folder

package
v6.61.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 28, 2023 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessApprovalSettings

type AccessApprovalSettings struct {
	pulumi.CustomResourceState

	// The asymmetric crypto key version to use for signing approval requests.
	// Empty activeKeyVersion indicates that a Google-managed key should be used for signing.
	// This property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set.
	ActiveKeyVersion pulumi.StringPtrOutput `pulumi:"activeKeyVersion"`
	// If the field is true, that indicates that an ancestor of this Folder has set active_key_version.
	AncestorHasActiveKeyVersion pulumi.BoolOutput `pulumi:"ancestorHasActiveKeyVersion"`
	// If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Folder.
	EnrolledAncestor pulumi.BoolOutput `pulumi:"enrolledAncestor"`
	// A list of Google Cloud Services for which the given resource has Access Approval enrolled.
	// Access requests for the resource given by name against any of these services contained here will be required
	// to have explicit approval. Enrollment can only be done on an all or nothing basis.
	// A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.
	// Structure is documented below.
	EnrolledServices AccessApprovalSettingsEnrolledServiceArrayOutput `pulumi:"enrolledServices"`
	// ID of the folder of the access approval settings.
	FolderId pulumi.StringOutput `pulumi:"folderId"`
	// If the field is true, that indicates that there is some configuration issue with the activeKeyVersion
	// configured on this Folder (e.g. it doesn't exist or the Access Approval service account doesn't have the
	// correct permissions on it, etc.) This key version is not necessarily the effective key version at this level,
	// as key versions are inherited top-down.
	InvalidKeyVersion pulumi.BoolOutput `pulumi:"invalidKeyVersion"`
	// The resource name of the settings. Format is "folders/{folder_id}/accessApprovalSettings"
	Name pulumi.StringOutput `pulumi:"name"`
	// A list of email addresses to which notifications relating to approval requests should be sent.
	// Notifications relating to a resource will be sent to all emails in the settings of ancestor
	// resources of that resource. A maximum of 50 email addresses are allowed.
	NotificationEmails pulumi.StringArrayOutput `pulumi:"notificationEmails"`
}

Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content.

To get more information about FolderSettings, see:

* [API documentation](https://cloud.google.com/access-approval/docs/reference/rest/v1/folders)

## Example Usage ### Folder Access Approval Full

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myFolder, err := organizations.NewFolder(ctx, "myFolder", &organizations.FolderArgs{
			DisplayName: pulumi.String("my-folder"),
			Parent:      pulumi.String("organizations/123456789"),
		})
		if err != nil {
			return err
		}
		_, err = folder.NewAccessApprovalSettings(ctx, "folderAccessApproval", &folder.AccessApprovalSettingsArgs{
			FolderId: myFolder.FolderId,
			NotificationEmails: pulumi.StringArray{
				pulumi.String("testuser@example.com"),
				pulumi.String("example.user@example.com"),
			},
			EnrolledServices: folder.AccessApprovalSettingsEnrolledServiceArray{
				&folder.AccessApprovalSettingsEnrolledServiceArgs{
					CloudProduct: pulumi.String("all"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Folder Access Approval Active Key Version

```go package main

import (

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/accessapproval"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myFolder, err := organizations.NewFolder(ctx, "myFolder", &organizations.FolderArgs{
			DisplayName: pulumi.String("my-folder"),
			Parent:      pulumi.String("organizations/123456789"),
		})
		if err != nil {
			return err
		}
		myProject, err := organizations.NewProject(ctx, "myProject", &organizations.ProjectArgs{
			ProjectId: pulumi.String("your-project-id"),
			FolderId:  myFolder.Name,
		})
		if err != nil {
			return err
		}
		keyRing, err := kms.NewKeyRing(ctx, "keyRing", &kms.KeyRingArgs{
			Location: pulumi.String("global"),
			Project:  myProject.ProjectId,
		})
		if err != nil {
			return err
		}
		cryptoKey, err := kms.NewCryptoKey(ctx, "cryptoKey", &kms.CryptoKeyArgs{
			KeyRing: keyRing.ID(),
			Purpose: pulumi.String("ASYMMETRIC_SIGN"),
			VersionTemplate: &kms.CryptoKeyVersionTemplateArgs{
				Algorithm: pulumi.String("EC_SIGN_P384_SHA384"),
			},
		})
		if err != nil {
			return err
		}
		serviceAccount := accessapproval.GetFolderServiceAccountOutput(ctx, accessapproval.GetFolderServiceAccountOutputArgs{
			FolderId: myFolder.FolderId,
		}, nil)
		iam, err := kms.NewCryptoKeyIAMMember(ctx, "iam", &kms.CryptoKeyIAMMemberArgs{
			CryptoKeyId: cryptoKey.ID(),
			Role:        pulumi.String("roles/cloudkms.signerVerifier"),
			Member: serviceAccount.ApplyT(func(serviceAccount accessapproval.GetFolderServiceAccountResult) (string, error) {
				return fmt.Sprintf("serviceAccount:%v", serviceAccount.AccountEmail), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		cryptoKeyVersion := kms.GetKMSCryptoKeyVersionOutput(ctx, kms.GetKMSCryptoKeyVersionOutputArgs{
			CryptoKey: cryptoKey.ID(),
		}, nil)
		_, err = folder.NewAccessApprovalSettings(ctx, "folderAccessApproval", &folder.AccessApprovalSettingsArgs{
			FolderId: myFolder.FolderId,
			ActiveKeyVersion: cryptoKeyVersion.ApplyT(func(cryptoKeyVersion kms.GetKMSCryptoKeyVersionResult) (*string, error) {
				return &cryptoKeyVersion.Name, nil
			}).(pulumi.StringPtrOutput),
			EnrolledServices: folder.AccessApprovalSettingsEnrolledServiceArray{
				&folder.AccessApprovalSettingsEnrolledServiceArgs{
					CloudProduct: pulumi.String("all"),
				},
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			iam,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

FolderSettings can be imported using any of these accepted formats

```sh

$ pulumi import gcp:folder/accessApprovalSettings:AccessApprovalSettings default folders/{{folder_id}}/accessApprovalSettings

```

```sh

$ pulumi import gcp:folder/accessApprovalSettings:AccessApprovalSettings default {{folder_id}}

```

func GetAccessApprovalSettings

func GetAccessApprovalSettings(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AccessApprovalSettingsState, opts ...pulumi.ResourceOption) (*AccessApprovalSettings, error)

GetAccessApprovalSettings gets an existing AccessApprovalSettings resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAccessApprovalSettings

func NewAccessApprovalSettings(ctx *pulumi.Context,
	name string, args *AccessApprovalSettingsArgs, opts ...pulumi.ResourceOption) (*AccessApprovalSettings, error)

NewAccessApprovalSettings registers a new resource with the given unique name, arguments, and options.

func (*AccessApprovalSettings) ElementType

func (*AccessApprovalSettings) ElementType() reflect.Type

func (*AccessApprovalSettings) ToAccessApprovalSettingsOutput

func (i *AccessApprovalSettings) ToAccessApprovalSettingsOutput() AccessApprovalSettingsOutput

func (*AccessApprovalSettings) ToAccessApprovalSettingsOutputWithContext

func (i *AccessApprovalSettings) ToAccessApprovalSettingsOutputWithContext(ctx context.Context) AccessApprovalSettingsOutput

type AccessApprovalSettingsArgs

type AccessApprovalSettingsArgs struct {
	// The asymmetric crypto key version to use for signing approval requests.
	// Empty activeKeyVersion indicates that a Google-managed key should be used for signing.
	// This property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set.
	ActiveKeyVersion pulumi.StringPtrInput
	// A list of Google Cloud Services for which the given resource has Access Approval enrolled.
	// Access requests for the resource given by name against any of these services contained here will be required
	// to have explicit approval. Enrollment can only be done on an all or nothing basis.
	// A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.
	// Structure is documented below.
	EnrolledServices AccessApprovalSettingsEnrolledServiceArrayInput
	// ID of the folder of the access approval settings.
	FolderId pulumi.StringInput
	// A list of email addresses to which notifications relating to approval requests should be sent.
	// Notifications relating to a resource will be sent to all emails in the settings of ancestor
	// resources of that resource. A maximum of 50 email addresses are allowed.
	NotificationEmails pulumi.StringArrayInput
}

The set of arguments for constructing a AccessApprovalSettings resource.

func (AccessApprovalSettingsArgs) ElementType

func (AccessApprovalSettingsArgs) ElementType() reflect.Type

type AccessApprovalSettingsArray

type AccessApprovalSettingsArray []AccessApprovalSettingsInput

func (AccessApprovalSettingsArray) ElementType

func (AccessApprovalSettingsArray) ToAccessApprovalSettingsArrayOutput

func (i AccessApprovalSettingsArray) ToAccessApprovalSettingsArrayOutput() AccessApprovalSettingsArrayOutput

func (AccessApprovalSettingsArray) ToAccessApprovalSettingsArrayOutputWithContext

func (i AccessApprovalSettingsArray) ToAccessApprovalSettingsArrayOutputWithContext(ctx context.Context) AccessApprovalSettingsArrayOutput

type AccessApprovalSettingsArrayInput

type AccessApprovalSettingsArrayInput interface {
	pulumi.Input

	ToAccessApprovalSettingsArrayOutput() AccessApprovalSettingsArrayOutput
	ToAccessApprovalSettingsArrayOutputWithContext(context.Context) AccessApprovalSettingsArrayOutput
}

AccessApprovalSettingsArrayInput is an input type that accepts AccessApprovalSettingsArray and AccessApprovalSettingsArrayOutput values. You can construct a concrete instance of `AccessApprovalSettingsArrayInput` via:

AccessApprovalSettingsArray{ AccessApprovalSettingsArgs{...} }

type AccessApprovalSettingsArrayOutput

type AccessApprovalSettingsArrayOutput struct{ *pulumi.OutputState }

func (AccessApprovalSettingsArrayOutput) ElementType

func (AccessApprovalSettingsArrayOutput) Index

func (AccessApprovalSettingsArrayOutput) ToAccessApprovalSettingsArrayOutput

func (o AccessApprovalSettingsArrayOutput) ToAccessApprovalSettingsArrayOutput() AccessApprovalSettingsArrayOutput

func (AccessApprovalSettingsArrayOutput) ToAccessApprovalSettingsArrayOutputWithContext

func (o AccessApprovalSettingsArrayOutput) ToAccessApprovalSettingsArrayOutputWithContext(ctx context.Context) AccessApprovalSettingsArrayOutput

type AccessApprovalSettingsEnrolledService

type AccessApprovalSettingsEnrolledService struct {
	// The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):
	// * all
	// * App Engine
	// * BigQuery
	// * Cloud Bigtable
	// * Cloud Key Management Service
	// * Compute Engine
	// * Cloud Dataflow
	// * Cloud Identity and Access Management
	// * Cloud Pub/Sub
	// * Cloud Storage
	// * Persistent Disk
	//   Note: These values are supported as input, but considered a legacy format:
	// * all
	// * appengine.googleapis.com
	// * bigquery.googleapis.com
	// * bigtable.googleapis.com
	// * cloudkms.googleapis.com
	// * compute.googleapis.com
	// * dataflow.googleapis.com
	// * iam.googleapis.com
	// * pubsub.googleapis.com
	// * storage.googleapis.com
	CloudProduct string `pulumi:"cloudProduct"`
	// The enrollment level of the service.
	// Default value is `BLOCK_ALL`.
	// Possible values are: `BLOCK_ALL`.
	//
	// ***
	EnrollmentLevel *string `pulumi:"enrollmentLevel"`
}

type AccessApprovalSettingsEnrolledServiceArgs

type AccessApprovalSettingsEnrolledServiceArgs struct {
	// The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):
	// * all
	// * App Engine
	// * BigQuery
	// * Cloud Bigtable
	// * Cloud Key Management Service
	// * Compute Engine
	// * Cloud Dataflow
	// * Cloud Identity and Access Management
	// * Cloud Pub/Sub
	// * Cloud Storage
	// * Persistent Disk
	//   Note: These values are supported as input, but considered a legacy format:
	// * all
	// * appengine.googleapis.com
	// * bigquery.googleapis.com
	// * bigtable.googleapis.com
	// * cloudkms.googleapis.com
	// * compute.googleapis.com
	// * dataflow.googleapis.com
	// * iam.googleapis.com
	// * pubsub.googleapis.com
	// * storage.googleapis.com
	CloudProduct pulumi.StringInput `pulumi:"cloudProduct"`
	// The enrollment level of the service.
	// Default value is `BLOCK_ALL`.
	// Possible values are: `BLOCK_ALL`.
	//
	// ***
	EnrollmentLevel pulumi.StringPtrInput `pulumi:"enrollmentLevel"`
}

func (AccessApprovalSettingsEnrolledServiceArgs) ElementType

func (AccessApprovalSettingsEnrolledServiceArgs) ToAccessApprovalSettingsEnrolledServiceOutput

func (i AccessApprovalSettingsEnrolledServiceArgs) ToAccessApprovalSettingsEnrolledServiceOutput() AccessApprovalSettingsEnrolledServiceOutput

func (AccessApprovalSettingsEnrolledServiceArgs) ToAccessApprovalSettingsEnrolledServiceOutputWithContext

func (i AccessApprovalSettingsEnrolledServiceArgs) ToAccessApprovalSettingsEnrolledServiceOutputWithContext(ctx context.Context) AccessApprovalSettingsEnrolledServiceOutput

type AccessApprovalSettingsEnrolledServiceArray

type AccessApprovalSettingsEnrolledServiceArray []AccessApprovalSettingsEnrolledServiceInput

func (AccessApprovalSettingsEnrolledServiceArray) ElementType

func (AccessApprovalSettingsEnrolledServiceArray) ToAccessApprovalSettingsEnrolledServiceArrayOutput

func (i AccessApprovalSettingsEnrolledServiceArray) ToAccessApprovalSettingsEnrolledServiceArrayOutput() AccessApprovalSettingsEnrolledServiceArrayOutput

func (AccessApprovalSettingsEnrolledServiceArray) ToAccessApprovalSettingsEnrolledServiceArrayOutputWithContext

func (i AccessApprovalSettingsEnrolledServiceArray) ToAccessApprovalSettingsEnrolledServiceArrayOutputWithContext(ctx context.Context) AccessApprovalSettingsEnrolledServiceArrayOutput

type AccessApprovalSettingsEnrolledServiceArrayInput

type AccessApprovalSettingsEnrolledServiceArrayInput interface {
	pulumi.Input

	ToAccessApprovalSettingsEnrolledServiceArrayOutput() AccessApprovalSettingsEnrolledServiceArrayOutput
	ToAccessApprovalSettingsEnrolledServiceArrayOutputWithContext(context.Context) AccessApprovalSettingsEnrolledServiceArrayOutput
}

AccessApprovalSettingsEnrolledServiceArrayInput is an input type that accepts AccessApprovalSettingsEnrolledServiceArray and AccessApprovalSettingsEnrolledServiceArrayOutput values. You can construct a concrete instance of `AccessApprovalSettingsEnrolledServiceArrayInput` via:

AccessApprovalSettingsEnrolledServiceArray{ AccessApprovalSettingsEnrolledServiceArgs{...} }

type AccessApprovalSettingsEnrolledServiceArrayOutput

type AccessApprovalSettingsEnrolledServiceArrayOutput struct{ *pulumi.OutputState }

func (AccessApprovalSettingsEnrolledServiceArrayOutput) ElementType

func (AccessApprovalSettingsEnrolledServiceArrayOutput) Index

func (AccessApprovalSettingsEnrolledServiceArrayOutput) ToAccessApprovalSettingsEnrolledServiceArrayOutput

func (o AccessApprovalSettingsEnrolledServiceArrayOutput) ToAccessApprovalSettingsEnrolledServiceArrayOutput() AccessApprovalSettingsEnrolledServiceArrayOutput

func (AccessApprovalSettingsEnrolledServiceArrayOutput) ToAccessApprovalSettingsEnrolledServiceArrayOutputWithContext

func (o AccessApprovalSettingsEnrolledServiceArrayOutput) ToAccessApprovalSettingsEnrolledServiceArrayOutputWithContext(ctx context.Context) AccessApprovalSettingsEnrolledServiceArrayOutput

type AccessApprovalSettingsEnrolledServiceInput

type AccessApprovalSettingsEnrolledServiceInput interface {
	pulumi.Input

	ToAccessApprovalSettingsEnrolledServiceOutput() AccessApprovalSettingsEnrolledServiceOutput
	ToAccessApprovalSettingsEnrolledServiceOutputWithContext(context.Context) AccessApprovalSettingsEnrolledServiceOutput
}

AccessApprovalSettingsEnrolledServiceInput is an input type that accepts AccessApprovalSettingsEnrolledServiceArgs and AccessApprovalSettingsEnrolledServiceOutput values. You can construct a concrete instance of `AccessApprovalSettingsEnrolledServiceInput` via:

AccessApprovalSettingsEnrolledServiceArgs{...}

type AccessApprovalSettingsEnrolledServiceOutput

type AccessApprovalSettingsEnrolledServiceOutput struct{ *pulumi.OutputState }

func (AccessApprovalSettingsEnrolledServiceOutput) CloudProduct

The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):

  • all
  • App Engine
  • BigQuery
  • Cloud Bigtable
  • Cloud Key Management Service
  • Compute Engine
  • Cloud Dataflow
  • Cloud Identity and Access Management
  • Cloud Pub/Sub
  • Cloud Storage
  • Persistent Disk Note: These values are supported as input, but considered a legacy format:
  • all
  • appengine.googleapis.com
  • bigquery.googleapis.com
  • bigtable.googleapis.com
  • cloudkms.googleapis.com
  • compute.googleapis.com
  • dataflow.googleapis.com
  • iam.googleapis.com
  • pubsub.googleapis.com
  • storage.googleapis.com

func (AccessApprovalSettingsEnrolledServiceOutput) ElementType

func (AccessApprovalSettingsEnrolledServiceOutput) EnrollmentLevel

The enrollment level of the service. Default value is `BLOCK_ALL`. Possible values are: `BLOCK_ALL`.

***

func (AccessApprovalSettingsEnrolledServiceOutput) ToAccessApprovalSettingsEnrolledServiceOutput

func (o AccessApprovalSettingsEnrolledServiceOutput) ToAccessApprovalSettingsEnrolledServiceOutput() AccessApprovalSettingsEnrolledServiceOutput

func (AccessApprovalSettingsEnrolledServiceOutput) ToAccessApprovalSettingsEnrolledServiceOutputWithContext

func (o AccessApprovalSettingsEnrolledServiceOutput) ToAccessApprovalSettingsEnrolledServiceOutputWithContext(ctx context.Context) AccessApprovalSettingsEnrolledServiceOutput

type AccessApprovalSettingsInput

type AccessApprovalSettingsInput interface {
	pulumi.Input

	ToAccessApprovalSettingsOutput() AccessApprovalSettingsOutput
	ToAccessApprovalSettingsOutputWithContext(ctx context.Context) AccessApprovalSettingsOutput
}

type AccessApprovalSettingsMap

type AccessApprovalSettingsMap map[string]AccessApprovalSettingsInput

func (AccessApprovalSettingsMap) ElementType

func (AccessApprovalSettingsMap) ElementType() reflect.Type

func (AccessApprovalSettingsMap) ToAccessApprovalSettingsMapOutput

func (i AccessApprovalSettingsMap) ToAccessApprovalSettingsMapOutput() AccessApprovalSettingsMapOutput

func (AccessApprovalSettingsMap) ToAccessApprovalSettingsMapOutputWithContext

func (i AccessApprovalSettingsMap) ToAccessApprovalSettingsMapOutputWithContext(ctx context.Context) AccessApprovalSettingsMapOutput

type AccessApprovalSettingsMapInput

type AccessApprovalSettingsMapInput interface {
	pulumi.Input

	ToAccessApprovalSettingsMapOutput() AccessApprovalSettingsMapOutput
	ToAccessApprovalSettingsMapOutputWithContext(context.Context) AccessApprovalSettingsMapOutput
}

AccessApprovalSettingsMapInput is an input type that accepts AccessApprovalSettingsMap and AccessApprovalSettingsMapOutput values. You can construct a concrete instance of `AccessApprovalSettingsMapInput` via:

AccessApprovalSettingsMap{ "key": AccessApprovalSettingsArgs{...} }

type AccessApprovalSettingsMapOutput

type AccessApprovalSettingsMapOutput struct{ *pulumi.OutputState }

func (AccessApprovalSettingsMapOutput) ElementType

func (AccessApprovalSettingsMapOutput) MapIndex

func (AccessApprovalSettingsMapOutput) ToAccessApprovalSettingsMapOutput

func (o AccessApprovalSettingsMapOutput) ToAccessApprovalSettingsMapOutput() AccessApprovalSettingsMapOutput

func (AccessApprovalSettingsMapOutput) ToAccessApprovalSettingsMapOutputWithContext

func (o AccessApprovalSettingsMapOutput) ToAccessApprovalSettingsMapOutputWithContext(ctx context.Context) AccessApprovalSettingsMapOutput

type AccessApprovalSettingsOutput

type AccessApprovalSettingsOutput struct{ *pulumi.OutputState }

func (AccessApprovalSettingsOutput) ActiveKeyVersion added in v6.23.0

The asymmetric crypto key version to use for signing approval requests. Empty activeKeyVersion indicates that a Google-managed key should be used for signing. This property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set.

func (AccessApprovalSettingsOutput) AncestorHasActiveKeyVersion added in v6.23.0

func (o AccessApprovalSettingsOutput) AncestorHasActiveKeyVersion() pulumi.BoolOutput

If the field is true, that indicates that an ancestor of this Folder has set active_key_version.

func (AccessApprovalSettingsOutput) ElementType

func (AccessApprovalSettingsOutput) EnrolledAncestor added in v6.23.0

func (o AccessApprovalSettingsOutput) EnrolledAncestor() pulumi.BoolOutput

If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Folder.

func (AccessApprovalSettingsOutput) EnrolledServices added in v6.23.0

A list of Google Cloud Services for which the given resource has Access Approval enrolled. Access requests for the resource given by name against any of these services contained here will be required to have explicit approval. Enrollment can only be done on an all or nothing basis. A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded. Structure is documented below.

func (AccessApprovalSettingsOutput) FolderId added in v6.23.0

ID of the folder of the access approval settings.

func (AccessApprovalSettingsOutput) InvalidKeyVersion added in v6.23.0

func (o AccessApprovalSettingsOutput) InvalidKeyVersion() pulumi.BoolOutput

If the field is true, that indicates that there is some configuration issue with the activeKeyVersion configured on this Folder (e.g. it doesn't exist or the Access Approval service account doesn't have the correct permissions on it, etc.) This key version is not necessarily the effective key version at this level, as key versions are inherited top-down.

func (AccessApprovalSettingsOutput) Name added in v6.23.0

The resource name of the settings. Format is "folders/{folder_id}/accessApprovalSettings"

func (AccessApprovalSettingsOutput) NotificationEmails added in v6.23.0

func (o AccessApprovalSettingsOutput) NotificationEmails() pulumi.StringArrayOutput

A list of email addresses to which notifications relating to approval requests should be sent. Notifications relating to a resource will be sent to all emails in the settings of ancestor resources of that resource. A maximum of 50 email addresses are allowed.

func (AccessApprovalSettingsOutput) ToAccessApprovalSettingsOutput

func (o AccessApprovalSettingsOutput) ToAccessApprovalSettingsOutput() AccessApprovalSettingsOutput

func (AccessApprovalSettingsOutput) ToAccessApprovalSettingsOutputWithContext

func (o AccessApprovalSettingsOutput) ToAccessApprovalSettingsOutputWithContext(ctx context.Context) AccessApprovalSettingsOutput

type AccessApprovalSettingsState

type AccessApprovalSettingsState struct {
	// The asymmetric crypto key version to use for signing approval requests.
	// Empty activeKeyVersion indicates that a Google-managed key should be used for signing.
	// This property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set.
	ActiveKeyVersion pulumi.StringPtrInput
	// If the field is true, that indicates that an ancestor of this Folder has set active_key_version.
	AncestorHasActiveKeyVersion pulumi.BoolPtrInput
	// If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Folder.
	EnrolledAncestor pulumi.BoolPtrInput
	// A list of Google Cloud Services for which the given resource has Access Approval enrolled.
	// Access requests for the resource given by name against any of these services contained here will be required
	// to have explicit approval. Enrollment can only be done on an all or nothing basis.
	// A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.
	// Structure is documented below.
	EnrolledServices AccessApprovalSettingsEnrolledServiceArrayInput
	// ID of the folder of the access approval settings.
	FolderId pulumi.StringPtrInput
	// If the field is true, that indicates that there is some configuration issue with the activeKeyVersion
	// configured on this Folder (e.g. it doesn't exist or the Access Approval service account doesn't have the
	// correct permissions on it, etc.) This key version is not necessarily the effective key version at this level,
	// as key versions are inherited top-down.
	InvalidKeyVersion pulumi.BoolPtrInput
	// The resource name of the settings. Format is "folders/{folder_id}/accessApprovalSettings"
	Name pulumi.StringPtrInput
	// A list of email addresses to which notifications relating to approval requests should be sent.
	// Notifications relating to a resource will be sent to all emails in the settings of ancestor
	// resources of that resource. A maximum of 50 email addresses are allowed.
	NotificationEmails pulumi.StringArrayInput
}

func (AccessApprovalSettingsState) ElementType

type GetIamPolicyArgs added in v6.59.0

type GetIamPolicyArgs struct {
	// The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
	Folder string `pulumi:"folder"`
}

A collection of arguments for invoking getIamPolicy.

type GetIamPolicyOutputArgs added in v6.59.0

type GetIamPolicyOutputArgs struct {
	// The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
	Folder pulumi.StringInput `pulumi:"folder"`
}

A collection of arguments for invoking getIamPolicy.

func (GetIamPolicyOutputArgs) ElementType added in v6.59.0

func (GetIamPolicyOutputArgs) ElementType() reflect.Type

type GetIamPolicyResult added in v6.59.0

type GetIamPolicyResult struct {
	// (Computed) The etag of the IAM policy.
	Etag   string `pulumi:"etag"`
	Folder string `pulumi:"folder"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// (Computed) The policy data
	PolicyData string `pulumi:"policyData"`
}

A collection of values returned by getIamPolicy.

func GetIamPolicy added in v6.59.0

func GetIamPolicy(ctx *pulumi.Context, args *GetIamPolicyArgs, opts ...pulumi.InvokeOption) (*GetIamPolicyResult, error)

Retrieves the current IAM policy data for a folder.

## example

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := folder.GetIamPolicy(ctx, &folder.GetIamPolicyArgs{
			Folder: google_folder.Permissiontest.Name,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetIamPolicyResultOutput added in v6.59.0

type GetIamPolicyResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getIamPolicy.

func GetIamPolicyOutput added in v6.59.0

func GetIamPolicyOutput(ctx *pulumi.Context, args GetIamPolicyOutputArgs, opts ...pulumi.InvokeOption) GetIamPolicyResultOutput

func (GetIamPolicyResultOutput) ElementType added in v6.59.0

func (GetIamPolicyResultOutput) ElementType() reflect.Type

func (GetIamPolicyResultOutput) Etag added in v6.59.0

(Computed) The etag of the IAM policy.

func (GetIamPolicyResultOutput) Folder added in v6.59.0

func (GetIamPolicyResultOutput) Id added in v6.59.0

The provider-assigned unique ID for this managed resource.

func (GetIamPolicyResultOutput) PolicyData added in v6.59.0

(Computed) The policy data

func (GetIamPolicyResultOutput) ToGetIamPolicyResultOutput added in v6.59.0

func (o GetIamPolicyResultOutput) ToGetIamPolicyResultOutput() GetIamPolicyResultOutput

func (GetIamPolicyResultOutput) ToGetIamPolicyResultOutputWithContext added in v6.59.0

func (o GetIamPolicyResultOutput) ToGetIamPolicyResultOutputWithContext(ctx context.Context) GetIamPolicyResultOutput

type GetOrganizationPolicyBooleanPolicy

type GetOrganizationPolicyBooleanPolicy struct {
	Enforced bool `pulumi:"enforced"`
}

type GetOrganizationPolicyBooleanPolicyArgs

type GetOrganizationPolicyBooleanPolicyArgs struct {
	Enforced pulumi.BoolInput `pulumi:"enforced"`
}

func (GetOrganizationPolicyBooleanPolicyArgs) ElementType

func (GetOrganizationPolicyBooleanPolicyArgs) ToGetOrganizationPolicyBooleanPolicyOutput

func (i GetOrganizationPolicyBooleanPolicyArgs) ToGetOrganizationPolicyBooleanPolicyOutput() GetOrganizationPolicyBooleanPolicyOutput

func (GetOrganizationPolicyBooleanPolicyArgs) ToGetOrganizationPolicyBooleanPolicyOutputWithContext

func (i GetOrganizationPolicyBooleanPolicyArgs) ToGetOrganizationPolicyBooleanPolicyOutputWithContext(ctx context.Context) GetOrganizationPolicyBooleanPolicyOutput

type GetOrganizationPolicyBooleanPolicyArray

type GetOrganizationPolicyBooleanPolicyArray []GetOrganizationPolicyBooleanPolicyInput

func (GetOrganizationPolicyBooleanPolicyArray) ElementType

func (GetOrganizationPolicyBooleanPolicyArray) ToGetOrganizationPolicyBooleanPolicyArrayOutput

func (i GetOrganizationPolicyBooleanPolicyArray) ToGetOrganizationPolicyBooleanPolicyArrayOutput() GetOrganizationPolicyBooleanPolicyArrayOutput

func (GetOrganizationPolicyBooleanPolicyArray) ToGetOrganizationPolicyBooleanPolicyArrayOutputWithContext

func (i GetOrganizationPolicyBooleanPolicyArray) ToGetOrganizationPolicyBooleanPolicyArrayOutputWithContext(ctx context.Context) GetOrganizationPolicyBooleanPolicyArrayOutput

type GetOrganizationPolicyBooleanPolicyArrayInput

type GetOrganizationPolicyBooleanPolicyArrayInput interface {
	pulumi.Input

	ToGetOrganizationPolicyBooleanPolicyArrayOutput() GetOrganizationPolicyBooleanPolicyArrayOutput
	ToGetOrganizationPolicyBooleanPolicyArrayOutputWithContext(context.Context) GetOrganizationPolicyBooleanPolicyArrayOutput
}

GetOrganizationPolicyBooleanPolicyArrayInput is an input type that accepts GetOrganizationPolicyBooleanPolicyArray and GetOrganizationPolicyBooleanPolicyArrayOutput values. You can construct a concrete instance of `GetOrganizationPolicyBooleanPolicyArrayInput` via:

GetOrganizationPolicyBooleanPolicyArray{ GetOrganizationPolicyBooleanPolicyArgs{...} }

type GetOrganizationPolicyBooleanPolicyArrayOutput

type GetOrganizationPolicyBooleanPolicyArrayOutput struct{ *pulumi.OutputState }

func (GetOrganizationPolicyBooleanPolicyArrayOutput) ElementType

func (GetOrganizationPolicyBooleanPolicyArrayOutput) Index

func (GetOrganizationPolicyBooleanPolicyArrayOutput) ToGetOrganizationPolicyBooleanPolicyArrayOutput

func (o GetOrganizationPolicyBooleanPolicyArrayOutput) ToGetOrganizationPolicyBooleanPolicyArrayOutput() GetOrganizationPolicyBooleanPolicyArrayOutput

func (GetOrganizationPolicyBooleanPolicyArrayOutput) ToGetOrganizationPolicyBooleanPolicyArrayOutputWithContext

func (o GetOrganizationPolicyBooleanPolicyArrayOutput) ToGetOrganizationPolicyBooleanPolicyArrayOutputWithContext(ctx context.Context) GetOrganizationPolicyBooleanPolicyArrayOutput

type GetOrganizationPolicyBooleanPolicyInput

type GetOrganizationPolicyBooleanPolicyInput interface {
	pulumi.Input

	ToGetOrganizationPolicyBooleanPolicyOutput() GetOrganizationPolicyBooleanPolicyOutput
	ToGetOrganizationPolicyBooleanPolicyOutputWithContext(context.Context) GetOrganizationPolicyBooleanPolicyOutput
}

GetOrganizationPolicyBooleanPolicyInput is an input type that accepts GetOrganizationPolicyBooleanPolicyArgs and GetOrganizationPolicyBooleanPolicyOutput values. You can construct a concrete instance of `GetOrganizationPolicyBooleanPolicyInput` via:

GetOrganizationPolicyBooleanPolicyArgs{...}

type GetOrganizationPolicyBooleanPolicyOutput

type GetOrganizationPolicyBooleanPolicyOutput struct{ *pulumi.OutputState }

func (GetOrganizationPolicyBooleanPolicyOutput) ElementType

func (GetOrganizationPolicyBooleanPolicyOutput) Enforced

func (GetOrganizationPolicyBooleanPolicyOutput) ToGetOrganizationPolicyBooleanPolicyOutput

func (o GetOrganizationPolicyBooleanPolicyOutput) ToGetOrganizationPolicyBooleanPolicyOutput() GetOrganizationPolicyBooleanPolicyOutput

func (GetOrganizationPolicyBooleanPolicyOutput) ToGetOrganizationPolicyBooleanPolicyOutputWithContext

func (o GetOrganizationPolicyBooleanPolicyOutput) ToGetOrganizationPolicyBooleanPolicyOutputWithContext(ctx context.Context) GetOrganizationPolicyBooleanPolicyOutput

type GetOrganizationPolicyListPolicy

type GetOrganizationPolicyListPolicy struct {
	Allows            []GetOrganizationPolicyListPolicyAllow `pulumi:"allows"`
	Denies            []GetOrganizationPolicyListPolicyDeny  `pulumi:"denies"`
	InheritFromParent bool                                   `pulumi:"inheritFromParent"`
	SuggestedValue    string                                 `pulumi:"suggestedValue"`
}

type GetOrganizationPolicyListPolicyAllow

type GetOrganizationPolicyListPolicyAllow struct {
	All    bool     `pulumi:"all"`
	Values []string `pulumi:"values"`
}

type GetOrganizationPolicyListPolicyAllowArgs

type GetOrganizationPolicyListPolicyAllowArgs struct {
	All    pulumi.BoolInput        `pulumi:"all"`
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (GetOrganizationPolicyListPolicyAllowArgs) ElementType

func (GetOrganizationPolicyListPolicyAllowArgs) ToGetOrganizationPolicyListPolicyAllowOutput

func (i GetOrganizationPolicyListPolicyAllowArgs) ToGetOrganizationPolicyListPolicyAllowOutput() GetOrganizationPolicyListPolicyAllowOutput

func (GetOrganizationPolicyListPolicyAllowArgs) ToGetOrganizationPolicyListPolicyAllowOutputWithContext

func (i GetOrganizationPolicyListPolicyAllowArgs) ToGetOrganizationPolicyListPolicyAllowOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyAllowOutput

type GetOrganizationPolicyListPolicyAllowArray

type GetOrganizationPolicyListPolicyAllowArray []GetOrganizationPolicyListPolicyAllowInput

func (GetOrganizationPolicyListPolicyAllowArray) ElementType

func (GetOrganizationPolicyListPolicyAllowArray) ToGetOrganizationPolicyListPolicyAllowArrayOutput

func (i GetOrganizationPolicyListPolicyAllowArray) ToGetOrganizationPolicyListPolicyAllowArrayOutput() GetOrganizationPolicyListPolicyAllowArrayOutput

func (GetOrganizationPolicyListPolicyAllowArray) ToGetOrganizationPolicyListPolicyAllowArrayOutputWithContext

func (i GetOrganizationPolicyListPolicyAllowArray) ToGetOrganizationPolicyListPolicyAllowArrayOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyAllowArrayOutput

type GetOrganizationPolicyListPolicyAllowArrayInput

type GetOrganizationPolicyListPolicyAllowArrayInput interface {
	pulumi.Input

	ToGetOrganizationPolicyListPolicyAllowArrayOutput() GetOrganizationPolicyListPolicyAllowArrayOutput
	ToGetOrganizationPolicyListPolicyAllowArrayOutputWithContext(context.Context) GetOrganizationPolicyListPolicyAllowArrayOutput
}

GetOrganizationPolicyListPolicyAllowArrayInput is an input type that accepts GetOrganizationPolicyListPolicyAllowArray and GetOrganizationPolicyListPolicyAllowArrayOutput values. You can construct a concrete instance of `GetOrganizationPolicyListPolicyAllowArrayInput` via:

GetOrganizationPolicyListPolicyAllowArray{ GetOrganizationPolicyListPolicyAllowArgs{...} }

type GetOrganizationPolicyListPolicyAllowArrayOutput

type GetOrganizationPolicyListPolicyAllowArrayOutput struct{ *pulumi.OutputState }

func (GetOrganizationPolicyListPolicyAllowArrayOutput) ElementType

func (GetOrganizationPolicyListPolicyAllowArrayOutput) Index

func (GetOrganizationPolicyListPolicyAllowArrayOutput) ToGetOrganizationPolicyListPolicyAllowArrayOutput

func (o GetOrganizationPolicyListPolicyAllowArrayOutput) ToGetOrganizationPolicyListPolicyAllowArrayOutput() GetOrganizationPolicyListPolicyAllowArrayOutput

func (GetOrganizationPolicyListPolicyAllowArrayOutput) ToGetOrganizationPolicyListPolicyAllowArrayOutputWithContext

func (o GetOrganizationPolicyListPolicyAllowArrayOutput) ToGetOrganizationPolicyListPolicyAllowArrayOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyAllowArrayOutput

type GetOrganizationPolicyListPolicyAllowInput

type GetOrganizationPolicyListPolicyAllowInput interface {
	pulumi.Input

	ToGetOrganizationPolicyListPolicyAllowOutput() GetOrganizationPolicyListPolicyAllowOutput
	ToGetOrganizationPolicyListPolicyAllowOutputWithContext(context.Context) GetOrganizationPolicyListPolicyAllowOutput
}

GetOrganizationPolicyListPolicyAllowInput is an input type that accepts GetOrganizationPolicyListPolicyAllowArgs and GetOrganizationPolicyListPolicyAllowOutput values. You can construct a concrete instance of `GetOrganizationPolicyListPolicyAllowInput` via:

GetOrganizationPolicyListPolicyAllowArgs{...}

type GetOrganizationPolicyListPolicyAllowOutput

type GetOrganizationPolicyListPolicyAllowOutput struct{ *pulumi.OutputState }

func (GetOrganizationPolicyListPolicyAllowOutput) All

func (GetOrganizationPolicyListPolicyAllowOutput) ElementType

func (GetOrganizationPolicyListPolicyAllowOutput) ToGetOrganizationPolicyListPolicyAllowOutput

func (o GetOrganizationPolicyListPolicyAllowOutput) ToGetOrganizationPolicyListPolicyAllowOutput() GetOrganizationPolicyListPolicyAllowOutput

func (GetOrganizationPolicyListPolicyAllowOutput) ToGetOrganizationPolicyListPolicyAllowOutputWithContext

func (o GetOrganizationPolicyListPolicyAllowOutput) ToGetOrganizationPolicyListPolicyAllowOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyAllowOutput

func (GetOrganizationPolicyListPolicyAllowOutput) Values

type GetOrganizationPolicyListPolicyArgs

type GetOrganizationPolicyListPolicyArgs struct {
	Allows            GetOrganizationPolicyListPolicyAllowArrayInput `pulumi:"allows"`
	Denies            GetOrganizationPolicyListPolicyDenyArrayInput  `pulumi:"denies"`
	InheritFromParent pulumi.BoolInput                               `pulumi:"inheritFromParent"`
	SuggestedValue    pulumi.StringInput                             `pulumi:"suggestedValue"`
}

func (GetOrganizationPolicyListPolicyArgs) ElementType

func (GetOrganizationPolicyListPolicyArgs) ToGetOrganizationPolicyListPolicyOutput

func (i GetOrganizationPolicyListPolicyArgs) ToGetOrganizationPolicyListPolicyOutput() GetOrganizationPolicyListPolicyOutput

func (GetOrganizationPolicyListPolicyArgs) ToGetOrganizationPolicyListPolicyOutputWithContext

func (i GetOrganizationPolicyListPolicyArgs) ToGetOrganizationPolicyListPolicyOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyOutput

type GetOrganizationPolicyListPolicyArray

type GetOrganizationPolicyListPolicyArray []GetOrganizationPolicyListPolicyInput

func (GetOrganizationPolicyListPolicyArray) ElementType

func (GetOrganizationPolicyListPolicyArray) ToGetOrganizationPolicyListPolicyArrayOutput

func (i GetOrganizationPolicyListPolicyArray) ToGetOrganizationPolicyListPolicyArrayOutput() GetOrganizationPolicyListPolicyArrayOutput

func (GetOrganizationPolicyListPolicyArray) ToGetOrganizationPolicyListPolicyArrayOutputWithContext

func (i GetOrganizationPolicyListPolicyArray) ToGetOrganizationPolicyListPolicyArrayOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyArrayOutput

type GetOrganizationPolicyListPolicyArrayInput

type GetOrganizationPolicyListPolicyArrayInput interface {
	pulumi.Input

	ToGetOrganizationPolicyListPolicyArrayOutput() GetOrganizationPolicyListPolicyArrayOutput
	ToGetOrganizationPolicyListPolicyArrayOutputWithContext(context.Context) GetOrganizationPolicyListPolicyArrayOutput
}

GetOrganizationPolicyListPolicyArrayInput is an input type that accepts GetOrganizationPolicyListPolicyArray and GetOrganizationPolicyListPolicyArrayOutput values. You can construct a concrete instance of `GetOrganizationPolicyListPolicyArrayInput` via:

GetOrganizationPolicyListPolicyArray{ GetOrganizationPolicyListPolicyArgs{...} }

type GetOrganizationPolicyListPolicyArrayOutput

type GetOrganizationPolicyListPolicyArrayOutput struct{ *pulumi.OutputState }

func (GetOrganizationPolicyListPolicyArrayOutput) ElementType

func (GetOrganizationPolicyListPolicyArrayOutput) Index

func (GetOrganizationPolicyListPolicyArrayOutput) ToGetOrganizationPolicyListPolicyArrayOutput

func (o GetOrganizationPolicyListPolicyArrayOutput) ToGetOrganizationPolicyListPolicyArrayOutput() GetOrganizationPolicyListPolicyArrayOutput

func (GetOrganizationPolicyListPolicyArrayOutput) ToGetOrganizationPolicyListPolicyArrayOutputWithContext

func (o GetOrganizationPolicyListPolicyArrayOutput) ToGetOrganizationPolicyListPolicyArrayOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyArrayOutput

type GetOrganizationPolicyListPolicyDeny

type GetOrganizationPolicyListPolicyDeny struct {
	All    bool     `pulumi:"all"`
	Values []string `pulumi:"values"`
}

type GetOrganizationPolicyListPolicyDenyArgs

type GetOrganizationPolicyListPolicyDenyArgs struct {
	All    pulumi.BoolInput        `pulumi:"all"`
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (GetOrganizationPolicyListPolicyDenyArgs) ElementType

func (GetOrganizationPolicyListPolicyDenyArgs) ToGetOrganizationPolicyListPolicyDenyOutput

func (i GetOrganizationPolicyListPolicyDenyArgs) ToGetOrganizationPolicyListPolicyDenyOutput() GetOrganizationPolicyListPolicyDenyOutput

func (GetOrganizationPolicyListPolicyDenyArgs) ToGetOrganizationPolicyListPolicyDenyOutputWithContext

func (i GetOrganizationPolicyListPolicyDenyArgs) ToGetOrganizationPolicyListPolicyDenyOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyDenyOutput

type GetOrganizationPolicyListPolicyDenyArray

type GetOrganizationPolicyListPolicyDenyArray []GetOrganizationPolicyListPolicyDenyInput

func (GetOrganizationPolicyListPolicyDenyArray) ElementType

func (GetOrganizationPolicyListPolicyDenyArray) ToGetOrganizationPolicyListPolicyDenyArrayOutput

func (i GetOrganizationPolicyListPolicyDenyArray) ToGetOrganizationPolicyListPolicyDenyArrayOutput() GetOrganizationPolicyListPolicyDenyArrayOutput

func (GetOrganizationPolicyListPolicyDenyArray) ToGetOrganizationPolicyListPolicyDenyArrayOutputWithContext

func (i GetOrganizationPolicyListPolicyDenyArray) ToGetOrganizationPolicyListPolicyDenyArrayOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyDenyArrayOutput

type GetOrganizationPolicyListPolicyDenyArrayInput

type GetOrganizationPolicyListPolicyDenyArrayInput interface {
	pulumi.Input

	ToGetOrganizationPolicyListPolicyDenyArrayOutput() GetOrganizationPolicyListPolicyDenyArrayOutput
	ToGetOrganizationPolicyListPolicyDenyArrayOutputWithContext(context.Context) GetOrganizationPolicyListPolicyDenyArrayOutput
}

GetOrganizationPolicyListPolicyDenyArrayInput is an input type that accepts GetOrganizationPolicyListPolicyDenyArray and GetOrganizationPolicyListPolicyDenyArrayOutput values. You can construct a concrete instance of `GetOrganizationPolicyListPolicyDenyArrayInput` via:

GetOrganizationPolicyListPolicyDenyArray{ GetOrganizationPolicyListPolicyDenyArgs{...} }

type GetOrganizationPolicyListPolicyDenyArrayOutput

type GetOrganizationPolicyListPolicyDenyArrayOutput struct{ *pulumi.OutputState }

func (GetOrganizationPolicyListPolicyDenyArrayOutput) ElementType

func (GetOrganizationPolicyListPolicyDenyArrayOutput) Index

func (GetOrganizationPolicyListPolicyDenyArrayOutput) ToGetOrganizationPolicyListPolicyDenyArrayOutput

func (o GetOrganizationPolicyListPolicyDenyArrayOutput) ToGetOrganizationPolicyListPolicyDenyArrayOutput() GetOrganizationPolicyListPolicyDenyArrayOutput

func (GetOrganizationPolicyListPolicyDenyArrayOutput) ToGetOrganizationPolicyListPolicyDenyArrayOutputWithContext

func (o GetOrganizationPolicyListPolicyDenyArrayOutput) ToGetOrganizationPolicyListPolicyDenyArrayOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyDenyArrayOutput

type GetOrganizationPolicyListPolicyDenyInput

type GetOrganizationPolicyListPolicyDenyInput interface {
	pulumi.Input

	ToGetOrganizationPolicyListPolicyDenyOutput() GetOrganizationPolicyListPolicyDenyOutput
	ToGetOrganizationPolicyListPolicyDenyOutputWithContext(context.Context) GetOrganizationPolicyListPolicyDenyOutput
}

GetOrganizationPolicyListPolicyDenyInput is an input type that accepts GetOrganizationPolicyListPolicyDenyArgs and GetOrganizationPolicyListPolicyDenyOutput values. You can construct a concrete instance of `GetOrganizationPolicyListPolicyDenyInput` via:

GetOrganizationPolicyListPolicyDenyArgs{...}

type GetOrganizationPolicyListPolicyDenyOutput

type GetOrganizationPolicyListPolicyDenyOutput struct{ *pulumi.OutputState }

func (GetOrganizationPolicyListPolicyDenyOutput) All

func (GetOrganizationPolicyListPolicyDenyOutput) ElementType

func (GetOrganizationPolicyListPolicyDenyOutput) ToGetOrganizationPolicyListPolicyDenyOutput

func (o GetOrganizationPolicyListPolicyDenyOutput) ToGetOrganizationPolicyListPolicyDenyOutput() GetOrganizationPolicyListPolicyDenyOutput

func (GetOrganizationPolicyListPolicyDenyOutput) ToGetOrganizationPolicyListPolicyDenyOutputWithContext

func (o GetOrganizationPolicyListPolicyDenyOutput) ToGetOrganizationPolicyListPolicyDenyOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyDenyOutput

func (GetOrganizationPolicyListPolicyDenyOutput) Values

type GetOrganizationPolicyListPolicyInput

type GetOrganizationPolicyListPolicyInput interface {
	pulumi.Input

	ToGetOrganizationPolicyListPolicyOutput() GetOrganizationPolicyListPolicyOutput
	ToGetOrganizationPolicyListPolicyOutputWithContext(context.Context) GetOrganizationPolicyListPolicyOutput
}

GetOrganizationPolicyListPolicyInput is an input type that accepts GetOrganizationPolicyListPolicyArgs and GetOrganizationPolicyListPolicyOutput values. You can construct a concrete instance of `GetOrganizationPolicyListPolicyInput` via:

GetOrganizationPolicyListPolicyArgs{...}

type GetOrganizationPolicyListPolicyOutput

type GetOrganizationPolicyListPolicyOutput struct{ *pulumi.OutputState }

func (GetOrganizationPolicyListPolicyOutput) Allows

func (GetOrganizationPolicyListPolicyOutput) Denies

func (GetOrganizationPolicyListPolicyOutput) ElementType

func (GetOrganizationPolicyListPolicyOutput) InheritFromParent

func (GetOrganizationPolicyListPolicyOutput) SuggestedValue

func (GetOrganizationPolicyListPolicyOutput) ToGetOrganizationPolicyListPolicyOutput

func (o GetOrganizationPolicyListPolicyOutput) ToGetOrganizationPolicyListPolicyOutput() GetOrganizationPolicyListPolicyOutput

func (GetOrganizationPolicyListPolicyOutput) ToGetOrganizationPolicyListPolicyOutputWithContext

func (o GetOrganizationPolicyListPolicyOutput) ToGetOrganizationPolicyListPolicyOutputWithContext(ctx context.Context) GetOrganizationPolicyListPolicyOutput

type GetOrganizationPolicyRestorePolicy

type GetOrganizationPolicyRestorePolicy struct {
	Default bool `pulumi:"default"`
}

type GetOrganizationPolicyRestorePolicyArgs

type GetOrganizationPolicyRestorePolicyArgs struct {
	Default pulumi.BoolInput `pulumi:"default"`
}

func (GetOrganizationPolicyRestorePolicyArgs) ElementType

func (GetOrganizationPolicyRestorePolicyArgs) ToGetOrganizationPolicyRestorePolicyOutput

func (i GetOrganizationPolicyRestorePolicyArgs) ToGetOrganizationPolicyRestorePolicyOutput() GetOrganizationPolicyRestorePolicyOutput

func (GetOrganizationPolicyRestorePolicyArgs) ToGetOrganizationPolicyRestorePolicyOutputWithContext

func (i GetOrganizationPolicyRestorePolicyArgs) ToGetOrganizationPolicyRestorePolicyOutputWithContext(ctx context.Context) GetOrganizationPolicyRestorePolicyOutput

type GetOrganizationPolicyRestorePolicyArray

type GetOrganizationPolicyRestorePolicyArray []GetOrganizationPolicyRestorePolicyInput

func (GetOrganizationPolicyRestorePolicyArray) ElementType

func (GetOrganizationPolicyRestorePolicyArray) ToGetOrganizationPolicyRestorePolicyArrayOutput

func (i GetOrganizationPolicyRestorePolicyArray) ToGetOrganizationPolicyRestorePolicyArrayOutput() GetOrganizationPolicyRestorePolicyArrayOutput

func (GetOrganizationPolicyRestorePolicyArray) ToGetOrganizationPolicyRestorePolicyArrayOutputWithContext

func (i GetOrganizationPolicyRestorePolicyArray) ToGetOrganizationPolicyRestorePolicyArrayOutputWithContext(ctx context.Context) GetOrganizationPolicyRestorePolicyArrayOutput

type GetOrganizationPolicyRestorePolicyArrayInput

type GetOrganizationPolicyRestorePolicyArrayInput interface {
	pulumi.Input

	ToGetOrganizationPolicyRestorePolicyArrayOutput() GetOrganizationPolicyRestorePolicyArrayOutput
	ToGetOrganizationPolicyRestorePolicyArrayOutputWithContext(context.Context) GetOrganizationPolicyRestorePolicyArrayOutput
}

GetOrganizationPolicyRestorePolicyArrayInput is an input type that accepts GetOrganizationPolicyRestorePolicyArray and GetOrganizationPolicyRestorePolicyArrayOutput values. You can construct a concrete instance of `GetOrganizationPolicyRestorePolicyArrayInput` via:

GetOrganizationPolicyRestorePolicyArray{ GetOrganizationPolicyRestorePolicyArgs{...} }

type GetOrganizationPolicyRestorePolicyArrayOutput

type GetOrganizationPolicyRestorePolicyArrayOutput struct{ *pulumi.OutputState }

func (GetOrganizationPolicyRestorePolicyArrayOutput) ElementType

func (GetOrganizationPolicyRestorePolicyArrayOutput) Index

func (GetOrganizationPolicyRestorePolicyArrayOutput) ToGetOrganizationPolicyRestorePolicyArrayOutput

func (o GetOrganizationPolicyRestorePolicyArrayOutput) ToGetOrganizationPolicyRestorePolicyArrayOutput() GetOrganizationPolicyRestorePolicyArrayOutput

func (GetOrganizationPolicyRestorePolicyArrayOutput) ToGetOrganizationPolicyRestorePolicyArrayOutputWithContext

func (o GetOrganizationPolicyRestorePolicyArrayOutput) ToGetOrganizationPolicyRestorePolicyArrayOutputWithContext(ctx context.Context) GetOrganizationPolicyRestorePolicyArrayOutput

type GetOrganizationPolicyRestorePolicyInput

type GetOrganizationPolicyRestorePolicyInput interface {
	pulumi.Input

	ToGetOrganizationPolicyRestorePolicyOutput() GetOrganizationPolicyRestorePolicyOutput
	ToGetOrganizationPolicyRestorePolicyOutputWithContext(context.Context) GetOrganizationPolicyRestorePolicyOutput
}

GetOrganizationPolicyRestorePolicyInput is an input type that accepts GetOrganizationPolicyRestorePolicyArgs and GetOrganizationPolicyRestorePolicyOutput values. You can construct a concrete instance of `GetOrganizationPolicyRestorePolicyInput` via:

GetOrganizationPolicyRestorePolicyArgs{...}

type GetOrganizationPolicyRestorePolicyOutput

type GetOrganizationPolicyRestorePolicyOutput struct{ *pulumi.OutputState }

func (GetOrganizationPolicyRestorePolicyOutput) Default

func (GetOrganizationPolicyRestorePolicyOutput) ElementType

func (GetOrganizationPolicyRestorePolicyOutput) ToGetOrganizationPolicyRestorePolicyOutput

func (o GetOrganizationPolicyRestorePolicyOutput) ToGetOrganizationPolicyRestorePolicyOutput() GetOrganizationPolicyRestorePolicyOutput

func (GetOrganizationPolicyRestorePolicyOutput) ToGetOrganizationPolicyRestorePolicyOutputWithContext

func (o GetOrganizationPolicyRestorePolicyOutput) ToGetOrganizationPolicyRestorePolicyOutputWithContext(ctx context.Context) GetOrganizationPolicyRestorePolicyOutput

type IAMBinding

type IAMBinding struct {
	pulumi.CustomResourceState

	Condition IAMBindingConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the folder's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
	Folder pulumi.StringOutput `pulumi:"folder"`
	// An array of identities that will be granted the privilege in the `role`.
	// Each entry can have one of the following values:
	// * **user:{emailid}**: An email address that is associated with a specific Google account. For example, alice@gmail.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The role that should be applied. Only one
	// `folder.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Allows creation and management of a single binding within IAM policy for an existing Google Cloud Platform folder.

> **Note:** This resource _must not_ be used in conjunction with

`folder.IAMPolicy` or they will fight over what your policy
should be.

> **Note:** On create, this resource will overwrite members of any existing roles.

Use `pulumi import` and inspect the output to ensure
your existing members are preserved.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		department1, err := organizations.NewFolder(ctx, "department1", &organizations.FolderArgs{
			DisplayName: pulumi.String("Department 1"),
			Parent:      pulumi.String("organizations/1234567"),
		})
		if err != nil {
			return err
		}
		_, err = folder.NewIAMBinding(ctx, "admin", &folder.IAMBindingArgs{
			Folder: department1.Name,
			Role:   pulumi.String("roles/editor"),
			Members: pulumi.StringArray{
				pulumi.String("user:alice@gmail.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

IAM binding imports use space-delimited identifiers; first the resource in question and then the role.

These bindings can be imported using the `folder` and role, e.g.

```sh

$ pulumi import gcp:folder/iAMBinding:IAMBinding viewer "folder-name roles/viewer"

```

-> **Custom Roles**If you're importing a IAM binding with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetIAMBinding

func GetIAMBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMBindingState, opts ...pulumi.ResourceOption) (*IAMBinding, error)

GetIAMBinding gets an existing IAMBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMBinding

func NewIAMBinding(ctx *pulumi.Context,
	name string, args *IAMBindingArgs, opts ...pulumi.ResourceOption) (*IAMBinding, error)

NewIAMBinding registers a new resource with the given unique name, arguments, and options.

func (*IAMBinding) ElementType

func (*IAMBinding) ElementType() reflect.Type

func (*IAMBinding) ToIAMBindingOutput

func (i *IAMBinding) ToIAMBindingOutput() IAMBindingOutput

func (*IAMBinding) ToIAMBindingOutputWithContext

func (i *IAMBinding) ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput

type IAMBindingArgs

type IAMBindingArgs struct {
	Condition IAMBindingConditionPtrInput
	// The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
	Folder pulumi.StringInput
	// An array of identities that will be granted the privilege in the `role`.
	// Each entry can have one of the following values:
	// * **user:{emailid}**: An email address that is associated with a specific Google account. For example, alice@gmail.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding
	Members pulumi.StringArrayInput
	// The role that should be applied. Only one
	// `folder.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a IAMBinding resource.

func (IAMBindingArgs) ElementType

func (IAMBindingArgs) ElementType() reflect.Type

type IAMBindingArray

type IAMBindingArray []IAMBindingInput

func (IAMBindingArray) ElementType

func (IAMBindingArray) ElementType() reflect.Type

func (IAMBindingArray) ToIAMBindingArrayOutput

func (i IAMBindingArray) ToIAMBindingArrayOutput() IAMBindingArrayOutput

func (IAMBindingArray) ToIAMBindingArrayOutputWithContext

func (i IAMBindingArray) ToIAMBindingArrayOutputWithContext(ctx context.Context) IAMBindingArrayOutput

type IAMBindingArrayInput

type IAMBindingArrayInput interface {
	pulumi.Input

	ToIAMBindingArrayOutput() IAMBindingArrayOutput
	ToIAMBindingArrayOutputWithContext(context.Context) IAMBindingArrayOutput
}

IAMBindingArrayInput is an input type that accepts IAMBindingArray and IAMBindingArrayOutput values. You can construct a concrete instance of `IAMBindingArrayInput` via:

IAMBindingArray{ IAMBindingArgs{...} }

type IAMBindingArrayOutput

type IAMBindingArrayOutput struct{ *pulumi.OutputState }

func (IAMBindingArrayOutput) ElementType

func (IAMBindingArrayOutput) ElementType() reflect.Type

func (IAMBindingArrayOutput) Index

func (IAMBindingArrayOutput) ToIAMBindingArrayOutput

func (o IAMBindingArrayOutput) ToIAMBindingArrayOutput() IAMBindingArrayOutput

func (IAMBindingArrayOutput) ToIAMBindingArrayOutputWithContext

func (o IAMBindingArrayOutput) ToIAMBindingArrayOutputWithContext(ctx context.Context) IAMBindingArrayOutput

type IAMBindingCondition

type IAMBindingCondition struct {
	Description *string `pulumi:"description"`
	Expression  string  `pulumi:"expression"`
	Title       string  `pulumi:"title"`
}

type IAMBindingConditionArgs

type IAMBindingConditionArgs struct {
	Description pulumi.StringPtrInput `pulumi:"description"`
	Expression  pulumi.StringInput    `pulumi:"expression"`
	Title       pulumi.StringInput    `pulumi:"title"`
}

func (IAMBindingConditionArgs) ElementType

func (IAMBindingConditionArgs) ElementType() reflect.Type

func (IAMBindingConditionArgs) ToIAMBindingConditionOutput

func (i IAMBindingConditionArgs) ToIAMBindingConditionOutput() IAMBindingConditionOutput

func (IAMBindingConditionArgs) ToIAMBindingConditionOutputWithContext

func (i IAMBindingConditionArgs) ToIAMBindingConditionOutputWithContext(ctx context.Context) IAMBindingConditionOutput

func (IAMBindingConditionArgs) ToIAMBindingConditionPtrOutput

func (i IAMBindingConditionArgs) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput

func (IAMBindingConditionArgs) ToIAMBindingConditionPtrOutputWithContext

func (i IAMBindingConditionArgs) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput

type IAMBindingConditionInput

type IAMBindingConditionInput interface {
	pulumi.Input

	ToIAMBindingConditionOutput() IAMBindingConditionOutput
	ToIAMBindingConditionOutputWithContext(context.Context) IAMBindingConditionOutput
}

IAMBindingConditionInput is an input type that accepts IAMBindingConditionArgs and IAMBindingConditionOutput values. You can construct a concrete instance of `IAMBindingConditionInput` via:

IAMBindingConditionArgs{...}

type IAMBindingConditionOutput

type IAMBindingConditionOutput struct{ *pulumi.OutputState }

func (IAMBindingConditionOutput) Description

func (IAMBindingConditionOutput) ElementType

func (IAMBindingConditionOutput) ElementType() reflect.Type

func (IAMBindingConditionOutput) Expression

func (IAMBindingConditionOutput) Title

func (IAMBindingConditionOutput) ToIAMBindingConditionOutput

func (o IAMBindingConditionOutput) ToIAMBindingConditionOutput() IAMBindingConditionOutput

func (IAMBindingConditionOutput) ToIAMBindingConditionOutputWithContext

func (o IAMBindingConditionOutput) ToIAMBindingConditionOutputWithContext(ctx context.Context) IAMBindingConditionOutput

func (IAMBindingConditionOutput) ToIAMBindingConditionPtrOutput

func (o IAMBindingConditionOutput) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput

func (IAMBindingConditionOutput) ToIAMBindingConditionPtrOutputWithContext

func (o IAMBindingConditionOutput) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput

type IAMBindingConditionPtrInput

type IAMBindingConditionPtrInput interface {
	pulumi.Input

	ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput
	ToIAMBindingConditionPtrOutputWithContext(context.Context) IAMBindingConditionPtrOutput
}

IAMBindingConditionPtrInput is an input type that accepts IAMBindingConditionArgs, IAMBindingConditionPtr and IAMBindingConditionPtrOutput values. You can construct a concrete instance of `IAMBindingConditionPtrInput` via:

        IAMBindingConditionArgs{...}

or:

        nil

type IAMBindingConditionPtrOutput

type IAMBindingConditionPtrOutput struct{ *pulumi.OutputState }

func (IAMBindingConditionPtrOutput) Description

func (IAMBindingConditionPtrOutput) Elem

func (IAMBindingConditionPtrOutput) ElementType

func (IAMBindingConditionPtrOutput) Expression

func (IAMBindingConditionPtrOutput) Title

func (IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutput

func (o IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput

func (IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutputWithContext

func (o IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput

type IAMBindingInput

type IAMBindingInput interface {
	pulumi.Input

	ToIAMBindingOutput() IAMBindingOutput
	ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput
}

type IAMBindingMap

type IAMBindingMap map[string]IAMBindingInput

func (IAMBindingMap) ElementType

func (IAMBindingMap) ElementType() reflect.Type

func (IAMBindingMap) ToIAMBindingMapOutput

func (i IAMBindingMap) ToIAMBindingMapOutput() IAMBindingMapOutput

func (IAMBindingMap) ToIAMBindingMapOutputWithContext

func (i IAMBindingMap) ToIAMBindingMapOutputWithContext(ctx context.Context) IAMBindingMapOutput

type IAMBindingMapInput

type IAMBindingMapInput interface {
	pulumi.Input

	ToIAMBindingMapOutput() IAMBindingMapOutput
	ToIAMBindingMapOutputWithContext(context.Context) IAMBindingMapOutput
}

IAMBindingMapInput is an input type that accepts IAMBindingMap and IAMBindingMapOutput values. You can construct a concrete instance of `IAMBindingMapInput` via:

IAMBindingMap{ "key": IAMBindingArgs{...} }

type IAMBindingMapOutput

type IAMBindingMapOutput struct{ *pulumi.OutputState }

func (IAMBindingMapOutput) ElementType

func (IAMBindingMapOutput) ElementType() reflect.Type

func (IAMBindingMapOutput) MapIndex

func (IAMBindingMapOutput) ToIAMBindingMapOutput

func (o IAMBindingMapOutput) ToIAMBindingMapOutput() IAMBindingMapOutput

func (IAMBindingMapOutput) ToIAMBindingMapOutputWithContext

func (o IAMBindingMapOutput) ToIAMBindingMapOutputWithContext(ctx context.Context) IAMBindingMapOutput

type IAMBindingOutput

type IAMBindingOutput struct{ *pulumi.OutputState }

func (IAMBindingOutput) Condition added in v6.23.0

func (IAMBindingOutput) ElementType

func (IAMBindingOutput) ElementType() reflect.Type

func (IAMBindingOutput) Etag added in v6.23.0

(Computed) The etag of the folder's IAM policy.

func (IAMBindingOutput) Folder added in v6.23.0

The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.

func (IAMBindingOutput) Members added in v6.23.0

An array of identities that will be granted the privilege in the `role`. Each entry can have one of the following values: * **user:{emailid}**: An email address that is associated with a specific Google account. For example, alice@gmail.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

func (IAMBindingOutput) Role added in v6.23.0

The role that should be applied. Only one `folder.IAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.

func (IAMBindingOutput) ToIAMBindingOutput

func (o IAMBindingOutput) ToIAMBindingOutput() IAMBindingOutput

func (IAMBindingOutput) ToIAMBindingOutputWithContext

func (o IAMBindingOutput) ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput

type IAMBindingState

type IAMBindingState struct {
	Condition IAMBindingConditionPtrInput
	// (Computed) The etag of the folder's IAM policy.
	Etag pulumi.StringPtrInput
	// The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
	Folder pulumi.StringPtrInput
	// An array of identities that will be granted the privilege in the `role`.
	// Each entry can have one of the following values:
	// * **user:{emailid}**: An email address that is associated with a specific Google account. For example, alice@gmail.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding
	Members pulumi.StringArrayInput
	// The role that should be applied. Only one
	// `folder.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (IAMBindingState) ElementType

func (IAMBindingState) ElementType() reflect.Type

type IAMMember

type IAMMember struct {
	pulumi.CustomResourceState

	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMMemberConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the folder's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
	Folder pulumi.StringOutput `pulumi:"folder"`
	Member pulumi.StringOutput `pulumi:"member"`
	// The role that should be applied. Only one
	// `folder.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `organizations/{{org_id}}/roles/{{role_id}}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Four different resources help you manage your IAM policy for a folder. Each of these resources serves a different use case:

* `folder.IAMPolicy`: Authoritative. Sets the IAM policy for the folder and replaces any existing policy already attached. * `folder.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the folder are preserved. * `folder.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the folder are preserved. * `folder.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.

> **Note:** `folder.IAMPolicy` **cannot** be used in conjunction with `folder.IAMBinding`, `folder.IAMMember`, or `folder.IamAuditConfig` or they will fight over what your policy should be.

> **Note:** `folder.IAMBinding` resources **can be** used in conjunction with `folder.IAMMember` resources **only if** they do not grant privilege to the same role.

> **Note:** The underlying API method `projects.setIamPolicy` has constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints,

IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning a 400 error code so please review these if you encounter errors with this resource.

## google\_folder\_iam\_policy

!> **Be careful!** You can accidentally lock yourself out of your folder

using this resource. Deleting a `folder.IAMPolicy` removes access
from anyone without permissions on its parent folder/organization. Proceed with caution.
It's not recommended to use `folder.IAMPolicy` with your provider folder
to avoid locking yourself out, and it should generally only be used with folders
fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before
applying the change.

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/editor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = folder.NewIAMPolicy(ctx, "folder", &folder.IAMPolicyArgs{
			Folder:     pulumi.String("folders/1234567"),
			PolicyData: *pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Condition: {
						Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
						Title:       "expires_after_2019_12_31",
					},
					Members: []string{
						"user:jane@example.com",
					},
					Role: "roles/compute.admin",
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = folder.NewIAMPolicy(ctx, "folder", &folder.IAMPolicyArgs{
			Folder:     pulumi.String("folders/1234567"),
			PolicyData: *pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_folder\_iam\_binding

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := folder.NewIAMBinding(ctx, "folder", &folder.IAMBindingArgs{
			Folder: pulumi.String("folders/1234567"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Role: pulumi.String("roles/editor"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := folder.NewIAMBinding(ctx, "folder", &folder.IAMBindingArgs{
			Condition: &folder.IAMBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Folder: pulumi.String("folders/1234567"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Role: pulumi.String("roles/container.admin"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_folder\_iam\_member

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := folder.NewIAMMember(ctx, "folder", &folder.IAMMemberArgs{
			Folder: pulumi.String("folders/1234567"),
			Member: pulumi.String("user:jane@example.com"),
			Role:   pulumi.String("roles/editor"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := folder.NewIAMMember(ctx, "folder", &folder.IAMMemberArgs{
			Condition: &folder.IAMMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Folder: pulumi.String("folders/1234567"),
			Member: pulumi.String("user:jane@example.com"),
			Role:   pulumi.String("roles/firebase.admin"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_folder\_iam\_audit\_config

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := folder.NewIamAuditConfig(ctx, "folder", &folder.IamAuditConfigArgs{
			AuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{
				&folder.IamAuditConfigAuditLogConfigArgs{
					LogType: pulumi.String("ADMIN_READ"),
				},
				&folder.IamAuditConfigAuditLogConfigArgs{
					ExemptedMembers: pulumi.StringArray{
						pulumi.String("user:joebloggs@hashicorp.com"),
					},
					LogType: pulumi.String("DATA_READ"),
				},
			},
			Folder:  pulumi.String("folders/1234567"),
			Service: pulumi.String("allServices"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

IAM member imports use space-delimited identifiers; the resource in question, the role, and the account.

This member resource can be imported using the `folder`, role, and member e.g.

```sh

$ pulumi import gcp:folder/iAMMember:IAMMember my_folder "folder roles/viewer user:foo@example.com"

```

IAM binding imports use space-delimited identifiers; the resource in question and the role.

This binding resource can be imported using the `folder` and role, e.g.

```sh

$ pulumi import gcp:folder/iAMMember:IAMMember my_folder "folder roles/viewer"

```

IAM policy imports use the identifier of the resource in question.

This policy resource can be imported using the `folder`.

```sh

$ pulumi import gcp:folder/iAMMember:IAMMember my_folder folder

```

IAM audit config imports use the identifier of the resource in question and the service, e.g.

```sh

$ pulumi import gcp:folder/iAMMember:IAMMember my_folder "folder foo.googleapis.com"

```

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `organizations/{{org_id}}/roles/{{role_id}}`. -> **Conditional IAM Bindings**If you're importing a IAM binding with a condition block, make sure

```sh

$ pulumi import gcp:folder/iAMMember:IAMMember to include the title of condition, e.g. `google_folder_iam_binding.my_folder "folder roles/{{role_id}} condition-title"`

```

func GetIAMMember

func GetIAMMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMMemberState, opts ...pulumi.ResourceOption) (*IAMMember, error)

GetIAMMember gets an existing IAMMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMMember

func NewIAMMember(ctx *pulumi.Context,
	name string, args *IAMMemberArgs, opts ...pulumi.ResourceOption) (*IAMMember, error)

NewIAMMember registers a new resource with the given unique name, arguments, and options.

func (*IAMMember) ElementType

func (*IAMMember) ElementType() reflect.Type

func (*IAMMember) ToIAMMemberOutput

func (i *IAMMember) ToIAMMemberOutput() IAMMemberOutput

func (*IAMMember) ToIAMMemberOutputWithContext

func (i *IAMMember) ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput

type IAMMemberArgs

type IAMMemberArgs struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMMemberConditionPtrInput
	// The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
	Folder pulumi.StringInput
	Member pulumi.StringInput
	// The role that should be applied. Only one
	// `folder.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `organizations/{{org_id}}/roles/{{role_id}}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a IAMMember resource.

func (IAMMemberArgs) ElementType

func (IAMMemberArgs) ElementType() reflect.Type

type IAMMemberArray

type IAMMemberArray []IAMMemberInput

func (IAMMemberArray) ElementType

func (IAMMemberArray) ElementType() reflect.Type

func (IAMMemberArray) ToIAMMemberArrayOutput

func (i IAMMemberArray) ToIAMMemberArrayOutput() IAMMemberArrayOutput

func (IAMMemberArray) ToIAMMemberArrayOutputWithContext

func (i IAMMemberArray) ToIAMMemberArrayOutputWithContext(ctx context.Context) IAMMemberArrayOutput

type IAMMemberArrayInput

type IAMMemberArrayInput interface {
	pulumi.Input

	ToIAMMemberArrayOutput() IAMMemberArrayOutput
	ToIAMMemberArrayOutputWithContext(context.Context) IAMMemberArrayOutput
}

IAMMemberArrayInput is an input type that accepts IAMMemberArray and IAMMemberArrayOutput values. You can construct a concrete instance of `IAMMemberArrayInput` via:

IAMMemberArray{ IAMMemberArgs{...} }

type IAMMemberArrayOutput

type IAMMemberArrayOutput struct{ *pulumi.OutputState }

func (IAMMemberArrayOutput) ElementType

func (IAMMemberArrayOutput) ElementType() reflect.Type

func (IAMMemberArrayOutput) Index

func (IAMMemberArrayOutput) ToIAMMemberArrayOutput

func (o IAMMemberArrayOutput) ToIAMMemberArrayOutput() IAMMemberArrayOutput

func (IAMMemberArrayOutput) ToIAMMemberArrayOutputWithContext

func (o IAMMemberArrayOutput) ToIAMMemberArrayOutputWithContext(ctx context.Context) IAMMemberArrayOutput

type IAMMemberCondition

type IAMMemberCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	//
	// > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the
	// identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will
	// consider it to be an entirely different resource and will treat it as such.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type IAMMemberConditionArgs

type IAMMemberConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	//
	// > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the
	// identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will
	// consider it to be an entirely different resource and will treat it as such.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (IAMMemberConditionArgs) ElementType

func (IAMMemberConditionArgs) ElementType() reflect.Type

func (IAMMemberConditionArgs) ToIAMMemberConditionOutput

func (i IAMMemberConditionArgs) ToIAMMemberConditionOutput() IAMMemberConditionOutput

func (IAMMemberConditionArgs) ToIAMMemberConditionOutputWithContext

func (i IAMMemberConditionArgs) ToIAMMemberConditionOutputWithContext(ctx context.Context) IAMMemberConditionOutput

func (IAMMemberConditionArgs) ToIAMMemberConditionPtrOutput

func (i IAMMemberConditionArgs) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput

func (IAMMemberConditionArgs) ToIAMMemberConditionPtrOutputWithContext

func (i IAMMemberConditionArgs) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput

type IAMMemberConditionInput

type IAMMemberConditionInput interface {
	pulumi.Input

	ToIAMMemberConditionOutput() IAMMemberConditionOutput
	ToIAMMemberConditionOutputWithContext(context.Context) IAMMemberConditionOutput
}

IAMMemberConditionInput is an input type that accepts IAMMemberConditionArgs and IAMMemberConditionOutput values. You can construct a concrete instance of `IAMMemberConditionInput` via:

IAMMemberConditionArgs{...}

type IAMMemberConditionOutput

type IAMMemberConditionOutput struct{ *pulumi.OutputState }

func (IAMMemberConditionOutput) Description

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.

func (IAMMemberConditionOutput) ElementType

func (IAMMemberConditionOutput) ElementType() reflect.Type

func (IAMMemberConditionOutput) Expression

Textual representation of an expression in Common Expression Language syntax.

func (IAMMemberConditionOutput) Title

A title for the expression, i.e. a short string describing its purpose.

func (IAMMemberConditionOutput) ToIAMMemberConditionOutput

func (o IAMMemberConditionOutput) ToIAMMemberConditionOutput() IAMMemberConditionOutput

func (IAMMemberConditionOutput) ToIAMMemberConditionOutputWithContext

func (o IAMMemberConditionOutput) ToIAMMemberConditionOutputWithContext(ctx context.Context) IAMMemberConditionOutput

func (IAMMemberConditionOutput) ToIAMMemberConditionPtrOutput

func (o IAMMemberConditionOutput) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput

func (IAMMemberConditionOutput) ToIAMMemberConditionPtrOutputWithContext

func (o IAMMemberConditionOutput) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput

type IAMMemberConditionPtrInput

type IAMMemberConditionPtrInput interface {
	pulumi.Input

	ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput
	ToIAMMemberConditionPtrOutputWithContext(context.Context) IAMMemberConditionPtrOutput
}

IAMMemberConditionPtrInput is an input type that accepts IAMMemberConditionArgs, IAMMemberConditionPtr and IAMMemberConditionPtrOutput values. You can construct a concrete instance of `IAMMemberConditionPtrInput` via:

        IAMMemberConditionArgs{...}

or:

        nil

type IAMMemberConditionPtrOutput

type IAMMemberConditionPtrOutput struct{ *pulumi.OutputState }

func (IAMMemberConditionPtrOutput) Description

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.

func (IAMMemberConditionPtrOutput) Elem

func (IAMMemberConditionPtrOutput) ElementType

func (IAMMemberConditionPtrOutput) Expression

Textual representation of an expression in Common Expression Language syntax.

func (IAMMemberConditionPtrOutput) Title

A title for the expression, i.e. a short string describing its purpose.

func (IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutput

func (o IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput

func (IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutputWithContext

func (o IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput

type IAMMemberInput

type IAMMemberInput interface {
	pulumi.Input

	ToIAMMemberOutput() IAMMemberOutput
	ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput
}

type IAMMemberMap

type IAMMemberMap map[string]IAMMemberInput

func (IAMMemberMap) ElementType

func (IAMMemberMap) ElementType() reflect.Type

func (IAMMemberMap) ToIAMMemberMapOutput

func (i IAMMemberMap) ToIAMMemberMapOutput() IAMMemberMapOutput

func (IAMMemberMap) ToIAMMemberMapOutputWithContext

func (i IAMMemberMap) ToIAMMemberMapOutputWithContext(ctx context.Context) IAMMemberMapOutput

type IAMMemberMapInput

type IAMMemberMapInput interface {
	pulumi.Input

	ToIAMMemberMapOutput() IAMMemberMapOutput
	ToIAMMemberMapOutputWithContext(context.Context) IAMMemberMapOutput
}

IAMMemberMapInput is an input type that accepts IAMMemberMap and IAMMemberMapOutput values. You can construct a concrete instance of `IAMMemberMapInput` via:

IAMMemberMap{ "key": IAMMemberArgs{...} }

type IAMMemberMapOutput

type IAMMemberMapOutput struct{ *pulumi.OutputState }

func (IAMMemberMapOutput) ElementType

func (IAMMemberMapOutput) ElementType() reflect.Type

func (IAMMemberMapOutput) MapIndex

func (IAMMemberMapOutput) ToIAMMemberMapOutput

func (o IAMMemberMapOutput) ToIAMMemberMapOutput() IAMMemberMapOutput

func (IAMMemberMapOutput) ToIAMMemberMapOutputWithContext

func (o IAMMemberMapOutput) ToIAMMemberMapOutputWithContext(ctx context.Context) IAMMemberMapOutput

type IAMMemberOutput

type IAMMemberOutput struct{ *pulumi.OutputState }

func (IAMMemberOutput) Condition added in v6.23.0

An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.

func (IAMMemberOutput) ElementType

func (IAMMemberOutput) ElementType() reflect.Type

func (IAMMemberOutput) Etag added in v6.23.0

(Computed) The etag of the folder's IAM policy.

func (IAMMemberOutput) Folder added in v6.23.0

func (o IAMMemberOutput) Folder() pulumi.StringOutput

The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.

func (IAMMemberOutput) Member added in v6.23.0

func (o IAMMemberOutput) Member() pulumi.StringOutput

func (IAMMemberOutput) Role added in v6.23.0

The role that should be applied. Only one `folder.IAMBinding` can be used per role. Note that custom roles must be of the format `organizations/{{org_id}}/roles/{{role_id}}`.

func (IAMMemberOutput) ToIAMMemberOutput

func (o IAMMemberOutput) ToIAMMemberOutput() IAMMemberOutput

func (IAMMemberOutput) ToIAMMemberOutputWithContext

func (o IAMMemberOutput) ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput

type IAMMemberState

type IAMMemberState struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMMemberConditionPtrInput
	// (Computed) The etag of the folder's IAM policy.
	Etag pulumi.StringPtrInput
	// The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
	Folder pulumi.StringPtrInput
	Member pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `folder.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `organizations/{{org_id}}/roles/{{role_id}}`.
	Role pulumi.StringPtrInput
}

func (IAMMemberState) ElementType

func (IAMMemberState) ElementType() reflect.Type

type IAMPolicy

type IAMPolicy struct {
	pulumi.CustomResourceState

	// (Computed) The etag of the folder's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
	Folder pulumi.StringOutput `pulumi:"folder"`
	// The `organizations.getIAMPolicy` data source that represents
	// the IAM policy that will be applied to the folder. The policy will be
	// merged with any existing policy applied to the folder.
	//
	// Changing this updates the policy.
	//
	// Deleting this removes all policies from the folder, locking out users without
	// folder-level access.
	PolicyData pulumi.StringOutput `pulumi:"policyData"`
}

Four different resources help you manage your IAM policy for a folder. Each of these resources serves a different use case:

* `folder.IAMPolicy`: Authoritative. Sets the IAM policy for the folder and replaces any existing policy already attached. * `folder.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the folder are preserved. * `folder.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the folder are preserved. * `folder.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.

> **Note:** `folder.IAMPolicy` **cannot** be used in conjunction with `folder.IAMBinding`, `folder.IAMMember`, or `folder.IamAuditConfig` or they will fight over what your policy should be.

> **Note:** `folder.IAMBinding` resources **can be** used in conjunction with `folder.IAMMember` resources **only if** they do not grant privilege to the same role.

> **Note:** The underlying API method `projects.setIamPolicy` has constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints,

IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning a 400 error code so please review these if you encounter errors with this resource.

## google\_folder\_iam\_policy

!> **Be careful!** You can accidentally lock yourself out of your folder

using this resource. Deleting a `folder.IAMPolicy` removes access
from anyone without permissions on its parent folder/organization. Proceed with caution.
It's not recommended to use `folder.IAMPolicy` with your provider folder
to avoid locking yourself out, and it should generally only be used with folders
fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before
applying the change.

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/editor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = folder.NewIAMPolicy(ctx, "folder", &folder.IAMPolicyArgs{
			Folder:     pulumi.String("folders/1234567"),
			PolicyData: *pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Condition: {
						Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
						Title:       "expires_after_2019_12_31",
					},
					Members: []string{
						"user:jane@example.com",
					},
					Role: "roles/compute.admin",
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = folder.NewIAMPolicy(ctx, "folder", &folder.IAMPolicyArgs{
			Folder:     pulumi.String("folders/1234567"),
			PolicyData: *pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_folder\_iam\_binding

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := folder.NewIAMBinding(ctx, "folder", &folder.IAMBindingArgs{
			Folder: pulumi.String("folders/1234567"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Role: pulumi.String("roles/editor"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := folder.NewIAMBinding(ctx, "folder", &folder.IAMBindingArgs{
			Condition: &folder.IAMBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Folder: pulumi.String("folders/1234567"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Role: pulumi.String("roles/container.admin"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_folder\_iam\_member

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := folder.NewIAMMember(ctx, "folder", &folder.IAMMemberArgs{
			Folder: pulumi.String("folders/1234567"),
			Member: pulumi.String("user:jane@example.com"),
			Role:   pulumi.String("roles/editor"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := folder.NewIAMMember(ctx, "folder", &folder.IAMMemberArgs{
			Condition: &folder.IAMMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Folder: pulumi.String("folders/1234567"),
			Member: pulumi.String("user:jane@example.com"),
			Role:   pulumi.String("roles/firebase.admin"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_folder\_iam\_audit\_config

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := folder.NewIamAuditConfig(ctx, "folder", &folder.IamAuditConfigArgs{
			AuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{
				&folder.IamAuditConfigAuditLogConfigArgs{
					LogType: pulumi.String("ADMIN_READ"),
				},
				&folder.IamAuditConfigAuditLogConfigArgs{
					ExemptedMembers: pulumi.StringArray{
						pulumi.String("user:joebloggs@hashicorp.com"),
					},
					LogType: pulumi.String("DATA_READ"),
				},
			},
			Folder:  pulumi.String("folders/1234567"),
			Service: pulumi.String("allServices"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

IAM member imports use space-delimited identifiers; the resource in question, the role, and the account.

This member resource can be imported using the `folder`, role, and member e.g.

```sh

$ pulumi import gcp:folder/iAMPolicy:IAMPolicy my_folder "folder roles/viewer user:foo@example.com"

```

IAM binding imports use space-delimited identifiers; the resource in question and the role.

This binding resource can be imported using the `folder` and role, e.g.

```sh

$ pulumi import gcp:folder/iAMPolicy:IAMPolicy my_folder "folder roles/viewer"

```

IAM policy imports use the identifier of the resource in question.

This policy resource can be imported using the `folder`.

```sh

$ pulumi import gcp:folder/iAMPolicy:IAMPolicy my_folder folder

```

IAM audit config imports use the identifier of the resource in question and the service, e.g.

```sh

$ pulumi import gcp:folder/iAMPolicy:IAMPolicy my_folder "folder foo.googleapis.com"

```

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `organizations/{{org_id}}/roles/{{role_id}}`. -> **Conditional IAM Bindings**If you're importing a IAM binding with a condition block, make sure

```sh

$ pulumi import gcp:folder/iAMPolicy:IAMPolicy to include the title of condition, e.g. `google_folder_iam_binding.my_folder "folder roles/{{role_id}} condition-title"`

```

func GetIAMPolicy

func GetIAMPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMPolicyState, opts ...pulumi.ResourceOption) (*IAMPolicy, error)

GetIAMPolicy gets an existing IAMPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMPolicy

func NewIAMPolicy(ctx *pulumi.Context,
	name string, args *IAMPolicyArgs, opts ...pulumi.ResourceOption) (*IAMPolicy, error)

NewIAMPolicy registers a new resource with the given unique name, arguments, and options.

func (*IAMPolicy) ElementType

func (*IAMPolicy) ElementType() reflect.Type

func (*IAMPolicy) ToIAMPolicyOutput

func (i *IAMPolicy) ToIAMPolicyOutput() IAMPolicyOutput

func (*IAMPolicy) ToIAMPolicyOutputWithContext

func (i *IAMPolicy) ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput

type IAMPolicyArgs

type IAMPolicyArgs struct {
	// The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
	Folder pulumi.StringInput
	// The `organizations.getIAMPolicy` data source that represents
	// the IAM policy that will be applied to the folder. The policy will be
	// merged with any existing policy applied to the folder.
	//
	// Changing this updates the policy.
	//
	// Deleting this removes all policies from the folder, locking out users without
	// folder-level access.
	PolicyData pulumi.StringInput
}

The set of arguments for constructing a IAMPolicy resource.

func (IAMPolicyArgs) ElementType

func (IAMPolicyArgs) ElementType() reflect.Type

type IAMPolicyArray

type IAMPolicyArray []IAMPolicyInput

func (IAMPolicyArray) ElementType

func (IAMPolicyArray) ElementType() reflect.Type

func (IAMPolicyArray) ToIAMPolicyArrayOutput

func (i IAMPolicyArray) ToIAMPolicyArrayOutput() IAMPolicyArrayOutput

func (IAMPolicyArray) ToIAMPolicyArrayOutputWithContext

func (i IAMPolicyArray) ToIAMPolicyArrayOutputWithContext(ctx context.Context) IAMPolicyArrayOutput

type IAMPolicyArrayInput

type IAMPolicyArrayInput interface {
	pulumi.Input

	ToIAMPolicyArrayOutput() IAMPolicyArrayOutput
	ToIAMPolicyArrayOutputWithContext(context.Context) IAMPolicyArrayOutput
}

IAMPolicyArrayInput is an input type that accepts IAMPolicyArray and IAMPolicyArrayOutput values. You can construct a concrete instance of `IAMPolicyArrayInput` via:

IAMPolicyArray{ IAMPolicyArgs{...} }

type IAMPolicyArrayOutput

type IAMPolicyArrayOutput struct{ *pulumi.OutputState }

func (IAMPolicyArrayOutput) ElementType

func (IAMPolicyArrayOutput) ElementType() reflect.Type

func (IAMPolicyArrayOutput) Index

func (IAMPolicyArrayOutput) ToIAMPolicyArrayOutput

func (o IAMPolicyArrayOutput) ToIAMPolicyArrayOutput() IAMPolicyArrayOutput

func (IAMPolicyArrayOutput) ToIAMPolicyArrayOutputWithContext

func (o IAMPolicyArrayOutput) ToIAMPolicyArrayOutputWithContext(ctx context.Context) IAMPolicyArrayOutput

type IAMPolicyInput

type IAMPolicyInput interface {
	pulumi.Input

	ToIAMPolicyOutput() IAMPolicyOutput
	ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput
}

type IAMPolicyMap

type IAMPolicyMap map[string]IAMPolicyInput

func (IAMPolicyMap) ElementType

func (IAMPolicyMap) ElementType() reflect.Type

func (IAMPolicyMap) ToIAMPolicyMapOutput

func (i IAMPolicyMap) ToIAMPolicyMapOutput() IAMPolicyMapOutput

func (IAMPolicyMap) ToIAMPolicyMapOutputWithContext

func (i IAMPolicyMap) ToIAMPolicyMapOutputWithContext(ctx context.Context) IAMPolicyMapOutput

type IAMPolicyMapInput

type IAMPolicyMapInput interface {
	pulumi.Input

	ToIAMPolicyMapOutput() IAMPolicyMapOutput
	ToIAMPolicyMapOutputWithContext(context.Context) IAMPolicyMapOutput
}

IAMPolicyMapInput is an input type that accepts IAMPolicyMap and IAMPolicyMapOutput values. You can construct a concrete instance of `IAMPolicyMapInput` via:

IAMPolicyMap{ "key": IAMPolicyArgs{...} }

type IAMPolicyMapOutput

type IAMPolicyMapOutput struct{ *pulumi.OutputState }

func (IAMPolicyMapOutput) ElementType

func (IAMPolicyMapOutput) ElementType() reflect.Type

func (IAMPolicyMapOutput) MapIndex

func (IAMPolicyMapOutput) ToIAMPolicyMapOutput

func (o IAMPolicyMapOutput) ToIAMPolicyMapOutput() IAMPolicyMapOutput

func (IAMPolicyMapOutput) ToIAMPolicyMapOutputWithContext

func (o IAMPolicyMapOutput) ToIAMPolicyMapOutputWithContext(ctx context.Context) IAMPolicyMapOutput

type IAMPolicyOutput

type IAMPolicyOutput struct{ *pulumi.OutputState }

func (IAMPolicyOutput) ElementType

func (IAMPolicyOutput) ElementType() reflect.Type

func (IAMPolicyOutput) Etag added in v6.23.0

(Computed) The etag of the folder's IAM policy.

func (IAMPolicyOutput) Folder added in v6.23.0

func (o IAMPolicyOutput) Folder() pulumi.StringOutput

The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.

func (IAMPolicyOutput) PolicyData added in v6.23.0

func (o IAMPolicyOutput) PolicyData() pulumi.StringOutput

The `organizations.getIAMPolicy` data source that represents the IAM policy that will be applied to the folder. The policy will be merged with any existing policy applied to the folder.

Changing this updates the policy.

Deleting this removes all policies from the folder, locking out users without folder-level access.

func (IAMPolicyOutput) ToIAMPolicyOutput

func (o IAMPolicyOutput) ToIAMPolicyOutput() IAMPolicyOutput

func (IAMPolicyOutput) ToIAMPolicyOutputWithContext

func (o IAMPolicyOutput) ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput

type IAMPolicyState

type IAMPolicyState struct {
	// (Computed) The etag of the folder's IAM policy.
	Etag pulumi.StringPtrInput
	// The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
	Folder pulumi.StringPtrInput
	// The `organizations.getIAMPolicy` data source that represents
	// the IAM policy that will be applied to the folder. The policy will be
	// merged with any existing policy applied to the folder.
	//
	// Changing this updates the policy.
	//
	// Deleting this removes all policies from the folder, locking out users without
	// folder-level access.
	PolicyData pulumi.StringPtrInput
}

func (IAMPolicyState) ElementType

func (IAMPolicyState) ElementType() reflect.Type

type IamAuditConfig

type IamAuditConfig struct {
	pulumi.CustomResourceState

	// The configuration for logging of each type of permission.  This can be specified multiple times.  Structure is documented below.
	AuditLogConfigs IamAuditConfigAuditLogConfigArrayOutput `pulumi:"auditLogConfigs"`
	// (Computed) The etag of the folder's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
	Folder pulumi.StringOutput `pulumi:"folder"`
	// Service which will be enabled for audit logging.  The special value `allServices` covers all services.  Note that if there are google\_folder\_iam\_audit\_config resources covering both `allServices` and a specific service then the union of the two AuditConfigs is used for that service: the `logTypes` specified in each `auditLogConfig` are enabled, and the `exemptedMembers` in each `auditLogConfig` are exempted.
	Service pulumi.StringOutput `pulumi:"service"`
}

Four different resources help you manage your IAM policy for a folder. Each of these resources serves a different use case:

* `folder.IAMPolicy`: Authoritative. Sets the IAM policy for the folder and replaces any existing policy already attached. * `folder.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the folder are preserved. * `folder.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the folder are preserved. * `folder.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.

> **Note:** `folder.IAMPolicy` **cannot** be used in conjunction with `folder.IAMBinding`, `folder.IAMMember`, or `folder.IamAuditConfig` or they will fight over what your policy should be.

> **Note:** `folder.IAMBinding` resources **can be** used in conjunction with `folder.IAMMember` resources **only if** they do not grant privilege to the same role.

> **Note:** The underlying API method `projects.setIamPolicy` has constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints,

IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning a 400 error code so please review these if you encounter errors with this resource.

## google\_folder\_iam\_policy

!> **Be careful!** You can accidentally lock yourself out of your folder

using this resource. Deleting a `folder.IAMPolicy` removes access
from anyone without permissions on its parent folder/organization. Proceed with caution.
It's not recommended to use `folder.IAMPolicy` with your provider folder
to avoid locking yourself out, and it should generally only be used with folders
fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before
applying the change.

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/editor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = folder.NewIAMPolicy(ctx, "folder", &folder.IAMPolicyArgs{
			Folder:     pulumi.String("folders/1234567"),
			PolicyData: *pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Condition: {
						Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
						Title:       "expires_after_2019_12_31",
					},
					Members: []string{
						"user:jane@example.com",
					},
					Role: "roles/compute.admin",
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = folder.NewIAMPolicy(ctx, "folder", &folder.IAMPolicyArgs{
			Folder:     pulumi.String("folders/1234567"),
			PolicyData: *pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_folder\_iam\_binding

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := folder.NewIAMBinding(ctx, "folder", &folder.IAMBindingArgs{
			Folder: pulumi.String("folders/1234567"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Role: pulumi.String("roles/editor"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := folder.NewIAMBinding(ctx, "folder", &folder.IAMBindingArgs{
			Condition: &folder.IAMBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Folder: pulumi.String("folders/1234567"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Role: pulumi.String("roles/container.admin"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_folder\_iam\_member

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := folder.NewIAMMember(ctx, "folder", &folder.IAMMemberArgs{
			Folder: pulumi.String("folders/1234567"),
			Member: pulumi.String("user:jane@example.com"),
			Role:   pulumi.String("roles/editor"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := folder.NewIAMMember(ctx, "folder", &folder.IAMMemberArgs{
			Condition: &folder.IAMMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Folder: pulumi.String("folders/1234567"),
			Member: pulumi.String("user:jane@example.com"),
			Role:   pulumi.String("roles/firebase.admin"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_folder\_iam\_audit\_config

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := folder.NewIamAuditConfig(ctx, "folder", &folder.IamAuditConfigArgs{
			AuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{
				&folder.IamAuditConfigAuditLogConfigArgs{
					LogType: pulumi.String("ADMIN_READ"),
				},
				&folder.IamAuditConfigAuditLogConfigArgs{
					ExemptedMembers: pulumi.StringArray{
						pulumi.String("user:joebloggs@hashicorp.com"),
					},
					LogType: pulumi.String("DATA_READ"),
				},
			},
			Folder:  pulumi.String("folders/1234567"),
			Service: pulumi.String("allServices"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

IAM member imports use space-delimited identifiers; the resource in question, the role, and the account.

This member resource can be imported using the `folder`, role, and member e.g.

```sh

$ pulumi import gcp:folder/iamAuditConfig:IamAuditConfig my_folder "folder roles/viewer user:foo@example.com"

```

IAM binding imports use space-delimited identifiers; the resource in question and the role.

This binding resource can be imported using the `folder` and role, e.g.

```sh

$ pulumi import gcp:folder/iamAuditConfig:IamAuditConfig my_folder "folder roles/viewer"

```

IAM policy imports use the identifier of the resource in question.

This policy resource can be imported using the `folder`.

```sh

$ pulumi import gcp:folder/iamAuditConfig:IamAuditConfig my_folder folder

```

IAM audit config imports use the identifier of the resource in question and the service, e.g.

```sh

$ pulumi import gcp:folder/iamAuditConfig:IamAuditConfig my_folder "folder foo.googleapis.com"

```

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `organizations/{{org_id}}/roles/{{role_id}}`. -> **Conditional IAM Bindings**If you're importing a IAM binding with a condition block, make sure

```sh

$ pulumi import gcp:folder/iamAuditConfig:IamAuditConfig to include the title of condition, e.g. `google_folder_iam_binding.my_folder "folder roles/{{role_id}} condition-title"`

```

func GetIamAuditConfig

func GetIamAuditConfig(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IamAuditConfigState, opts ...pulumi.ResourceOption) (*IamAuditConfig, error)

GetIamAuditConfig gets an existing IamAuditConfig resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIamAuditConfig

func NewIamAuditConfig(ctx *pulumi.Context,
	name string, args *IamAuditConfigArgs, opts ...pulumi.ResourceOption) (*IamAuditConfig, error)

NewIamAuditConfig registers a new resource with the given unique name, arguments, and options.

func (*IamAuditConfig) ElementType

func (*IamAuditConfig) ElementType() reflect.Type

func (*IamAuditConfig) ToIamAuditConfigOutput

func (i *IamAuditConfig) ToIamAuditConfigOutput() IamAuditConfigOutput

func (*IamAuditConfig) ToIamAuditConfigOutputWithContext

func (i *IamAuditConfig) ToIamAuditConfigOutputWithContext(ctx context.Context) IamAuditConfigOutput

type IamAuditConfigArgs

type IamAuditConfigArgs struct {
	// The configuration for logging of each type of permission.  This can be specified multiple times.  Structure is documented below.
	AuditLogConfigs IamAuditConfigAuditLogConfigArrayInput
	// The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
	Folder pulumi.StringInput
	// Service which will be enabled for audit logging.  The special value `allServices` covers all services.  Note that if there are google\_folder\_iam\_audit\_config resources covering both `allServices` and a specific service then the union of the two AuditConfigs is used for that service: the `logTypes` specified in each `auditLogConfig` are enabled, and the `exemptedMembers` in each `auditLogConfig` are exempted.
	Service pulumi.StringInput
}

The set of arguments for constructing a IamAuditConfig resource.

func (IamAuditConfigArgs) ElementType

func (IamAuditConfigArgs) ElementType() reflect.Type

type IamAuditConfigArray

type IamAuditConfigArray []IamAuditConfigInput

func (IamAuditConfigArray) ElementType

func (IamAuditConfigArray) ElementType() reflect.Type

func (IamAuditConfigArray) ToIamAuditConfigArrayOutput

func (i IamAuditConfigArray) ToIamAuditConfigArrayOutput() IamAuditConfigArrayOutput

func (IamAuditConfigArray) ToIamAuditConfigArrayOutputWithContext

func (i IamAuditConfigArray) ToIamAuditConfigArrayOutputWithContext(ctx context.Context) IamAuditConfigArrayOutput

type IamAuditConfigArrayInput

type IamAuditConfigArrayInput interface {
	pulumi.Input

	ToIamAuditConfigArrayOutput() IamAuditConfigArrayOutput
	ToIamAuditConfigArrayOutputWithContext(context.Context) IamAuditConfigArrayOutput
}

IamAuditConfigArrayInput is an input type that accepts IamAuditConfigArray and IamAuditConfigArrayOutput values. You can construct a concrete instance of `IamAuditConfigArrayInput` via:

IamAuditConfigArray{ IamAuditConfigArgs{...} }

type IamAuditConfigArrayOutput

type IamAuditConfigArrayOutput struct{ *pulumi.OutputState }

func (IamAuditConfigArrayOutput) ElementType

func (IamAuditConfigArrayOutput) ElementType() reflect.Type

func (IamAuditConfigArrayOutput) Index

func (IamAuditConfigArrayOutput) ToIamAuditConfigArrayOutput

func (o IamAuditConfigArrayOutput) ToIamAuditConfigArrayOutput() IamAuditConfigArrayOutput

func (IamAuditConfigArrayOutput) ToIamAuditConfigArrayOutputWithContext

func (o IamAuditConfigArrayOutput) ToIamAuditConfigArrayOutputWithContext(ctx context.Context) IamAuditConfigArrayOutput

type IamAuditConfigAuditLogConfig

type IamAuditConfigAuditLogConfig struct {
	// Identities that do not cause logging for this type of permission.  The format is the same as that for `members`.
	ExemptedMembers []string `pulumi:"exemptedMembers"`
	// Permission type for which logging is to be configured.  Must be one of `DATA_READ`, `DATA_WRITE`, or `ADMIN_READ`.
	LogType string `pulumi:"logType"`
}

type IamAuditConfigAuditLogConfigArgs

type IamAuditConfigAuditLogConfigArgs struct {
	// Identities that do not cause logging for this type of permission.  The format is the same as that for `members`.
	ExemptedMembers pulumi.StringArrayInput `pulumi:"exemptedMembers"`
	// Permission type for which logging is to be configured.  Must be one of `DATA_READ`, `DATA_WRITE`, or `ADMIN_READ`.
	LogType pulumi.StringInput `pulumi:"logType"`
}

func (IamAuditConfigAuditLogConfigArgs) ElementType

func (IamAuditConfigAuditLogConfigArgs) ToIamAuditConfigAuditLogConfigOutput

func (i IamAuditConfigAuditLogConfigArgs) ToIamAuditConfigAuditLogConfigOutput() IamAuditConfigAuditLogConfigOutput

func (IamAuditConfigAuditLogConfigArgs) ToIamAuditConfigAuditLogConfigOutputWithContext

func (i IamAuditConfigAuditLogConfigArgs) ToIamAuditConfigAuditLogConfigOutputWithContext(ctx context.Context) IamAuditConfigAuditLogConfigOutput

type IamAuditConfigAuditLogConfigArray

type IamAuditConfigAuditLogConfigArray []IamAuditConfigAuditLogConfigInput

func (IamAuditConfigAuditLogConfigArray) ElementType

func (IamAuditConfigAuditLogConfigArray) ToIamAuditConfigAuditLogConfigArrayOutput

func (i IamAuditConfigAuditLogConfigArray) ToIamAuditConfigAuditLogConfigArrayOutput() IamAuditConfigAuditLogConfigArrayOutput

func (IamAuditConfigAuditLogConfigArray) ToIamAuditConfigAuditLogConfigArrayOutputWithContext

func (i IamAuditConfigAuditLogConfigArray) ToIamAuditConfigAuditLogConfigArrayOutputWithContext(ctx context.Context) IamAuditConfigAuditLogConfigArrayOutput

type IamAuditConfigAuditLogConfigArrayInput

type IamAuditConfigAuditLogConfigArrayInput interface {
	pulumi.Input

	ToIamAuditConfigAuditLogConfigArrayOutput() IamAuditConfigAuditLogConfigArrayOutput
	ToIamAuditConfigAuditLogConfigArrayOutputWithContext(context.Context) IamAuditConfigAuditLogConfigArrayOutput
}

IamAuditConfigAuditLogConfigArrayInput is an input type that accepts IamAuditConfigAuditLogConfigArray and IamAuditConfigAuditLogConfigArrayOutput values. You can construct a concrete instance of `IamAuditConfigAuditLogConfigArrayInput` via:

IamAuditConfigAuditLogConfigArray{ IamAuditConfigAuditLogConfigArgs{...} }

type IamAuditConfigAuditLogConfigArrayOutput

type IamAuditConfigAuditLogConfigArrayOutput struct{ *pulumi.OutputState }

func (IamAuditConfigAuditLogConfigArrayOutput) ElementType

func (IamAuditConfigAuditLogConfigArrayOutput) Index

func (IamAuditConfigAuditLogConfigArrayOutput) ToIamAuditConfigAuditLogConfigArrayOutput

func (o IamAuditConfigAuditLogConfigArrayOutput) ToIamAuditConfigAuditLogConfigArrayOutput() IamAuditConfigAuditLogConfigArrayOutput

func (IamAuditConfigAuditLogConfigArrayOutput) ToIamAuditConfigAuditLogConfigArrayOutputWithContext

func (o IamAuditConfigAuditLogConfigArrayOutput) ToIamAuditConfigAuditLogConfigArrayOutputWithContext(ctx context.Context) IamAuditConfigAuditLogConfigArrayOutput

type IamAuditConfigAuditLogConfigInput

type IamAuditConfigAuditLogConfigInput interface {
	pulumi.Input

	ToIamAuditConfigAuditLogConfigOutput() IamAuditConfigAuditLogConfigOutput
	ToIamAuditConfigAuditLogConfigOutputWithContext(context.Context) IamAuditConfigAuditLogConfigOutput
}

IamAuditConfigAuditLogConfigInput is an input type that accepts IamAuditConfigAuditLogConfigArgs and IamAuditConfigAuditLogConfigOutput values. You can construct a concrete instance of `IamAuditConfigAuditLogConfigInput` via:

IamAuditConfigAuditLogConfigArgs{...}

type IamAuditConfigAuditLogConfigOutput

type IamAuditConfigAuditLogConfigOutput struct{ *pulumi.OutputState }

func (IamAuditConfigAuditLogConfigOutput) ElementType

func (IamAuditConfigAuditLogConfigOutput) ExemptedMembers

Identities that do not cause logging for this type of permission. The format is the same as that for `members`.

func (IamAuditConfigAuditLogConfigOutput) LogType

Permission type for which logging is to be configured. Must be one of `DATA_READ`, `DATA_WRITE`, or `ADMIN_READ`.

func (IamAuditConfigAuditLogConfigOutput) ToIamAuditConfigAuditLogConfigOutput

func (o IamAuditConfigAuditLogConfigOutput) ToIamAuditConfigAuditLogConfigOutput() IamAuditConfigAuditLogConfigOutput

func (IamAuditConfigAuditLogConfigOutput) ToIamAuditConfigAuditLogConfigOutputWithContext

func (o IamAuditConfigAuditLogConfigOutput) ToIamAuditConfigAuditLogConfigOutputWithContext(ctx context.Context) IamAuditConfigAuditLogConfigOutput

type IamAuditConfigInput

type IamAuditConfigInput interface {
	pulumi.Input

	ToIamAuditConfigOutput() IamAuditConfigOutput
	ToIamAuditConfigOutputWithContext(ctx context.Context) IamAuditConfigOutput
}

type IamAuditConfigMap

type IamAuditConfigMap map[string]IamAuditConfigInput

func (IamAuditConfigMap) ElementType

func (IamAuditConfigMap) ElementType() reflect.Type

func (IamAuditConfigMap) ToIamAuditConfigMapOutput

func (i IamAuditConfigMap) ToIamAuditConfigMapOutput() IamAuditConfigMapOutput

func (IamAuditConfigMap) ToIamAuditConfigMapOutputWithContext

func (i IamAuditConfigMap) ToIamAuditConfigMapOutputWithContext(ctx context.Context) IamAuditConfigMapOutput

type IamAuditConfigMapInput

type IamAuditConfigMapInput interface {
	pulumi.Input

	ToIamAuditConfigMapOutput() IamAuditConfigMapOutput
	ToIamAuditConfigMapOutputWithContext(context.Context) IamAuditConfigMapOutput
}

IamAuditConfigMapInput is an input type that accepts IamAuditConfigMap and IamAuditConfigMapOutput values. You can construct a concrete instance of `IamAuditConfigMapInput` via:

IamAuditConfigMap{ "key": IamAuditConfigArgs{...} }

type IamAuditConfigMapOutput

type IamAuditConfigMapOutput struct{ *pulumi.OutputState }

func (IamAuditConfigMapOutput) ElementType

func (IamAuditConfigMapOutput) ElementType() reflect.Type

func (IamAuditConfigMapOutput) MapIndex

func (IamAuditConfigMapOutput) ToIamAuditConfigMapOutput

func (o IamAuditConfigMapOutput) ToIamAuditConfigMapOutput() IamAuditConfigMapOutput

func (IamAuditConfigMapOutput) ToIamAuditConfigMapOutputWithContext

func (o IamAuditConfigMapOutput) ToIamAuditConfigMapOutputWithContext(ctx context.Context) IamAuditConfigMapOutput

type IamAuditConfigOutput

type IamAuditConfigOutput struct{ *pulumi.OutputState }

func (IamAuditConfigOutput) AuditLogConfigs added in v6.23.0

The configuration for logging of each type of permission. This can be specified multiple times. Structure is documented below.

func (IamAuditConfigOutput) ElementType

func (IamAuditConfigOutput) ElementType() reflect.Type

func (IamAuditConfigOutput) Etag added in v6.23.0

(Computed) The etag of the folder's IAM policy.

func (IamAuditConfigOutput) Folder added in v6.23.0

The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.

func (IamAuditConfigOutput) Service added in v6.23.0

Service which will be enabled for audit logging. The special value `allServices` covers all services. Note that if there are google\_folder\_iam\_audit\_config resources covering both `allServices` and a specific service then the union of the two AuditConfigs is used for that service: the `logTypes` specified in each `auditLogConfig` are enabled, and the `exemptedMembers` in each `auditLogConfig` are exempted.

func (IamAuditConfigOutput) ToIamAuditConfigOutput

func (o IamAuditConfigOutput) ToIamAuditConfigOutput() IamAuditConfigOutput

func (IamAuditConfigOutput) ToIamAuditConfigOutputWithContext

func (o IamAuditConfigOutput) ToIamAuditConfigOutputWithContext(ctx context.Context) IamAuditConfigOutput

type IamAuditConfigState

type IamAuditConfigState struct {
	// The configuration for logging of each type of permission.  This can be specified multiple times.  Structure is documented below.
	AuditLogConfigs IamAuditConfigAuditLogConfigArrayInput
	// (Computed) The etag of the folder's IAM policy.
	Etag pulumi.StringPtrInput
	// The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.
	Folder pulumi.StringPtrInput
	// Service which will be enabled for audit logging.  The special value `allServices` covers all services.  Note that if there are google\_folder\_iam\_audit\_config resources covering both `allServices` and a specific service then the union of the two AuditConfigs is used for that service: the `logTypes` specified in each `auditLogConfig` are enabled, and the `exemptedMembers` in each `auditLogConfig` are exempted.
	Service pulumi.StringPtrInput
}

func (IamAuditConfigState) ElementType

func (IamAuditConfigState) ElementType() reflect.Type

type LookupOrganizationPolicyArgs

type LookupOrganizationPolicyArgs struct {
	// (Required) The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).
	Constraint string `pulumi:"constraint"`
	// The resource name of the folder to set the policy for. Its format is folders/{folder_id}.
	Folder string `pulumi:"folder"`
}

A collection of arguments for invoking getOrganizationPolicy.

type LookupOrganizationPolicyOutputArgs

type LookupOrganizationPolicyOutputArgs struct {
	// (Required) The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).
	Constraint pulumi.StringInput `pulumi:"constraint"`
	// The resource name of the folder to set the policy for. Its format is folders/{folder_id}.
	Folder pulumi.StringInput `pulumi:"folder"`
}

A collection of arguments for invoking getOrganizationPolicy.

func (LookupOrganizationPolicyOutputArgs) ElementType

type LookupOrganizationPolicyResult

type LookupOrganizationPolicyResult struct {
	BooleanPolicies []GetOrganizationPolicyBooleanPolicy `pulumi:"booleanPolicies"`
	Constraint      string                               `pulumi:"constraint"`
	Etag            string                               `pulumi:"etag"`
	Folder          string                               `pulumi:"folder"`
	// The provider-assigned unique ID for this managed resource.
	Id              string                               `pulumi:"id"`
	ListPolicies    []GetOrganizationPolicyListPolicy    `pulumi:"listPolicies"`
	RestorePolicies []GetOrganizationPolicyRestorePolicy `pulumi:"restorePolicies"`
	UpdateTime      string                               `pulumi:"updateTime"`
	Version         int                                  `pulumi:"version"`
}

A collection of values returned by getOrganizationPolicy.

func LookupOrganizationPolicy

func LookupOrganizationPolicy(ctx *pulumi.Context, args *LookupOrganizationPolicyArgs, opts ...pulumi.InvokeOption) (*LookupOrganizationPolicyResult, error)

Allows management of Organization policies for a Google Folder. For more information see [the official documentation](https://cloud.google.com/resource-manager/docs/organization-policy/overview)

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		policy, err := folder.LookupOrganizationPolicy(ctx, &folder.LookupOrganizationPolicyArgs{
			Folder:     "folders/folderid",
			Constraint: "constraints/compute.trustedImageProjects",
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("version", policy.Version)
		return nil
	})
}

```

type LookupOrganizationPolicyResultOutput

type LookupOrganizationPolicyResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getOrganizationPolicy.

func (LookupOrganizationPolicyResultOutput) BooleanPolicies

func (LookupOrganizationPolicyResultOutput) Constraint

func (LookupOrganizationPolicyResultOutput) ElementType

func (LookupOrganizationPolicyResultOutput) Etag

func (LookupOrganizationPolicyResultOutput) Folder

func (LookupOrganizationPolicyResultOutput) Id

The provider-assigned unique ID for this managed resource.

func (LookupOrganizationPolicyResultOutput) ListPolicies

func (LookupOrganizationPolicyResultOutput) RestorePolicies

func (LookupOrganizationPolicyResultOutput) ToLookupOrganizationPolicyResultOutput

func (o LookupOrganizationPolicyResultOutput) ToLookupOrganizationPolicyResultOutput() LookupOrganizationPolicyResultOutput

func (LookupOrganizationPolicyResultOutput) ToLookupOrganizationPolicyResultOutputWithContext

func (o LookupOrganizationPolicyResultOutput) ToLookupOrganizationPolicyResultOutputWithContext(ctx context.Context) LookupOrganizationPolicyResultOutput

func (LookupOrganizationPolicyResultOutput) UpdateTime

func (LookupOrganizationPolicyResultOutput) Version

type OrganizationPolicy

type OrganizationPolicy struct {
	pulumi.CustomResourceState

	// A boolean policy is a constraint that is either enforced or not. Structure is documented below.
	BooleanPolicy OrganizationPolicyBooleanPolicyPtrOutput `pulumi:"booleanPolicy"`
	// The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).
	//
	// ***
	Constraint pulumi.StringOutput `pulumi:"constraint"`
	// (Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The resource name of the folder to set the policy for. Its format is folders/{folder_id}.
	Folder pulumi.StringOutput `pulumi:"folder"`
	// A policy that can define specific values that are allowed or denied for the given constraint. It
	// can also be used to allow or deny all values. Structure is documented below.
	ListPolicy OrganizationPolicyListPolicyPtrOutput `pulumi:"listPolicy"`
	// A restore policy is a constraint to restore the default policy. Structure is documented below.
	//
	// > **Note:** If none of [`booleanPolicy`, `listPolicy`, `restorePolicy`] are defined the policy for a given constraint will
	// effectively be unset. This is represented in the UI as the constraint being 'Inherited'.
	//
	// ***
	RestorePolicy OrganizationPolicyRestorePolicyPtrOutput `pulumi:"restorePolicy"`
	// (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
	UpdateTime pulumi.StringOutput `pulumi:"updateTime"`
	// Version of the Policy. Default version is 0.
	Version pulumi.IntOutput `pulumi:"version"`
}

Allows management of Organization Policies for a Google Cloud Folder.

> **Warning:** This resource has been superseded by `orgpolicy.Policy`. `orgpolicy.Policy` uses Organization Policy API V2 instead of Cloud Resource Manager API V1 and it supports additional features such as tags and conditions.

To get more information about Organization Policies, see:

* [API documentation](https://cloud.google.com/resource-manager/reference/rest/v1/folders/setOrgPolicy) * How-to Guides

## Example Usage

To set policy with a [boolean constraint](https://cloud.google.com/resource-manager/docs/organization-policy/quickstart-boolean-constraints):

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := folder.NewOrganizationPolicy(ctx, "serialPortPolicy", &folder.OrganizationPolicyArgs{
			BooleanPolicy: &folder.OrganizationPolicyBooleanPolicyArgs{
				Enforced: pulumi.Bool(true),
			},
			Constraint: pulumi.String("compute.disableSerialPortAccess"),
			Folder:     pulumi.String("folders/123456789"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

To set a policy with a [list constraint](https://cloud.google.com/resource-manager/docs/organization-policy/quickstart-list-constraints):

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := folder.NewOrganizationPolicy(ctx, "servicesPolicy", &folder.OrganizationPolicyArgs{
			Constraint: pulumi.String("serviceuser.services"),
			Folder:     pulumi.String("folders/123456789"),
			ListPolicy: &folder.OrganizationPolicyListPolicyArgs{
				Allow: &folder.OrganizationPolicyListPolicyAllowArgs{
					All: pulumi.Bool(true),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

Or to deny some services, use the following instead:

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := folder.NewOrganizationPolicy(ctx, "servicesPolicy", &folder.OrganizationPolicyArgs{
			Constraint: pulumi.String("serviceuser.services"),
			Folder:     pulumi.String("folders/123456789"),
			ListPolicy: &folder.OrganizationPolicyListPolicyArgs{
				Deny: &folder.OrganizationPolicyListPolicyDenyArgs{
					Values: pulumi.StringArray{
						pulumi.String("cloudresourcemanager.googleapis.com"),
					},
				},
				SuggestedValue: pulumi.String("compute.googleapis.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

To restore the default folder organization policy, use the following instead:

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/folder"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := folder.NewOrganizationPolicy(ctx, "servicesPolicy", &folder.OrganizationPolicyArgs{
			Constraint: pulumi.String("serviceuser.services"),
			Folder:     pulumi.String("folders/123456789"),
			RestorePolicy: &folder.OrganizationPolicyRestorePolicyArgs{
				Default: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Folder organization policies can be imported using any of the follow formats

```sh

$ pulumi import gcp:folder/organizationPolicy:OrganizationPolicy policy folders/folder-1234/constraints/serviceuser.services

```

```sh

$ pulumi import gcp:folder/organizationPolicy:OrganizationPolicy policy folder-1234/serviceuser.services

```

func GetOrganizationPolicy

func GetOrganizationPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *OrganizationPolicyState, opts ...pulumi.ResourceOption) (*OrganizationPolicy, error)

GetOrganizationPolicy gets an existing OrganizationPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewOrganizationPolicy

func NewOrganizationPolicy(ctx *pulumi.Context,
	name string, args *OrganizationPolicyArgs, opts ...pulumi.ResourceOption) (*OrganizationPolicy, error)

NewOrganizationPolicy registers a new resource with the given unique name, arguments, and options.

func (*OrganizationPolicy) ElementType

func (*OrganizationPolicy) ElementType() reflect.Type

func (*OrganizationPolicy) ToOrganizationPolicyOutput

func (i *OrganizationPolicy) ToOrganizationPolicyOutput() OrganizationPolicyOutput

func (*OrganizationPolicy) ToOrganizationPolicyOutputWithContext

func (i *OrganizationPolicy) ToOrganizationPolicyOutputWithContext(ctx context.Context) OrganizationPolicyOutput

type OrganizationPolicyArgs

type OrganizationPolicyArgs struct {
	// A boolean policy is a constraint that is either enforced or not. Structure is documented below.
	BooleanPolicy OrganizationPolicyBooleanPolicyPtrInput
	// The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).
	//
	// ***
	Constraint pulumi.StringInput
	// The resource name of the folder to set the policy for. Its format is folders/{folder_id}.
	Folder pulumi.StringInput
	// A policy that can define specific values that are allowed or denied for the given constraint. It
	// can also be used to allow or deny all values. Structure is documented below.
	ListPolicy OrganizationPolicyListPolicyPtrInput
	// A restore policy is a constraint to restore the default policy. Structure is documented below.
	//
	// > **Note:** If none of [`booleanPolicy`, `listPolicy`, `restorePolicy`] are defined the policy for a given constraint will
	// effectively be unset. This is represented in the UI as the constraint being 'Inherited'.
	//
	// ***
	RestorePolicy OrganizationPolicyRestorePolicyPtrInput
	// Version of the Policy. Default version is 0.
	Version pulumi.IntPtrInput
}

The set of arguments for constructing a OrganizationPolicy resource.

func (OrganizationPolicyArgs) ElementType

func (OrganizationPolicyArgs) ElementType() reflect.Type

type OrganizationPolicyArray

type OrganizationPolicyArray []OrganizationPolicyInput

func (OrganizationPolicyArray) ElementType

func (OrganizationPolicyArray) ElementType() reflect.Type

func (OrganizationPolicyArray) ToOrganizationPolicyArrayOutput

func (i OrganizationPolicyArray) ToOrganizationPolicyArrayOutput() OrganizationPolicyArrayOutput

func (OrganizationPolicyArray) ToOrganizationPolicyArrayOutputWithContext

func (i OrganizationPolicyArray) ToOrganizationPolicyArrayOutputWithContext(ctx context.Context) OrganizationPolicyArrayOutput

type OrganizationPolicyArrayInput

type OrganizationPolicyArrayInput interface {
	pulumi.Input

	ToOrganizationPolicyArrayOutput() OrganizationPolicyArrayOutput
	ToOrganizationPolicyArrayOutputWithContext(context.Context) OrganizationPolicyArrayOutput
}

OrganizationPolicyArrayInput is an input type that accepts OrganizationPolicyArray and OrganizationPolicyArrayOutput values. You can construct a concrete instance of `OrganizationPolicyArrayInput` via:

OrganizationPolicyArray{ OrganizationPolicyArgs{...} }

type OrganizationPolicyArrayOutput

type OrganizationPolicyArrayOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyArrayOutput) ElementType

func (OrganizationPolicyArrayOutput) Index

func (OrganizationPolicyArrayOutput) ToOrganizationPolicyArrayOutput

func (o OrganizationPolicyArrayOutput) ToOrganizationPolicyArrayOutput() OrganizationPolicyArrayOutput

func (OrganizationPolicyArrayOutput) ToOrganizationPolicyArrayOutputWithContext

func (o OrganizationPolicyArrayOutput) ToOrganizationPolicyArrayOutputWithContext(ctx context.Context) OrganizationPolicyArrayOutput

type OrganizationPolicyBooleanPolicy

type OrganizationPolicyBooleanPolicy struct {
	// If true, then the Policy is enforced. If false, then any configuration is acceptable.
	Enforced bool `pulumi:"enforced"`
}

type OrganizationPolicyBooleanPolicyArgs

type OrganizationPolicyBooleanPolicyArgs struct {
	// If true, then the Policy is enforced. If false, then any configuration is acceptable.
	Enforced pulumi.BoolInput `pulumi:"enforced"`
}

func (OrganizationPolicyBooleanPolicyArgs) ElementType

func (OrganizationPolicyBooleanPolicyArgs) ToOrganizationPolicyBooleanPolicyOutput

func (i OrganizationPolicyBooleanPolicyArgs) ToOrganizationPolicyBooleanPolicyOutput() OrganizationPolicyBooleanPolicyOutput

func (OrganizationPolicyBooleanPolicyArgs) ToOrganizationPolicyBooleanPolicyOutputWithContext

func (i OrganizationPolicyBooleanPolicyArgs) ToOrganizationPolicyBooleanPolicyOutputWithContext(ctx context.Context) OrganizationPolicyBooleanPolicyOutput

func (OrganizationPolicyBooleanPolicyArgs) ToOrganizationPolicyBooleanPolicyPtrOutput

func (i OrganizationPolicyBooleanPolicyArgs) ToOrganizationPolicyBooleanPolicyPtrOutput() OrganizationPolicyBooleanPolicyPtrOutput

func (OrganizationPolicyBooleanPolicyArgs) ToOrganizationPolicyBooleanPolicyPtrOutputWithContext

func (i OrganizationPolicyBooleanPolicyArgs) ToOrganizationPolicyBooleanPolicyPtrOutputWithContext(ctx context.Context) OrganizationPolicyBooleanPolicyPtrOutput

type OrganizationPolicyBooleanPolicyInput

type OrganizationPolicyBooleanPolicyInput interface {
	pulumi.Input

	ToOrganizationPolicyBooleanPolicyOutput() OrganizationPolicyBooleanPolicyOutput
	ToOrganizationPolicyBooleanPolicyOutputWithContext(context.Context) OrganizationPolicyBooleanPolicyOutput
}

OrganizationPolicyBooleanPolicyInput is an input type that accepts OrganizationPolicyBooleanPolicyArgs and OrganizationPolicyBooleanPolicyOutput values. You can construct a concrete instance of `OrganizationPolicyBooleanPolicyInput` via:

OrganizationPolicyBooleanPolicyArgs{...}

type OrganizationPolicyBooleanPolicyOutput

type OrganizationPolicyBooleanPolicyOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyBooleanPolicyOutput) ElementType

func (OrganizationPolicyBooleanPolicyOutput) Enforced

If true, then the Policy is enforced. If false, then any configuration is acceptable.

func (OrganizationPolicyBooleanPolicyOutput) ToOrganizationPolicyBooleanPolicyOutput

func (o OrganizationPolicyBooleanPolicyOutput) ToOrganizationPolicyBooleanPolicyOutput() OrganizationPolicyBooleanPolicyOutput

func (OrganizationPolicyBooleanPolicyOutput) ToOrganizationPolicyBooleanPolicyOutputWithContext

func (o OrganizationPolicyBooleanPolicyOutput) ToOrganizationPolicyBooleanPolicyOutputWithContext(ctx context.Context) OrganizationPolicyBooleanPolicyOutput

func (OrganizationPolicyBooleanPolicyOutput) ToOrganizationPolicyBooleanPolicyPtrOutput

func (o OrganizationPolicyBooleanPolicyOutput) ToOrganizationPolicyBooleanPolicyPtrOutput() OrganizationPolicyBooleanPolicyPtrOutput

func (OrganizationPolicyBooleanPolicyOutput) ToOrganizationPolicyBooleanPolicyPtrOutputWithContext

func (o OrganizationPolicyBooleanPolicyOutput) ToOrganizationPolicyBooleanPolicyPtrOutputWithContext(ctx context.Context) OrganizationPolicyBooleanPolicyPtrOutput

type OrganizationPolicyBooleanPolicyPtrInput

type OrganizationPolicyBooleanPolicyPtrInput interface {
	pulumi.Input

	ToOrganizationPolicyBooleanPolicyPtrOutput() OrganizationPolicyBooleanPolicyPtrOutput
	ToOrganizationPolicyBooleanPolicyPtrOutputWithContext(context.Context) OrganizationPolicyBooleanPolicyPtrOutput
}

OrganizationPolicyBooleanPolicyPtrInput is an input type that accepts OrganizationPolicyBooleanPolicyArgs, OrganizationPolicyBooleanPolicyPtr and OrganizationPolicyBooleanPolicyPtrOutput values. You can construct a concrete instance of `OrganizationPolicyBooleanPolicyPtrInput` via:

        OrganizationPolicyBooleanPolicyArgs{...}

or:

        nil

type OrganizationPolicyBooleanPolicyPtrOutput

type OrganizationPolicyBooleanPolicyPtrOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyBooleanPolicyPtrOutput) Elem

func (OrganizationPolicyBooleanPolicyPtrOutput) ElementType

func (OrganizationPolicyBooleanPolicyPtrOutput) Enforced

If true, then the Policy is enforced. If false, then any configuration is acceptable.

func (OrganizationPolicyBooleanPolicyPtrOutput) ToOrganizationPolicyBooleanPolicyPtrOutput

func (o OrganizationPolicyBooleanPolicyPtrOutput) ToOrganizationPolicyBooleanPolicyPtrOutput() OrganizationPolicyBooleanPolicyPtrOutput

func (OrganizationPolicyBooleanPolicyPtrOutput) ToOrganizationPolicyBooleanPolicyPtrOutputWithContext

func (o OrganizationPolicyBooleanPolicyPtrOutput) ToOrganizationPolicyBooleanPolicyPtrOutputWithContext(ctx context.Context) OrganizationPolicyBooleanPolicyPtrOutput

type OrganizationPolicyInput

type OrganizationPolicyInput interface {
	pulumi.Input

	ToOrganizationPolicyOutput() OrganizationPolicyOutput
	ToOrganizationPolicyOutputWithContext(ctx context.Context) OrganizationPolicyOutput
}

type OrganizationPolicyListPolicy

type OrganizationPolicyListPolicy struct {
	// or `deny` - (Optional) One or the other must be set.
	Allow *OrganizationPolicyListPolicyAllow `pulumi:"allow"`
	Deny  *OrganizationPolicyListPolicyDeny  `pulumi:"deny"`
	// If set to true, the values from the effective Policy of the parent resource
	// are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
	//
	// The `allow` or `deny` blocks support:
	InheritFromParent *bool `pulumi:"inheritFromParent"`
	// The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
	SuggestedValue *string `pulumi:"suggestedValue"`
}

type OrganizationPolicyListPolicyAllow

type OrganizationPolicyListPolicyAllow struct {
	// The policy allows or denies all values.
	All *bool `pulumi:"all"`
	// The policy can define specific values that are allowed or denied.
	Values []string `pulumi:"values"`
}

type OrganizationPolicyListPolicyAllowArgs

type OrganizationPolicyListPolicyAllowArgs struct {
	// The policy allows or denies all values.
	All pulumi.BoolPtrInput `pulumi:"all"`
	// The policy can define specific values that are allowed or denied.
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (OrganizationPolicyListPolicyAllowArgs) ElementType

func (OrganizationPolicyListPolicyAllowArgs) ToOrganizationPolicyListPolicyAllowOutput

func (i OrganizationPolicyListPolicyAllowArgs) ToOrganizationPolicyListPolicyAllowOutput() OrganizationPolicyListPolicyAllowOutput

func (OrganizationPolicyListPolicyAllowArgs) ToOrganizationPolicyListPolicyAllowOutputWithContext

func (i OrganizationPolicyListPolicyAllowArgs) ToOrganizationPolicyListPolicyAllowOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyAllowOutput

func (OrganizationPolicyListPolicyAllowArgs) ToOrganizationPolicyListPolicyAllowPtrOutput

func (i OrganizationPolicyListPolicyAllowArgs) ToOrganizationPolicyListPolicyAllowPtrOutput() OrganizationPolicyListPolicyAllowPtrOutput

func (OrganizationPolicyListPolicyAllowArgs) ToOrganizationPolicyListPolicyAllowPtrOutputWithContext

func (i OrganizationPolicyListPolicyAllowArgs) ToOrganizationPolicyListPolicyAllowPtrOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyAllowPtrOutput

type OrganizationPolicyListPolicyAllowInput

type OrganizationPolicyListPolicyAllowInput interface {
	pulumi.Input

	ToOrganizationPolicyListPolicyAllowOutput() OrganizationPolicyListPolicyAllowOutput
	ToOrganizationPolicyListPolicyAllowOutputWithContext(context.Context) OrganizationPolicyListPolicyAllowOutput
}

OrganizationPolicyListPolicyAllowInput is an input type that accepts OrganizationPolicyListPolicyAllowArgs and OrganizationPolicyListPolicyAllowOutput values. You can construct a concrete instance of `OrganizationPolicyListPolicyAllowInput` via:

OrganizationPolicyListPolicyAllowArgs{...}

type OrganizationPolicyListPolicyAllowOutput

type OrganizationPolicyListPolicyAllowOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyListPolicyAllowOutput) All

The policy allows or denies all values.

func (OrganizationPolicyListPolicyAllowOutput) ElementType

func (OrganizationPolicyListPolicyAllowOutput) ToOrganizationPolicyListPolicyAllowOutput

func (o OrganizationPolicyListPolicyAllowOutput) ToOrganizationPolicyListPolicyAllowOutput() OrganizationPolicyListPolicyAllowOutput

func (OrganizationPolicyListPolicyAllowOutput) ToOrganizationPolicyListPolicyAllowOutputWithContext

func (o OrganizationPolicyListPolicyAllowOutput) ToOrganizationPolicyListPolicyAllowOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyAllowOutput

func (OrganizationPolicyListPolicyAllowOutput) ToOrganizationPolicyListPolicyAllowPtrOutput

func (o OrganizationPolicyListPolicyAllowOutput) ToOrganizationPolicyListPolicyAllowPtrOutput() OrganizationPolicyListPolicyAllowPtrOutput

func (OrganizationPolicyListPolicyAllowOutput) ToOrganizationPolicyListPolicyAllowPtrOutputWithContext

func (o OrganizationPolicyListPolicyAllowOutput) ToOrganizationPolicyListPolicyAllowPtrOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyAllowPtrOutput

func (OrganizationPolicyListPolicyAllowOutput) Values

The policy can define specific values that are allowed or denied.

type OrganizationPolicyListPolicyAllowPtrInput

type OrganizationPolicyListPolicyAllowPtrInput interface {
	pulumi.Input

	ToOrganizationPolicyListPolicyAllowPtrOutput() OrganizationPolicyListPolicyAllowPtrOutput
	ToOrganizationPolicyListPolicyAllowPtrOutputWithContext(context.Context) OrganizationPolicyListPolicyAllowPtrOutput
}

OrganizationPolicyListPolicyAllowPtrInput is an input type that accepts OrganizationPolicyListPolicyAllowArgs, OrganizationPolicyListPolicyAllowPtr and OrganizationPolicyListPolicyAllowPtrOutput values. You can construct a concrete instance of `OrganizationPolicyListPolicyAllowPtrInput` via:

        OrganizationPolicyListPolicyAllowArgs{...}

or:

        nil

type OrganizationPolicyListPolicyAllowPtrOutput

type OrganizationPolicyListPolicyAllowPtrOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyListPolicyAllowPtrOutput) All

The policy allows or denies all values.

func (OrganizationPolicyListPolicyAllowPtrOutput) Elem

func (OrganizationPolicyListPolicyAllowPtrOutput) ElementType

func (OrganizationPolicyListPolicyAllowPtrOutput) ToOrganizationPolicyListPolicyAllowPtrOutput

func (o OrganizationPolicyListPolicyAllowPtrOutput) ToOrganizationPolicyListPolicyAllowPtrOutput() OrganizationPolicyListPolicyAllowPtrOutput

func (OrganizationPolicyListPolicyAllowPtrOutput) ToOrganizationPolicyListPolicyAllowPtrOutputWithContext

func (o OrganizationPolicyListPolicyAllowPtrOutput) ToOrganizationPolicyListPolicyAllowPtrOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyAllowPtrOutput

func (OrganizationPolicyListPolicyAllowPtrOutput) Values

The policy can define specific values that are allowed or denied.

type OrganizationPolicyListPolicyArgs

type OrganizationPolicyListPolicyArgs struct {
	// or `deny` - (Optional) One or the other must be set.
	Allow OrganizationPolicyListPolicyAllowPtrInput `pulumi:"allow"`
	Deny  OrganizationPolicyListPolicyDenyPtrInput  `pulumi:"deny"`
	// If set to true, the values from the effective Policy of the parent resource
	// are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
	//
	// The `allow` or `deny` blocks support:
	InheritFromParent pulumi.BoolPtrInput `pulumi:"inheritFromParent"`
	// The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
	SuggestedValue pulumi.StringPtrInput `pulumi:"suggestedValue"`
}

func (OrganizationPolicyListPolicyArgs) ElementType

func (OrganizationPolicyListPolicyArgs) ToOrganizationPolicyListPolicyOutput

func (i OrganizationPolicyListPolicyArgs) ToOrganizationPolicyListPolicyOutput() OrganizationPolicyListPolicyOutput

func (OrganizationPolicyListPolicyArgs) ToOrganizationPolicyListPolicyOutputWithContext

func (i OrganizationPolicyListPolicyArgs) ToOrganizationPolicyListPolicyOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyOutput

func (OrganizationPolicyListPolicyArgs) ToOrganizationPolicyListPolicyPtrOutput

func (i OrganizationPolicyListPolicyArgs) ToOrganizationPolicyListPolicyPtrOutput() OrganizationPolicyListPolicyPtrOutput

func (OrganizationPolicyListPolicyArgs) ToOrganizationPolicyListPolicyPtrOutputWithContext

func (i OrganizationPolicyListPolicyArgs) ToOrganizationPolicyListPolicyPtrOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyPtrOutput

type OrganizationPolicyListPolicyDeny

type OrganizationPolicyListPolicyDeny struct {
	// The policy allows or denies all values.
	All *bool `pulumi:"all"`
	// The policy can define specific values that are allowed or denied.
	Values []string `pulumi:"values"`
}

type OrganizationPolicyListPolicyDenyArgs

type OrganizationPolicyListPolicyDenyArgs struct {
	// The policy allows or denies all values.
	All pulumi.BoolPtrInput `pulumi:"all"`
	// The policy can define specific values that are allowed or denied.
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (OrganizationPolicyListPolicyDenyArgs) ElementType

func (OrganizationPolicyListPolicyDenyArgs) ToOrganizationPolicyListPolicyDenyOutput

func (i OrganizationPolicyListPolicyDenyArgs) ToOrganizationPolicyListPolicyDenyOutput() OrganizationPolicyListPolicyDenyOutput

func (OrganizationPolicyListPolicyDenyArgs) ToOrganizationPolicyListPolicyDenyOutputWithContext

func (i OrganizationPolicyListPolicyDenyArgs) ToOrganizationPolicyListPolicyDenyOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyDenyOutput

func (OrganizationPolicyListPolicyDenyArgs) ToOrganizationPolicyListPolicyDenyPtrOutput

func (i OrganizationPolicyListPolicyDenyArgs) ToOrganizationPolicyListPolicyDenyPtrOutput() OrganizationPolicyListPolicyDenyPtrOutput

func (OrganizationPolicyListPolicyDenyArgs) ToOrganizationPolicyListPolicyDenyPtrOutputWithContext

func (i OrganizationPolicyListPolicyDenyArgs) ToOrganizationPolicyListPolicyDenyPtrOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyDenyPtrOutput

type OrganizationPolicyListPolicyDenyInput

type OrganizationPolicyListPolicyDenyInput interface {
	pulumi.Input

	ToOrganizationPolicyListPolicyDenyOutput() OrganizationPolicyListPolicyDenyOutput
	ToOrganizationPolicyListPolicyDenyOutputWithContext(context.Context) OrganizationPolicyListPolicyDenyOutput
}

OrganizationPolicyListPolicyDenyInput is an input type that accepts OrganizationPolicyListPolicyDenyArgs and OrganizationPolicyListPolicyDenyOutput values. You can construct a concrete instance of `OrganizationPolicyListPolicyDenyInput` via:

OrganizationPolicyListPolicyDenyArgs{...}

type OrganizationPolicyListPolicyDenyOutput

type OrganizationPolicyListPolicyDenyOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyListPolicyDenyOutput) All

The policy allows or denies all values.

func (OrganizationPolicyListPolicyDenyOutput) ElementType

func (OrganizationPolicyListPolicyDenyOutput) ToOrganizationPolicyListPolicyDenyOutput

func (o OrganizationPolicyListPolicyDenyOutput) ToOrganizationPolicyListPolicyDenyOutput() OrganizationPolicyListPolicyDenyOutput

func (OrganizationPolicyListPolicyDenyOutput) ToOrganizationPolicyListPolicyDenyOutputWithContext

func (o OrganizationPolicyListPolicyDenyOutput) ToOrganizationPolicyListPolicyDenyOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyDenyOutput

func (OrganizationPolicyListPolicyDenyOutput) ToOrganizationPolicyListPolicyDenyPtrOutput

func (o OrganizationPolicyListPolicyDenyOutput) ToOrganizationPolicyListPolicyDenyPtrOutput() OrganizationPolicyListPolicyDenyPtrOutput

func (OrganizationPolicyListPolicyDenyOutput) ToOrganizationPolicyListPolicyDenyPtrOutputWithContext

func (o OrganizationPolicyListPolicyDenyOutput) ToOrganizationPolicyListPolicyDenyPtrOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyDenyPtrOutput

func (OrganizationPolicyListPolicyDenyOutput) Values

The policy can define specific values that are allowed or denied.

type OrganizationPolicyListPolicyDenyPtrInput

type OrganizationPolicyListPolicyDenyPtrInput interface {
	pulumi.Input

	ToOrganizationPolicyListPolicyDenyPtrOutput() OrganizationPolicyListPolicyDenyPtrOutput
	ToOrganizationPolicyListPolicyDenyPtrOutputWithContext(context.Context) OrganizationPolicyListPolicyDenyPtrOutput
}

OrganizationPolicyListPolicyDenyPtrInput is an input type that accepts OrganizationPolicyListPolicyDenyArgs, OrganizationPolicyListPolicyDenyPtr and OrganizationPolicyListPolicyDenyPtrOutput values. You can construct a concrete instance of `OrganizationPolicyListPolicyDenyPtrInput` via:

        OrganizationPolicyListPolicyDenyArgs{...}

or:

        nil

type OrganizationPolicyListPolicyDenyPtrOutput

type OrganizationPolicyListPolicyDenyPtrOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyListPolicyDenyPtrOutput) All

The policy allows or denies all values.

func (OrganizationPolicyListPolicyDenyPtrOutput) Elem

func (OrganizationPolicyListPolicyDenyPtrOutput) ElementType

func (OrganizationPolicyListPolicyDenyPtrOutput) ToOrganizationPolicyListPolicyDenyPtrOutput

func (o OrganizationPolicyListPolicyDenyPtrOutput) ToOrganizationPolicyListPolicyDenyPtrOutput() OrganizationPolicyListPolicyDenyPtrOutput

func (OrganizationPolicyListPolicyDenyPtrOutput) ToOrganizationPolicyListPolicyDenyPtrOutputWithContext

func (o OrganizationPolicyListPolicyDenyPtrOutput) ToOrganizationPolicyListPolicyDenyPtrOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyDenyPtrOutput

func (OrganizationPolicyListPolicyDenyPtrOutput) Values

The policy can define specific values that are allowed or denied.

type OrganizationPolicyListPolicyInput

type OrganizationPolicyListPolicyInput interface {
	pulumi.Input

	ToOrganizationPolicyListPolicyOutput() OrganizationPolicyListPolicyOutput
	ToOrganizationPolicyListPolicyOutputWithContext(context.Context) OrganizationPolicyListPolicyOutput
}

OrganizationPolicyListPolicyInput is an input type that accepts OrganizationPolicyListPolicyArgs and OrganizationPolicyListPolicyOutput values. You can construct a concrete instance of `OrganizationPolicyListPolicyInput` via:

OrganizationPolicyListPolicyArgs{...}

type OrganizationPolicyListPolicyOutput

type OrganizationPolicyListPolicyOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyListPolicyOutput) Allow

or `deny` - (Optional) One or the other must be set.

func (OrganizationPolicyListPolicyOutput) Deny

func (OrganizationPolicyListPolicyOutput) ElementType

func (OrganizationPolicyListPolicyOutput) InheritFromParent

If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.

The `allow` or `deny` blocks support:

func (OrganizationPolicyListPolicyOutput) SuggestedValue

The Google Cloud Console will try to default to a configuration that matches the value specified in this field.

func (OrganizationPolicyListPolicyOutput) ToOrganizationPolicyListPolicyOutput

func (o OrganizationPolicyListPolicyOutput) ToOrganizationPolicyListPolicyOutput() OrganizationPolicyListPolicyOutput

func (OrganizationPolicyListPolicyOutput) ToOrganizationPolicyListPolicyOutputWithContext

func (o OrganizationPolicyListPolicyOutput) ToOrganizationPolicyListPolicyOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyOutput

func (OrganizationPolicyListPolicyOutput) ToOrganizationPolicyListPolicyPtrOutput

func (o OrganizationPolicyListPolicyOutput) ToOrganizationPolicyListPolicyPtrOutput() OrganizationPolicyListPolicyPtrOutput

func (OrganizationPolicyListPolicyOutput) ToOrganizationPolicyListPolicyPtrOutputWithContext

func (o OrganizationPolicyListPolicyOutput) ToOrganizationPolicyListPolicyPtrOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyPtrOutput

type OrganizationPolicyListPolicyPtrInput

type OrganizationPolicyListPolicyPtrInput interface {
	pulumi.Input

	ToOrganizationPolicyListPolicyPtrOutput() OrganizationPolicyListPolicyPtrOutput
	ToOrganizationPolicyListPolicyPtrOutputWithContext(context.Context) OrganizationPolicyListPolicyPtrOutput
}

OrganizationPolicyListPolicyPtrInput is an input type that accepts OrganizationPolicyListPolicyArgs, OrganizationPolicyListPolicyPtr and OrganizationPolicyListPolicyPtrOutput values. You can construct a concrete instance of `OrganizationPolicyListPolicyPtrInput` via:

        OrganizationPolicyListPolicyArgs{...}

or:

        nil

type OrganizationPolicyListPolicyPtrOutput

type OrganizationPolicyListPolicyPtrOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyListPolicyPtrOutput) Allow

or `deny` - (Optional) One or the other must be set.

func (OrganizationPolicyListPolicyPtrOutput) Deny

func (OrganizationPolicyListPolicyPtrOutput) Elem

func (OrganizationPolicyListPolicyPtrOutput) ElementType

func (OrganizationPolicyListPolicyPtrOutput) InheritFromParent

If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.

The `allow` or `deny` blocks support:

func (OrganizationPolicyListPolicyPtrOutput) SuggestedValue

The Google Cloud Console will try to default to a configuration that matches the value specified in this field.

func (OrganizationPolicyListPolicyPtrOutput) ToOrganizationPolicyListPolicyPtrOutput

func (o OrganizationPolicyListPolicyPtrOutput) ToOrganizationPolicyListPolicyPtrOutput() OrganizationPolicyListPolicyPtrOutput

func (OrganizationPolicyListPolicyPtrOutput) ToOrganizationPolicyListPolicyPtrOutputWithContext

func (o OrganizationPolicyListPolicyPtrOutput) ToOrganizationPolicyListPolicyPtrOutputWithContext(ctx context.Context) OrganizationPolicyListPolicyPtrOutput

type OrganizationPolicyMap

type OrganizationPolicyMap map[string]OrganizationPolicyInput

func (OrganizationPolicyMap) ElementType

func (OrganizationPolicyMap) ElementType() reflect.Type

func (OrganizationPolicyMap) ToOrganizationPolicyMapOutput

func (i OrganizationPolicyMap) ToOrganizationPolicyMapOutput() OrganizationPolicyMapOutput

func (OrganizationPolicyMap) ToOrganizationPolicyMapOutputWithContext

func (i OrganizationPolicyMap) ToOrganizationPolicyMapOutputWithContext(ctx context.Context) OrganizationPolicyMapOutput

type OrganizationPolicyMapInput

type OrganizationPolicyMapInput interface {
	pulumi.Input

	ToOrganizationPolicyMapOutput() OrganizationPolicyMapOutput
	ToOrganizationPolicyMapOutputWithContext(context.Context) OrganizationPolicyMapOutput
}

OrganizationPolicyMapInput is an input type that accepts OrganizationPolicyMap and OrganizationPolicyMapOutput values. You can construct a concrete instance of `OrganizationPolicyMapInput` via:

OrganizationPolicyMap{ "key": OrganizationPolicyArgs{...} }

type OrganizationPolicyMapOutput

type OrganizationPolicyMapOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyMapOutput) ElementType

func (OrganizationPolicyMapOutput) MapIndex

func (OrganizationPolicyMapOutput) ToOrganizationPolicyMapOutput

func (o OrganizationPolicyMapOutput) ToOrganizationPolicyMapOutput() OrganizationPolicyMapOutput

func (OrganizationPolicyMapOutput) ToOrganizationPolicyMapOutputWithContext

func (o OrganizationPolicyMapOutput) ToOrganizationPolicyMapOutputWithContext(ctx context.Context) OrganizationPolicyMapOutput

type OrganizationPolicyOutput

type OrganizationPolicyOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyOutput) BooleanPolicy added in v6.23.0

A boolean policy is a constraint that is either enforced or not. Structure is documented below.

func (OrganizationPolicyOutput) Constraint added in v6.23.0

The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).

***

func (OrganizationPolicyOutput) ElementType

func (OrganizationPolicyOutput) ElementType() reflect.Type

func (OrganizationPolicyOutput) Etag added in v6.23.0

(Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

func (OrganizationPolicyOutput) Folder added in v6.23.0

The resource name of the folder to set the policy for. Its format is folders/{folder_id}.

func (OrganizationPolicyOutput) ListPolicy added in v6.23.0

A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.

func (OrganizationPolicyOutput) RestorePolicy added in v6.23.0

A restore policy is a constraint to restore the default policy. Structure is documented below.

> **Note:** If none of [`booleanPolicy`, `listPolicy`, `restorePolicy`] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.

***

func (OrganizationPolicyOutput) ToOrganizationPolicyOutput

func (o OrganizationPolicyOutput) ToOrganizationPolicyOutput() OrganizationPolicyOutput

func (OrganizationPolicyOutput) ToOrganizationPolicyOutputWithContext

func (o OrganizationPolicyOutput) ToOrganizationPolicyOutputWithContext(ctx context.Context) OrganizationPolicyOutput

func (OrganizationPolicyOutput) UpdateTime added in v6.23.0

(Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".

func (OrganizationPolicyOutput) Version added in v6.23.0

Version of the Policy. Default version is 0.

type OrganizationPolicyRestorePolicy

type OrganizationPolicyRestorePolicy struct {
	// May only be set to true. If set, then the default Policy is restored.
	Default bool `pulumi:"default"`
}

type OrganizationPolicyRestorePolicyArgs

type OrganizationPolicyRestorePolicyArgs struct {
	// May only be set to true. If set, then the default Policy is restored.
	Default pulumi.BoolInput `pulumi:"default"`
}

func (OrganizationPolicyRestorePolicyArgs) ElementType

func (OrganizationPolicyRestorePolicyArgs) ToOrganizationPolicyRestorePolicyOutput

func (i OrganizationPolicyRestorePolicyArgs) ToOrganizationPolicyRestorePolicyOutput() OrganizationPolicyRestorePolicyOutput

func (OrganizationPolicyRestorePolicyArgs) ToOrganizationPolicyRestorePolicyOutputWithContext

func (i OrganizationPolicyRestorePolicyArgs) ToOrganizationPolicyRestorePolicyOutputWithContext(ctx context.Context) OrganizationPolicyRestorePolicyOutput

func (OrganizationPolicyRestorePolicyArgs) ToOrganizationPolicyRestorePolicyPtrOutput

func (i OrganizationPolicyRestorePolicyArgs) ToOrganizationPolicyRestorePolicyPtrOutput() OrganizationPolicyRestorePolicyPtrOutput

func (OrganizationPolicyRestorePolicyArgs) ToOrganizationPolicyRestorePolicyPtrOutputWithContext

func (i OrganizationPolicyRestorePolicyArgs) ToOrganizationPolicyRestorePolicyPtrOutputWithContext(ctx context.Context) OrganizationPolicyRestorePolicyPtrOutput

type OrganizationPolicyRestorePolicyInput

type OrganizationPolicyRestorePolicyInput interface {
	pulumi.Input

	ToOrganizationPolicyRestorePolicyOutput() OrganizationPolicyRestorePolicyOutput
	ToOrganizationPolicyRestorePolicyOutputWithContext(context.Context) OrganizationPolicyRestorePolicyOutput
}

OrganizationPolicyRestorePolicyInput is an input type that accepts OrganizationPolicyRestorePolicyArgs and OrganizationPolicyRestorePolicyOutput values. You can construct a concrete instance of `OrganizationPolicyRestorePolicyInput` via:

OrganizationPolicyRestorePolicyArgs{...}

type OrganizationPolicyRestorePolicyOutput

type OrganizationPolicyRestorePolicyOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyRestorePolicyOutput) Default

May only be set to true. If set, then the default Policy is restored.

func (OrganizationPolicyRestorePolicyOutput) ElementType

func (OrganizationPolicyRestorePolicyOutput) ToOrganizationPolicyRestorePolicyOutput

func (o OrganizationPolicyRestorePolicyOutput) ToOrganizationPolicyRestorePolicyOutput() OrganizationPolicyRestorePolicyOutput

func (OrganizationPolicyRestorePolicyOutput) ToOrganizationPolicyRestorePolicyOutputWithContext

func (o OrganizationPolicyRestorePolicyOutput) ToOrganizationPolicyRestorePolicyOutputWithContext(ctx context.Context) OrganizationPolicyRestorePolicyOutput

func (OrganizationPolicyRestorePolicyOutput) ToOrganizationPolicyRestorePolicyPtrOutput

func (o OrganizationPolicyRestorePolicyOutput) ToOrganizationPolicyRestorePolicyPtrOutput() OrganizationPolicyRestorePolicyPtrOutput

func (OrganizationPolicyRestorePolicyOutput) ToOrganizationPolicyRestorePolicyPtrOutputWithContext

func (o OrganizationPolicyRestorePolicyOutput) ToOrganizationPolicyRestorePolicyPtrOutputWithContext(ctx context.Context) OrganizationPolicyRestorePolicyPtrOutput

type OrganizationPolicyRestorePolicyPtrInput

type OrganizationPolicyRestorePolicyPtrInput interface {
	pulumi.Input

	ToOrganizationPolicyRestorePolicyPtrOutput() OrganizationPolicyRestorePolicyPtrOutput
	ToOrganizationPolicyRestorePolicyPtrOutputWithContext(context.Context) OrganizationPolicyRestorePolicyPtrOutput
}

OrganizationPolicyRestorePolicyPtrInput is an input type that accepts OrganizationPolicyRestorePolicyArgs, OrganizationPolicyRestorePolicyPtr and OrganizationPolicyRestorePolicyPtrOutput values. You can construct a concrete instance of `OrganizationPolicyRestorePolicyPtrInput` via:

        OrganizationPolicyRestorePolicyArgs{...}

or:

        nil

type OrganizationPolicyRestorePolicyPtrOutput

type OrganizationPolicyRestorePolicyPtrOutput struct{ *pulumi.OutputState }

func (OrganizationPolicyRestorePolicyPtrOutput) Default

May only be set to true. If set, then the default Policy is restored.

func (OrganizationPolicyRestorePolicyPtrOutput) Elem

func (OrganizationPolicyRestorePolicyPtrOutput) ElementType

func (OrganizationPolicyRestorePolicyPtrOutput) ToOrganizationPolicyRestorePolicyPtrOutput

func (o OrganizationPolicyRestorePolicyPtrOutput) ToOrganizationPolicyRestorePolicyPtrOutput() OrganizationPolicyRestorePolicyPtrOutput

func (OrganizationPolicyRestorePolicyPtrOutput) ToOrganizationPolicyRestorePolicyPtrOutputWithContext

func (o OrganizationPolicyRestorePolicyPtrOutput) ToOrganizationPolicyRestorePolicyPtrOutputWithContext(ctx context.Context) OrganizationPolicyRestorePolicyPtrOutput

type OrganizationPolicyState

type OrganizationPolicyState struct {
	// A boolean policy is a constraint that is either enforced or not. Structure is documented below.
	BooleanPolicy OrganizationPolicyBooleanPolicyPtrInput
	// The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).
	//
	// ***
	Constraint pulumi.StringPtrInput
	// (Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
	Etag pulumi.StringPtrInput
	// The resource name of the folder to set the policy for. Its format is folders/{folder_id}.
	Folder pulumi.StringPtrInput
	// A policy that can define specific values that are allowed or denied for the given constraint. It
	// can also be used to allow or deny all values. Structure is documented below.
	ListPolicy OrganizationPolicyListPolicyPtrInput
	// A restore policy is a constraint to restore the default policy. Structure is documented below.
	//
	// > **Note:** If none of [`booleanPolicy`, `listPolicy`, `restorePolicy`] are defined the policy for a given constraint will
	// effectively be unset. This is represented in the UI as the constraint being 'Inherited'.
	//
	// ***
	RestorePolicy OrganizationPolicyRestorePolicyPtrInput
	// (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
	UpdateTime pulumi.StringPtrInput
	// Version of the Policy. Default version is 0.
	Version pulumi.IntPtrInput
}

func (OrganizationPolicyState) ElementType

func (OrganizationPolicyState) ElementType() reflect.Type

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL