTypeAppEngingIamPolicyOutput) ElementType() reflect.Type
- func (o WebTypeAppEngingIamPolicyOutput) ToWebTypeAppEngingIamPolicyOutput() WebTypeAppEngingIamPolicyOutput
- func (o WebTypeAppEngingIamPolicyOutput) ToWebTypeAppEngingIamPolicyOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyOutput
- type WebTypeAppEngingIamPolicyState
- type WebTypeComputeIamBinding
- type WebTypeComputeIamBindingArgs
- type WebTypeComputeIamBindingCondition
- type WebTypeComputeIamBindingConditionArgs
- func (WebTypeComputeIamBindingConditionArgs) ElementType() reflect.Type
- func (i WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionOutput() WebTypeComputeIamBindingConditionOutput
- func (i WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionOutput
- func (i WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionPtrOutput() WebTypeComputeIamBindingConditionPtrOutput
- func (i WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionPtrOutput
- type WebTypeComputeIamBindingConditionInput
- type WebTypeComputeIamBindingConditionOutput
- func (o WebTypeComputeIamBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (WebTypeComputeIamBindingConditionOutput) ElementType() reflect.Type
- func (o WebTypeComputeIamBindingConditionOutput) Expression() pulumi.StringOutput
- func (o WebTypeComputeIamBindingConditionOutput) Title() pulumi.StringOutput
- func (o WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionOutput() WebTypeComputeIamBindingConditionOutput
- func (o WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionOutput
- func (o WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionPtrOutput() WebTypeComputeIamBindingConditionPtrOutput
- func (o WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionPtrOutput
- type WebTypeComputeIamBindingConditionPtrInput
- type WebTypeComputeIamBindingConditionPtrOutput
- func (o WebTypeComputeIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o WebTypeComputeIamBindingConditionPtrOutput) Elem() WebTypeComputeIamBindingConditionOutput
- func (WebTypeComputeIamBindingConditionPtrOutput) ElementType() reflect.Type
- func (o WebTypeComputeIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o WebTypeComputeIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o WebTypeComputeIamBindingConditionPtrOutput) ToWebTypeComputeIamBindingConditionPtrOutput() WebTypeComputeIamBindingConditionPtrOutput
- func (o WebTypeComputeIamBindingConditionPtrOutput) ToWebTypeComputeIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionPtrOutput
- type WebTypeComputeIamBindingInput
- type WebTypeComputeIamBindingOutput
- func (WebTypeComputeIamBindingOutput) ElementType() reflect.Type
- func (o WebTypeComputeIamBindingOutput) ToWebTypeComputeIamBindingOutput() WebTypeComputeIamBindingOutput
- func (o WebTypeComputeIamBindingOutput) ToWebTypeComputeIamBindingOutputWithContext(ctx context.Context) WebTypeComputeIamBindingOutput
- type WebTypeComputeIamBindingState
- type WebTypeComputeIamMember
- type WebTypeComputeIamMemberArgs
- type WebTypeComputeIamMemberCondition
- type WebTypeComputeIamMemberConditionArgs
- func (WebTypeComputeIamMemberConditionArgs) ElementType() reflect.Type
- func (i WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionOutput() WebTypeComputeIamMemberConditionOutput
- func (i WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionOutput
- func (i WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionPtrOutput() WebTypeComputeIamMemberConditionPtrOutput
- func (i WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionPtrOutput
- type WebTypeComputeIamMemberConditionInput
- type WebTypeComputeIamMemberConditionOutput
- func (o WebTypeComputeIamMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (WebTypeComputeIamMemberConditionOutput) ElementType() reflect.Type
- func (o WebTypeComputeIamMemberConditionOutput) Expression() pulumi.StringOutput
- func (o WebTypeComputeIamMemberConditionOutput) Title() pulumi.StringOutput
- func (o WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionOutput() WebTypeComputeIamMemberConditionOutput
- func (o WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionOutput
- func (o WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionPtrOutput() WebTypeComputeIamMemberConditionPtrOutput
- func (o WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionPtrOutput
- type WebTypeComputeIamMemberConditionPtrInput
- type WebTypeComputeIamMemberConditionPtrOutput
- func (o WebTypeComputeIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o WebTypeComputeIamMemberConditionPtrOutput) Elem() WebTypeComputeIamMemberConditionOutput
- func (WebTypeComputeIamMemberConditionPtrOutput) ElementType() reflect.Type
- func (o WebTypeComputeIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o WebTypeComputeIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o WebTypeComputeIamMemberConditionPtrOutput) ToWebTypeComputeIamMemberConditionPtrOutput() WebTypeComputeIamMemberConditionPtrOutput
- func (o WebTypeComputeIamMemberConditionPtrOutput) ToWebTypeComputeIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionPtrOutput
- type WebTypeComputeIamMemberInput
- type WebTypeComputeIamMemberOutput
- type WebTypeComputeIamMemberState
- type WebTypeComputeIamPolicy
- type WebTypeComputeIamPolicyArgs
- type WebTypeComputeIamPolicyInput
- type WebTypeComputeIamPolicyOutput
- type WebTypeComputeIamPolicyState
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AppEngineServiceIamBinding ¶
type AppEngineServiceIamBinding struct {
pulumi.CustomResourceState
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringOutput `pulumi:"appId"`
// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition AppEngineServiceIamBindingConditionPtrOutput `pulumi:"condition"`
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
Members pulumi.StringArrayOutput `pulumi:"members"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
// The role that should be applied. Only one
// `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringOutput `pulumi:"role"`
// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
Service pulumi.StringOutput `pulumi:"service"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:
* `iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached. * `iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved. * `iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.
> **Note:** `iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `iap.AppEngineServiceIamBinding` and `iap.AppEngineServiceIamMember` or they will fight over what your policy should be.
> **Note:** `iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_app\_engine\_service\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_app\_engine\_service\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Condition: &iap.AppEngineServiceIamBindingConditionArgs{
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
Title: pulumi.String("expires_after_2019_12_31"),
},
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_app\_engine\_service\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Member: pulumi.String("user:jane@example.com"),
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Condition: &iap.AppEngineServiceIamMemberConditionArgs{
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
Title: pulumi.String("expires_after_2019_12_31"),
},
Member: pulumi.String("user:jane@example.com"),
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} * {{project}}/{{appId}}/{{service}} * {{appId}}/{{service}} * {{service}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetAppEngineServiceIamBinding ¶
func GetAppEngineServiceIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AppEngineServiceIamBindingState, opts ...pulumi.ResourceOption) (*AppEngineServiceIamBinding, error)
GetAppEngineServiceIamBinding gets an existing AppEngineServiceIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAppEngineServiceIamBinding ¶
func NewAppEngineServiceIamBinding(ctx *pulumi.Context, name string, args *AppEngineServiceIamBindingArgs, opts ...pulumi.ResourceOption) (*AppEngineServiceIamBinding, error)
NewAppEngineServiceIamBinding registers a new resource with the given unique name, arguments, and options.
func (AppEngineServiceIamBinding) ElementType ¶ added in v4.4.0
func (AppEngineServiceIamBinding) ElementType() reflect.Type
func (AppEngineServiceIamBinding) ToAppEngineServiceIamBindingOutput ¶ added in v4.4.0
func (i AppEngineServiceIamBinding) ToAppEngineServiceIamBindingOutput() AppEngineServiceIamBindingOutput
func (AppEngineServiceIamBinding) ToAppEngineServiceIamBindingOutputWithContext ¶ added in v4.4.0
func (i AppEngineServiceIamBinding) ToAppEngineServiceIamBindingOutputWithContext(ctx context.Context) AppEngineServiceIamBindingOutput
type AppEngineServiceIamBindingArgs ¶
type AppEngineServiceIamBindingArgs struct {
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringInput
// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition AppEngineServiceIamBindingConditionPtrInput
Members pulumi.StringArrayInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringInput
// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
Service pulumi.StringInput
}
The set of arguments for constructing a AppEngineServiceIamBinding resource.
func (AppEngineServiceIamBindingArgs) ElementType ¶
func (AppEngineServiceIamBindingArgs) ElementType() reflect.Type
type AppEngineServiceIamBindingCondition ¶
type AppEngineServiceIamBindingCondition struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description *string `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression string `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title string `pulumi:"title"`
}
type AppEngineServiceIamBindingConditionArgs ¶
type AppEngineServiceIamBindingConditionArgs struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description pulumi.StringPtrInput `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression pulumi.StringInput `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title pulumi.StringInput `pulumi:"title"`
}
func (AppEngineServiceIamBindingConditionArgs) ElementType ¶
func (AppEngineServiceIamBindingConditionArgs) ElementType() reflect.Type
func (AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionOutput ¶
func (i AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionOutput() AppEngineServiceIamBindingConditionOutput
func (AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionOutputWithContext ¶
func (i AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionOutput
func (AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionPtrOutput ¶
func (i AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionPtrOutput() AppEngineServiceIamBindingConditionPtrOutput
func (AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionPtrOutputWithContext ¶
func (i AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionPtrOutput
type AppEngineServiceIamBindingConditionInput ¶
type AppEngineServiceIamBindingConditionInput interface {
pulumi.Input
ToAppEngineServiceIamBindingConditionOutput() AppEngineServiceIamBindingConditionOutput
ToAppEngineServiceIamBindingConditionOutputWithContext(context.Context) AppEngineServiceIamBindingConditionOutput
}
AppEngineServiceIamBindingConditionInput is an input type that accepts AppEngineServiceIamBindingConditionArgs and AppEngineServiceIamBindingConditionOutput values. You can construct a concrete instance of `AppEngineServiceIamBindingConditionInput` via:
AppEngineServiceIamBindingConditionArgs{...}
type AppEngineServiceIamBindingConditionOutput ¶
type AppEngineServiceIamBindingConditionOutput struct{ *pulumi.OutputState }
func (AppEngineServiceIamBindingConditionOutput) Description ¶
func (o AppEngineServiceIamBindingConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (AppEngineServiceIamBindingConditionOutput) ElementType ¶
func (AppEngineServiceIamBindingConditionOutput) ElementType() reflect.Type
func (AppEngineServiceIamBindingConditionOutput) Expression ¶
func (o AppEngineServiceIamBindingConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (AppEngineServiceIamBindingConditionOutput) Title ¶
func (o AppEngineServiceIamBindingConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionOutput ¶
func (o AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionOutput() AppEngineServiceIamBindingConditionOutput
func (AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionOutputWithContext ¶
func (o AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionOutput
func (AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionPtrOutput ¶
func (o AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionPtrOutput() AppEngineServiceIamBindingConditionPtrOutput
func (AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionPtrOutputWithContext ¶
func (o AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionPtrOutput
type AppEngineServiceIamBindingConditionPtrInput ¶
type AppEngineServiceIamBindingConditionPtrInput interface {
pulumi.Input
ToAppEngineServiceIamBindingConditionPtrOutput() AppEngineServiceIamBindingConditionPtrOutput
ToAppEngineServiceIamBindingConditionPtrOutputWithContext(context.Context) AppEngineServiceIamBindingConditionPtrOutput
}
AppEngineServiceIamBindingConditionPtrInput is an input type that accepts AppEngineServiceIamBindingConditionArgs, AppEngineServiceIamBindingConditionPtr and AppEngineServiceIamBindingConditionPtrOutput values. You can construct a concrete instance of `AppEngineServiceIamBindingConditionPtrInput` via:
AppEngineServiceIamBindingConditionArgs{...}
or:
nil
func AppEngineServiceIamBindingConditionPtr ¶
func AppEngineServiceIamBindingConditionPtr(v *AppEngineServiceIamBindingConditionArgs) AppEngineServiceIamBindingConditionPtrInput
type AppEngineServiceIamBindingConditionPtrOutput ¶
type AppEngineServiceIamBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (AppEngineServiceIamBindingConditionPtrOutput) Description ¶
func (o AppEngineServiceIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (AppEngineServiceIamBindingConditionPtrOutput) ElementType ¶
func (AppEngineServiceIamBindingConditionPtrOutput) ElementType() reflect.Type
func (AppEngineServiceIamBindingConditionPtrOutput) Expression ¶
func (o AppEngineServiceIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (AppEngineServiceIamBindingConditionPtrOutput) Title ¶
func (o AppEngineServiceIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (AppEngineServiceIamBindingConditionPtrOutput) ToAppEngineServiceIamBindingConditionPtrOutput ¶
func (o AppEngineServiceIamBindingConditionPtrOutput) ToAppEngineServiceIamBindingConditionPtrOutput() AppEngineServiceIamBindingConditionPtrOutput
func (AppEngineServiceIamBindingConditionPtrOutput) ToAppEngineServiceIamBindingConditionPtrOutputWithContext ¶
func (o AppEngineServiceIamBindingConditionPtrOutput) ToAppEngineServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionPtrOutput
type AppEngineServiceIamBindingInput ¶ added in v4.4.0
type AppEngineServiceIamBindingInput interface {
pulumi.Input
ToAppEngineServiceIamBindingOutput() AppEngineServiceIamBindingOutput
ToAppEngineServiceIamBindingOutputWithContext(ctx context.Context) AppEngineServiceIamBindingOutput
}
type AppEngineServiceIamBindingOutput ¶ added in v4.4.0
type AppEngineServiceIamBindingOutput struct {
*pulumi.OutputState
}
func (AppEngineServiceIamBindingOutput) ElementType ¶ added in v4.4.0
func (AppEngineServiceIamBindingOutput) ElementType() reflect.Type
func (AppEngineServiceIamBindingOutput) ToAppEngineServiceIamBindingOutput ¶ added in v4.4.0
func (o AppEngineServiceIamBindingOutput) ToAppEngineServiceIamBindingOutput() AppEngineServiceIamBindingOutput
func (AppEngineServiceIamBindingOutput) ToAppEngineServiceIamBindingOutputWithContext ¶ added in v4.4.0
func (o AppEngineServiceIamBindingOutput) ToAppEngineServiceIamBindingOutputWithContext(ctx context.Context) AppEngineServiceIamBindingOutput
type AppEngineServiceIamBindingState ¶
type AppEngineServiceIamBindingState struct {
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringPtrInput
// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition AppEngineServiceIamBindingConditionPtrInput
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
Members pulumi.StringArrayInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringPtrInput
// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
Service pulumi.StringPtrInput
}
func (AppEngineServiceIamBindingState) ElementType ¶
func (AppEngineServiceIamBindingState) ElementType() reflect.Type
type AppEngineServiceIamMember ¶
type AppEngineServiceIamMember struct {
pulumi.CustomResourceState
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringOutput `pulumi:"appId"`
// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition AppEngineServiceIamMemberConditionPtrOutput `pulumi:"condition"`
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
Member pulumi.StringOutput `pulumi:"member"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
// The role that should be applied. Only one
// `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringOutput `pulumi:"role"`
// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
Service pulumi.StringOutput `pulumi:"service"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:
* `iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached. * `iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved. * `iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.
> **Note:** `iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `iap.AppEngineServiceIamBinding` and `iap.AppEngineServiceIamMember` or they will fight over what your policy should be.
> **Note:** `iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_app\_engine\_service\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_app\_engine\_service\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Condition: &iap.AppEngineServiceIamBindingConditionArgs{
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
Title: pulumi.String("expires_after_2019_12_31"),
},
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_app\_engine\_service\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Member: pulumi.String("user:jane@example.com"),
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Condition: &iap.AppEngineServiceIamMemberConditionArgs{
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
Title: pulumi.String("expires_after_2019_12_31"),
},
Member: pulumi.String("user:jane@example.com"),
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} * {{project}}/{{appId}}/{{service}} * {{appId}}/{{service}} * {{service}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetAppEngineServiceIamMember ¶
func GetAppEngineServiceIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AppEngineServiceIamMemberState, opts ...pulumi.ResourceOption) (*AppEngineServiceIamMember, error)
GetAppEngineServiceIamMember gets an existing AppEngineServiceIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAppEngineServiceIamMember ¶
func NewAppEngineServiceIamMember(ctx *pulumi.Context, name string, args *AppEngineServiceIamMemberArgs, opts ...pulumi.ResourceOption) (*AppEngineServiceIamMember, error)
NewAppEngineServiceIamMember registers a new resource with the given unique name, arguments, and options.
func (AppEngineServiceIamMember) ElementType ¶ added in v4.4.0
func (AppEngineServiceIamMember) ElementType() reflect.Type
func (AppEngineServiceIamMember) ToAppEngineServiceIamMemberOutput ¶ added in v4.4.0
func (i AppEngineServiceIamMember) ToAppEngineServiceIamMemberOutput() AppEngineServiceIamMemberOutput
func (AppEngineServiceIamMember) ToAppEngineServiceIamMemberOutputWithContext ¶ added in v4.4.0
func (i AppEngineServiceIamMember) ToAppEngineServiceIamMemberOutputWithContext(ctx context.Context) AppEngineServiceIamMemberOutput
type AppEngineServiceIamMemberArgs ¶
type AppEngineServiceIamMemberArgs struct {
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringInput
// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition AppEngineServiceIamMemberConditionPtrInput
Member pulumi.StringInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringInput
// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
Service pulumi.StringInput
}
The set of arguments for constructing a AppEngineServiceIamMember resource.
func (AppEngineServiceIamMemberArgs) ElementType ¶
func (AppEngineServiceIamMemberArgs) ElementType() reflect.Type
type AppEngineServiceIamMemberCondition ¶
type AppEngineServiceIamMemberCondition struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description *string `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression string `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title string `pulumi:"title"`
}
type AppEngineServiceIamMemberConditionArgs ¶
type AppEngineServiceIamMemberConditionArgs struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description pulumi.StringPtrInput `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression pulumi.StringInput `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title pulumi.StringInput `pulumi:"title"`
}
func (AppEngineServiceIamMemberConditionArgs) ElementType ¶
func (AppEngineServiceIamMemberConditionArgs) ElementType() reflect.Type
func (AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionOutput ¶
func (i AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionOutput() AppEngineServiceIamMemberConditionOutput
func (AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionOutputWithContext ¶
func (i AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionOutput
func (AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionPtrOutput ¶
func (i AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionPtrOutput() AppEngineServiceIamMemberConditionPtrOutput
func (AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionPtrOutputWithContext ¶
func (i AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionPtrOutput
type AppEngineServiceIamMemberConditionInput ¶
type AppEngineServiceIamMemberConditionInput interface {
pulumi.Input
ToAppEngineServiceIamMemberConditionOutput() AppEngineServiceIamMemberConditionOutput
ToAppEngineServiceIamMemberConditionOutputWithContext(context.Context) AppEngineServiceIamMemberConditionOutput
}
AppEngineServiceIamMemberConditionInput is an input type that accepts AppEngineServiceIamMemberConditionArgs and AppEngineServiceIamMemberConditionOutput values. You can construct a concrete instance of `AppEngineServiceIamMemberConditionInput` via:
AppEngineServiceIamMemberConditionArgs{...}
type AppEngineServiceIamMemberConditionOutput ¶
type AppEngineServiceIamMemberConditionOutput struct{ *pulumi.OutputState }
func (AppEngineServiceIamMemberConditionOutput) Description ¶
func (o AppEngineServiceIamMemberConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (AppEngineServiceIamMemberConditionOutput) ElementType ¶
func (AppEngineServiceIamMemberConditionOutput) ElementType() reflect.Type
func (AppEngineServiceIamMemberConditionOutput) Expression ¶
func (o AppEngineServiceIamMemberConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (AppEngineServiceIamMemberConditionOutput) Title ¶
func (o AppEngineServiceIamMemberConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionOutput ¶
func (o AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionOutput() AppEngineServiceIamMemberConditionOutput
func (AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionOutputWithContext ¶
func (o AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionOutput
func (AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionPtrOutput ¶
func (o AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionPtrOutput() AppEngineServiceIamMemberConditionPtrOutput
func (AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionPtrOutputWithContext ¶
func (o AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionPtrOutput
type AppEngineServiceIamMemberConditionPtrInput ¶
type AppEngineServiceIamMemberConditionPtrInput interface {
pulumi.Input
ToAppEngineServiceIamMemberConditionPtrOutput() AppEngineServiceIamMemberConditionPtrOutput
ToAppEngineServiceIamMemberConditionPtrOutputWithContext(context.Context) AppEngineServiceIamMemberConditionPtrOutput
}
AppEngineServiceIamMemberConditionPtrInput is an input type that accepts AppEngineServiceIamMemberConditionArgs, AppEngineServiceIamMemberConditionPtr and AppEngineServiceIamMemberConditionPtrOutput values. You can construct a concrete instance of `AppEngineServiceIamMemberConditionPtrInput` via:
AppEngineServiceIamMemberConditionArgs{...}
or:
nil
func AppEngineServiceIamMemberConditionPtr ¶
func AppEngineServiceIamMemberConditionPtr(v *AppEngineServiceIamMemberConditionArgs) AppEngineServiceIamMemberConditionPtrInput
type AppEngineServiceIamMemberConditionPtrOutput ¶
type AppEngineServiceIamMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (AppEngineServiceIamMemberConditionPtrOutput) Description ¶
func (o AppEngineServiceIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (AppEngineServiceIamMemberConditionPtrOutput) ElementType ¶
func (AppEngineServiceIamMemberConditionPtrOutput) ElementType() reflect.Type
func (AppEngineServiceIamMemberConditionPtrOutput) Expression ¶
func (o AppEngineServiceIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (AppEngineServiceIamMemberConditionPtrOutput) Title ¶
func (o AppEngineServiceIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (AppEngineServiceIamMemberConditionPtrOutput) ToAppEngineServiceIamMemberConditionPtrOutput ¶
func (o AppEngineServiceIamMemberConditionPtrOutput) ToAppEngineServiceIamMemberConditionPtrOutput() AppEngineServiceIamMemberConditionPtrOutput
func (AppEngineServiceIamMemberConditionPtrOutput) ToAppEngineServiceIamMemberConditionPtrOutputWithContext ¶
func (o AppEngineServiceIamMemberConditionPtrOutput) ToAppEngineServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionPtrOutput
type AppEngineServiceIamMemberInput ¶ added in v4.4.0
type AppEngineServiceIamMemberInput interface {
pulumi.Input
ToAppEngineServiceIamMemberOutput() AppEngineServiceIamMemberOutput
ToAppEngineServiceIamMemberOutputWithContext(ctx context.Context) AppEngineServiceIamMemberOutput
}
type AppEngineServiceIamMemberOutput ¶ added in v4.4.0
type AppEngineServiceIamMemberOutput struct {
*pulumi.OutputState
}
func (AppEngineServiceIamMemberOutput) ElementType ¶ added in v4.4.0
func (AppEngineServiceIamMemberOutput) ElementType() reflect.Type
func (AppEngineServiceIamMemberOutput) ToAppEngineServiceIamMemberOutput ¶ added in v4.4.0
func (o AppEngineServiceIamMemberOutput) ToAppEngineServiceIamMemberOutput() AppEngineServiceIamMemberOutput
func (AppEngineServiceIamMemberOutput) ToAppEngineServiceIamMemberOutputWithContext ¶ added in v4.4.0
func (o AppEngineServiceIamMemberOutput) ToAppEngineServiceIamMemberOutputWithContext(ctx context.Context) AppEngineServiceIamMemberOutput
type AppEngineServiceIamMemberState ¶
type AppEngineServiceIamMemberState struct {
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringPtrInput
// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition AppEngineServiceIamMemberConditionPtrInput
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
Member pulumi.StringPtrInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringPtrInput
// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
Service pulumi.StringPtrInput
}
func (AppEngineServiceIamMemberState) ElementType ¶
func (AppEngineServiceIamMemberState) ElementType() reflect.Type
type AppEngineServiceIamPolicy ¶
type AppEngineServiceIamPolicy struct {
pulumi.CustomResourceState
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringOutput `pulumi:"appId"`
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringOutput `pulumi:"policyData"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
Service pulumi.StringOutput `pulumi:"service"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:
* `iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached. * `iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved. * `iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.
> **Note:** `iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `iap.AppEngineServiceIamBinding` and `iap.AppEngineServiceIamMember` or they will fight over what your policy should be.
> **Note:** `iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_app\_engine\_service\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_app\_engine\_service\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Condition: &iap.AppEngineServiceIamBindingConditionArgs{
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
Title: pulumi.String("expires_after_2019_12_31"),
},
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_app\_engine\_service\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Member: pulumi.String("user:jane@example.com"),
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Condition: &iap.AppEngineServiceIamMemberConditionArgs{
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
Title: pulumi.String("expires_after_2019_12_31"),
},
Member: pulumi.String("user:jane@example.com"),
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} * {{project}}/{{appId}}/{{service}} * {{appId}}/{{service}} * {{service}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetAppEngineServiceIamPolicy ¶
func GetAppEngineServiceIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AppEngineServiceIamPolicyState, opts ...pulumi.ResourceOption) (*AppEngineServiceIamPolicy, error)
GetAppEngineServiceIamPolicy gets an existing AppEngineServiceIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAppEngineServiceIamPolicy ¶
func NewAppEngineServiceIamPolicy(ctx *pulumi.Context, name string, args *AppEngineServiceIamPolicyArgs, opts ...pulumi.ResourceOption) (*AppEngineServiceIamPolicy, error)
NewAppEngineServiceIamPolicy registers a new resource with the given unique name, arguments, and options.
func (AppEngineServiceIamPolicy) ElementType ¶ added in v4.4.0
func (AppEngineServiceIamPolicy) ElementType() reflect.Type
func (AppEngineServiceIamPolicy) ToAppEngineServiceIamPolicyOutput ¶ added in v4.4.0
func (i AppEngineServiceIamPolicy) ToAppEngineServiceIamPolicyOutput() AppEngineServiceIamPolicyOutput
func (AppEngineServiceIamPolicy) ToAppEngineServiceIamPolicyOutputWithContext ¶ added in v4.4.0
func (i AppEngineServiceIamPolicy) ToAppEngineServiceIamPolicyOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyOutput
type AppEngineServiceIamPolicyArgs ¶
type AppEngineServiceIamPolicyArgs struct {
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringInput
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
Service pulumi.StringInput
}
The set of arguments for constructing a AppEngineServiceIamPolicy resource.
func (AppEngineServiceIamPolicyArgs) ElementType ¶
func (AppEngineServiceIamPolicyArgs) ElementType() reflect.Type
type AppEngineServiceIamPolicyInput ¶ added in v4.4.0
type AppEngineServiceIamPolicyInput interface {
pulumi.Input
ToAppEngineServiceIamPolicyOutput() AppEngineServiceIamPolicyOutput
ToAppEngineServiceIamPolicyOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyOutput
}
type AppEngineServiceIamPolicyOutput ¶ added in v4.4.0
type AppEngineServiceIamPolicyOutput struct {
*pulumi.OutputState
}
func (AppEngineServiceIamPolicyOutput) ElementType ¶ added in v4.4.0
func (AppEngineServiceIamPolicyOutput) ElementType() reflect.Type
func (AppEngineServiceIamPolicyOutput) ToAppEngineServiceIamPolicyOutput ¶ added in v4.4.0
func (o AppEngineServiceIamPolicyOutput) ToAppEngineServiceIamPolicyOutput() AppEngineServiceIamPolicyOutput
func (AppEngineServiceIamPolicyOutput) ToAppEngineServiceIamPolicyOutputWithContext ¶ added in v4.4.0
func (o AppEngineServiceIamPolicyOutput) ToAppEngineServiceIamPolicyOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyOutput
type AppEngineServiceIamPolicyState ¶
type AppEngineServiceIamPolicyState struct {
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringPtrInput
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringPtrInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
Service pulumi.StringPtrInput
}
func (AppEngineServiceIamPolicyState) ElementType ¶
func (AppEngineServiceIamPolicyState) ElementType() reflect.Type
type AppEngineVersionIamBinding ¶
type AppEngineVersionIamBinding struct {
pulumi.CustomResourceState
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringOutput `pulumi:"appId"`
// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition AppEngineVersionIamBindingConditionPtrOutput `pulumi:"condition"`
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
Members pulumi.StringArrayOutput `pulumi:"members"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
// The role that should be applied. Only one
// `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringOutput `pulumi:"role"`
// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
Service pulumi.StringOutput `pulumi:"service"`
// Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
VersionId pulumi.StringOutput `pulumi:"versionId"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:
* `iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached. * `iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved. * `iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.
> **Note:** `iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `iap.AppEngineVersionIamBinding` and `iap.AppEngineVersionIamMember` or they will fight over what your policy should be.
> **Note:** `iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_app\_engine\_version\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_app\_engine\_version\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Condition: &iap.AppEngineVersionIamBindingConditionArgs{
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
Title: pulumi.String("expires_after_2019_12_31"),
},
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_app\_engine\_version\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Member: pulumi.String("user:jane@example.com"),
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Condition: &iap.AppEngineVersionIamMemberConditionArgs{
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
Title: pulumi.String("expires_after_2019_12_31"),
},
Member: pulumi.String("user:jane@example.com"),
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} * {{project}}/{{appId}}/{{service}}/{{versionId}} * {{appId}}/{{service}}/{{versionId}} * {{version}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetAppEngineVersionIamBinding ¶
func GetAppEngineVersionIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AppEngineVersionIamBindingState, opts ...pulumi.ResourceOption) (*AppEngineVersionIamBinding, error)
GetAppEngineVersionIamBinding gets an existing AppEngineVersionIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAppEngineVersionIamBinding ¶
func NewAppEngineVersionIamBinding(ctx *pulumi.Context, name string, args *AppEngineVersionIamBindingArgs, opts ...pulumi.ResourceOption) (*AppEngineVersionIamBinding, error)
NewAppEngineVersionIamBinding registers a new resource with the given unique name, arguments, and options.
func (AppEngineVersionIamBinding) ElementType ¶ added in v4.4.0
func (AppEngineVersionIamBinding) ElementType() reflect.Type
func (AppEngineVersionIamBinding) ToAppEngineVersionIamBindingOutput ¶ added in v4.4.0
func (i AppEngineVersionIamBinding) ToAppEngineVersionIamBindingOutput() AppEngineVersionIamBindingOutput
func (AppEngineVersionIamBinding) ToAppEngineVersionIamBindingOutputWithContext ¶ added in v4.4.0
func (i AppEngineVersionIamBinding) ToAppEngineVersionIamBindingOutputWithContext(ctx context.Context) AppEngineVersionIamBindingOutput
type AppEngineVersionIamBindingArgs ¶
type AppEngineVersionIamBindingArgs struct {
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringInput
// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition AppEngineVersionIamBindingConditionPtrInput
Members pulumi.StringArrayInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringInput
// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
Service pulumi.StringInput
// Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
VersionId pulumi.StringInput
}
The set of arguments for constructing a AppEngineVersionIamBinding resource.
func (AppEngineVersionIamBindingArgs) ElementType ¶
func (AppEngineVersionIamBindingArgs) ElementType() reflect.Type
type AppEngineVersionIamBindingCondition ¶
type AppEngineVersionIamBindingCondition struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description *string `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression string `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title string `pulumi:"title"`
}
type AppEngineVersionIamBindingConditionArgs ¶
type AppEngineVersionIamBindingConditionArgs struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description pulumi.StringPtrInput `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression pulumi.StringInput `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title pulumi.StringInput `pulumi:"title"`
}
func (AppEngineVersionIamBindingConditionArgs) ElementType ¶
func (AppEngineVersionIamBindingConditionArgs) ElementType() reflect.Type
func (AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionOutput ¶
func (i AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionOutput() AppEngineVersionIamBindingConditionOutput
func (AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionOutputWithContext ¶
func (i AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionOutput
func (AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionPtrOutput ¶
func (i AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionPtrOutput() AppEngineVersionIamBindingConditionPtrOutput
func (AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionPtrOutputWithContext ¶
func (i AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionPtrOutput
type AppEngineVersionIamBindingConditionInput ¶
type AppEngineVersionIamBindingConditionInput interface {
pulumi.Input
ToAppEngineVersionIamBindingConditionOutput() AppEngineVersionIamBindingConditionOutput
ToAppEngineVersionIamBindingConditionOutputWithContext(context.Context) AppEngineVersionIamBindingConditionOutput
}
AppEngineVersionIamBindingConditionInput is an input type that accepts AppEngineVersionIamBindingConditionArgs and AppEngineVersionIamBindingConditionOutput values. You can construct a concrete instance of `AppEngineVersionIamBindingConditionInput` via:
AppEngineVersionIamBindingConditionArgs{...}
type AppEngineVersionIamBindingConditionOutput ¶
type AppEngineVersionIamBindingConditionOutput struct{ *pulumi.OutputState }
func (AppEngineVersionIamBindingConditionOutput) Description ¶
func (o AppEngineVersionIamBindingConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (AppEngineVersionIamBindingConditionOutput) ElementType ¶
func (AppEngineVersionIamBindingConditionOutput) ElementType() reflect.Type
func (AppEngineVersionIamBindingConditionOutput) Expression ¶
func (o AppEngineVersionIamBindingConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (AppEngineVersionIamBindingConditionOutput) Title ¶
func (o AppEngineVersionIamBindingConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionOutput ¶
func (o AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionOutput() AppEngineVersionIamBindingConditionOutput
func (AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionOutputWithContext ¶
func (o AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionOutput
func (AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionPtrOutput ¶
func (o AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionPtrOutput() AppEngineVersionIamBindingConditionPtrOutput
func (AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionPtrOutputWithContext ¶
func (o AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionPtrOutput
type AppEngineVersionIamBindingConditionPtrInput ¶
type AppEngineVersionIamBindingConditionPtrInput interface {
pulumi.Input
ToAppEngineVersionIamBindingConditionPtrOutput() AppEngineVersionIamBindingConditionPtrOutput
ToAppEngineVersionIamBindingConditionPtrOutputWithContext(context.Context) AppEngineVersionIamBindingConditionPtrOutput
}
AppEngineVersionIamBindingConditionPtrInput is an input type that accepts AppEngineVersionIamBindingConditionArgs, AppEngineVersionIamBindingConditionPtr and AppEngineVersionIamBindingConditionPtrOutput values. You can construct a concrete instance of `AppEngineVersionIamBindingConditionPtrInput` via:
AppEngineVersionIamBindingConditionArgs{...}
or:
nil
func AppEngineVersionIamBindingConditionPtr ¶
func AppEngineVersionIamBindingConditionPtr(v *AppEngineVersionIamBindingConditionArgs) AppEngineVersionIamBindingConditionPtrInput
type AppEngineVersionIamBindingConditionPtrOutput ¶
type AppEngineVersionIamBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (AppEngineVersionIamBindingConditionPtrOutput) Description ¶
func (o AppEngineVersionIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (AppEngineVersionIamBindingConditionPtrOutput) ElementType ¶
func (AppEngineVersionIamBindingConditionPtrOutput) ElementType() reflect.Type
func (AppEngineVersionIamBindingConditionPtrOutput) Expression ¶
func (o AppEngineVersionIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (AppEngineVersionIamBindingConditionPtrOutput) Title ¶
func (o AppEngineVersionIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (AppEngineVersionIamBindingConditionPtrOutput) ToAppEngineVersionIamBindingConditionPtrOutput ¶
func (o AppEngineVersionIamBindingConditionPtrOutput) ToAppEngineVersionIamBindingConditionPtrOutput() AppEngineVersionIamBindingConditionPtrOutput
func (AppEngineVersionIamBindingConditionPtrOutput) ToAppEngineVersionIamBindingConditionPtrOutputWithContext ¶
func (o AppEngineVersionIamBindingConditionPtrOutput) ToAppEngineVersionIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionPtrOutput
type AppEngineVersionIamBindingInput ¶ added in v4.4.0
type AppEngineVersionIamBindingInput interface {
pulumi.Input
ToAppEngineVersionIamBindingOutput() AppEngineVersionIamBindingOutput
ToAppEngineVersionIamBindingOutputWithContext(ctx context.Context) AppEngineVersionIamBindingOutput
}
type AppEngineVersionIamBindingOutput ¶ added in v4.4.0
type AppEngineVersionIamBindingOutput struct {
*pulumi.OutputState
}
func (AppEngineVersionIamBindingOutput) ElementType ¶ added in v4.4.0
func (AppEngineVersionIamBindingOutput) ElementType() reflect.Type
func (AppEngineVersionIamBindingOutput) ToAppEngineVersionIamBindingOutput ¶ added in v4.4.0
func (o AppEngineVersionIamBindingOutput) ToAppEngineVersionIamBindingOutput() AppEngineVersionIamBindingOutput
func (AppEngineVersionIamBindingOutput) ToAppEngineVersionIamBindingOutputWithContext ¶ added in v4.4.0
func (o AppEngineVersionIamBindingOutput) ToAppEngineVersionIamBindingOutputWithContext(ctx context.Context) AppEngineVersionIamBindingOutput
type AppEngineVersionIamBindingState ¶
type AppEngineVersionIamBindingState struct {
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringPtrInput
// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition AppEngineVersionIamBindingConditionPtrInput
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
Members pulumi.StringArrayInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringPtrInput
// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
Service pulumi.StringPtrInput
// Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
VersionId pulumi.StringPtrInput
}
func (AppEngineVersionIamBindingState) ElementType ¶
func (AppEngineVersionIamBindingState) ElementType() reflect.Type
type AppEngineVersionIamMember ¶
type AppEngineVersionIamMember struct {
pulumi.CustomResourceState
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringOutput `pulumi:"appId"`
// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition AppEngineVersionIamMemberConditionPtrOutput `pulumi:"condition"`
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
Member pulumi.StringOutput `pulumi:"member"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
// The role that should be applied. Only one
// `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringOutput `pulumi:"role"`
// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
Service pulumi.StringOutput `pulumi:"service"`
// Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
VersionId pulumi.StringOutput `pulumi:"versionId"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:
* `iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached. * `iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved. * `iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.
> **Note:** `iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `iap.AppEngineVersionIamBinding` and `iap.AppEngineVersionIamMember` or they will fight over what your policy should be.
> **Note:** `iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_app\_engine\_version\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_app\_engine\_version\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Condition: &iap.AppEngineVersionIamBindingConditionArgs{
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
Title: pulumi.String("expires_after_2019_12_31"),
},
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_app\_engine\_version\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Member: pulumi.String("user:jane@example.com"),
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Condition: &iap.AppEngineVersionIamMemberConditionArgs{
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
Title: pulumi.String("expires_after_2019_12_31"),
},
Member: pulumi.String("user:jane@example.com"),
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} * {{project}}/{{appId}}/{{service}}/{{versionId}} * {{appId}}/{{service}}/{{versionId}} * {{version}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetAppEngineVersionIamMember ¶
func GetAppEngineVersionIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AppEngineVersionIamMemberState, opts ...pulumi.ResourceOption) (*AppEngineVersionIamMember, error)
GetAppEngineVersionIamMember gets an existing AppEngineVersionIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAppEngineVersionIamMember ¶
func NewAppEngineVersionIamMember(ctx *pulumi.Context, name string, args *AppEngineVersionIamMemberArgs, opts ...pulumi.ResourceOption) (*AppEngineVersionIamMember, error)
NewAppEngineVersionIamMember registers a new resource with the given unique name, arguments, and options.
func (AppEngineVersionIamMember) ElementType ¶ added in v4.4.0
func (AppEngineVersionIamMember) ElementType() reflect.Type
func (AppEngineVersionIamMember) ToAppEngineVersionIamMemberOutput ¶ added in v4.4.0
func (i AppEngineVersionIamMember) ToAppEngineVersionIamMemberOutput() AppEngineVersionIamMemberOutput
func (AppEngineVersionIamMember) ToAppEngineVersionIamMemberOutputWithContext ¶ added in v4.4.0
func (i AppEngineVersionIamMember) ToAppEngineVersionIamMemberOutputWithContext(ctx context.Context) AppEngineVersionIamMemberOutput
type AppEngineVersionIamMemberArgs ¶
type AppEngineVersionIamMemberArgs struct {
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringInput
// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition AppEngineVersionIamMemberConditionPtrInput
Member pulumi.StringInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringInput
// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
Service pulumi.StringInput
// Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
VersionId pulumi.StringInput
}
The set of arguments for constructing a AppEngineVersionIamMember resource.
func (AppEngineVersionIamMemberArgs) ElementType ¶
func (AppEngineVersionIamMemberArgs) ElementType() reflect.Type
type AppEngineVersionIamMemberCondition ¶
type AppEngineVersionIamMemberCondition struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description *string `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression string `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title string `pulumi:"title"`
}
type AppEngineVersionIamMemberConditionArgs ¶
type AppEngineVersionIamMemberConditionArgs struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description pulumi.StringPtrInput `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression pulumi.StringInput `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title pulumi.StringInput `pulumi:"title"`
}
func (AppEngineVersionIamMemberConditionArgs) ElementType ¶
func (AppEngineVersionIamMemberConditionArgs) ElementType() reflect.Type
func (AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionOutput ¶
func (i AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionOutput() AppEngineVersionIamMemberConditionOutput
func (AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionOutputWithContext ¶
func (i AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionOutput
func (AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionPtrOutput ¶
func (i AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionPtrOutput() AppEngineVersionIamMemberConditionPtrOutput
func (AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionPtrOutputWithContext ¶
func (i AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionPtrOutput
type AppEngineVersionIamMemberConditionInput ¶
type AppEngineVersionIamMemberConditionInput interface {
pulumi.Input
ToAppEngineVersionIamMemberConditionOutput() AppEngineVersionIamMemberConditionOutput
ToAppEngineVersionIamMemberConditionOutputWithContext(context.Context) AppEngineVersionIamMemberConditionOutput
}
AppEngineVersionIamMemberConditionInput is an input type that accepts AppEngineVersionIamMemberConditionArgs and AppEngineVersionIamMemberConditionOutput values. You can construct a concrete instance of `AppEngineVersionIamMemberConditionInput` via:
AppEngineVersionIamMemberConditionArgs{...}
type AppEngineVersionIamMemberConditionOutput ¶
type AppEngineVersionIamMemberConditionOutput struct{ *pulumi.OutputState }
func (AppEngineVersionIamMemberConditionOutput) Description ¶
func (o AppEngineVersionIamMemberConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (AppEngineVersionIamMemberConditionOutput) ElementType ¶
func (AppEngineVersionIamMemberConditionOutput) ElementType() reflect.Type
func (AppEngineVersionIamMemberConditionOutput) Expression ¶
func (o AppEngineVersionIamMemberConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (AppEngineVersionIamMemberConditionOutput) Title ¶
func (o AppEngineVersionIamMemberConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionOutput ¶
func (o AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionOutput() AppEngineVersionIamMemberConditionOutput
func (AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionOutputWithContext ¶
func (o AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionOutput
func (AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionPtrOutput ¶
func (o AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionPtrOutput() AppEngineVersionIamMemberConditionPtrOutput
func (AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionPtrOutputWithContext ¶
func (o AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionPtrOutput
type AppEngineVersionIamMemberConditionPtrInput ¶
type AppEngineVersionIamMemberConditionPtrInput interface {
pulumi.Input
ToAppEngineVersionIamMemberConditionPtrOutput() AppEngineVersionIamMemberConditionPtrOutput
ToAppEngineVersionIamMemberConditionPtrOutputWithContext(context.Context) AppEngineVersionIamMemberConditionPtrOutput
}
AppEngineVersionIamMemberConditionPtrInput is an input type that accepts AppEngineVersionIamMemberConditionArgs, AppEngineVersionIamMemberConditionPtr and AppEngineVersionIamMemberConditionPtrOutput values. You can construct a concrete instance of `AppEngineVersionIamMemberConditionPtrInput` via:
AppEngineVersionIamMemberConditionArgs{...}
or:
nil
func AppEngineVersionIamMemberConditionPtr ¶
func AppEngineVersionIamMemberConditionPtr(v *AppEngineVersionIamMemberConditionArgs) AppEngineVersionIamMemberConditionPtrInput
type AppEngineVersionIamMemberConditionPtrOutput ¶
type AppEngineVersionIamMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (AppEngineVersionIamMemberConditionPtrOutput) Description ¶
func (o AppEngineVersionIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (AppEngineVersionIamMemberConditionPtrOutput) ElementType ¶
func (AppEngineVersionIamMemberConditionPtrOutput) ElementType() reflect.Type
func (AppEngineVersionIamMemberConditionPtrOutput) Expression ¶
func (o AppEngineVersionIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (AppEngineVersionIamMemberConditionPtrOutput) Title ¶
func (o AppEngineVersionIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (AppEngineVersionIamMemberConditionPtrOutput) ToAppEngineVersionIamMemberConditionPtrOutput ¶
func (o AppEngineVersionIamMemberConditionPtrOutput) ToAppEngineVersionIamMemberConditionPtrOutput() AppEngineVersionIamMemberConditionPtrOutput
func (AppEngineVersionIamMemberConditionPtrOutput) ToAppEngineVersionIamMemberConditionPtrOutputWithContext ¶
func (o AppEngineVersionIamMemberConditionPtrOutput) ToAppEngineVersionIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionPtrOutput
type AppEngineVersionIamMemberInput ¶ added in v4.4.0
type AppEngineVersionIamMemberInput interface {
pulumi.Input
ToAppEngineVersionIamMemberOutput() AppEngineVersionIamMemberOutput
ToAppEngineVersionIamMemberOutputWithContext(ctx context.Context) AppEngineVersionIamMemberOutput
}
type AppEngineVersionIamMemberOutput ¶ added in v4.4.0
type AppEngineVersionIamMemberOutput struct {
*pulumi.OutputState
}
func (AppEngineVersionIamMemberOutput) ElementType ¶ added in v4.4.0
func (AppEngineVersionIamMemberOutput) ElementType() reflect.Type
func (AppEngineVersionIamMemberOutput) ToAppEngineVersionIamMemberOutput ¶ added in v4.4.0
func (o AppEngineVersionIamMemberOutput) ToAppEngineVersionIamMemberOutput() AppEngineVersionIamMemberOutput
func (AppEngineVersionIamMemberOutput) ToAppEngineVersionIamMemberOutputWithContext ¶ added in v4.4.0
func (o AppEngineVersionIamMemberOutput) ToAppEngineVersionIamMemberOutputWithContext(ctx context.Context) AppEngineVersionIamMemberOutput
type AppEngineVersionIamMemberState ¶
type AppEngineVersionIamMemberState struct {
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringPtrInput
// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition AppEngineVersionIamMemberConditionPtrInput
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
Member pulumi.StringPtrInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringPtrInput
// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
Service pulumi.StringPtrInput
// Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
VersionId pulumi.StringPtrInput
}
func (AppEngineVersionIamMemberState) ElementType ¶
func (AppEngineVersionIamMemberState) ElementType() reflect.Type
type AppEngineVersionIamPolicy ¶
type AppEngineVersionIamPolicy struct {
pulumi.CustomResourceState
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringOutput `pulumi:"appId"`
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringOutput `pulumi:"policyData"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
Service pulumi.StringOutput `pulumi:"service"`
// Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
VersionId pulumi.StringOutput `pulumi:"versionId"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:
* `iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached. * `iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved. * `iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.
> **Note:** `iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `iap.AppEngineVersionIamBinding` and `iap.AppEngineVersionIamMember` or they will fight over what your policy should be.
> **Note:** `iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_app\_engine\_version\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_app\_engine\_version\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Condition: &iap.AppEngineVersionIamBindingConditionArgs{
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
Title: pulumi.String("expires_after_2019_12_31"),
},
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_app\_engine\_version\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Member: pulumi.String("user:jane@example.com"),
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{
AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Condition: &iap.AppEngineVersionIamMemberConditionArgs{
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
Title: pulumi.String("expires_after_2019_12_31"),
},
Member: pulumi.String("user:jane@example.com"),
Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} * {{project}}/{{appId}}/{{service}}/{{versionId}} * {{appId}}/{{service}}/{{versionId}} * {{version}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetAppEngineVersionIamPolicy ¶
func GetAppEngineVersionIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AppEngineVersionIamPolicyState, opts ...pulumi.ResourceOption) (*AppEngineVersionIamPolicy, error)
GetAppEngineVersionIamPolicy gets an existing AppEngineVersionIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAppEngineVersionIamPolicy ¶
func NewAppEngineVersionIamPolicy(ctx *pulumi.Context, name string, args *AppEngineVersionIamPolicyArgs, opts ...pulumi.ResourceOption) (*AppEngineVersionIamPolicy, error)
NewAppEngineVersionIamPolicy registers a new resource with the given unique name, arguments, and options.
func (AppEngineVersionIamPolicy) ElementType ¶ added in v4.4.0
func (AppEngineVersionIamPolicy) ElementType() reflect.Type
func (AppEngineVersionIamPolicy) ToAppEngineVersionIamPolicyOutput ¶ added in v4.4.0
func (i AppEngineVersionIamPolicy) ToAppEngineVersionIamPolicyOutput() AppEngineVersionIamPolicyOutput
func (AppEngineVersionIamPolicy) ToAppEngineVersionIamPolicyOutputWithContext ¶ added in v4.4.0
func (i AppEngineVersionIamPolicy) ToAppEngineVersionIamPolicyOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyOutput
type AppEngineVersionIamPolicyArgs ¶
type AppEngineVersionIamPolicyArgs struct {
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringInput
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
Service pulumi.StringInput
// Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
VersionId pulumi.StringInput
}
The set of arguments for constructing a AppEngineVersionIamPolicy resource.
func (AppEngineVersionIamPolicyArgs) ElementType ¶
func (AppEngineVersionIamPolicyArgs) ElementType() reflect.Type
type AppEngineVersionIamPolicyInput ¶ added in v4.4.0
type AppEngineVersionIamPolicyInput interface {
pulumi.Input
ToAppEngineVersionIamPolicyOutput() AppEngineVersionIamPolicyOutput
ToAppEngineVersionIamPolicyOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyOutput
}
type AppEngineVersionIamPolicyOutput ¶ added in v4.4.0
type AppEngineVersionIamPolicyOutput struct {
*pulumi.OutputState
}
func (AppEngineVersionIamPolicyOutput) ElementType ¶ added in v4.4.0
func (AppEngineVersionIamPolicyOutput) ElementType() reflect.Type
func (AppEngineVersionIamPolicyOutput) ToAppEngineVersionIamPolicyOutput ¶ added in v4.4.0
func (o AppEngineVersionIamPolicyOutput) ToAppEngineVersionIamPolicyOutput() AppEngineVersionIamPolicyOutput
func (AppEngineVersionIamPolicyOutput) ToAppEngineVersionIamPolicyOutputWithContext ¶ added in v4.4.0
func (o AppEngineVersionIamPolicyOutput) ToAppEngineVersionIamPolicyOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyOutput
type AppEngineVersionIamPolicyState ¶
type AppEngineVersionIamPolicyState struct {
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringPtrInput
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringPtrInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
Service pulumi.StringPtrInput
// Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
VersionId pulumi.StringPtrInput
}
func (AppEngineVersionIamPolicyState) ElementType ¶
func (AppEngineVersionIamPolicyState) ElementType() reflect.Type
type Brand ¶
type Brand struct {
pulumi.CustomResourceState
// Application name displayed on OAuth consent screen.
ApplicationTitle pulumi.StringOutput `pulumi:"applicationTitle"`
// Output only. Identifier of the brand, in the format 'projects/{project_number}/brands/{brand_id}'. NOTE: The brand
// identification corresponds to the project number as only one brand per project can be created.
Name pulumi.StringOutput `pulumi:"name"`
// Whether the brand is only intended for usage inside the GSuite organization only.
OrgInternalOnly pulumi.BoolOutput `pulumi:"orgInternalOnly"`
// The ID of the project in which the resource belongs.
// If it is not provided, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
// Support email displayed on the OAuth consent screen. Can be either a
// user or group email. When a user email is specified, the caller must
// be the user with the associated email address. When a group email is
// specified, the caller can be either a user or a service account which
// is an owner of the specified group in Cloud Identity.
SupportEmail pulumi.StringOutput `pulumi:"supportEmail"`
}
OAuth brand data. Only "Organization Internal" brands can be created programmatically via API. To convert it into an external brands please use the GCP Console.
> **Note:** Brands can only be created once for a Google Cloud project and the underlying Google API doesn't not support DELETE or PATCH methods. Destroying a provider-managed Brand will remove it from state but *will not delete it from Google Cloud.*
To get more information about Brand, see:
* [API documentation](https://cloud.google.com/iap/docs/reference/rest/v1/projects.brands) * How-to Guides
- [Setting up IAP Brand](https://cloud.google.com/iap/docs/tutorial-gce#set_up_iap)
## Example Usage
## Import
Brand can be imported using any of these accepted formats ¶
```sh
$ pulumi import gcp:iap/brand:Brand default {{name}}
```
func GetBrand ¶
func GetBrand(ctx *pulumi.Context, name string, id pulumi.IDInput, state *BrandState, opts ...pulumi.ResourceOption) (*Brand, error)
GetBrand gets an existing Brand resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewBrand ¶
func NewBrand(ctx *pulumi.Context, name string, args *BrandArgs, opts ...pulumi.ResourceOption) (*Brand, error)
NewBrand registers a new resource with the given unique name, arguments, and options.
func (Brand) ElementType ¶ added in v4.4.0
func (Brand) ToBrandOutput ¶ added in v4.4.0
func (i Brand) ToBrandOutput() BrandOutput
func (Brand) ToBrandOutputWithContext ¶ added in v4.4.0
func (i Brand) ToBrandOutputWithContext(ctx context.Context) BrandOutput
type BrandArgs ¶
type BrandArgs struct {
// Application name displayed on OAuth consent screen.
ApplicationTitle pulumi.StringInput
// The ID of the project in which the resource belongs.
// If it is not provided, the provider project is used.
Project pulumi.StringPtrInput
// Support email displayed on the OAuth consent screen. Can be either a
// user or group email. When a user email is specified, the caller must
// be the user with the associated email address. When a group email is
// specified, the caller can be either a user or a service account which
// is an owner of the specified group in Cloud Identity.
SupportEmail pulumi.StringInput
}
The set of arguments for constructing a Brand resource.
func (BrandArgs) ElementType ¶
type BrandInput ¶ added in v4.4.0
type BrandInput interface {
pulumi.Input
ToBrandOutput() BrandOutput
ToBrandOutputWithContext(ctx context.Context) BrandOutput
}
type BrandOutput ¶ added in v4.4.0
type BrandOutput struct {
*pulumi.OutputState
}
func (BrandOutput) ElementType ¶ added in v4.4.0
func (BrandOutput) ElementType() reflect.Type
func (BrandOutput) ToBrandOutput ¶ added in v4.4.0
func (o BrandOutput) ToBrandOutput() BrandOutput
func (BrandOutput) ToBrandOutputWithContext ¶ added in v4.4.0
func (o BrandOutput) ToBrandOutputWithContext(ctx context.Context) BrandOutput
type BrandState ¶
type BrandState struct {
// Application name displayed on OAuth consent screen.
ApplicationTitle pulumi.StringPtrInput
// Output only. Identifier of the brand, in the format 'projects/{project_number}/brands/{brand_id}'. NOTE: The brand
// identification corresponds to the project number as only one brand per project can be created.
Name pulumi.StringPtrInput
// Whether the brand is only intended for usage inside the GSuite organization only.
OrgInternalOnly pulumi.BoolPtrInput
// The ID of the project in which the resource belongs.
// If it is not provided, the provider project is used.
Project pulumi.StringPtrInput
// Support email displayed on the OAuth consent screen. Can be either a
// user or group email. When a user email is specified, the caller must
// be the user with the associated email address. When a group email is
// specified, the caller can be either a user or a service account which
// is an owner of the specified group in Cloud Identity.
SupportEmail pulumi.StringPtrInput
}
func (BrandState) ElementType ¶
func (BrandState) ElementType() reflect.Type
type Client ¶
type Client struct {
pulumi.CustomResourceState
// Identifier of the brand to which this client
// is attached to. The format is
// `projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}`.
Brand pulumi.StringOutput `pulumi:"brand"`
// Output only. Unique identifier of the OAuth client.
ClientId pulumi.StringOutput `pulumi:"clientId"`
// Human-friendly name given to the OAuth client.
DisplayName pulumi.StringOutput `pulumi:"displayName"`
// Output only. Client secret of the OAuth client.
Secret pulumi.StringOutput `pulumi:"secret"`
}
Contains the data that describes an Identity Aware Proxy owned client.
> **Note:** Only internal org clients can be created via declarative tools. Other types of clients must be manually created via the GCP console. This restriction is due to the existing APIs and not lack of support in this tool.
To get more information about Client, see:
* [API documentation](https://cloud.google.com/iap/docs/reference/rest/v1/projects.brands.identityAwareProxyClients) * How-to Guides
- [Setting up IAP Client](https://cloud.google.com/iap/docs/authentication-howto)
> **Warning:** All arguments including `secret` will be stored in the raw state as plain-text. [Read more about secrets in state](https://www.pulumi.com/docs/intro/concepts/programming-model/#secrets).
## Example Usage
## Import
Client can be imported using any of these accepted formats ¶
```sh
$ pulumi import gcp:iap/client:Client default {{brand}}/identityAwareProxyClients/{{client_id}}
```
```sh
$ pulumi import gcp:iap/client:Client default {{brand}}/{{client_id}}
```
func GetClient ¶
func GetClient(ctx *pulumi.Context, name string, id pulumi.IDInput, state *ClientState, opts ...pulumi.ResourceOption) (*Client, error)
GetClient gets an existing Client resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewClient ¶
func NewClient(ctx *pulumi.Context, name string, args *ClientArgs, opts ...pulumi.ResourceOption) (*Client, error)
NewClient registers a new resource with the given unique name, arguments, and options.
func (Client) ElementType ¶ added in v4.4.0
func (Client) ToClientOutput ¶ added in v4.4.0
func (i Client) ToClientOutput() ClientOutput
func (Client) ToClientOutputWithContext ¶ added in v4.4.0
func (i Client) ToClientOutputWithContext(ctx context.Context) ClientOutput
type ClientArgs ¶
type ClientArgs struct {
// Identifier of the brand to which this client
// is attached to. The format is
// `projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}`.
Brand pulumi.StringInput
// Human-friendly name given to the OAuth client.
DisplayName pulumi.StringInput
}
The set of arguments for constructing a Client resource.
func (ClientArgs) ElementType ¶
func (ClientArgs) ElementType() reflect.Type
type ClientInput ¶ added in v4.4.0
type ClientInput interface {
pulumi.Input
ToClientOutput() ClientOutput
ToClientOutputWithContext(ctx context.Context) ClientOutput
}
type ClientOutput ¶ added in v4.4.0
type ClientOutput struct {
*pulumi.OutputState
}
func (ClientOutput) ElementType ¶ added in v4.4.0
func (ClientOutput) ElementType() reflect.Type
func (ClientOutput) ToClientOutput ¶ added in v4.4.0
func (o ClientOutput) ToClientOutput() ClientOutput
func (ClientOutput) ToClientOutputWithContext ¶ added in v4.4.0
func (o ClientOutput) ToClientOutputWithContext(ctx context.Context) ClientOutput
type ClientState ¶
type ClientState struct {
// Identifier of the brand to which this client
// is attached to. The format is
// `projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}`.
Brand pulumi.StringPtrInput
// Output only. Unique identifier of the OAuth client.
ClientId pulumi.StringPtrInput
// Human-friendly name given to the OAuth client.
DisplayName pulumi.StringPtrInput
// Output only. Client secret of the OAuth client.
Secret pulumi.StringPtrInput
}
func (ClientState) ElementType ¶
func (ClientState) ElementType() reflect.Type
type TunnelIamBinding ¶ added in v4.2.0
type TunnelIamBinding struct {
pulumi.CustomResourceState
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition TunnelIamBindingConditionPtrOutput `pulumi:"condition"`
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
Members pulumi.StringArrayOutput `pulumi:"members"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
// The role that should be applied. Only one
// `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringOutput `pulumi:"role"`
}
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_tunnel * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor "projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor "projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor projects/{{project}}/iap_tunnel
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetTunnelIamBinding ¶ added in v4.2.0
func GetTunnelIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TunnelIamBindingState, opts ...pulumi.ResourceOption) (*TunnelIamBinding, error)
GetTunnelIamBinding gets an existing TunnelIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewTunnelIamBinding ¶ added in v4.2.0
func NewTunnelIamBinding(ctx *pulumi.Context, name string, args *TunnelIamBindingArgs, opts ...pulumi.ResourceOption) (*TunnelIamBinding, error)
NewTunnelIamBinding registers a new resource with the given unique name, arguments, and options.
func (TunnelIamBinding) ElementType ¶ added in v4.4.0
func (TunnelIamBinding) ElementType() reflect.Type
func (TunnelIamBinding) ToTunnelIamBindingOutput ¶ added in v4.4.0
func (i TunnelIamBinding) ToTunnelIamBindingOutput() TunnelIamBindingOutput
func (TunnelIamBinding) ToTunnelIamBindingOutputWithContext ¶ added in v4.4.0
func (i TunnelIamBinding) ToTunnelIamBindingOutputWithContext(ctx context.Context) TunnelIamBindingOutput
type TunnelIamBindingArgs ¶ added in v4.2.0
type TunnelIamBindingArgs struct {
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition TunnelIamBindingConditionPtrInput
Members pulumi.StringArrayInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringInput
}
The set of arguments for constructing a TunnelIamBinding resource.
func (TunnelIamBindingArgs) ElementType ¶ added in v4.2.0
func (TunnelIamBindingArgs) ElementType() reflect.Type
type TunnelIamBindingCondition ¶ added in v4.2.0
type TunnelIamBindingCondition struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description *string `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression string `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title string `pulumi:"title"`
}
type TunnelIamBindingConditionArgs ¶ added in v4.2.0
type TunnelIamBindingConditionArgs struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description pulumi.StringPtrInput `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression pulumi.StringInput `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title pulumi.StringInput `pulumi:"title"`
}
func (TunnelIamBindingConditionArgs) ElementType ¶ added in v4.2.0
func (TunnelIamBindingConditionArgs) ElementType() reflect.Type
func (TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionOutput ¶ added in v4.2.0
func (i TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionOutput() TunnelIamBindingConditionOutput
func (TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionOutputWithContext ¶ added in v4.2.0
func (i TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionOutputWithContext(ctx context.Context) TunnelIamBindingConditionOutput
func (TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionPtrOutput ¶ added in v4.2.0
func (i TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionPtrOutput() TunnelIamBindingConditionPtrOutput
func (TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionPtrOutputWithContext ¶ added in v4.2.0
func (i TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionPtrOutputWithContext(ctx context.Context) TunnelIamBindingConditionPtrOutput
type TunnelIamBindingConditionInput ¶ added in v4.2.0
type TunnelIamBindingConditionInput interface {
pulumi.Input
ToTunnelIamBindingConditionOutput() TunnelIamBindingConditionOutput
ToTunnelIamBindingConditionOutputWithContext(context.Context) TunnelIamBindingConditionOutput
}
TunnelIamBindingConditionInput is an input type that accepts TunnelIamBindingConditionArgs and TunnelIamBindingConditionOutput values. You can construct a concrete instance of `TunnelIamBindingConditionInput` via:
TunnelIamBindingConditionArgs{...}
type TunnelIamBindingConditionOutput ¶ added in v4.2.0
type TunnelIamBindingConditionOutput struct{ *pulumi.OutputState }
func (TunnelIamBindingConditionOutput) Description ¶ added in v4.2.0
func (o TunnelIamBindingConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (TunnelIamBindingConditionOutput) ElementType ¶ added in v4.2.0
func (TunnelIamBindingConditionOutput) ElementType() reflect.Type
func (TunnelIamBindingConditionOutput) Expression ¶ added in v4.2.0
func (o TunnelIamBindingConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (TunnelIamBindingConditionOutput) Title ¶ added in v4.2.0
func (o TunnelIamBindingConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionOutput ¶ added in v4.2.0
func (o TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionOutput() TunnelIamBindingConditionOutput
func (TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionOutputWithContext ¶ added in v4.2.0
func (o TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionOutputWithContext(ctx context.Context) TunnelIamBindingConditionOutput
func (TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionPtrOutput ¶ added in v4.2.0
func (o TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionPtrOutput() TunnelIamBindingConditionPtrOutput
func (TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionPtrOutputWithContext ¶ added in v4.2.0
func (o TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionPtrOutputWithContext(ctx context.Context) TunnelIamBindingConditionPtrOutput
type TunnelIamBindingConditionPtrInput ¶ added in v4.2.0
type TunnelIamBindingConditionPtrInput interface {
pulumi.Input
ToTunnelIamBindingConditionPtrOutput() TunnelIamBindingConditionPtrOutput
ToTunnelIamBindingConditionPtrOutputWithContext(context.Context) TunnelIamBindingConditionPtrOutput
}
TunnelIamBindingConditionPtrInput is an input type that accepts TunnelIamBindingConditionArgs, TunnelIamBindingConditionPtr and TunnelIamBindingConditionPtrOutput values. You can construct a concrete instance of `TunnelIamBindingConditionPtrInput` via:
TunnelIamBindingConditionArgs{...}
or:
nil
func TunnelIamBindingConditionPtr ¶ added in v4.2.0
func TunnelIamBindingConditionPtr(v *TunnelIamBindingConditionArgs) TunnelIamBindingConditionPtrInput
type TunnelIamBindingConditionPtrOutput ¶ added in v4.2.0
type TunnelIamBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (TunnelIamBindingConditionPtrOutput) Description ¶ added in v4.2.0
func (o TunnelIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (TunnelIamBindingConditionPtrOutput) Elem ¶ added in v4.2.0
func (o TunnelIamBindingConditionPtrOutput) Elem() TunnelIamBindingConditionOutput
func (TunnelIamBindingConditionPtrOutput) ElementType ¶ added in v4.2.0
func (TunnelIamBindingConditionPtrOutput) ElementType() reflect.Type
func (TunnelIamBindingConditionPtrOutput) Expression ¶ added in v4.2.0
func (o TunnelIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (TunnelIamBindingConditionPtrOutput) Title ¶ added in v4.2.0
func (o TunnelIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (TunnelIamBindingConditionPtrOutput) ToTunnelIamBindingConditionPtrOutput ¶ added in v4.2.0
func (o TunnelIamBindingConditionPtrOutput) ToTunnelIamBindingConditionPtrOutput() TunnelIamBindingConditionPtrOutput
func (TunnelIamBindingConditionPtrOutput) ToTunnelIamBindingConditionPtrOutputWithContext ¶ added in v4.2.0
func (o TunnelIamBindingConditionPtrOutput) ToTunnelIamBindingConditionPtrOutputWithContext(ctx context.Context) TunnelIamBindingConditionPtrOutput
type TunnelIamBindingInput ¶ added in v4.4.0
type TunnelIamBindingInput interface {
pulumi.Input
ToTunnelIamBindingOutput() TunnelIamBindingOutput
ToTunnelIamBindingOutputWithContext(ctx context.Context) TunnelIamBindingOutput
}
type TunnelIamBindingOutput ¶ added in v4.4.0
type TunnelIamBindingOutput struct {
*pulumi.OutputState
}
func (TunnelIamBindingOutput) ElementType ¶ added in v4.4.0
func (TunnelIamBindingOutput) ElementType() reflect.Type
func (TunnelIamBindingOutput) ToTunnelIamBindingOutput ¶ added in v4.4.0
func (o TunnelIamBindingOutput) ToTunnelIamBindingOutput() TunnelIamBindingOutput
func (TunnelIamBindingOutput) ToTunnelIamBindingOutputWithContext ¶ added in v4.4.0
func (o TunnelIamBindingOutput) ToTunnelIamBindingOutputWithContext(ctx context.Context) TunnelIamBindingOutput
type TunnelIamBindingState ¶ added in v4.2.0
type TunnelIamBindingState struct {
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition TunnelIamBindingConditionPtrInput
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
Members pulumi.StringArrayInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringPtrInput
}
func (TunnelIamBindingState) ElementType ¶ added in v4.2.0
func (TunnelIamBindingState) ElementType() reflect.Type
type TunnelIamMember ¶ added in v4.2.0
type TunnelIamMember struct {
pulumi.CustomResourceState
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition TunnelIamMemberConditionPtrOutput `pulumi:"condition"`
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
Member pulumi.StringOutput `pulumi:"member"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
// The role that should be applied. Only one
// `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringOutput `pulumi:"role"`
}
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_tunnel * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor "projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor "projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor projects/{{project}}/iap_tunnel
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetTunnelIamMember ¶ added in v4.2.0
func GetTunnelIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TunnelIamMemberState, opts ...pulumi.ResourceOption) (*TunnelIamMember, error)
GetTunnelIamMember gets an existing TunnelIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewTunnelIamMember ¶ added in v4.2.0
func NewTunnelIamMember(ctx *pulumi.Context, name string, args *TunnelIamMemberArgs, opts ...pulumi.ResourceOption) (*TunnelIamMember, error)
NewTunnelIamMember registers a new resource with the given unique name, arguments, and options.
func (TunnelIamMember) ElementType ¶ added in v4.4.0
func (TunnelIamMember) ElementType() reflect.Type
func (TunnelIamMember) ToTunnelIamMemberOutput ¶ added in v4.4.0
func (i TunnelIamMember) ToTunnelIamMemberOutput() TunnelIamMemberOutput
func (TunnelIamMember) ToTunnelIamMemberOutputWithContext ¶ added in v4.4.0
func (i TunnelIamMember) ToTunnelIamMemberOutputWithContext(ctx context.Context) TunnelIamMemberOutput
type TunnelIamMemberArgs ¶ added in v4.2.0
type TunnelIamMemberArgs struct {
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition TunnelIamMemberConditionPtrInput
Member pulumi.StringInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringInput
}
The set of arguments for constructing a TunnelIamMember resource.
func (TunnelIamMemberArgs) ElementType ¶ added in v4.2.0
func (TunnelIamMemberArgs) ElementType() reflect.Type
type TunnelIamMemberCondition ¶ added in v4.2.0
type TunnelIamMemberCondition struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description *string `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression string `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title string `pulumi:"title"`
}
type TunnelIamMemberConditionArgs ¶ added in v4.2.0
type TunnelIamMemberConditionArgs struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description pulumi.StringPtrInput `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression pulumi.StringInput `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title pulumi.StringInput `pulumi:"title"`
}
func (TunnelIamMemberConditionArgs) ElementType ¶ added in v4.2.0
func (TunnelIamMemberConditionArgs) ElementType() reflect.Type
func (TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionOutput ¶ added in v4.2.0
func (i TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionOutput() TunnelIamMemberConditionOutput
func (TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionOutputWithContext ¶ added in v4.2.0
func (i TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionOutputWithContext(ctx context.Context) TunnelIamMemberConditionOutput
func (TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionPtrOutput ¶ added in v4.2.0
func (i TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionPtrOutput() TunnelIamMemberConditionPtrOutput
func (TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionPtrOutputWithContext ¶ added in v4.2.0
func (i TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionPtrOutputWithContext(ctx context.Context) TunnelIamMemberConditionPtrOutput
type TunnelIamMemberConditionInput ¶ added in v4.2.0
type TunnelIamMemberConditionInput interface {
pulumi.Input
ToTunnelIamMemberConditionOutput() TunnelIamMemberConditionOutput
ToTunnelIamMemberConditionOutputWithContext(context.Context) TunnelIamMemberConditionOutput
}
TunnelIamMemberConditionInput is an input type that accepts TunnelIamMemberConditionArgs and TunnelIamMemberConditionOutput values. You can construct a concrete instance of `TunnelIamMemberConditionInput` via:
TunnelIamMemberConditionArgs{...}
type TunnelIamMemberConditionOutput ¶ added in v4.2.0
type TunnelIamMemberConditionOutput struct{ *pulumi.OutputState }
func (TunnelIamMemberConditionOutput) Description ¶ added in v4.2.0
func (o TunnelIamMemberConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (TunnelIamMemberConditionOutput) ElementType ¶ added in v4.2.0
func (TunnelIamMemberConditionOutput) ElementType() reflect.Type
func (TunnelIamMemberConditionOutput) Expression ¶ added in v4.2.0
func (o TunnelIamMemberConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (TunnelIamMemberConditionOutput) Title ¶ added in v4.2.0
func (o TunnelIamMemberConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionOutput ¶ added in v4.2.0
func (o TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionOutput() TunnelIamMemberConditionOutput
func (TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionOutputWithContext ¶ added in v4.2.0
func (o TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionOutputWithContext(ctx context.Context) TunnelIamMemberConditionOutput
func (TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionPtrOutput ¶ added in v4.2.0
func (o TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionPtrOutput() TunnelIamMemberConditionPtrOutput
func (TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionPtrOutputWithContext ¶ added in v4.2.0
func (o TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionPtrOutputWithContext(ctx context.Context) TunnelIamMemberConditionPtrOutput
type TunnelIamMemberConditionPtrInput ¶ added in v4.2.0
type TunnelIamMemberConditionPtrInput interface {
pulumi.Input
ToTunnelIamMemberConditionPtrOutput() TunnelIamMemberConditionPtrOutput
ToTunnelIamMemberConditionPtrOutputWithContext(context.Context) TunnelIamMemberConditionPtrOutput
}
TunnelIamMemberConditionPtrInput is an input type that accepts TunnelIamMemberConditionArgs, TunnelIamMemberConditionPtr and TunnelIamMemberConditionPtrOutput values. You can construct a concrete instance of `TunnelIamMemberConditionPtrInput` via:
TunnelIamMemberConditionArgs{...}
or:
nil
func TunnelIamMemberConditionPtr ¶ added in v4.2.0
func TunnelIamMemberConditionPtr(v *TunnelIamMemberConditionArgs) TunnelIamMemberConditionPtrInput
type TunnelIamMemberConditionPtrOutput ¶ added in v4.2.0
type TunnelIamMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (TunnelIamMemberConditionPtrOutput) Description ¶ added in v4.2.0
func (o TunnelIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (TunnelIamMemberConditionPtrOutput) Elem ¶ added in v4.2.0
func (o TunnelIamMemberConditionPtrOutput) Elem() TunnelIamMemberConditionOutput
func (TunnelIamMemberConditionPtrOutput) ElementType ¶ added in v4.2.0
func (TunnelIamMemberConditionPtrOutput) ElementType() reflect.Type
func (TunnelIamMemberConditionPtrOutput) Expression ¶ added in v4.2.0
func (o TunnelIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (TunnelIamMemberConditionPtrOutput) Title ¶ added in v4.2.0
func (o TunnelIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (TunnelIamMemberConditionPtrOutput) ToTunnelIamMemberConditionPtrOutput ¶ added in v4.2.0
func (o TunnelIamMemberConditionPtrOutput) ToTunnelIamMemberConditionPtrOutput() TunnelIamMemberConditionPtrOutput
func (TunnelIamMemberConditionPtrOutput) ToTunnelIamMemberConditionPtrOutputWithContext ¶ added in v4.2.0
func (o TunnelIamMemberConditionPtrOutput) ToTunnelIamMemberConditionPtrOutputWithContext(ctx context.Context) TunnelIamMemberConditionPtrOutput
type TunnelIamMemberInput ¶ added in v4.4.0
type TunnelIamMemberInput interface {
pulumi.Input
ToTunnelIamMemberOutput() TunnelIamMemberOutput
ToTunnelIamMemberOutputWithContext(ctx context.Context) TunnelIamMemberOutput
}
type TunnelIamMemberOutput ¶ added in v4.4.0
type TunnelIamMemberOutput struct {
*pulumi.OutputState
}
func (TunnelIamMemberOutput) ElementType ¶ added in v4.4.0
func (TunnelIamMemberOutput) ElementType() reflect.Type
func (TunnelIamMemberOutput) ToTunnelIamMemberOutput ¶ added in v4.4.0
func (o TunnelIamMemberOutput) ToTunnelIamMemberOutput() TunnelIamMemberOutput
func (TunnelIamMemberOutput) ToTunnelIamMemberOutputWithContext ¶ added in v4.4.0
func (o TunnelIamMemberOutput) ToTunnelIamMemberOutputWithContext(ctx context.Context) TunnelIamMemberOutput
type TunnelIamMemberState ¶ added in v4.2.0
type TunnelIamMemberState struct {
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition TunnelIamMemberConditionPtrInput
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
Member pulumi.StringPtrInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringPtrInput
}
func (TunnelIamMemberState) ElementType ¶ added in v4.2.0
func (TunnelIamMemberState) ElementType() reflect.Type
type TunnelIamPolicy ¶ added in v4.2.0
type TunnelIamPolicy struct {
pulumi.CustomResourceState
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringOutput `pulumi:"policyData"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
}
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_tunnel * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor "projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor "projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor projects/{{project}}/iap_tunnel
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetTunnelIamPolicy ¶ added in v4.2.0
func GetTunnelIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TunnelIamPolicyState, opts ...pulumi.ResourceOption) (*TunnelIamPolicy, error)
GetTunnelIamPolicy gets an existing TunnelIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewTunnelIamPolicy ¶ added in v4.2.0
func NewTunnelIamPolicy(ctx *pulumi.Context, name string, args *TunnelIamPolicyArgs, opts ...pulumi.ResourceOption) (*TunnelIamPolicy, error)
NewTunnelIamPolicy registers a new resource with the given unique name, arguments, and options.
func (TunnelIamPolicy) ElementType ¶ added in v4.4.0
func (TunnelIamPolicy) ElementType() reflect.Type
func (TunnelIamPolicy) ToTunnelIamPolicyOutput ¶ added in v4.4.0
func (i TunnelIamPolicy) ToTunnelIamPolicyOutput() TunnelIamPolicyOutput
func (TunnelIamPolicy) ToTunnelIamPolicyOutputWithContext ¶ added in v4.4.0
func (i TunnelIamPolicy) ToTunnelIamPolicyOutputWithContext(ctx context.Context) TunnelIamPolicyOutput
type TunnelIamPolicyArgs ¶ added in v4.2.0
type TunnelIamPolicyArgs struct {
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
}
The set of arguments for constructing a TunnelIamPolicy resource.
func (TunnelIamPolicyArgs) ElementType ¶ added in v4.2.0
func (TunnelIamPolicyArgs) ElementType() reflect.Type
type TunnelIamPolicyInput ¶ added in v4.4.0
type TunnelIamPolicyInput interface {
pulumi.Input
ToTunnelIamPolicyOutput() TunnelIamPolicyOutput
ToTunnelIamPolicyOutputWithContext(ctx context.Context) TunnelIamPolicyOutput
}
type TunnelIamPolicyOutput ¶ added in v4.4.0
type TunnelIamPolicyOutput struct {
*pulumi.OutputState
}
func (TunnelIamPolicyOutput) ElementType ¶ added in v4.4.0
func (TunnelIamPolicyOutput) ElementType() reflect.Type
func (TunnelIamPolicyOutput) ToTunnelIamPolicyOutput ¶ added in v4.4.0
func (o TunnelIamPolicyOutput) ToTunnelIamPolicyOutput() TunnelIamPolicyOutput
func (TunnelIamPolicyOutput) ToTunnelIamPolicyOutputWithContext ¶ added in v4.4.0
func (o TunnelIamPolicyOutput) ToTunnelIamPolicyOutputWithContext(ctx context.Context) TunnelIamPolicyOutput
type TunnelIamPolicyState ¶ added in v4.2.0
type TunnelIamPolicyState struct {
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringPtrInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
}
func (TunnelIamPolicyState) ElementType ¶ added in v4.2.0
func (TunnelIamPolicyState) ElementType() reflect.Type
type TunnelInstanceIAMBinding ¶
type TunnelInstanceIAMBinding struct {
pulumi.CustomResourceState
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition TunnelInstanceIAMBindingConditionPtrOutput `pulumi:"condition"`
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
// Used to find the parent resource to bind the IAM policy to
Instance pulumi.StringOutput `pulumi:"instance"`
Members pulumi.StringArrayOutput `pulumi:"members"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
// The role that should be applied. Only one
// `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringOutput `pulumi:"role"`
Zone pulumi.StringOutput `pulumi:"zone"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:
* `iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached. * `iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved. * `iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.
> **Note:** `iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `iap.TunnelInstanceIAMBinding` and `iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.
> **Note:** `iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_tunnel\_instance\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.tunnelResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{
Project: pulumi.Any(google_compute_instance.Tunnelvm.Project),
Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone),
Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.tunnelResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{
Project: pulumi.Any(google_compute_instance.Tunnelvm.Project),
Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone),
Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_tunnel\_instance\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{
Project: pulumi.Any(google_compute_instance.Tunnelvm.Project),
Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone),
Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
Role: pulumi.String("roles/iap.tunnelResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{
Project: pulumi.Any(google_compute_instance.Tunnelvm.Project),
Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone),
Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
Role: pulumi.String("roles/iap.tunnelResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Condition: &iap.TunnelInstanceIAMBindingConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_tunnel\_instance\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{
Project: pulumi.Any(google_compute_instance.Tunnelvm.Project),
Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone),
Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
Role: pulumi.String("roles/iap.tunnelResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{
Project: pulumi.Any(google_compute_instance.Tunnelvm.Project),
Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone),
Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
Role: pulumi.String("roles/iap.tunnelResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
Condition: &iap.TunnelInstanceIAMMemberConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}} * projects/{{project}}/zones/{{zone}}/instances/{{name}} * {{project}}/{{zone}}/{{name}} * {{zone}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor "projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor "projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetTunnelInstanceIAMBinding ¶
func GetTunnelInstanceIAMBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TunnelInstanceIAMBindingState, opts ...pulumi.ResourceOption) (*TunnelInstanceIAMBinding, error)
GetTunnelInstanceIAMBinding gets an existing TunnelInstanceIAMBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewTunnelInstanceIAMBinding ¶
func NewTunnelInstanceIAMBinding(ctx *pulumi.Context, name string, args *TunnelInstanceIAMBindingArgs, opts ...pulumi.ResourceOption) (*TunnelInstanceIAMBinding, error)
NewTunnelInstanceIAMBinding registers a new resource with the given unique name, arguments, and options.
func (TunnelInstanceIAMBinding) ElementType ¶ added in v4.4.0
func (TunnelInstanceIAMBinding) ElementType() reflect.Type
func (TunnelInstanceIAMBinding) ToTunnelInstanceIAMBindingOutput ¶ added in v4.4.0
func (i TunnelInstanceIAMBinding) ToTunnelInstanceIAMBindingOutput() TunnelInstanceIAMBindingOutput
func (TunnelInstanceIAMBinding) ToTunnelInstanceIAMBindingOutputWithContext ¶ added in v4.4.0
func (i TunnelInstanceIAMBinding) ToTunnelInstanceIAMBindingOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingOutput
type TunnelInstanceIAMBindingArgs ¶
type TunnelInstanceIAMBindingArgs struct {
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition TunnelInstanceIAMBindingConditionPtrInput
// Used to find the parent resource to bind the IAM policy to
Instance pulumi.StringInput
Members pulumi.StringArrayInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringInput
Zone pulumi.StringPtrInput
}
The set of arguments for constructing a TunnelInstanceIAMBinding resource.
func (TunnelInstanceIAMBindingArgs) ElementType ¶
func (TunnelInstanceIAMBindingArgs) ElementType() reflect.Type
type TunnelInstanceIAMBindingCondition ¶
type TunnelInstanceIAMBindingCondition struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description *string `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression string `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title string `pulumi:"title"`
}
type TunnelInstanceIAMBindingConditionArgs ¶
type TunnelInstanceIAMBindingConditionArgs struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description pulumi.StringPtrInput `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression pulumi.StringInput `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title pulumi.StringInput `pulumi:"title"`
}
func (TunnelInstanceIAMBindingConditionArgs) ElementType ¶
func (TunnelInstanceIAMBindingConditionArgs) ElementType() reflect.Type
func (TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionOutput ¶
func (i TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionOutput() TunnelInstanceIAMBindingConditionOutput
func (TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionOutputWithContext ¶
func (i TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionOutput
func (TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionPtrOutput ¶
func (i TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionPtrOutput() TunnelInstanceIAMBindingConditionPtrOutput
func (TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext ¶
func (i TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionPtrOutput
type TunnelInstanceIAMBindingConditionInput ¶
type TunnelInstanceIAMBindingConditionInput interface {
pulumi.Input
ToTunnelInstanceIAMBindingConditionOutput() TunnelInstanceIAMBindingConditionOutput
ToTunnelInstanceIAMBindingConditionOutputWithContext(context.Context) TunnelInstanceIAMBindingConditionOutput
}
TunnelInstanceIAMBindingConditionInput is an input type that accepts TunnelInstanceIAMBindingConditionArgs and TunnelInstanceIAMBindingConditionOutput values. You can construct a concrete instance of `TunnelInstanceIAMBindingConditionInput` via:
TunnelInstanceIAMBindingConditionArgs{...}
type TunnelInstanceIAMBindingConditionOutput ¶
type TunnelInstanceIAMBindingConditionOutput struct{ *pulumi.OutputState }
func (TunnelInstanceIAMBindingConditionOutput) Description ¶
func (o TunnelInstanceIAMBindingConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (TunnelInstanceIAMBindingConditionOutput) ElementType ¶
func (TunnelInstanceIAMBindingConditionOutput) ElementType() reflect.Type
func (TunnelInstanceIAMBindingConditionOutput) Expression ¶
func (o TunnelInstanceIAMBindingConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (TunnelInstanceIAMBindingConditionOutput) Title ¶
func (o TunnelInstanceIAMBindingConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionOutput ¶
func (o TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionOutput() TunnelInstanceIAMBindingConditionOutput
func (TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionOutputWithContext ¶
func (o TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionOutput
func (TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionPtrOutput ¶
func (o TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionPtrOutput() TunnelInstanceIAMBindingConditionPtrOutput
func (TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext ¶
func (o TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionPtrOutput
type TunnelInstanceIAMBindingConditionPtrInput ¶
type TunnelInstanceIAMBindingConditionPtrInput interface {
pulumi.Input
ToTunnelInstanceIAMBindingConditionPtrOutput() TunnelInstanceIAMBindingConditionPtrOutput
ToTunnelInstanceIAMBindingConditionPtrOutputWithContext(context.Context) TunnelInstanceIAMBindingConditionPtrOutput
}
TunnelInstanceIAMBindingConditionPtrInput is an input type that accepts TunnelInstanceIAMBindingConditionArgs, TunnelInstanceIAMBindingConditionPtr and TunnelInstanceIAMBindingConditionPtrOutput values. You can construct a concrete instance of `TunnelInstanceIAMBindingConditionPtrInput` via:
TunnelInstanceIAMBindingConditionArgs{...}
or:
nil
func TunnelInstanceIAMBindingConditionPtr ¶
func TunnelInstanceIAMBindingConditionPtr(v *TunnelInstanceIAMBindingConditionArgs) TunnelInstanceIAMBindingConditionPtrInput
type TunnelInstanceIAMBindingConditionPtrOutput ¶
type TunnelInstanceIAMBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (TunnelInstanceIAMBindingConditionPtrOutput) Description ¶
func (o TunnelInstanceIAMBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (TunnelInstanceIAMBindingConditionPtrOutput) ElementType ¶
func (TunnelInstanceIAMBindingConditionPtrOutput) ElementType() reflect.Type
func (TunnelInstanceIAMBindingConditionPtrOutput) Expression ¶
func (o TunnelInstanceIAMBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (TunnelInstanceIAMBindingConditionPtrOutput) Title ¶
func (o TunnelInstanceIAMBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (TunnelInstanceIAMBindingConditionPtrOutput) ToTunnelInstanceIAMBindingConditionPtrOutput ¶
func (o TunnelInstanceIAMBindingConditionPtrOutput) ToTunnelInstanceIAMBindingConditionPtrOutput() TunnelInstanceIAMBindingConditionPtrOutput
func (TunnelInstanceIAMBindingConditionPtrOutput) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext ¶
func (o TunnelInstanceIAMBindingConditionPtrOutput) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionPtrOutput
type TunnelInstanceIAMBindingInput ¶ added in v4.4.0
type TunnelInstanceIAMBindingInput interface {
pulumi.Input
ToTunnelInstanceIAMBindingOutput() TunnelInstanceIAMBindingOutput
ToTunnelInstanceIAMBindingOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingOutput
}
type TunnelInstanceIAMBindingOutput ¶ added in v4.4.0
type TunnelInstanceIAMBindingOutput struct {
*pulumi.OutputState
}
func (TunnelInstanceIAMBindingOutput) ElementType ¶ added in v4.4.0
func (TunnelInstanceIAMBindingOutput) ElementType() reflect.Type
func (TunnelInstanceIAMBindingOutput) ToTunnelInstanceIAMBindingOutput ¶ added in v4.4.0
func (o TunnelInstanceIAMBindingOutput) ToTunnelInstanceIAMBindingOutput() TunnelInstanceIAMBindingOutput
func (TunnelInstanceIAMBindingOutput) ToTunnelInstanceIAMBindingOutputWithContext ¶ added in v4.4.0
func (o TunnelInstanceIAMBindingOutput) ToTunnelInstanceIAMBindingOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingOutput
type TunnelInstanceIAMBindingState ¶
type TunnelInstanceIAMBindingState struct {
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition TunnelInstanceIAMBindingConditionPtrInput
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
// Used to find the parent resource to bind the IAM policy to
Instance pulumi.StringPtrInput
Members pulumi.StringArrayInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringPtrInput
Zone pulumi.StringPtrInput
}
func (TunnelInstanceIAMBindingState) ElementType ¶
func (TunnelInstanceIAMBindingState) ElementType() reflect.Type
type TunnelInstanceIAMMember ¶
type TunnelInstanceIAMMember struct {
pulumi.CustomResourceState
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition TunnelInstanceIAMMemberConditionPtrOutput `pulumi:"condition"`
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
// Used to find the parent resource to bind the IAM policy to
Instance pulumi.StringOutput `pulumi:"instance"`
Member pulumi.StringOutput `pulumi:"member"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
// The role that should be applied. Only one
// `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringOutput `pulumi:"role"`
Zone pulumi.StringOutput `pulumi:"zone"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:
* `iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached. * `iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved. * `iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.
> **Note:** `iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `iap.TunnelInstanceIAMBinding` and `iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.
> **Note:** `iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_tunnel\_instance\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.tunnelResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{
Project: pulumi.Any(google_compute_instance.Tunnelvm.Project),
Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone),
Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.tunnelResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{
Project: pulumi.Any(google_compute_instance.Tunnelvm.Project),
Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone),
Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_tunnel\_instance\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{
Project: pulumi.Any(google_compute_instance.Tunnelvm.Project),
Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone),
Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
Role: pulumi.String("roles/iap.tunnelResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{
Project: pulumi.Any(google_compute_instance.Tunnelvm.Project),
Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone),
Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
Role: pulumi.String("roles/iap.tunnelResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Condition: &iap.TunnelInstanceIAMBindingConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_tunnel\_instance\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{
Project: pulumi.Any(google_compute_instance.Tunnelvm.Project),
Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone),
Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
Role: pulumi.String("roles/iap.tunnelResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{
Project: pulumi.Any(google_compute_instance.Tunnelvm.Project),
Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone),
Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
Role: pulumi.String("roles/iap.tunnelResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
Condition: &iap.TunnelInstanceIAMMemberConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}} * projects/{{project}}/zones/{{zone}}/instances/{{name}} * {{project}}/{{zone}}/{{name}} * {{zone}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor "projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor "projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetTunnelInstanceIAMMember ¶
func GetTunnelInstanceIAMMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TunnelInstanceIAMMemberState, opts ...pulumi.ResourceOption) (*TunnelInstanceIAMMember, error)
GetTunnelInstanceIAMMember gets an existing TunnelInstanceIAMMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewTunnelInstanceIAMMember ¶
func NewTunnelInstanceIAMMember(ctx *pulumi.Context, name string, args *TunnelInstanceIAMMemberArgs, opts ...pulumi.ResourceOption) (*TunnelInstanceIAMMember, error)
NewTunnelInstanceIAMMember registers a new resource with the given unique name, arguments, and options.
func (TunnelInstanceIAMMember) ElementType ¶ added in v4.4.0
func (TunnelInstanceIAMMember) ElementType() reflect.Type
func (TunnelInstanceIAMMember) ToTunnelInstanceIAMMemberOutput ¶ added in v4.4.0
func (i TunnelInstanceIAMMember) ToTunnelInstanceIAMMemberOutput() TunnelInstanceIAMMemberOutput
func (TunnelInstanceIAMMember) ToTunnelInstanceIAMMemberOutputWithContext ¶ added in v4.4.0
func (i TunnelInstanceIAMMember) ToTunnelInstanceIAMMemberOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberOutput
type TunnelInstanceIAMMemberArgs ¶
type TunnelInstanceIAMMemberArgs struct {
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition TunnelInstanceIAMMemberConditionPtrInput
// Used to find the parent resource to bind the IAM policy to
Instance pulumi.StringInput
Member pulumi.StringInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringInput
Zone pulumi.StringPtrInput
}
The set of arguments for constructing a TunnelInstanceIAMMember resource.
func (TunnelInstanceIAMMemberArgs) ElementType ¶
func (TunnelInstanceIAMMemberArgs) ElementType() reflect.Type
type TunnelInstanceIAMMemberCondition ¶
type TunnelInstanceIAMMemberCondition struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description *string `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression string `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title string `pulumi:"title"`
}
type TunnelInstanceIAMMemberConditionArgs ¶
type TunnelInstanceIAMMemberConditionArgs struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description pulumi.StringPtrInput `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression pulumi.StringInput `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title pulumi.StringInput `pulumi:"title"`
}
func (TunnelInstanceIAMMemberConditionArgs) ElementType ¶
func (TunnelInstanceIAMMemberConditionArgs) ElementType() reflect.Type
func (TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionOutput ¶
func (i TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionOutput() TunnelInstanceIAMMemberConditionOutput
func (TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionOutputWithContext ¶
func (i TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionOutput
func (TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionPtrOutput ¶
func (i TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionPtrOutput() TunnelInstanceIAMMemberConditionPtrOutput
func (TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext ¶
func (i TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionPtrOutput
type TunnelInstanceIAMMemberConditionInput ¶
type TunnelInstanceIAMMemberConditionInput interface {
pulumi.Input
ToTunnelInstanceIAMMemberConditionOutput() TunnelInstanceIAMMemberConditionOutput
ToTunnelInstanceIAMMemberConditionOutputWithContext(context.Context) TunnelInstanceIAMMemberConditionOutput
}
TunnelInstanceIAMMemberConditionInput is an input type that accepts TunnelInstanceIAMMemberConditionArgs and TunnelInstanceIAMMemberConditionOutput values. You can construct a concrete instance of `TunnelInstanceIAMMemberConditionInput` via:
TunnelInstanceIAMMemberConditionArgs{...}
type TunnelInstanceIAMMemberConditionOutput ¶
type TunnelInstanceIAMMemberConditionOutput struct{ *pulumi.OutputState }
func (TunnelInstanceIAMMemberConditionOutput) Description ¶
func (o TunnelInstanceIAMMemberConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (TunnelInstanceIAMMemberConditionOutput) ElementType ¶
func (TunnelInstanceIAMMemberConditionOutput) ElementType() reflect.Type
func (TunnelInstanceIAMMemberConditionOutput) Expression ¶
func (o TunnelInstanceIAMMemberConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (TunnelInstanceIAMMemberConditionOutput) Title ¶
func (o TunnelInstanceIAMMemberConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionOutput ¶
func (o TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionOutput() TunnelInstanceIAMMemberConditionOutput
func (TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionOutputWithContext ¶
func (o TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionOutput
func (TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionPtrOutput ¶
func (o TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionPtrOutput() TunnelInstanceIAMMemberConditionPtrOutput
func (TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext ¶
func (o TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionPtrOutput
type TunnelInstanceIAMMemberConditionPtrInput ¶
type TunnelInstanceIAMMemberConditionPtrInput interface {
pulumi.Input
ToTunnelInstanceIAMMemberConditionPtrOutput() TunnelInstanceIAMMemberConditionPtrOutput
ToTunnelInstanceIAMMemberConditionPtrOutputWithContext(context.Context) TunnelInstanceIAMMemberConditionPtrOutput
}
TunnelInstanceIAMMemberConditionPtrInput is an input type that accepts TunnelInstanceIAMMemberConditionArgs, TunnelInstanceIAMMemberConditionPtr and TunnelInstanceIAMMemberConditionPtrOutput values. You can construct a concrete instance of `TunnelInstanceIAMMemberConditionPtrInput` via:
TunnelInstanceIAMMemberConditionArgs{...}
or:
nil
func TunnelInstanceIAMMemberConditionPtr ¶
func TunnelInstanceIAMMemberConditionPtr(v *TunnelInstanceIAMMemberConditionArgs) TunnelInstanceIAMMemberConditionPtrInput
type TunnelInstanceIAMMemberConditionPtrOutput ¶
type TunnelInstanceIAMMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (TunnelInstanceIAMMemberConditionPtrOutput) Description ¶
func (o TunnelInstanceIAMMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (TunnelInstanceIAMMemberConditionPtrOutput) ElementType ¶
func (TunnelInstanceIAMMemberConditionPtrOutput) ElementType() reflect.Type
func (TunnelInstanceIAMMemberConditionPtrOutput) Expression ¶
func (o TunnelInstanceIAMMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (TunnelInstanceIAMMemberConditionPtrOutput) Title ¶
func (o TunnelInstanceIAMMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (TunnelInstanceIAMMemberConditionPtrOutput) ToTunnelInstanceIAMMemberConditionPtrOutput ¶
func (o TunnelInstanceIAMMemberConditionPtrOutput) ToTunnelInstanceIAMMemberConditionPtrOutput() TunnelInstanceIAMMemberConditionPtrOutput
func (TunnelInstanceIAMMemberConditionPtrOutput) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext ¶
func (o TunnelInstanceIAMMemberConditionPtrOutput) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionPtrOutput
type TunnelInstanceIAMMemberInput ¶ added in v4.4.0
type TunnelInstanceIAMMemberInput interface {
pulumi.Input
ToTunnelInstanceIAMMemberOutput() TunnelInstanceIAMMemberOutput
ToTunnelInstanceIAMMemberOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberOutput
}
type TunnelInstanceIAMMemberOutput ¶ added in v4.4.0
type TunnelInstanceIAMMemberOutput struct {
*pulumi.OutputState
}
func (TunnelInstanceIAMMemberOutput) ElementType ¶ added in v4.4.0
func (TunnelInstanceIAMMemberOutput) ElementType() reflect.Type
func (TunnelInstanceIAMMemberOutput) ToTunnelInstanceIAMMemberOutput ¶ added in v4.4.0
func (o TunnelInstanceIAMMemberOutput) ToTunnelInstanceIAMMemberOutput() TunnelInstanceIAMMemberOutput
func (TunnelInstanceIAMMemberOutput) ToTunnelInstanceIAMMemberOutputWithContext ¶ added in v4.4.0
func (o TunnelInstanceIAMMemberOutput) ToTunnelInstanceIAMMemberOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberOutput
type TunnelInstanceIAMMemberState ¶
type TunnelInstanceIAMMemberState struct {
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition TunnelInstanceIAMMemberConditionPtrInput
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
// Used to find the parent resource to bind the IAM policy to
Instance pulumi.StringPtrInput
Member pulumi.StringPtrInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringPtrInput
Zone pulumi.StringPtrInput
}
func (TunnelInstanceIAMMemberState) ElementType ¶
func (TunnelInstanceIAMMemberState) ElementType() reflect.Type
type TunnelInstanceIAMPolicy ¶
type TunnelInstanceIAMPolicy struct {
pulumi.CustomResourceState
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
// Used to find the parent resource to bind the IAM policy to
Instance pulumi.StringOutput `pulumi:"instance"`
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringOutput `pulumi:"policyData"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
Zone pulumi.StringOutput `pulumi:"zone"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:
* `iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached. * `iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved. * `iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.
> **Note:** `iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `iap.TunnelInstanceIAMBinding` and `iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.
> **Note:** `iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_tunnel\_instance\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.tunnelResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{
Project: pulumi.Any(google_compute_instance.Tunnelvm.Project),
Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone),
Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.tunnelResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{
Project: pulumi.Any(google_compute_instance.Tunnelvm.Project),
Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone),
Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_tunnel\_instance\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{
Project: pulumi.Any(google_compute_instance.Tunnelvm.Project),
Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone),
Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
Role: pulumi.String("roles/iap.tunnelResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{
Project: pulumi.Any(google_compute_instance.Tunnelvm.Project),
Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone),
Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
Role: pulumi.String("roles/iap.tunnelResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Condition: &iap.TunnelInstanceIAMBindingConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_tunnel\_instance\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{
Project: pulumi.Any(google_compute_instance.Tunnelvm.Project),
Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone),
Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
Role: pulumi.String("roles/iap.tunnelResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{
Project: pulumi.Any(google_compute_instance.Tunnelvm.Project),
Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone),
Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
Role: pulumi.String("roles/iap.tunnelResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
Condition: &iap.TunnelInstanceIAMMemberConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}} * projects/{{project}}/zones/{{zone}}/instances/{{name}} * {{project}}/{{zone}}/{{name}} * {{zone}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor "projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor "projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetTunnelInstanceIAMPolicy ¶
func GetTunnelInstanceIAMPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TunnelInstanceIAMPolicyState, opts ...pulumi.ResourceOption) (*TunnelInstanceIAMPolicy, error)
GetTunnelInstanceIAMPolicy gets an existing TunnelInstanceIAMPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewTunnelInstanceIAMPolicy ¶
func NewTunnelInstanceIAMPolicy(ctx *pulumi.Context, name string, args *TunnelInstanceIAMPolicyArgs, opts ...pulumi.ResourceOption) (*TunnelInstanceIAMPolicy, error)
NewTunnelInstanceIAMPolicy registers a new resource with the given unique name, arguments, and options.
func (TunnelInstanceIAMPolicy) ElementType ¶ added in v4.4.0
func (TunnelInstanceIAMPolicy) ElementType() reflect.Type
func (TunnelInstanceIAMPolicy) ToTunnelInstanceIAMPolicyOutput ¶ added in v4.4.0
func (i TunnelInstanceIAMPolicy) ToTunnelInstanceIAMPolicyOutput() TunnelInstanceIAMPolicyOutput
func (TunnelInstanceIAMPolicy) ToTunnelInstanceIAMPolicyOutputWithContext ¶ added in v4.4.0
func (i TunnelInstanceIAMPolicy) ToTunnelInstanceIAMPolicyOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyOutput
type TunnelInstanceIAMPolicyArgs ¶
type TunnelInstanceIAMPolicyArgs struct {
// Used to find the parent resource to bind the IAM policy to
Instance pulumi.StringInput
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
Zone pulumi.StringPtrInput
}
The set of arguments for constructing a TunnelInstanceIAMPolicy resource.
func (TunnelInstanceIAMPolicyArgs) ElementType ¶
func (TunnelInstanceIAMPolicyArgs) ElementType() reflect.Type
type TunnelInstanceIAMPolicyInput ¶ added in v4.4.0
type TunnelInstanceIAMPolicyInput interface {
pulumi.Input
ToTunnelInstanceIAMPolicyOutput() TunnelInstanceIAMPolicyOutput
ToTunnelInstanceIAMPolicyOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyOutput
}
type TunnelInstanceIAMPolicyOutput ¶ added in v4.4.0
type TunnelInstanceIAMPolicyOutput struct {
*pulumi.OutputState
}
func (TunnelInstanceIAMPolicyOutput) ElementType ¶ added in v4.4.0
func (TunnelInstanceIAMPolicyOutput) ElementType() reflect.Type
func (TunnelInstanceIAMPolicyOutput) ToTunnelInstanceIAMPolicyOutput ¶ added in v4.4.0
func (o TunnelInstanceIAMPolicyOutput) ToTunnelInstanceIAMPolicyOutput() TunnelInstanceIAMPolicyOutput
func (TunnelInstanceIAMPolicyOutput) ToTunnelInstanceIAMPolicyOutputWithContext ¶ added in v4.4.0
func (o TunnelInstanceIAMPolicyOutput) ToTunnelInstanceIAMPolicyOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyOutput
type TunnelInstanceIAMPolicyState ¶
type TunnelInstanceIAMPolicyState struct {
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
// Used to find the parent resource to bind the IAM policy to
Instance pulumi.StringPtrInput
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringPtrInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
Zone pulumi.StringPtrInput
}
func (TunnelInstanceIAMPolicyState) ElementType ¶
func (TunnelInstanceIAMPolicyState) ElementType() reflect.Type
type WebBackendServiceIamBinding ¶
type WebBackendServiceIamBinding struct {
pulumi.CustomResourceState
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebBackendServiceIamBindingConditionPtrOutput `pulumi:"condition"`
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
Members pulumi.StringArrayOutput `pulumi:"members"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
// The role that should be applied. Only one
// `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringOutput `pulumi:"role"`
// Used to find the parent resource to bind the IAM policy to
WebBackendService pulumi.StringOutput `pulumi:"webBackendService"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:
* `iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached. * `iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved. * `iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.
> **Note:** `iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `iap.WebBackendServiceIamBinding` and `iap.WebBackendServiceIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_web\_backend\_service\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{
Project: pulumi.Any(google_compute_backend_service.Default.Project),
WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{
Project: pulumi.Any(google_compute_backend_service.Default.Project),
WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_backend\_service\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{
Project: pulumi.Any(google_compute_backend_service.Default.Project),
WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{
Project: pulumi.Any(google_compute_backend_service.Default.Project),
WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Condition: &iap.WebBackendServiceIamBindingConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_backend\_service\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{
Project: pulumi.Any(google_compute_backend_service.Default.Project),
WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{
Project: pulumi.Any(google_compute_backend_service.Default.Project),
WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
Condition: &iap.WebBackendServiceIamMemberConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/compute/services/{{name}} * {{project}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor "projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor "projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebBackendServiceIamBinding ¶
func GetWebBackendServiceIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebBackendServiceIamBindingState, opts ...pulumi.ResourceOption) (*WebBackendServiceIamBinding, error)
GetWebBackendServiceIamBinding gets an existing WebBackendServiceIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebBackendServiceIamBinding ¶
func NewWebBackendServiceIamBinding(ctx *pulumi.Context, name string, args *WebBackendServiceIamBindingArgs, opts ...pulumi.ResourceOption) (*WebBackendServiceIamBinding, error)
NewWebBackendServiceIamBinding registers a new resource with the given unique name, arguments, and options.
func (WebBackendServiceIamBinding) ElementType ¶ added in v4.4.0
func (WebBackendServiceIamBinding) ElementType() reflect.Type
func (WebBackendServiceIamBinding) ToWebBackendServiceIamBindingOutput ¶ added in v4.4.0
func (i WebBackendServiceIamBinding) ToWebBackendServiceIamBindingOutput() WebBackendServiceIamBindingOutput
func (WebBackendServiceIamBinding) ToWebBackendServiceIamBindingOutputWithContext ¶ added in v4.4.0
func (i WebBackendServiceIamBinding) ToWebBackendServiceIamBindingOutputWithContext(ctx context.Context) WebBackendServiceIamBindingOutput
type WebBackendServiceIamBindingArgs ¶
type WebBackendServiceIamBindingArgs struct {
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebBackendServiceIamBindingConditionPtrInput
Members pulumi.StringArrayInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringInput
// Used to find the parent resource to bind the IAM policy to
WebBackendService pulumi.StringInput
}
The set of arguments for constructing a WebBackendServiceIamBinding resource.
func (WebBackendServiceIamBindingArgs) ElementType ¶
func (WebBackendServiceIamBindingArgs) ElementType() reflect.Type
type WebBackendServiceIamBindingCondition ¶
type WebBackendServiceIamBindingCondition struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description *string `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression string `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title string `pulumi:"title"`
}
type WebBackendServiceIamBindingConditionArgs ¶
type WebBackendServiceIamBindingConditionArgs struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description pulumi.StringPtrInput `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression pulumi.StringInput `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title pulumi.StringInput `pulumi:"title"`
}
func (WebBackendServiceIamBindingConditionArgs) ElementType ¶
func (WebBackendServiceIamBindingConditionArgs) ElementType() reflect.Type
func (WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionOutput ¶
func (i WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionOutput() WebBackendServiceIamBindingConditionOutput
func (WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionOutputWithContext ¶
func (i WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionOutput
func (WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionPtrOutput ¶
func (i WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionPtrOutput() WebBackendServiceIamBindingConditionPtrOutput
func (WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionPtrOutputWithContext ¶
func (i WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionPtrOutput
type WebBackendServiceIamBindingConditionInput ¶
type WebBackendServiceIamBindingConditionInput interface {
pulumi.Input
ToWebBackendServiceIamBindingConditionOutput() WebBackendServiceIamBindingConditionOutput
ToWebBackendServiceIamBindingConditionOutputWithContext(context.Context) WebBackendServiceIamBindingConditionOutput
}
WebBackendServiceIamBindingConditionInput is an input type that accepts WebBackendServiceIamBindingConditionArgs and WebBackendServiceIamBindingConditionOutput values. You can construct a concrete instance of `WebBackendServiceIamBindingConditionInput` via:
WebBackendServiceIamBindingConditionArgs{...}
type WebBackendServiceIamBindingConditionOutput ¶
type WebBackendServiceIamBindingConditionOutput struct{ *pulumi.OutputState }
func (WebBackendServiceIamBindingConditionOutput) Description ¶
func (o WebBackendServiceIamBindingConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (WebBackendServiceIamBindingConditionOutput) ElementType ¶
func (WebBackendServiceIamBindingConditionOutput) ElementType() reflect.Type
func (WebBackendServiceIamBindingConditionOutput) Expression ¶
func (o WebBackendServiceIamBindingConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebBackendServiceIamBindingConditionOutput) Title ¶
func (o WebBackendServiceIamBindingConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionOutput ¶
func (o WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionOutput() WebBackendServiceIamBindingConditionOutput
func (WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionOutputWithContext ¶
func (o WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionOutput
func (WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionPtrOutput ¶
func (o WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionPtrOutput() WebBackendServiceIamBindingConditionPtrOutput
func (WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionPtrOutputWithContext ¶
func (o WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionPtrOutput
type WebBackendServiceIamBindingConditionPtrInput ¶
type WebBackendServiceIamBindingConditionPtrInput interface {
pulumi.Input
ToWebBackendServiceIamBindingConditionPtrOutput() WebBackendServiceIamBindingConditionPtrOutput
ToWebBackendServiceIamBindingConditionPtrOutputWithContext(context.Context) WebBackendServiceIamBindingConditionPtrOutput
}
WebBackendServiceIamBindingConditionPtrInput is an input type that accepts WebBackendServiceIamBindingConditionArgs, WebBackendServiceIamBindingConditionPtr and WebBackendServiceIamBindingConditionPtrOutput values. You can construct a concrete instance of `WebBackendServiceIamBindingConditionPtrInput` via:
WebBackendServiceIamBindingConditionArgs{...}
or:
nil
func WebBackendServiceIamBindingConditionPtr ¶
func WebBackendServiceIamBindingConditionPtr(v *WebBackendServiceIamBindingConditionArgs) WebBackendServiceIamBindingConditionPtrInput
type WebBackendServiceIamBindingConditionPtrOutput ¶
type WebBackendServiceIamBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (WebBackendServiceIamBindingConditionPtrOutput) Description ¶
func (o WebBackendServiceIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (WebBackendServiceIamBindingConditionPtrOutput) ElementType ¶
func (WebBackendServiceIamBindingConditionPtrOutput) ElementType() reflect.Type
func (WebBackendServiceIamBindingConditionPtrOutput) Expression ¶
func (o WebBackendServiceIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebBackendServiceIamBindingConditionPtrOutput) Title ¶
func (o WebBackendServiceIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebBackendServiceIamBindingConditionPtrOutput) ToWebBackendServiceIamBindingConditionPtrOutput ¶
func (o WebBackendServiceIamBindingConditionPtrOutput) ToWebBackendServiceIamBindingConditionPtrOutput() WebBackendServiceIamBindingConditionPtrOutput
func (WebBackendServiceIamBindingConditionPtrOutput) ToWebBackendServiceIamBindingConditionPtrOutputWithContext ¶
func (o WebBackendServiceIamBindingConditionPtrOutput) ToWebBackendServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionPtrOutput
type WebBackendServiceIamBindingInput ¶ added in v4.4.0
type WebBackendServiceIamBindingInput interface {
pulumi.Input
ToWebBackendServiceIamBindingOutput() WebBackendServiceIamBindingOutput
ToWebBackendServiceIamBindingOutputWithContext(ctx context.Context) WebBackendServiceIamBindingOutput
}
type WebBackendServiceIamBindingOutput ¶ added in v4.4.0
type WebBackendServiceIamBindingOutput struct {
*pulumi.OutputState
}
func (WebBackendServiceIamBindingOutput) ElementType ¶ added in v4.4.0
func (WebBackendServiceIamBindingOutput) ElementType() reflect.Type
func (WebBackendServiceIamBindingOutput) ToWebBackendServiceIamBindingOutput ¶ added in v4.4.0
func (o WebBackendServiceIamBindingOutput) ToWebBackendServiceIamBindingOutput() WebBackendServiceIamBindingOutput
func (WebBackendServiceIamBindingOutput) ToWebBackendServiceIamBindingOutputWithContext ¶ added in v4.4.0
func (o WebBackendServiceIamBindingOutput) ToWebBackendServiceIamBindingOutputWithContext(ctx context.Context) WebBackendServiceIamBindingOutput
type WebBackendServiceIamBindingState ¶
type WebBackendServiceIamBindingState struct {
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebBackendServiceIamBindingConditionPtrInput
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
Members pulumi.StringArrayInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringPtrInput
// Used to find the parent resource to bind the IAM policy to
WebBackendService pulumi.StringPtrInput
}
func (WebBackendServiceIamBindingState) ElementType ¶
func (WebBackendServiceIamBindingState) ElementType() reflect.Type
type WebBackendServiceIamMember ¶
type WebBackendServiceIamMember struct {
pulumi.CustomResourceState
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebBackendServiceIamMemberConditionPtrOutput `pulumi:"condition"`
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
Member pulumi.StringOutput `pulumi:"member"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
// The role that should be applied. Only one
// `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringOutput `pulumi:"role"`
// Used to find the parent resource to bind the IAM policy to
WebBackendService pulumi.StringOutput `pulumi:"webBackendService"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:
* `iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached. * `iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved. * `iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.
> **Note:** `iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `iap.WebBackendServiceIamBinding` and `iap.WebBackendServiceIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_web\_backend\_service\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{
Project: pulumi.Any(google_compute_backend_service.Default.Project),
WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{
Project: pulumi.Any(google_compute_backend_service.Default.Project),
WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_backend\_service\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{
Project: pulumi.Any(google_compute_backend_service.Default.Project),
WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{
Project: pulumi.Any(google_compute_backend_service.Default.Project),
WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Condition: &iap.WebBackendServiceIamBindingConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_backend\_service\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{
Project: pulumi.Any(google_compute_backend_service.Default.Project),
WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{
Project: pulumi.Any(google_compute_backend_service.Default.Project),
WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
Condition: &iap.WebBackendServiceIamMemberConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/compute/services/{{name}} * {{project}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor "projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor "projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebBackendServiceIamMember ¶
func GetWebBackendServiceIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebBackendServiceIamMemberState, opts ...pulumi.ResourceOption) (*WebBackendServiceIamMember, error)
GetWebBackendServiceIamMember gets an existing WebBackendServiceIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebBackendServiceIamMember ¶
func NewWebBackendServiceIamMember(ctx *pulumi.Context, name string, args *WebBackendServiceIamMemberArgs, opts ...pulumi.ResourceOption) (*WebBackendServiceIamMember, error)
NewWebBackendServiceIamMember registers a new resource with the given unique name, arguments, and options.
func (WebBackendServiceIamMember) ElementType ¶ added in v4.4.0
func (WebBackendServiceIamMember) ElementType() reflect.Type
func (WebBackendServiceIamMember) ToWebBackendServiceIamMemberOutput ¶ added in v4.4.0
func (i WebBackendServiceIamMember) ToWebBackendServiceIamMemberOutput() WebBackendServiceIamMemberOutput
func (WebBackendServiceIamMember) ToWebBackendServiceIamMemberOutputWithContext ¶ added in v4.4.0
func (i WebBackendServiceIamMember) ToWebBackendServiceIamMemberOutputWithContext(ctx context.Context) WebBackendServiceIamMemberOutput
type WebBackendServiceIamMemberArgs ¶
type WebBackendServiceIamMemberArgs struct {
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebBackendServiceIamMemberConditionPtrInput
Member pulumi.StringInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringInput
// Used to find the parent resource to bind the IAM policy to
WebBackendService pulumi.StringInput
}
The set of arguments for constructing a WebBackendServiceIamMember resource.
func (WebBackendServiceIamMemberArgs) ElementType ¶
func (WebBackendServiceIamMemberArgs) ElementType() reflect.Type
type WebBackendServiceIamMemberCondition ¶
type WebBackendServiceIamMemberCondition struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description *string `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression string `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title string `pulumi:"title"`
}
type WebBackendServiceIamMemberConditionArgs ¶
type WebBackendServiceIamMemberConditionArgs struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description pulumi.StringPtrInput `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression pulumi.StringInput `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title pulumi.StringInput `pulumi:"title"`
}
func (WebBackendServiceIamMemberConditionArgs) ElementType ¶
func (WebBackendServiceIamMemberConditionArgs) ElementType() reflect.Type
func (WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionOutput ¶
func (i WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionOutput() WebBackendServiceIamMemberConditionOutput
func (WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionOutputWithContext ¶
func (i WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionOutput
func (WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionPtrOutput ¶
func (i WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionPtrOutput() WebBackendServiceIamMemberConditionPtrOutput
func (WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionPtrOutputWithContext ¶
func (i WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionPtrOutput
type WebBackendServiceIamMemberConditionInput ¶
type WebBackendServiceIamMemberConditionInput interface {
pulumi.Input
ToWebBackendServiceIamMemberConditionOutput() WebBackendServiceIamMemberConditionOutput
ToWebBackendServiceIamMemberConditionOutputWithContext(context.Context) WebBackendServiceIamMemberConditionOutput
}
WebBackendServiceIamMemberConditionInput is an input type that accepts WebBackendServiceIamMemberConditionArgs and WebBackendServiceIamMemberConditionOutput values. You can construct a concrete instance of `WebBackendServiceIamMemberConditionInput` via:
WebBackendServiceIamMemberConditionArgs{...}
type WebBackendServiceIamMemberConditionOutput ¶
type WebBackendServiceIamMemberConditionOutput struct{ *pulumi.OutputState }
func (WebBackendServiceIamMemberConditionOutput) Description ¶
func (o WebBackendServiceIamMemberConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (WebBackendServiceIamMemberConditionOutput) ElementType ¶
func (WebBackendServiceIamMemberConditionOutput) ElementType() reflect.Type
func (WebBackendServiceIamMemberConditionOutput) Expression ¶
func (o WebBackendServiceIamMemberConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebBackendServiceIamMemberConditionOutput) Title ¶
func (o WebBackendServiceIamMemberConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionOutput ¶
func (o WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionOutput() WebBackendServiceIamMemberConditionOutput
func (WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionOutputWithContext ¶
func (o WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionOutput
func (WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionPtrOutput ¶
func (o WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionPtrOutput() WebBackendServiceIamMemberConditionPtrOutput
func (WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionPtrOutputWithContext ¶
func (o WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionPtrOutput
type WebBackendServiceIamMemberConditionPtrInput ¶
type WebBackendServiceIamMemberConditionPtrInput interface {
pulumi.Input
ToWebBackendServiceIamMemberConditionPtrOutput() WebBackendServiceIamMemberConditionPtrOutput
ToWebBackendServiceIamMemberConditionPtrOutputWithContext(context.Context) WebBackendServiceIamMemberConditionPtrOutput
}
WebBackendServiceIamMemberConditionPtrInput is an input type that accepts WebBackendServiceIamMemberConditionArgs, WebBackendServiceIamMemberConditionPtr and WebBackendServiceIamMemberConditionPtrOutput values. You can construct a concrete instance of `WebBackendServiceIamMemberConditionPtrInput` via:
WebBackendServiceIamMemberConditionArgs{...}
or:
nil
func WebBackendServiceIamMemberConditionPtr ¶
func WebBackendServiceIamMemberConditionPtr(v *WebBackendServiceIamMemberConditionArgs) WebBackendServiceIamMemberConditionPtrInput
type WebBackendServiceIamMemberConditionPtrOutput ¶
type WebBackendServiceIamMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (WebBackendServiceIamMemberConditionPtrOutput) Description ¶
func (o WebBackendServiceIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (WebBackendServiceIamMemberConditionPtrOutput) ElementType ¶
func (WebBackendServiceIamMemberConditionPtrOutput) ElementType() reflect.Type
func (WebBackendServiceIamMemberConditionPtrOutput) Expression ¶
func (o WebBackendServiceIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebBackendServiceIamMemberConditionPtrOutput) Title ¶
func (o WebBackendServiceIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebBackendServiceIamMemberConditionPtrOutput) ToWebBackendServiceIamMemberConditionPtrOutput ¶
func (o WebBackendServiceIamMemberConditionPtrOutput) ToWebBackendServiceIamMemberConditionPtrOutput() WebBackendServiceIamMemberConditionPtrOutput
func (WebBackendServiceIamMemberConditionPtrOutput) ToWebBackendServiceIamMemberConditionPtrOutputWithContext ¶
func (o WebBackendServiceIamMemberConditionPtrOutput) ToWebBackendServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionPtrOutput
type WebBackendServiceIamMemberInput ¶ added in v4.4.0
type WebBackendServiceIamMemberInput interface {
pulumi.Input
ToWebBackendServiceIamMemberOutput() WebBackendServiceIamMemberOutput
ToWebBackendServiceIamMemberOutputWithContext(ctx context.Context) WebBackendServiceIamMemberOutput
}
type WebBackendServiceIamMemberOutput ¶ added in v4.4.0
type WebBackendServiceIamMemberOutput struct {
*pulumi.OutputState
}
func (WebBackendServiceIamMemberOutput) ElementType ¶ added in v4.4.0
func (WebBackendServiceIamMemberOutput) ElementType() reflect.Type
func (WebBackendServiceIamMemberOutput) ToWebBackendServiceIamMemberOutput ¶ added in v4.4.0
func (o WebBackendServiceIamMemberOutput) ToWebBackendServiceIamMemberOutput() WebBackendServiceIamMemberOutput
func (WebBackendServiceIamMemberOutput) ToWebBackendServiceIamMemberOutputWithContext ¶ added in v4.4.0
func (o WebBackendServiceIamMemberOutput) ToWebBackendServiceIamMemberOutputWithContext(ctx context.Context) WebBackendServiceIamMemberOutput
type WebBackendServiceIamMemberState ¶
type WebBackendServiceIamMemberState struct {
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebBackendServiceIamMemberConditionPtrInput
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
Member pulumi.StringPtrInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringPtrInput
// Used to find the parent resource to bind the IAM policy to
WebBackendService pulumi.StringPtrInput
}
func (WebBackendServiceIamMemberState) ElementType ¶
func (WebBackendServiceIamMemberState) ElementType() reflect.Type
type WebBackendServiceIamPolicy ¶
type WebBackendServiceIamPolicy struct {
pulumi.CustomResourceState
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringOutput `pulumi:"policyData"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
// Used to find the parent resource to bind the IAM policy to
WebBackendService pulumi.StringOutput `pulumi:"webBackendService"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:
* `iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached. * `iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved. * `iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.
> **Note:** `iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `iap.WebBackendServiceIamBinding` and `iap.WebBackendServiceIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_web\_backend\_service\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{
Project: pulumi.Any(google_compute_backend_service.Default.Project),
WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{
Project: pulumi.Any(google_compute_backend_service.Default.Project),
WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_backend\_service\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{
Project: pulumi.Any(google_compute_backend_service.Default.Project),
WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{
Project: pulumi.Any(google_compute_backend_service.Default.Project),
WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Condition: &iap.WebBackendServiceIamBindingConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_backend\_service\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{
Project: pulumi.Any(google_compute_backend_service.Default.Project),
WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{
Project: pulumi.Any(google_compute_backend_service.Default.Project),
WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
Condition: &iap.WebBackendServiceIamMemberConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/compute/services/{{name}} * {{project}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor "projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor "projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebBackendServiceIamPolicy ¶
func GetWebBackendServiceIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebBackendServiceIamPolicyState, opts ...pulumi.ResourceOption) (*WebBackendServiceIamPolicy, error)
GetWebBackendServiceIamPolicy gets an existing WebBackendServiceIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebBackendServiceIamPolicy ¶
func NewWebBackendServiceIamPolicy(ctx *pulumi.Context, name string, args *WebBackendServiceIamPolicyArgs, opts ...pulumi.ResourceOption) (*WebBackendServiceIamPolicy, error)
NewWebBackendServiceIamPolicy registers a new resource with the given unique name, arguments, and options.
func (WebBackendServiceIamPolicy) ElementType ¶ added in v4.4.0
func (WebBackendServiceIamPolicy) ElementType() reflect.Type
func (WebBackendServiceIamPolicy) ToWebBackendServiceIamPolicyOutput ¶ added in v4.4.0
func (i WebBackendServiceIamPolicy) ToWebBackendServiceIamPolicyOutput() WebBackendServiceIamPolicyOutput
func (WebBackendServiceIamPolicy) ToWebBackendServiceIamPolicyOutputWithContext ¶ added in v4.4.0
func (i WebBackendServiceIamPolicy) ToWebBackendServiceIamPolicyOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyOutput
type WebBackendServiceIamPolicyArgs ¶
type WebBackendServiceIamPolicyArgs struct {
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// Used to find the parent resource to bind the IAM policy to
WebBackendService pulumi.StringInput
}
The set of arguments for constructing a WebBackendServiceIamPolicy resource.
func (WebBackendServiceIamPolicyArgs) ElementType ¶
func (WebBackendServiceIamPolicyArgs) ElementType() reflect.Type
type WebBackendServiceIamPolicyInput ¶ added in v4.4.0
type WebBackendServiceIamPolicyInput interface {
pulumi.Input
ToWebBackendServiceIamPolicyOutput() WebBackendServiceIamPolicyOutput
ToWebBackendServiceIamPolicyOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyOutput
}
type WebBackendServiceIamPolicyOutput ¶ added in v4.4.0
type WebBackendServiceIamPolicyOutput struct {
*pulumi.OutputState
}
func (WebBackendServiceIamPolicyOutput) ElementType ¶ added in v4.4.0
func (WebBackendServiceIamPolicyOutput) ElementType() reflect.Type
func (WebBackendServiceIamPolicyOutput) ToWebBackendServiceIamPolicyOutput ¶ added in v4.4.0
func (o WebBackendServiceIamPolicyOutput) ToWebBackendServiceIamPolicyOutput() WebBackendServiceIamPolicyOutput
func (WebBackendServiceIamPolicyOutput) ToWebBackendServiceIamPolicyOutputWithContext ¶ added in v4.4.0
func (o WebBackendServiceIamPolicyOutput) ToWebBackendServiceIamPolicyOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyOutput
type WebBackendServiceIamPolicyState ¶
type WebBackendServiceIamPolicyState struct {
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringPtrInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// Used to find the parent resource to bind the IAM policy to
WebBackendService pulumi.StringPtrInput
}
func (WebBackendServiceIamPolicyState) ElementType ¶
func (WebBackendServiceIamPolicyState) ElementType() reflect.Type
type WebIamBinding ¶
type WebIamBinding struct {
pulumi.CustomResourceState
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebIamBindingConditionPtrOutput `pulumi:"condition"`
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
Members pulumi.StringArrayOutput `pulumi:"members"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
// The role that should be applied. Only one
// `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringOutput `pulumi:"role"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:
* `iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached. * `iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved. * `iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.
> **Note:** `iap.WebIamPolicy` **cannot** be used in conjunction with `iap.WebIamBinding` and `iap.WebIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebIamBinding` resources **can be** used in conjunction with `iap.WebIamMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_web\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Condition: &iap.WebIamBindingConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
Condition: &iap.WebIamMemberConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor "projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor "projects/{{project}}/iap_web roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor projects/{{project}}/iap_web
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebIamBinding ¶
func GetWebIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebIamBindingState, opts ...pulumi.ResourceOption) (*WebIamBinding, error)
GetWebIamBinding gets an existing WebIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebIamBinding ¶
func NewWebIamBinding(ctx *pulumi.Context, name string, args *WebIamBindingArgs, opts ...pulumi.ResourceOption) (*WebIamBinding, error)
NewWebIamBinding registers a new resource with the given unique name, arguments, and options.
func (WebIamBinding) ElementType ¶ added in v4.4.0
func (WebIamBinding) ElementType() reflect.Type
func (WebIamBinding) ToWebIamBindingOutput ¶ added in v4.4.0
func (i WebIamBinding) ToWebIamBindingOutput() WebIamBindingOutput
func (WebIamBinding) ToWebIamBindingOutputWithContext ¶ added in v4.4.0
func (i WebIamBinding) ToWebIamBindingOutputWithContext(ctx context.Context) WebIamBindingOutput
type WebIamBindingArgs ¶
type WebIamBindingArgs struct {
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebIamBindingConditionPtrInput
Members pulumi.StringArrayInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringInput
}
The set of arguments for constructing a WebIamBinding resource.
func (WebIamBindingArgs) ElementType ¶
func (WebIamBindingArgs) ElementType() reflect.Type
type WebIamBindingCondition ¶
type WebIamBindingCondition struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description *string `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression string `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title string `pulumi:"title"`
}
type WebIamBindingConditionArgs ¶
type WebIamBindingConditionArgs struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description pulumi.StringPtrInput `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression pulumi.StringInput `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title pulumi.StringInput `pulumi:"title"`
}
func (WebIamBindingConditionArgs) ElementType ¶
func (WebIamBindingConditionArgs) ElementType() reflect.Type
func (WebIamBindingConditionArgs) ToWebIamBindingConditionOutput ¶
func (i WebIamBindingConditionArgs) ToWebIamBindingConditionOutput() WebIamBindingConditionOutput
func (WebIamBindingConditionArgs) ToWebIamBindingConditionOutputWithContext ¶
func (i WebIamBindingConditionArgs) ToWebIamBindingConditionOutputWithContext(ctx context.Context) WebIamBindingConditionOutput
func (WebIamBindingConditionArgs) ToWebIamBindingConditionPtrOutput ¶
func (i WebIamBindingConditionArgs) ToWebIamBindingConditionPtrOutput() WebIamBindingConditionPtrOutput
func (WebIamBindingConditionArgs) ToWebIamBindingConditionPtrOutputWithContext ¶
func (i WebIamBindingConditionArgs) ToWebIamBindingConditionPtrOutputWithContext(ctx context.Context) WebIamBindingConditionPtrOutput
type WebIamBindingConditionInput ¶
type WebIamBindingConditionInput interface {
pulumi.Input
ToWebIamBindingConditionOutput() WebIamBindingConditionOutput
ToWebIamBindingConditionOutputWithContext(context.Context) WebIamBindingConditionOutput
}
WebIamBindingConditionInput is an input type that accepts WebIamBindingConditionArgs and WebIamBindingConditionOutput values. You can construct a concrete instance of `WebIamBindingConditionInput` via:
WebIamBindingConditionArgs{...}
type WebIamBindingConditionOutput ¶
type WebIamBindingConditionOutput struct{ *pulumi.OutputState }
func (WebIamBindingConditionOutput) Description ¶
func (o WebIamBindingConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (WebIamBindingConditionOutput) ElementType ¶
func (WebIamBindingConditionOutput) ElementType() reflect.Type
func (WebIamBindingConditionOutput) Expression ¶
func (o WebIamBindingConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebIamBindingConditionOutput) Title ¶
func (o WebIamBindingConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebIamBindingConditionOutput) ToWebIamBindingConditionOutput ¶
func (o WebIamBindingConditionOutput) ToWebIamBindingConditionOutput() WebIamBindingConditionOutput
func (WebIamBindingConditionOutput) ToWebIamBindingConditionOutputWithContext ¶
func (o WebIamBindingConditionOutput) ToWebIamBindingConditionOutputWithContext(ctx context.Context) WebIamBindingConditionOutput
func (WebIamBindingConditionOutput) ToWebIamBindingConditionPtrOutput ¶
func (o WebIamBindingConditionOutput) ToWebIamBindingConditionPtrOutput() WebIamBindingConditionPtrOutput
func (WebIamBindingConditionOutput) ToWebIamBindingConditionPtrOutputWithContext ¶
func (o WebIamBindingConditionOutput) ToWebIamBindingConditionPtrOutputWithContext(ctx context.Context) WebIamBindingConditionPtrOutput
type WebIamBindingConditionPtrInput ¶
type WebIamBindingConditionPtrInput interface {
pulumi.Input
ToWebIamBindingConditionPtrOutput() WebIamBindingConditionPtrOutput
ToWebIamBindingConditionPtrOutputWithContext(context.Context) WebIamBindingConditionPtrOutput
}
WebIamBindingConditionPtrInput is an input type that accepts WebIamBindingConditionArgs, WebIamBindingConditionPtr and WebIamBindingConditionPtrOutput values. You can construct a concrete instance of `WebIamBindingConditionPtrInput` via:
WebIamBindingConditionArgs{...}
or:
nil
func WebIamBindingConditionPtr ¶
func WebIamBindingConditionPtr(v *WebIamBindingConditionArgs) WebIamBindingConditionPtrInput
type WebIamBindingConditionPtrOutput ¶
type WebIamBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (WebIamBindingConditionPtrOutput) Description ¶
func (o WebIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (WebIamBindingConditionPtrOutput) Elem ¶
func (o WebIamBindingConditionPtrOutput) Elem() WebIamBindingConditionOutput
func (WebIamBindingConditionPtrOutput) ElementType ¶
func (WebIamBindingConditionPtrOutput) ElementType() reflect.Type
func (WebIamBindingConditionPtrOutput) Expression ¶
func (o WebIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebIamBindingConditionPtrOutput) Title ¶
func (o WebIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebIamBindingConditionPtrOutput) ToWebIamBindingConditionPtrOutput ¶
func (o WebIamBindingConditionPtrOutput) ToWebIamBindingConditionPtrOutput() WebIamBindingConditionPtrOutput
func (WebIamBindingConditionPtrOutput) ToWebIamBindingConditionPtrOutputWithContext ¶
func (o WebIamBindingConditionPtrOutput) ToWebIamBindingConditionPtrOutputWithContext(ctx context.Context) WebIamBindingConditionPtrOutput
type WebIamBindingInput ¶ added in v4.4.0
type WebIamBindingInput interface {
pulumi.Input
ToWebIamBindingOutput() WebIamBindingOutput
ToWebIamBindingOutputWithContext(ctx context.Context) WebIamBindingOutput
}
type WebIamBindingOutput ¶ added in v4.4.0
type WebIamBindingOutput struct {
*pulumi.OutputState
}
func (WebIamBindingOutput) ElementType ¶ added in v4.4.0
func (WebIamBindingOutput) ElementType() reflect.Type
func (WebIamBindingOutput) ToWebIamBindingOutput ¶ added in v4.4.0
func (o WebIamBindingOutput) ToWebIamBindingOutput() WebIamBindingOutput
func (WebIamBindingOutput) ToWebIamBindingOutputWithContext ¶ added in v4.4.0
func (o WebIamBindingOutput) ToWebIamBindingOutputWithContext(ctx context.Context) WebIamBindingOutput
type WebIamBindingState ¶
type WebIamBindingState struct {
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebIamBindingConditionPtrInput
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
Members pulumi.StringArrayInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringPtrInput
}
func (WebIamBindingState) ElementType ¶
func (WebIamBindingState) ElementType() reflect.Type
type WebIamMember ¶
type WebIamMember struct {
pulumi.CustomResourceState
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebIamMemberConditionPtrOutput `pulumi:"condition"`
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
Member pulumi.StringOutput `pulumi:"member"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
// The role that should be applied. Only one
// `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringOutput `pulumi:"role"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:
* `iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached. * `iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved. * `iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.
> **Note:** `iap.WebIamPolicy` **cannot** be used in conjunction with `iap.WebIamBinding` and `iap.WebIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebIamBinding` resources **can be** used in conjunction with `iap.WebIamMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_web\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Condition: &iap.WebIamBindingConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
Condition: &iap.WebIamMemberConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webIamMember:WebIamMember editor "projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webIamMember:WebIamMember editor "projects/{{project}}/iap_web roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webIamMember:WebIamMember editor projects/{{project}}/iap_web
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebIamMember ¶
func GetWebIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebIamMemberState, opts ...pulumi.ResourceOption) (*WebIamMember, error)
GetWebIamMember gets an existing WebIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebIamMember ¶
func NewWebIamMember(ctx *pulumi.Context, name string, args *WebIamMemberArgs, opts ...pulumi.ResourceOption) (*WebIamMember, error)
NewWebIamMember registers a new resource with the given unique name, arguments, and options.
func (WebIamMember) ElementType ¶ added in v4.4.0
func (WebIamMember) ElementType() reflect.Type
func (WebIamMember) ToWebIamMemberOutput ¶ added in v4.4.0
func (i WebIamMember) ToWebIamMemberOutput() WebIamMemberOutput
func (WebIamMember) ToWebIamMemberOutputWithContext ¶ added in v4.4.0
func (i WebIamMember) ToWebIamMemberOutputWithContext(ctx context.Context) WebIamMemberOutput
type WebIamMemberArgs ¶
type WebIamMemberArgs struct {
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebIamMemberConditionPtrInput
Member pulumi.StringInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringInput
}
The set of arguments for constructing a WebIamMember resource.
func (WebIamMemberArgs) ElementType ¶
func (WebIamMemberArgs) ElementType() reflect.Type
type WebIamMemberCondition ¶
type WebIamMemberCondition struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description *string `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression string `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title string `pulumi:"title"`
}
type WebIamMemberConditionArgs ¶
type WebIamMemberConditionArgs struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description pulumi.StringPtrInput `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression pulumi.StringInput `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title pulumi.StringInput `pulumi:"title"`
}
func (WebIamMemberConditionArgs) ElementType ¶
func (WebIamMemberConditionArgs) ElementType() reflect.Type
func (WebIamMemberConditionArgs) ToWebIamMemberConditionOutput ¶
func (i WebIamMemberConditionArgs) ToWebIamMemberConditionOutput() WebIamMemberConditionOutput
func (WebIamMemberConditionArgs) ToWebIamMemberConditionOutputWithContext ¶
func (i WebIamMemberConditionArgs) ToWebIamMemberConditionOutputWithContext(ctx context.Context) WebIamMemberConditionOutput
func (WebIamMemberConditionArgs) ToWebIamMemberConditionPtrOutput ¶
func (i WebIamMemberConditionArgs) ToWebIamMemberConditionPtrOutput() WebIamMemberConditionPtrOutput
func (WebIamMemberConditionArgs) ToWebIamMemberConditionPtrOutputWithContext ¶
func (i WebIamMemberConditionArgs) ToWebIamMemberConditionPtrOutputWithContext(ctx context.Context) WebIamMemberConditionPtrOutput
type WebIamMemberConditionInput ¶
type WebIamMemberConditionInput interface {
pulumi.Input
ToWebIamMemberConditionOutput() WebIamMemberConditionOutput
ToWebIamMemberConditionOutputWithContext(context.Context) WebIamMemberConditionOutput
}
WebIamMemberConditionInput is an input type that accepts WebIamMemberConditionArgs and WebIamMemberConditionOutput values. You can construct a concrete instance of `WebIamMemberConditionInput` via:
WebIamMemberConditionArgs{...}
type WebIamMemberConditionOutput ¶
type WebIamMemberConditionOutput struct{ *pulumi.OutputState }
func (WebIamMemberConditionOutput) Description ¶
func (o WebIamMemberConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (WebIamMemberConditionOutput) ElementType ¶
func (WebIamMemberConditionOutput) ElementType() reflect.Type
func (WebIamMemberConditionOutput) Expression ¶
func (o WebIamMemberConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebIamMemberConditionOutput) Title ¶
func (o WebIamMemberConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebIamMemberConditionOutput) ToWebIamMemberConditionOutput ¶
func (o WebIamMemberConditionOutput) ToWebIamMemberConditionOutput() WebIamMemberConditionOutput
func (WebIamMemberConditionOutput) ToWebIamMemberConditionOutputWithContext ¶
func (o WebIamMemberConditionOutput) ToWebIamMemberConditionOutputWithContext(ctx context.Context) WebIamMemberConditionOutput
func (WebIamMemberConditionOutput) ToWebIamMemberConditionPtrOutput ¶
func (o WebIamMemberConditionOutput) ToWebIamMemberConditionPtrOutput() WebIamMemberConditionPtrOutput
func (WebIamMemberConditionOutput) ToWebIamMemberConditionPtrOutputWithContext ¶
func (o WebIamMemberConditionOutput) ToWebIamMemberConditionPtrOutputWithContext(ctx context.Context) WebIamMemberConditionPtrOutput
type WebIamMemberConditionPtrInput ¶
type WebIamMemberConditionPtrInput interface {
pulumi.Input
ToWebIamMemberConditionPtrOutput() WebIamMemberConditionPtrOutput
ToWebIamMemberConditionPtrOutputWithContext(context.Context) WebIamMemberConditionPtrOutput
}
WebIamMemberConditionPtrInput is an input type that accepts WebIamMemberConditionArgs, WebIamMemberConditionPtr and WebIamMemberConditionPtrOutput values. You can construct a concrete instance of `WebIamMemberConditionPtrInput` via:
WebIamMemberConditionArgs{...}
or:
nil
func WebIamMemberConditionPtr ¶
func WebIamMemberConditionPtr(v *WebIamMemberConditionArgs) WebIamMemberConditionPtrInput
type WebIamMemberConditionPtrOutput ¶
type WebIamMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (WebIamMemberConditionPtrOutput) Description ¶
func (o WebIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (WebIamMemberConditionPtrOutput) Elem ¶
func (o WebIamMemberConditionPtrOutput) Elem() WebIamMemberConditionOutput
func (WebIamMemberConditionPtrOutput) ElementType ¶
func (WebIamMemberConditionPtrOutput) ElementType() reflect.Type
func (WebIamMemberConditionPtrOutput) Expression ¶
func (o WebIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebIamMemberConditionPtrOutput) Title ¶
func (o WebIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebIamMemberConditionPtrOutput) ToWebIamMemberConditionPtrOutput ¶
func (o WebIamMemberConditionPtrOutput) ToWebIamMemberConditionPtrOutput() WebIamMemberConditionPtrOutput
func (WebIamMemberConditionPtrOutput) ToWebIamMemberConditionPtrOutputWithContext ¶
func (o WebIamMemberConditionPtrOutput) ToWebIamMemberConditionPtrOutputWithContext(ctx context.Context) WebIamMemberConditionPtrOutput
type WebIamMemberInput ¶ added in v4.4.0
type WebIamMemberInput interface {
pulumi.Input
ToWebIamMemberOutput() WebIamMemberOutput
ToWebIamMemberOutputWithContext(ctx context.Context) WebIamMemberOutput
}
type WebIamMemberOutput ¶ added in v4.4.0
type WebIamMemberOutput struct {
*pulumi.OutputState
}
func (WebIamMemberOutput) ElementType ¶ added in v4.4.0
func (WebIamMemberOutput) ElementType() reflect.Type
func (WebIamMemberOutput) ToWebIamMemberOutput ¶ added in v4.4.0
func (o WebIamMemberOutput) ToWebIamMemberOutput() WebIamMemberOutput
func (WebIamMemberOutput) ToWebIamMemberOutputWithContext ¶ added in v4.4.0
func (o WebIamMemberOutput) ToWebIamMemberOutputWithContext(ctx context.Context) WebIamMemberOutput
type WebIamMemberState ¶
type WebIamMemberState struct {
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebIamMemberConditionPtrInput
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
Member pulumi.StringPtrInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringPtrInput
}
func (WebIamMemberState) ElementType ¶
func (WebIamMemberState) ElementType() reflect.Type
type WebIamPolicy ¶
type WebIamPolicy struct {
pulumi.CustomResourceState
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringOutput `pulumi:"policyData"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:
* `iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached. * `iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved. * `iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.
> **Note:** `iap.WebIamPolicy` **cannot** be used in conjunction with `iap.WebIamBinding` and `iap.WebIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebIamBinding` resources **can be** used in conjunction with `iap.WebIamMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_web\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Condition: &iap.WebIamBindingConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
Condition: &iap.WebIamMemberConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor "projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor "projects/{{project}}/iap_web roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor projects/{{project}}/iap_web
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebIamPolicy ¶
func GetWebIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebIamPolicyState, opts ...pulumi.ResourceOption) (*WebIamPolicy, error)
GetWebIamPolicy gets an existing WebIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebIamPolicy ¶
func NewWebIamPolicy(ctx *pulumi.Context, name string, args *WebIamPolicyArgs, opts ...pulumi.ResourceOption) (*WebIamPolicy, error)
NewWebIamPolicy registers a new resource with the given unique name, arguments, and options.
func (WebIamPolicy) ElementType ¶ added in v4.4.0
func (WebIamPolicy) ElementType() reflect.Type
func (WebIamPolicy) ToWebIamPolicyOutput ¶ added in v4.4.0
func (i WebIamPolicy) ToWebIamPolicyOutput() WebIamPolicyOutput
func (WebIamPolicy) ToWebIamPolicyOutputWithContext ¶ added in v4.4.0
func (i WebIamPolicy) ToWebIamPolicyOutputWithContext(ctx context.Context) WebIamPolicyOutput
type WebIamPolicyArgs ¶
type WebIamPolicyArgs struct {
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
}
The set of arguments for constructing a WebIamPolicy resource.
func (WebIamPolicyArgs) ElementType ¶
func (WebIamPolicyArgs) ElementType() reflect.Type
type WebIamPolicyInput ¶ added in v4.4.0
type WebIamPolicyInput interface {
pulumi.Input
ToWebIamPolicyOutput() WebIamPolicyOutput
ToWebIamPolicyOutputWithContext(ctx context.Context) WebIamPolicyOutput
}
type WebIamPolicyOutput ¶ added in v4.4.0
type WebIamPolicyOutput struct {
*pulumi.OutputState
}
func (WebIamPolicyOutput) ElementType ¶ added in v4.4.0
func (WebIamPolicyOutput) ElementType() reflect.Type
func (WebIamPolicyOutput) ToWebIamPolicyOutput ¶ added in v4.4.0
func (o WebIamPolicyOutput) ToWebIamPolicyOutput() WebIamPolicyOutput
func (WebIamPolicyOutput) ToWebIamPolicyOutputWithContext ¶ added in v4.4.0
func (o WebIamPolicyOutput) ToWebIamPolicyOutputWithContext(ctx context.Context) WebIamPolicyOutput
type WebIamPolicyState ¶
type WebIamPolicyState struct {
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringPtrInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
}
func (WebIamPolicyState) ElementType ¶
func (WebIamPolicyState) ElementType() reflect.Type
type WebTypeAppEngingIamBinding ¶
type WebTypeAppEngingIamBinding struct {
pulumi.CustomResourceState
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringOutput `pulumi:"appId"`
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebTypeAppEngingIamBindingConditionPtrOutput `pulumi:"condition"`
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
Members pulumi.StringArrayOutput `pulumi:"members"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
// The role that should be applied. Only one
// `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringOutput `pulumi:"role"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:
* `iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached. * `iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved. * `iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.
> **Note:** `iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `iap.WebTypeAppEngingIamBinding` and `iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_web\_type\_app\_engine\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{
Project: pulumi.Any(google_app_engine_application.App.Project),
AppId: pulumi.Any(google_app_engine_application.App.App_id),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{
Project: pulumi.Any(google_app_engine_application.App.Project),
AppId: pulumi.Any(google_app_engine_application.App.App_id),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_type\_app\_engine\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{
Project: pulumi.Any(google_app_engine_application.App.Project),
AppId: pulumi.Any(google_app_engine_application.App.App_id),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{
Project: pulumi.Any(google_app_engine_application.App.Project),
AppId: pulumi.Any(google_app_engine_application.App.App_id),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Condition: &iap.WebTypeAppEngingIamBindingConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_type\_app\_engine\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{
Project: pulumi.Any(google_app_engine_application.App.Project),
AppId: pulumi.Any(google_app_engine_application.App.App_id),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{
Project: pulumi.Any(google_app_engine_application.App.Project),
AppId: pulumi.Any(google_app_engine_application.App.App_id),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
Condition: &iap.WebTypeAppEngingIamMemberConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}} * {{project}}/{{appId}} * {{appId}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor "projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor "projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebTypeAppEngingIamBinding ¶
func GetWebTypeAppEngingIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebTypeAppEngingIamBindingState, opts ...pulumi.ResourceOption) (*WebTypeAppEngingIamBinding, error)
GetWebTypeAppEngingIamBinding gets an existing WebTypeAppEngingIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebTypeAppEngingIamBinding ¶
func NewWebTypeAppEngingIamBinding(ctx *pulumi.Context, name string, args *WebTypeAppEngingIamBindingArgs, opts ...pulumi.ResourceOption) (*WebTypeAppEngingIamBinding, error)
NewWebTypeAppEngingIamBinding registers a new resource with the given unique name, arguments, and options.
func (WebTypeAppEngingIamBinding) ElementType ¶ added in v4.4.0
func (WebTypeAppEngingIamBinding) ElementType() reflect.Type
func (WebTypeAppEngingIamBinding) ToWebTypeAppEngingIamBindingOutput ¶ added in v4.4.0
func (i WebTypeAppEngingIamBinding) ToWebTypeAppEngingIamBindingOutput() WebTypeAppEngingIamBindingOutput
func (WebTypeAppEngingIamBinding) ToWebTypeAppEngingIamBindingOutputWithContext ¶ added in v4.4.0
func (i WebTypeAppEngingIamBinding) ToWebTypeAppEngingIamBindingOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingOutput
type WebTypeAppEngingIamBindingArgs ¶
type WebTypeAppEngingIamBindingArgs struct {
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringInput
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebTypeAppEngingIamBindingConditionPtrInput
Members pulumi.StringArrayInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringInput
}
The set of arguments for constructing a WebTypeAppEngingIamBinding resource.
func (WebTypeAppEngingIamBindingArgs) ElementType ¶
func (WebTypeAppEngingIamBindingArgs) ElementType() reflect.Type
type WebTypeAppEngingIamBindingCondition ¶
type WebTypeAppEngingIamBindingCondition struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description *string `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression string `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title string `pulumi:"title"`
}
type WebTypeAppEngingIamBindingConditionArgs ¶
type WebTypeAppEngingIamBindingConditionArgs struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description pulumi.StringPtrInput `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression pulumi.StringInput `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title pulumi.StringInput `pulumi:"title"`
}
func (WebTypeAppEngingIamBindingConditionArgs) ElementType ¶
func (WebTypeAppEngingIamBindingConditionArgs) ElementType() reflect.Type
func (WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionOutput ¶
func (i WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionOutput() WebTypeAppEngingIamBindingConditionOutput
func (WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionOutputWithContext ¶
func (i WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionOutput
func (WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionPtrOutput ¶
func (i WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionPtrOutput() WebTypeAppEngingIamBindingConditionPtrOutput
func (WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext ¶
func (i WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionPtrOutput
type WebTypeAppEngingIamBindingConditionInput ¶
type WebTypeAppEngingIamBindingConditionInput interface {
pulumi.Input
ToWebTypeAppEngingIamBindingConditionOutput() WebTypeAppEngingIamBindingConditionOutput
ToWebTypeAppEngingIamBindingConditionOutputWithContext(context.Context) WebTypeAppEngingIamBindingConditionOutput
}
WebTypeAppEngingIamBindingConditionInput is an input type that accepts WebTypeAppEngingIamBindingConditionArgs and WebTypeAppEngingIamBindingConditionOutput values. You can construct a concrete instance of `WebTypeAppEngingIamBindingConditionInput` via:
WebTypeAppEngingIamBindingConditionArgs{...}
type WebTypeAppEngingIamBindingConditionOutput ¶
type WebTypeAppEngingIamBindingConditionOutput struct{ *pulumi.OutputState }
func (WebTypeAppEngingIamBindingConditionOutput) Description ¶
func (o WebTypeAppEngingIamBindingConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (WebTypeAppEngingIamBindingConditionOutput) ElementType ¶
func (WebTypeAppEngingIamBindingConditionOutput) ElementType() reflect.Type
func (WebTypeAppEngingIamBindingConditionOutput) Expression ¶
func (o WebTypeAppEngingIamBindingConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebTypeAppEngingIamBindingConditionOutput) Title ¶
func (o WebTypeAppEngingIamBindingConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionOutput ¶
func (o WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionOutput() WebTypeAppEngingIamBindingConditionOutput
func (WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionOutputWithContext ¶
func (o WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionOutput
func (WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionPtrOutput ¶
func (o WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionPtrOutput() WebTypeAppEngingIamBindingConditionPtrOutput
func (WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext ¶
func (o WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionPtrOutput
type WebTypeAppEngingIamBindingConditionPtrInput ¶
type WebTypeAppEngingIamBindingConditionPtrInput interface {
pulumi.Input
ToWebTypeAppEngingIamBindingConditionPtrOutput() WebTypeAppEngingIamBindingConditionPtrOutput
ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext(context.Context) WebTypeAppEngingIamBindingConditionPtrOutput
}
WebTypeAppEngingIamBindingConditionPtrInput is an input type that accepts WebTypeAppEngingIamBindingConditionArgs, WebTypeAppEngingIamBindingConditionPtr and WebTypeAppEngingIamBindingConditionPtrOutput values. You can construct a concrete instance of `WebTypeAppEngingIamBindingConditionPtrInput` via:
WebTypeAppEngingIamBindingConditionArgs{...}
or:
nil
func WebTypeAppEngingIamBindingConditionPtr ¶
func WebTypeAppEngingIamBindingConditionPtr(v *WebTypeAppEngingIamBindingConditionArgs) WebTypeAppEngingIamBindingConditionPtrInput
type WebTypeAppEngingIamBindingConditionPtrOutput ¶
type WebTypeAppEngingIamBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (WebTypeAppEngingIamBindingConditionPtrOutput) Description ¶
func (o WebTypeAppEngingIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (WebTypeAppEngingIamBindingConditionPtrOutput) ElementType ¶
func (WebTypeAppEngingIamBindingConditionPtrOutput) ElementType() reflect.Type
func (WebTypeAppEngingIamBindingConditionPtrOutput) Expression ¶
func (o WebTypeAppEngingIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebTypeAppEngingIamBindingConditionPtrOutput) Title ¶
func (o WebTypeAppEngingIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebTypeAppEngingIamBindingConditionPtrOutput) ToWebTypeAppEngingIamBindingConditionPtrOutput ¶
func (o WebTypeAppEngingIamBindingConditionPtrOutput) ToWebTypeAppEngingIamBindingConditionPtrOutput() WebTypeAppEngingIamBindingConditionPtrOutput
func (WebTypeAppEngingIamBindingConditionPtrOutput) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext ¶
func (o WebTypeAppEngingIamBindingConditionPtrOutput) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionPtrOutput
type WebTypeAppEngingIamBindingInput ¶ added in v4.4.0
type WebTypeAppEngingIamBindingInput interface {
pulumi.Input
ToWebTypeAppEngingIamBindingOutput() WebTypeAppEngingIamBindingOutput
ToWebTypeAppEngingIamBindingOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingOutput
}
type WebTypeAppEngingIamBindingOutput ¶ added in v4.4.0
type WebTypeAppEngingIamBindingOutput struct {
*pulumi.OutputState
}
func (WebTypeAppEngingIamBindingOutput) ElementType ¶ added in v4.4.0
func (WebTypeAppEngingIamBindingOutput) ElementType() reflect.Type
func (WebTypeAppEngingIamBindingOutput) ToWebTypeAppEngingIamBindingOutput ¶ added in v4.4.0
func (o WebTypeAppEngingIamBindingOutput) ToWebTypeAppEngingIamBindingOutput() WebTypeAppEngingIamBindingOutput
func (WebTypeAppEngingIamBindingOutput) ToWebTypeAppEngingIamBindingOutputWithContext ¶ added in v4.4.0
func (o WebTypeAppEngingIamBindingOutput) ToWebTypeAppEngingIamBindingOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingOutput
type WebTypeAppEngingIamBindingState ¶
type WebTypeAppEngingIamBindingState struct {
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringPtrInput
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebTypeAppEngingIamBindingConditionPtrInput
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
Members pulumi.StringArrayInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringPtrInput
}
func (WebTypeAppEngingIamBindingState) ElementType ¶
func (WebTypeAppEngingIamBindingState) ElementType() reflect.Type
type WebTypeAppEngingIamMember ¶
type WebTypeAppEngingIamMember struct {
pulumi.CustomResourceState
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringOutput `pulumi:"appId"`
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebTypeAppEngingIamMemberConditionPtrOutput `pulumi:"condition"`
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
Member pulumi.StringOutput `pulumi:"member"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
// The role that should be applied. Only one
// `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringOutput `pulumi:"role"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:
* `iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached. * `iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved. * `iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.
> **Note:** `iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `iap.WebTypeAppEngingIamBinding` and `iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_web\_type\_app\_engine\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{
Project: pulumi.Any(google_app_engine_application.App.Project),
AppId: pulumi.Any(google_app_engine_application.App.App_id),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{
Project: pulumi.Any(google_app_engine_application.App.Project),
AppId: pulumi.Any(google_app_engine_application.App.App_id),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_type\_app\_engine\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{
Project: pulumi.Any(google_app_engine_application.App.Project),
AppId: pulumi.Any(google_app_engine_application.App.App_id),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{
Project: pulumi.Any(google_app_engine_application.App.Project),
AppId: pulumi.Any(google_app_engine_application.App.App_id),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Condition: &iap.WebTypeAppEngingIamBindingConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_type\_app\_engine\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{
Project: pulumi.Any(google_app_engine_application.App.Project),
AppId: pulumi.Any(google_app_engine_application.App.App_id),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{
Project: pulumi.Any(google_app_engine_application.App.Project),
AppId: pulumi.Any(google_app_engine_application.App.App_id),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
Condition: &iap.WebTypeAppEngingIamMemberConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}} * {{project}}/{{appId}} * {{appId}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor "projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor "projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebTypeAppEngingIamMember ¶
func GetWebTypeAppEngingIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebTypeAppEngingIamMemberState, opts ...pulumi.ResourceOption) (*WebTypeAppEngingIamMember, error)
GetWebTypeAppEngingIamMember gets an existing WebTypeAppEngingIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebTypeAppEngingIamMember ¶
func NewWebTypeAppEngingIamMember(ctx *pulumi.Context, name string, args *WebTypeAppEngingIamMemberArgs, opts ...pulumi.ResourceOption) (*WebTypeAppEngingIamMember, error)
NewWebTypeAppEngingIamMember registers a new resource with the given unique name, arguments, and options.
func (WebTypeAppEngingIamMember) ElementType ¶ added in v4.4.0
func (WebTypeAppEngingIamMember) ElementType() reflect.Type
func (WebTypeAppEngingIamMember) ToWebTypeAppEngingIamMemberOutput ¶ added in v4.4.0
func (i WebTypeAppEngingIamMember) ToWebTypeAppEngingIamMemberOutput() WebTypeAppEngingIamMemberOutput
func (WebTypeAppEngingIamMember) ToWebTypeAppEngingIamMemberOutputWithContext ¶ added in v4.4.0
func (i WebTypeAppEngingIamMember) ToWebTypeAppEngingIamMemberOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberOutput
type WebTypeAppEngingIamMemberArgs ¶
type WebTypeAppEngingIamMemberArgs struct {
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringInput
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebTypeAppEngingIamMemberConditionPtrInput
Member pulumi.StringInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringInput
}
The set of arguments for constructing a WebTypeAppEngingIamMember resource.
func (WebTypeAppEngingIamMemberArgs) ElementType ¶
func (WebTypeAppEngingIamMemberArgs) ElementType() reflect.Type
type WebTypeAppEngingIamMemberCondition ¶
type WebTypeAppEngingIamMemberCondition struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description *string `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression string `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title string `pulumi:"title"`
}
type WebTypeAppEngingIamMemberConditionArgs ¶
type WebTypeAppEngingIamMemberConditionArgs struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description pulumi.StringPtrInput `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression pulumi.StringInput `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title pulumi.StringInput `pulumi:"title"`
}
func (WebTypeAppEngingIamMemberConditionArgs) ElementType ¶
func (WebTypeAppEngingIamMemberConditionArgs) ElementType() reflect.Type
func (WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionOutput ¶
func (i WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionOutput() WebTypeAppEngingIamMemberConditionOutput
func (WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionOutputWithContext ¶
func (i WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionOutput
func (WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionPtrOutput ¶
func (i WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionPtrOutput() WebTypeAppEngingIamMemberConditionPtrOutput
func (WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext ¶
func (i WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionPtrOutput
type WebTypeAppEngingIamMemberConditionInput ¶
type WebTypeAppEngingIamMemberConditionInput interface {
pulumi.Input
ToWebTypeAppEngingIamMemberConditionOutput() WebTypeAppEngingIamMemberConditionOutput
ToWebTypeAppEngingIamMemberConditionOutputWithContext(context.Context) WebTypeAppEngingIamMemberConditionOutput
}
WebTypeAppEngingIamMemberConditionInput is an input type that accepts WebTypeAppEngingIamMemberConditionArgs and WebTypeAppEngingIamMemberConditionOutput values. You can construct a concrete instance of `WebTypeAppEngingIamMemberConditionInput` via:
WebTypeAppEngingIamMemberConditionArgs{...}
type WebTypeAppEngingIamMemberConditionOutput ¶
type WebTypeAppEngingIamMemberConditionOutput struct{ *pulumi.OutputState }
func (WebTypeAppEngingIamMemberConditionOutput) Description ¶
func (o WebTypeAppEngingIamMemberConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (WebTypeAppEngingIamMemberConditionOutput) ElementType ¶
func (WebTypeAppEngingIamMemberConditionOutput) ElementType() reflect.Type
func (WebTypeAppEngingIamMemberConditionOutput) Expression ¶
func (o WebTypeAppEngingIamMemberConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebTypeAppEngingIamMemberConditionOutput) Title ¶
func (o WebTypeAppEngingIamMemberConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionOutput ¶
func (o WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionOutput() WebTypeAppEngingIamMemberConditionOutput
func (WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionOutputWithContext ¶
func (o WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionOutput
func (WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionPtrOutput ¶
func (o WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionPtrOutput() WebTypeAppEngingIamMemberConditionPtrOutput
func (WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext ¶
func (o WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionPtrOutput
type WebTypeAppEngingIamMemberConditionPtrInput ¶
type WebTypeAppEngingIamMemberConditionPtrInput interface {
pulumi.Input
ToWebTypeAppEngingIamMemberConditionPtrOutput() WebTypeAppEngingIamMemberConditionPtrOutput
ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext(context.Context) WebTypeAppEngingIamMemberConditionPtrOutput
}
WebTypeAppEngingIamMemberConditionPtrInput is an input type that accepts WebTypeAppEngingIamMemberConditionArgs, WebTypeAppEngingIamMemberConditionPtr and WebTypeAppEngingIamMemberConditionPtrOutput values. You can construct a concrete instance of `WebTypeAppEngingIamMemberConditionPtrInput` via:
WebTypeAppEngingIamMemberConditionArgs{...}
or:
nil
func WebTypeAppEngingIamMemberConditionPtr ¶
func WebTypeAppEngingIamMemberConditionPtr(v *WebTypeAppEngingIamMemberConditionArgs) WebTypeAppEngingIamMemberConditionPtrInput
type WebTypeAppEngingIamMemberConditionPtrOutput ¶
type WebTypeAppEngingIamMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (WebTypeAppEngingIamMemberConditionPtrOutput) Description ¶
func (o WebTypeAppEngingIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (WebTypeAppEngingIamMemberConditionPtrOutput) ElementType ¶
func (WebTypeAppEngingIamMemberConditionPtrOutput) ElementType() reflect.Type
func (WebTypeAppEngingIamMemberConditionPtrOutput) Expression ¶
func (o WebTypeAppEngingIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebTypeAppEngingIamMemberConditionPtrOutput) Title ¶
func (o WebTypeAppEngingIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebTypeAppEngingIamMemberConditionPtrOutput) ToWebTypeAppEngingIamMemberConditionPtrOutput ¶
func (o WebTypeAppEngingIamMemberConditionPtrOutput) ToWebTypeAppEngingIamMemberConditionPtrOutput() WebTypeAppEngingIamMemberConditionPtrOutput
func (WebTypeAppEngingIamMemberConditionPtrOutput) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext ¶
func (o WebTypeAppEngingIamMemberConditionPtrOutput) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionPtrOutput
type WebTypeAppEngingIamMemberInput ¶ added in v4.4.0
type WebTypeAppEngingIamMemberInput interface {
pulumi.Input
ToWebTypeAppEngingIamMemberOutput() WebTypeAppEngingIamMemberOutput
ToWebTypeAppEngingIamMemberOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberOutput
}
type WebTypeAppEngingIamMemberOutput ¶ added in v4.4.0
type WebTypeAppEngingIamMemberOutput struct {
*pulumi.OutputState
}
func (WebTypeAppEngingIamMemberOutput) ElementType ¶ added in v4.4.0
func (WebTypeAppEngingIamMemberOutput) ElementType() reflect.Type
func (WebTypeAppEngingIamMemberOutput) ToWebTypeAppEngingIamMemberOutput ¶ added in v4.4.0
func (o WebTypeAppEngingIamMemberOutput) ToWebTypeAppEngingIamMemberOutput() WebTypeAppEngingIamMemberOutput
func (WebTypeAppEngingIamMemberOutput) ToWebTypeAppEngingIamMemberOutputWithContext ¶ added in v4.4.0
func (o WebTypeAppEngingIamMemberOutput) ToWebTypeAppEngingIamMemberOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberOutput
type WebTypeAppEngingIamMemberState ¶
type WebTypeAppEngingIamMemberState struct {
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringPtrInput
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebTypeAppEngingIamMemberConditionPtrInput
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
Member pulumi.StringPtrInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringPtrInput
}
func (WebTypeAppEngingIamMemberState) ElementType ¶
func (WebTypeAppEngingIamMemberState) ElementType() reflect.Type
type WebTypeAppEngingIamPolicy ¶
type WebTypeAppEngingIamPolicy struct {
pulumi.CustomResourceState
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringOutput `pulumi:"appId"`
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringOutput `pulumi:"policyData"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:
* `iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached. * `iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved. * `iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.
> **Note:** `iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `iap.WebTypeAppEngingIamBinding` and `iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_web\_type\_app\_engine\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{
Project: pulumi.Any(google_app_engine_application.App.Project),
AppId: pulumi.Any(google_app_engine_application.App.App_id),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{
Project: pulumi.Any(google_app_engine_application.App.Project),
AppId: pulumi.Any(google_app_engine_application.App.App_id),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_type\_app\_engine\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{
Project: pulumi.Any(google_app_engine_application.App.Project),
AppId: pulumi.Any(google_app_engine_application.App.App_id),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{
Project: pulumi.Any(google_app_engine_application.App.Project),
AppId: pulumi.Any(google_app_engine_application.App.App_id),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Condition: &iap.WebTypeAppEngingIamBindingConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_type\_app\_engine\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{
Project: pulumi.Any(google_app_engine_application.App.Project),
AppId: pulumi.Any(google_app_engine_application.App.App_id),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{
Project: pulumi.Any(google_app_engine_application.App.Project),
AppId: pulumi.Any(google_app_engine_application.App.App_id),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
Condition: &iap.WebTypeAppEngingIamMemberConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}} * {{project}}/{{appId}} * {{appId}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor "projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor "projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebTypeAppEngingIamPolicy ¶
func GetWebTypeAppEngingIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebTypeAppEngingIamPolicyState, opts ...pulumi.ResourceOption) (*WebTypeAppEngingIamPolicy, error)
GetWebTypeAppEngingIamPolicy gets an existing WebTypeAppEngingIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebTypeAppEngingIamPolicy ¶
func NewWebTypeAppEngingIamPolicy(ctx *pulumi.Context, name string, args *WebTypeAppEngingIamPolicyArgs, opts ...pulumi.ResourceOption) (*WebTypeAppEngingIamPolicy, error)
NewWebTypeAppEngingIamPolicy registers a new resource with the given unique name, arguments, and options.
func (WebTypeAppEngingIamPolicy) ElementType ¶ added in v4.4.0
func (WebTypeAppEngingIamPolicy) ElementType() reflect.Type
func (WebTypeAppEngingIamPolicy) ToWebTypeAppEngingIamPolicyOutput ¶ added in v4.4.0
func (i WebTypeAppEngingIamPolicy) ToWebTypeAppEngingIamPolicyOutput() WebTypeAppEngingIamPolicyOutput
func (WebTypeAppEngingIamPolicy) ToWebTypeAppEngingIamPolicyOutputWithContext ¶ added in v4.4.0
func (i WebTypeAppEngingIamPolicy) ToWebTypeAppEngingIamPolicyOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyOutput
type WebTypeAppEngingIamPolicyArgs ¶
type WebTypeAppEngingIamPolicyArgs struct {
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringInput
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
}
The set of arguments for constructing a WebTypeAppEngingIamPolicy resource.
func (WebTypeAppEngingIamPolicyArgs) ElementType ¶
func (WebTypeAppEngingIamPolicyArgs) ElementType() reflect.Type
type WebTypeAppEngingIamPolicyInput ¶ added in v4.4.0
type WebTypeAppEngingIamPolicyInput interface {
pulumi.Input
ToWebTypeAppEngingIamPolicyOutput() WebTypeAppEngingIamPolicyOutput
ToWebTypeAppEngingIamPolicyOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyOutput
}
type WebTypeAppEngingIamPolicyOutput ¶ added in v4.4.0
type WebTypeAppEngingIamPolicyOutput struct {
*pulumi.OutputState
}
func (WebTypeAppEngingIamPolicyOutput) ElementType ¶ added in v4.4.0
func (WebTypeAppEngingIamPolicyOutput) ElementType() reflect.Type
func (WebTypeAppEngingIamPolicyOutput) ToWebTypeAppEngingIamPolicyOutput ¶ added in v4.4.0
func (o WebTypeAppEngingIamPolicyOutput) ToWebTypeAppEngingIamPolicyOutput() WebTypeAppEngingIamPolicyOutput
func (WebTypeAppEngingIamPolicyOutput) ToWebTypeAppEngingIamPolicyOutputWithContext ¶ added in v4.4.0
func (o WebTypeAppEngingIamPolicyOutput) ToWebTypeAppEngingIamPolicyOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyOutput
type WebTypeAppEngingIamPolicyState ¶
type WebTypeAppEngingIamPolicyState struct {
// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
AppId pulumi.StringPtrInput
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringPtrInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
}
func (WebTypeAppEngingIamPolicyState) ElementType ¶
func (WebTypeAppEngingIamPolicyState) ElementType() reflect.Type
type WebTypeComputeIamBinding ¶
type WebTypeComputeIamBinding struct {
pulumi.CustomResourceState
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebTypeComputeIamBindingConditionPtrOutput `pulumi:"condition"`
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
Members pulumi.StringArrayOutput `pulumi:"members"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
// The role that should be applied. Only one
// `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringOutput `pulumi:"role"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:
* `iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached. * `iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved. * `iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.
> **Note:** `iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `iap.WebTypeComputeIamBinding` and `iap.WebTypeComputeIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_web\_type\_compute\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_type\_compute\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Condition: &iap.WebTypeComputeIamBindingConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_type\_compute\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
Condition: &iap.WebTypeComputeIamMemberConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/compute * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor "projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor "projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor projects/{{project}}/iap_web/compute
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebTypeComputeIamBinding ¶
func GetWebTypeComputeIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebTypeComputeIamBindingState, opts ...pulumi.ResourceOption) (*WebTypeComputeIamBinding, error)
GetWebTypeComputeIamBinding gets an existing WebTypeComputeIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebTypeComputeIamBinding ¶
func NewWebTypeComputeIamBinding(ctx *pulumi.Context, name string, args *WebTypeComputeIamBindingArgs, opts ...pulumi.ResourceOption) (*WebTypeComputeIamBinding, error)
NewWebTypeComputeIamBinding registers a new resource with the given unique name, arguments, and options.
func (WebTypeComputeIamBinding) ElementType ¶ added in v4.4.0
func (WebTypeComputeIamBinding) ElementType() reflect.Type
func (WebTypeComputeIamBinding) ToWebTypeComputeIamBindingOutput ¶ added in v4.4.0
func (i WebTypeComputeIamBinding) ToWebTypeComputeIamBindingOutput() WebTypeComputeIamBindingOutput
func (WebTypeComputeIamBinding) ToWebTypeComputeIamBindingOutputWithContext ¶ added in v4.4.0
func (i WebTypeComputeIamBinding) ToWebTypeComputeIamBindingOutputWithContext(ctx context.Context) WebTypeComputeIamBindingOutput
type WebTypeComputeIamBindingArgs ¶
type WebTypeComputeIamBindingArgs struct {
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebTypeComputeIamBindingConditionPtrInput
Members pulumi.StringArrayInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringInput
}
The set of arguments for constructing a WebTypeComputeIamBinding resource.
func (WebTypeComputeIamBindingArgs) ElementType ¶
func (WebTypeComputeIamBindingArgs) ElementType() reflect.Type
type WebTypeComputeIamBindingCondition ¶
type WebTypeComputeIamBindingCondition struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description *string `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression string `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title string `pulumi:"title"`
}
type WebTypeComputeIamBindingConditionArgs ¶
type WebTypeComputeIamBindingConditionArgs struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description pulumi.StringPtrInput `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression pulumi.StringInput `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title pulumi.StringInput `pulumi:"title"`
}
func (WebTypeComputeIamBindingConditionArgs) ElementType ¶
func (WebTypeComputeIamBindingConditionArgs) ElementType() reflect.Type
func (WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionOutput ¶
func (i WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionOutput() WebTypeComputeIamBindingConditionOutput
func (WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionOutputWithContext ¶
func (i WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionOutput
func (WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionPtrOutput ¶
func (i WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionPtrOutput() WebTypeComputeIamBindingConditionPtrOutput
func (WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionPtrOutputWithContext ¶
func (i WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionPtrOutput
type WebTypeComputeIamBindingConditionInput ¶
type WebTypeComputeIamBindingConditionInput interface {
pulumi.Input
ToWebTypeComputeIamBindingConditionOutput() WebTypeComputeIamBindingConditionOutput
ToWebTypeComputeIamBindingConditionOutputWithContext(context.Context) WebTypeComputeIamBindingConditionOutput
}
WebTypeComputeIamBindingConditionInput is an input type that accepts WebTypeComputeIamBindingConditionArgs and WebTypeComputeIamBindingConditionOutput values. You can construct a concrete instance of `WebTypeComputeIamBindingConditionInput` via:
WebTypeComputeIamBindingConditionArgs{...}
type WebTypeComputeIamBindingConditionOutput ¶
type WebTypeComputeIamBindingConditionOutput struct{ *pulumi.OutputState }
func (WebTypeComputeIamBindingConditionOutput) Description ¶
func (o WebTypeComputeIamBindingConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (WebTypeComputeIamBindingConditionOutput) ElementType ¶
func (WebTypeComputeIamBindingConditionOutput) ElementType() reflect.Type
func (WebTypeComputeIamBindingConditionOutput) Expression ¶
func (o WebTypeComputeIamBindingConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebTypeComputeIamBindingConditionOutput) Title ¶
func (o WebTypeComputeIamBindingConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionOutput ¶
func (o WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionOutput() WebTypeComputeIamBindingConditionOutput
func (WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionOutputWithContext ¶
func (o WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionOutput
func (WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionPtrOutput ¶
func (o WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionPtrOutput() WebTypeComputeIamBindingConditionPtrOutput
func (WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionPtrOutputWithContext ¶
func (o WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionPtrOutput
type WebTypeComputeIamBindingConditionPtrInput ¶
type WebTypeComputeIamBindingConditionPtrInput interface {
pulumi.Input
ToWebTypeComputeIamBindingConditionPtrOutput() WebTypeComputeIamBindingConditionPtrOutput
ToWebTypeComputeIamBindingConditionPtrOutputWithContext(context.Context) WebTypeComputeIamBindingConditionPtrOutput
}
WebTypeComputeIamBindingConditionPtrInput is an input type that accepts WebTypeComputeIamBindingConditionArgs, WebTypeComputeIamBindingConditionPtr and WebTypeComputeIamBindingConditionPtrOutput values. You can construct a concrete instance of `WebTypeComputeIamBindingConditionPtrInput` via:
WebTypeComputeIamBindingConditionArgs{...}
or:
nil
func WebTypeComputeIamBindingConditionPtr ¶
func WebTypeComputeIamBindingConditionPtr(v *WebTypeComputeIamBindingConditionArgs) WebTypeComputeIamBindingConditionPtrInput
type WebTypeComputeIamBindingConditionPtrOutput ¶
type WebTypeComputeIamBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (WebTypeComputeIamBindingConditionPtrOutput) Description ¶
func (o WebTypeComputeIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (WebTypeComputeIamBindingConditionPtrOutput) ElementType ¶
func (WebTypeComputeIamBindingConditionPtrOutput) ElementType() reflect.Type
func (WebTypeComputeIamBindingConditionPtrOutput) Expression ¶
func (o WebTypeComputeIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebTypeComputeIamBindingConditionPtrOutput) Title ¶
func (o WebTypeComputeIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebTypeComputeIamBindingConditionPtrOutput) ToWebTypeComputeIamBindingConditionPtrOutput ¶
func (o WebTypeComputeIamBindingConditionPtrOutput) ToWebTypeComputeIamBindingConditionPtrOutput() WebTypeComputeIamBindingConditionPtrOutput
func (WebTypeComputeIamBindingConditionPtrOutput) ToWebTypeComputeIamBindingConditionPtrOutputWithContext ¶
func (o WebTypeComputeIamBindingConditionPtrOutput) ToWebTypeComputeIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionPtrOutput
type WebTypeComputeIamBindingInput ¶ added in v4.4.0
type WebTypeComputeIamBindingInput interface {
pulumi.Input
ToWebTypeComputeIamBindingOutput() WebTypeComputeIamBindingOutput
ToWebTypeComputeIamBindingOutputWithContext(ctx context.Context) WebTypeComputeIamBindingOutput
}
type WebTypeComputeIamBindingOutput ¶ added in v4.4.0
type WebTypeComputeIamBindingOutput struct {
*pulumi.OutputState
}
func (WebTypeComputeIamBindingOutput) ElementType ¶ added in v4.4.0
func (WebTypeComputeIamBindingOutput) ElementType() reflect.Type
func (WebTypeComputeIamBindingOutput) ToWebTypeComputeIamBindingOutput ¶ added in v4.4.0
func (o WebTypeComputeIamBindingOutput) ToWebTypeComputeIamBindingOutput() WebTypeComputeIamBindingOutput
func (WebTypeComputeIamBindingOutput) ToWebTypeComputeIamBindingOutputWithContext ¶ added in v4.4.0
func (o WebTypeComputeIamBindingOutput) ToWebTypeComputeIamBindingOutputWithContext(ctx context.Context) WebTypeComputeIamBindingOutput
type WebTypeComputeIamBindingState ¶
type WebTypeComputeIamBindingState struct {
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebTypeComputeIamBindingConditionPtrInput
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
Members pulumi.StringArrayInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringPtrInput
}
func (WebTypeComputeIamBindingState) ElementType ¶
func (WebTypeComputeIamBindingState) ElementType() reflect.Type
type WebTypeComputeIamMember ¶
type WebTypeComputeIamMember struct {
pulumi.CustomResourceState
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebTypeComputeIamMemberConditionPtrOutput `pulumi:"condition"`
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
Member pulumi.StringOutput `pulumi:"member"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
// The role that should be applied. Only one
// `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringOutput `pulumi:"role"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:
* `iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached. * `iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved. * `iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.
> **Note:** `iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `iap.WebTypeComputeIamBinding` and `iap.WebTypeComputeIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_web\_type\_compute\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_type\_compute\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Condition: &iap.WebTypeComputeIamBindingConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_type\_compute\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
Condition: &iap.WebTypeComputeIamMemberConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/compute * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor "projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor "projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor projects/{{project}}/iap_web/compute
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebTypeComputeIamMember ¶
func GetWebTypeComputeIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebTypeComputeIamMemberState, opts ...pulumi.ResourceOption) (*WebTypeComputeIamMember, error)
GetWebTypeComputeIamMember gets an existing WebTypeComputeIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebTypeComputeIamMember ¶
func NewWebTypeComputeIamMember(ctx *pulumi.Context, name string, args *WebTypeComputeIamMemberArgs, opts ...pulumi.ResourceOption) (*WebTypeComputeIamMember, error)
NewWebTypeComputeIamMember registers a new resource with the given unique name, arguments, and options.
func (WebTypeComputeIamMember) ElementType ¶ added in v4.4.0
func (WebTypeComputeIamMember) ElementType() reflect.Type
func (WebTypeComputeIamMember) ToWebTypeComputeIamMemberOutput ¶ added in v4.4.0
func (i WebTypeComputeIamMember) ToWebTypeComputeIamMemberOutput() WebTypeComputeIamMemberOutput
func (WebTypeComputeIamMember) ToWebTypeComputeIamMemberOutputWithContext ¶ added in v4.4.0
func (i WebTypeComputeIamMember) ToWebTypeComputeIamMemberOutputWithContext(ctx context.Context) WebTypeComputeIamMemberOutput
type WebTypeComputeIamMemberArgs ¶
type WebTypeComputeIamMemberArgs struct {
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebTypeComputeIamMemberConditionPtrInput
Member pulumi.StringInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringInput
}
The set of arguments for constructing a WebTypeComputeIamMember resource.
func (WebTypeComputeIamMemberArgs) ElementType ¶
func (WebTypeComputeIamMemberArgs) ElementType() reflect.Type
type WebTypeComputeIamMemberCondition ¶
type WebTypeComputeIamMemberCondition struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description *string `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression string `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title string `pulumi:"title"`
}
type WebTypeComputeIamMemberConditionArgs ¶
type WebTypeComputeIamMemberConditionArgs struct {
// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Description pulumi.StringPtrInput `pulumi:"description"`
// Textual representation of an expression in Common Expression Language syntax.
Expression pulumi.StringInput `pulumi:"expression"`
// A title for the expression, i.e. a short string describing its purpose.
Title pulumi.StringInput `pulumi:"title"`
}
func (WebTypeComputeIamMemberConditionArgs) ElementType ¶
func (WebTypeComputeIamMemberConditionArgs) ElementType() reflect.Type
func (WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionOutput ¶
func (i WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionOutput() WebTypeComputeIamMemberConditionOutput
func (WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionOutputWithContext ¶
func (i WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionOutput
func (WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionPtrOutput ¶
func (i WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionPtrOutput() WebTypeComputeIamMemberConditionPtrOutput
func (WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionPtrOutputWithContext ¶
func (i WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionPtrOutput
type WebTypeComputeIamMemberConditionInput ¶
type WebTypeComputeIamMemberConditionInput interface {
pulumi.Input
ToWebTypeComputeIamMemberConditionOutput() WebTypeComputeIamMemberConditionOutput
ToWebTypeComputeIamMemberConditionOutputWithContext(context.Context) WebTypeComputeIamMemberConditionOutput
}
WebTypeComputeIamMemberConditionInput is an input type that accepts WebTypeComputeIamMemberConditionArgs and WebTypeComputeIamMemberConditionOutput values. You can construct a concrete instance of `WebTypeComputeIamMemberConditionInput` via:
WebTypeComputeIamMemberConditionArgs{...}
type WebTypeComputeIamMemberConditionOutput ¶
type WebTypeComputeIamMemberConditionOutput struct{ *pulumi.OutputState }
func (WebTypeComputeIamMemberConditionOutput) Description ¶
func (o WebTypeComputeIamMemberConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (WebTypeComputeIamMemberConditionOutput) ElementType ¶
func (WebTypeComputeIamMemberConditionOutput) ElementType() reflect.Type
func (WebTypeComputeIamMemberConditionOutput) Expression ¶
func (o WebTypeComputeIamMemberConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebTypeComputeIamMemberConditionOutput) Title ¶
func (o WebTypeComputeIamMemberConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionOutput ¶
func (o WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionOutput() WebTypeComputeIamMemberConditionOutput
func (WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionOutputWithContext ¶
func (o WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionOutput
func (WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionPtrOutput ¶
func (o WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionPtrOutput() WebTypeComputeIamMemberConditionPtrOutput
func (WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionPtrOutputWithContext ¶
func (o WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionPtrOutput
type WebTypeComputeIamMemberConditionPtrInput ¶
type WebTypeComputeIamMemberConditionPtrInput interface {
pulumi.Input
ToWebTypeComputeIamMemberConditionPtrOutput() WebTypeComputeIamMemberConditionPtrOutput
ToWebTypeComputeIamMemberConditionPtrOutputWithContext(context.Context) WebTypeComputeIamMemberConditionPtrOutput
}
WebTypeComputeIamMemberConditionPtrInput is an input type that accepts WebTypeComputeIamMemberConditionArgs, WebTypeComputeIamMemberConditionPtr and WebTypeComputeIamMemberConditionPtrOutput values. You can construct a concrete instance of `WebTypeComputeIamMemberConditionPtrInput` via:
WebTypeComputeIamMemberConditionArgs{...}
or:
nil
func WebTypeComputeIamMemberConditionPtr ¶
func WebTypeComputeIamMemberConditionPtr(v *WebTypeComputeIamMemberConditionArgs) WebTypeComputeIamMemberConditionPtrInput
type WebTypeComputeIamMemberConditionPtrOutput ¶
type WebTypeComputeIamMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (WebTypeComputeIamMemberConditionPtrOutput) Description ¶
func (o WebTypeComputeIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (WebTypeComputeIamMemberConditionPtrOutput) ElementType ¶
func (WebTypeComputeIamMemberConditionPtrOutput) ElementType() reflect.Type
func (WebTypeComputeIamMemberConditionPtrOutput) Expression ¶
func (o WebTypeComputeIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebTypeComputeIamMemberConditionPtrOutput) Title ¶
func (o WebTypeComputeIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebTypeComputeIamMemberConditionPtrOutput) ToWebTypeComputeIamMemberConditionPtrOutput ¶
func (o WebTypeComputeIamMemberConditionPtrOutput) ToWebTypeComputeIamMemberConditionPtrOutput() WebTypeComputeIamMemberConditionPtrOutput
func (WebTypeComputeIamMemberConditionPtrOutput) ToWebTypeComputeIamMemberConditionPtrOutputWithContext ¶
func (o WebTypeComputeIamMemberConditionPtrOutput) ToWebTypeComputeIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionPtrOutput
type WebTypeComputeIamMemberInput ¶ added in v4.4.0
type WebTypeComputeIamMemberInput interface {
pulumi.Input
ToWebTypeComputeIamMemberOutput() WebTypeComputeIamMemberOutput
ToWebTypeComputeIamMemberOutputWithContext(ctx context.Context) WebTypeComputeIamMemberOutput
}
type WebTypeComputeIamMemberOutput ¶ added in v4.4.0
type WebTypeComputeIamMemberOutput struct {
*pulumi.OutputState
}
func (WebTypeComputeIamMemberOutput) ElementType ¶ added in v4.4.0
func (WebTypeComputeIamMemberOutput) ElementType() reflect.Type
func (WebTypeComputeIamMemberOutput) ToWebTypeComputeIamMemberOutput ¶ added in v4.4.0
func (o WebTypeComputeIamMemberOutput) ToWebTypeComputeIamMemberOutput() WebTypeComputeIamMemberOutput
func (WebTypeComputeIamMemberOutput) ToWebTypeComputeIamMemberOutputWithContext ¶ added in v4.4.0
func (o WebTypeComputeIamMemberOutput) ToWebTypeComputeIamMemberOutputWithContext(ctx context.Context) WebTypeComputeIamMemberOutput
type WebTypeComputeIamMemberState ¶
type WebTypeComputeIamMemberState struct {
// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
// Structure is documented below.
Condition WebTypeComputeIamMemberConditionPtrInput
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
Member pulumi.StringPtrInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
// The role that should be applied. Only one
// `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format
// `[projects|organizations]/{parent-name}/roles/{role-name}`.
Role pulumi.StringPtrInput
}
func (WebTypeComputeIamMemberState) ElementType ¶
func (WebTypeComputeIamMemberState) ElementType() reflect.Type
type WebTypeComputeIamPolicy ¶
type WebTypeComputeIamPolicy struct {
pulumi.CustomResourceState
// (Computed) The etag of the IAM policy.
Etag pulumi.StringOutput `pulumi:"etag"`
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringOutput `pulumi:"policyData"`
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringOutput `pulumi:"project"`
}
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:
* `iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached. * `iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved. * `iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.
> **Note:** `iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `iap.WebTypeComputeIamBinding` and `iap.WebTypeComputeIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.
## google\_iap\_web\_type\_compute\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
Bindings: []organizations.GetIAMPolicyBinding{
organizations.GetIAMPolicyBinding{
Role: "roles/iap.httpsResourceAccessor",
Members: []string{
"user:jane@example.com",
},
Condition: organizations.GetIAMPolicyBindingCondition{
Title: "expires_after_2019_12_31",
Description: "Expiring at midnight of 2019-12-31",
Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
PolicyData: pulumi.String(admin.PolicyData),
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_type\_compute\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Members: pulumi.StringArray{
pulumi.String("user:jane@example.com"),
},
Condition: &iap.WebTypeComputeIamBindingConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
``` ## google\_iap\_web\_type\_compute\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
})
if err != nil {
return err
}
return nil
})
}
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{
Project: pulumi.Any(google_project_service.Project_service.Project),
Role: pulumi.String("roles/iap.httpsResourceAccessor"),
Member: pulumi.String("user:jane@example.com"),
Condition: &iap.WebTypeComputeIamMemberConditionArgs{
Title: pulumi.String("expires_after_2019_12_31"),
Description: pulumi.String("Expiring at midnight of 2019-12-31"),
Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
},
})
if err != nil {
return err
}
return nil
})
}
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/compute * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor "projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor "projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor projects/{{project}}/iap_web/compute
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebTypeComputeIamPolicy ¶
func GetWebTypeComputeIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebTypeComputeIamPolicyState, opts ...pulumi.ResourceOption) (*WebTypeComputeIamPolicy, error)
GetWebTypeComputeIamPolicy gets an existing WebTypeComputeIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebTypeComputeIamPolicy ¶
func NewWebTypeComputeIamPolicy(ctx *pulumi.Context, name string, args *WebTypeComputeIamPolicyArgs, opts ...pulumi.ResourceOption) (*WebTypeComputeIamPolicy, error)
NewWebTypeComputeIamPolicy registers a new resource with the given unique name, arguments, and options.
func (WebTypeComputeIamPolicy) ElementType ¶ added in v4.4.0
func (WebTypeComputeIamPolicy) ElementType() reflect.Type
func (WebTypeComputeIamPolicy) ToWebTypeComputeIamPolicyOutput ¶ added in v4.4.0
func (i WebTypeComputeIamPolicy) ToWebTypeComputeIamPolicyOutput() WebTypeComputeIamPolicyOutput
func (WebTypeComputeIamPolicy) ToWebTypeComputeIamPolicyOutputWithContext ¶ added in v4.4.0
func (i WebTypeComputeIamPolicy) ToWebTypeComputeIamPolicyOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyOutput
type WebTypeComputeIamPolicyArgs ¶
type WebTypeComputeIamPolicyArgs struct {
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
}
The set of arguments for constructing a WebTypeComputeIamPolicy resource.
func (WebTypeComputeIamPolicyArgs) ElementType ¶
func (WebTypeComputeIamPolicyArgs) ElementType() reflect.Type
type WebTypeComputeIamPolicyInput ¶ added in v4.4.0
type WebTypeComputeIamPolicyInput interface {
pulumi.Input
ToWebTypeComputeIamPolicyOutput() WebTypeComputeIamPolicyOutput
ToWebTypeComputeIamPolicyOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyOutput
}
type WebTypeComputeIamPolicyOutput ¶ added in v4.4.0
type WebTypeComputeIamPolicyOutput struct {
*pulumi.OutputState
}
func (WebTypeComputeIamPolicyOutput) ElementType ¶ added in v4.4.0
func (WebTypeComputeIamPolicyOutput) ElementType() reflect.Type
func (WebTypeComputeIamPolicyOutput) ToWebTypeComputeIamPolicyOutput ¶ added in v4.4.0
func (o WebTypeComputeIamPolicyOutput) ToWebTypeComputeIamPolicyOutput() WebTypeComputeIamPolicyOutput
func (WebTypeComputeIamPolicyOutput) ToWebTypeComputeIamPolicyOutputWithContext ¶ added in v4.4.0
func (o WebTypeComputeIamPolicyOutput) ToWebTypeComputeIamPolicyOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyOutput
type WebTypeComputeIamPolicyState ¶
type WebTypeComputeIamPolicyState struct {
// (Computed) The etag of the IAM policy.
Etag pulumi.StringPtrInput
// The policy data generated by
// a `organizations.getIAMPolicy` data source.
PolicyData pulumi.StringPtrInput
// The ID of the project in which the resource belongs.
// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
Project pulumi.StringPtrInput
}
func (WebTypeComputeIamPolicyState) ElementType ¶
func (WebTypeComputeIamPolicyState) ElementType() reflect.Type
Source Files
¶
- appEngineServiceIamBinding.go
- appEngineServiceIamMember.go
- appEngineServiceIamPolicy.go
- appEngineVersionIamBinding.go
- appEngineVersionIamMember.go
- appEngineVersionIamPolicy.go
- brand.go
- client.go
- pulumiTypes.go
- tunnelIamBinding.go
- tunnelIamMember.go
- tunnelIamPolicy.go
- tunnelInstanceIAMBinding.go
- tunnelInstanceIAMMember.go
- tunnelInstanceIAMPolicy.go
- webBackendServiceIamBinding.go
- webBackendServiceIamMember.go
- webBackendServiceIamPolicy.go
- webIamBinding.go
- webIamMember.go
- webIamPolicy.go
- webTypeAppEngingIamBinding.go
- webTypeAppEngingIamMember.go
- webTypeAppEngingIamPolicy.go
- webTypeComputeIamBinding.go
- webTypeComputeIamMember.go
- webTypeComputeIamPolicy.go
Click to show internal directories.
Click to hide internal directories.