Documentation ¶
Index ¶
- type AppEngineServiceIamBinding
- func (*AppEngineServiceIamBinding) ElementType() reflect.Type
- func (i *AppEngineServiceIamBinding) ToAppEngineServiceIamBindingOutput() AppEngineServiceIamBindingOutput
- func (i *AppEngineServiceIamBinding) ToAppEngineServiceIamBindingOutputWithContext(ctx context.Context) AppEngineServiceIamBindingOutput
- type AppEngineServiceIamBindingArgs
- type AppEngineServiceIamBindingArray
- func (AppEngineServiceIamBindingArray) ElementType() reflect.Type
- func (i AppEngineServiceIamBindingArray) ToAppEngineServiceIamBindingArrayOutput() AppEngineServiceIamBindingArrayOutput
- func (i AppEngineServiceIamBindingArray) ToAppEngineServiceIamBindingArrayOutputWithContext(ctx context.Context) AppEngineServiceIamBindingArrayOutput
- type AppEngineServiceIamBindingArrayInput
- type AppEngineServiceIamBindingArrayOutput
- func (AppEngineServiceIamBindingArrayOutput) ElementType() reflect.Type
- func (o AppEngineServiceIamBindingArrayOutput) Index(i pulumi.IntInput) AppEngineServiceIamBindingOutput
- func (o AppEngineServiceIamBindingArrayOutput) ToAppEngineServiceIamBindingArrayOutput() AppEngineServiceIamBindingArrayOutput
- func (o AppEngineServiceIamBindingArrayOutput) ToAppEngineServiceIamBindingArrayOutputWithContext(ctx context.Context) AppEngineServiceIamBindingArrayOutput
- type AppEngineServiceIamBindingCondition
- type AppEngineServiceIamBindingConditionArgs
- func (AppEngineServiceIamBindingConditionArgs) ElementType() reflect.Type
- func (i AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionOutput() AppEngineServiceIamBindingConditionOutput
- func (i AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionOutput
- func (i AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionPtrOutput() AppEngineServiceIamBindingConditionPtrOutput
- func (i AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionPtrOutput
- type AppEngineServiceIamBindingConditionInput
- type AppEngineServiceIamBindingConditionOutput
- func (o AppEngineServiceIamBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (AppEngineServiceIamBindingConditionOutput) ElementType() reflect.Type
- func (o AppEngineServiceIamBindingConditionOutput) Expression() pulumi.StringOutput
- func (o AppEngineServiceIamBindingConditionOutput) Title() pulumi.StringOutput
- func (o AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionOutput() AppEngineServiceIamBindingConditionOutput
- func (o AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionOutput
- func (o AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionPtrOutput() AppEngineServiceIamBindingConditionPtrOutput
- func (o AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionPtrOutput
- type AppEngineServiceIamBindingConditionPtrInput
- type AppEngineServiceIamBindingConditionPtrOutput
- func (o AppEngineServiceIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o AppEngineServiceIamBindingConditionPtrOutput) Elem() AppEngineServiceIamBindingConditionOutput
- func (AppEngineServiceIamBindingConditionPtrOutput) ElementType() reflect.Type
- func (o AppEngineServiceIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o AppEngineServiceIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o AppEngineServiceIamBindingConditionPtrOutput) ToAppEngineServiceIamBindingConditionPtrOutput() AppEngineServiceIamBindingConditionPtrOutput
- func (o AppEngineServiceIamBindingConditionPtrOutput) ToAppEngineServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionPtrOutput
- type AppEngineServiceIamBindingInput
- type AppEngineServiceIamBindingMap
- func (AppEngineServiceIamBindingMap) ElementType() reflect.Type
- func (i AppEngineServiceIamBindingMap) ToAppEngineServiceIamBindingMapOutput() AppEngineServiceIamBindingMapOutput
- func (i AppEngineServiceIamBindingMap) ToAppEngineServiceIamBindingMapOutputWithContext(ctx context.Context) AppEngineServiceIamBindingMapOutput
- type AppEngineServiceIamBindingMapInput
- type AppEngineServiceIamBindingMapOutput
- func (AppEngineServiceIamBindingMapOutput) ElementType() reflect.Type
- func (o AppEngineServiceIamBindingMapOutput) MapIndex(k pulumi.StringInput) AppEngineServiceIamBindingOutput
- func (o AppEngineServiceIamBindingMapOutput) ToAppEngineServiceIamBindingMapOutput() AppEngineServiceIamBindingMapOutput
- func (o AppEngineServiceIamBindingMapOutput) ToAppEngineServiceIamBindingMapOutputWithContext(ctx context.Context) AppEngineServiceIamBindingMapOutput
- type AppEngineServiceIamBindingOutput
- func (o AppEngineServiceIamBindingOutput) AppId() pulumi.StringOutput
- func (o AppEngineServiceIamBindingOutput) Condition() AppEngineServiceIamBindingConditionPtrOutput
- func (AppEngineServiceIamBindingOutput) ElementType() reflect.Type
- func (o AppEngineServiceIamBindingOutput) Etag() pulumi.StringOutput
- func (o AppEngineServiceIamBindingOutput) Members() pulumi.StringArrayOutput
- func (o AppEngineServiceIamBindingOutput) Project() pulumi.StringOutput
- func (o AppEngineServiceIamBindingOutput) Role() pulumi.StringOutput
- func (o AppEngineServiceIamBindingOutput) Service() pulumi.StringOutput
- func (o AppEngineServiceIamBindingOutput) ToAppEngineServiceIamBindingOutput() AppEngineServiceIamBindingOutput
- func (o AppEngineServiceIamBindingOutput) ToAppEngineServiceIamBindingOutputWithContext(ctx context.Context) AppEngineServiceIamBindingOutput
- type AppEngineServiceIamBindingState
- type AppEngineServiceIamMember
- type AppEngineServiceIamMemberArgs
- type AppEngineServiceIamMemberArray
- func (AppEngineServiceIamMemberArray) ElementType() reflect.Type
- func (i AppEngineServiceIamMemberArray) ToAppEngineServiceIamMemberArrayOutput() AppEngineServiceIamMemberArrayOutput
- func (i AppEngineServiceIamMemberArray) ToAppEngineServiceIamMemberArrayOutputWithContext(ctx context.Context) AppEngineServiceIamMemberArrayOutput
- type AppEngineServiceIamMemberArrayInput
- type AppEngineServiceIamMemberArrayOutput
- func (AppEngineServiceIamMemberArrayOutput) ElementType() reflect.Type
- func (o AppEngineServiceIamMemberArrayOutput) Index(i pulumi.IntInput) AppEngineServiceIamMemberOutput
- func (o AppEngineServiceIamMemberArrayOutput) ToAppEngineServiceIamMemberArrayOutput() AppEngineServiceIamMemberArrayOutput
- func (o AppEngineServiceIamMemberArrayOutput) ToAppEngineServiceIamMemberArrayOutputWithContext(ctx context.Context) AppEngineServiceIamMemberArrayOutput
- type AppEngineServiceIamMemberCondition
- type AppEngineServiceIamMemberConditionArgs
- func (AppEngineServiceIamMemberConditionArgs) ElementType() reflect.Type
- func (i AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionOutput() AppEngineServiceIamMemberConditionOutput
- func (i AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionOutput
- func (i AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionPtrOutput() AppEngineServiceIamMemberConditionPtrOutput
- func (i AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionPtrOutput
- type AppEngineServiceIamMemberConditionInput
- type AppEngineServiceIamMemberConditionOutput
- func (o AppEngineServiceIamMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (AppEngineServiceIamMemberConditionOutput) ElementType() reflect.Type
- func (o AppEngineServiceIamMemberConditionOutput) Expression() pulumi.StringOutput
- func (o AppEngineServiceIamMemberConditionOutput) Title() pulumi.StringOutput
- func (o AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionOutput() AppEngineServiceIamMemberConditionOutput
- func (o AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionOutput
- func (o AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionPtrOutput() AppEngineServiceIamMemberConditionPtrOutput
- func (o AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionPtrOutput
- type AppEngineServiceIamMemberConditionPtrInput
- type AppEngineServiceIamMemberConditionPtrOutput
- func (o AppEngineServiceIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o AppEngineServiceIamMemberConditionPtrOutput) Elem() AppEngineServiceIamMemberConditionOutput
- func (AppEngineServiceIamMemberConditionPtrOutput) ElementType() reflect.Type
- func (o AppEngineServiceIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o AppEngineServiceIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o AppEngineServiceIamMemberConditionPtrOutput) ToAppEngineServiceIamMemberConditionPtrOutput() AppEngineServiceIamMemberConditionPtrOutput
- func (o AppEngineServiceIamMemberConditionPtrOutput) ToAppEngineServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionPtrOutput
- type AppEngineServiceIamMemberInput
- type AppEngineServiceIamMemberMap
- func (AppEngineServiceIamMemberMap) ElementType() reflect.Type
- func (i AppEngineServiceIamMemberMap) ToAppEngineServiceIamMemberMapOutput() AppEngineServiceIamMemberMapOutput
- func (i AppEngineServiceIamMemberMap) ToAppEngineServiceIamMemberMapOutputWithContext(ctx context.Context) AppEngineServiceIamMemberMapOutput
- type AppEngineServiceIamMemberMapInput
- type AppEngineServiceIamMemberMapOutput
- func (AppEngineServiceIamMemberMapOutput) ElementType() reflect.Type
- func (o AppEngineServiceIamMemberMapOutput) MapIndex(k pulumi.StringInput) AppEngineServiceIamMemberOutput
- func (o AppEngineServiceIamMemberMapOutput) ToAppEngineServiceIamMemberMapOutput() AppEngineServiceIamMemberMapOutput
- func (o AppEngineServiceIamMemberMapOutput) ToAppEngineServiceIamMemberMapOutputWithContext(ctx context.Context) AppEngineServiceIamMemberMapOutput
- type AppEngineServiceIamMemberOutput
- func (o AppEngineServiceIamMemberOutput) AppId() pulumi.StringOutput
- func (o AppEngineServiceIamMemberOutput) Condition() AppEngineServiceIamMemberConditionPtrOutput
- func (AppEngineServiceIamMemberOutput) ElementType() reflect.Type
- func (o AppEngineServiceIamMemberOutput) Etag() pulumi.StringOutput
- func (o AppEngineServiceIamMemberOutput) Member() pulumi.StringOutput
- func (o AppEngineServiceIamMemberOutput) Project() pulumi.StringOutput
- func (o AppEngineServiceIamMemberOutput) Role() pulumi.StringOutput
- func (o AppEngineServiceIamMemberOutput) Service() pulumi.StringOutput
- func (o AppEngineServiceIamMemberOutput) ToAppEngineServiceIamMemberOutput() AppEngineServiceIamMemberOutput
- func (o AppEngineServiceIamMemberOutput) ToAppEngineServiceIamMemberOutputWithContext(ctx context.Context) AppEngineServiceIamMemberOutput
- type AppEngineServiceIamMemberState
- type AppEngineServiceIamPolicy
- type AppEngineServiceIamPolicyArgs
- type AppEngineServiceIamPolicyArray
- func (AppEngineServiceIamPolicyArray) ElementType() reflect.Type
- func (i AppEngineServiceIamPolicyArray) ToAppEngineServiceIamPolicyArrayOutput() AppEngineServiceIamPolicyArrayOutput
- func (i AppEngineServiceIamPolicyArray) ToAppEngineServiceIamPolicyArrayOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyArrayOutput
- type AppEngineServiceIamPolicyArrayInput
- type AppEngineServiceIamPolicyArrayOutput
- func (AppEngineServiceIamPolicyArrayOutput) ElementType() reflect.Type
- func (o AppEngineServiceIamPolicyArrayOutput) Index(i pulumi.IntInput) AppEngineServiceIamPolicyOutput
- func (o AppEngineServiceIamPolicyArrayOutput) ToAppEngineServiceIamPolicyArrayOutput() AppEngineServiceIamPolicyArrayOutput
- func (o AppEngineServiceIamPolicyArrayOutput) ToAppEngineServiceIamPolicyArrayOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyArrayOutput
- type AppEngineServiceIamPolicyInput
- type AppEngineServiceIamPolicyMap
- func (AppEngineServiceIamPolicyMap) ElementType() reflect.Type
- func (i AppEngineServiceIamPolicyMap) ToAppEngineServiceIamPolicyMapOutput() AppEngineServiceIamPolicyMapOutput
- func (i AppEngineServiceIamPolicyMap) ToAppEngineServiceIamPolicyMapOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyMapOutput
- type AppEngineServiceIamPolicyMapInput
- type AppEngineServiceIamPolicyMapOutput
- func (AppEngineServiceIamPolicyMapOutput) ElementType() reflect.Type
- func (o AppEngineServiceIamPolicyMapOutput) MapIndex(k pulumi.StringInput) AppEngineServiceIamPolicyOutput
- func (o AppEngineServiceIamPolicyMapOutput) ToAppEngineServiceIamPolicyMapOutput() AppEngineServiceIamPolicyMapOutput
- func (o AppEngineServiceIamPolicyMapOutput) ToAppEngineServiceIamPolicyMapOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyMapOutput
- type AppEngineServiceIamPolicyOutput
- func (o AppEngineServiceIamPolicyOutput) AppId() pulumi.StringOutput
- func (AppEngineServiceIamPolicyOutput) ElementType() reflect.Type
- func (o AppEngineServiceIamPolicyOutput) Etag() pulumi.StringOutput
- func (o AppEngineServiceIamPolicyOutput) PolicyData() pulumi.StringOutput
- func (o AppEngineServiceIamPolicyOutput) Project() pulumi.StringOutput
- func (o AppEngineServiceIamPolicyOutput) Service() pulumi.StringOutput
- func (o AppEngineServiceIamPolicyOutput) ToAppEngineServiceIamPolicyOutput() AppEngineServiceIamPolicyOutput
- func (o AppEngineServiceIamPolicyOutput) ToAppEngineServiceIamPolicyOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyOutput
- type AppEngineServiceIamPolicyState
- type AppEngineVersionIamBinding
- func (*AppEngineVersionIamBinding) ElementType() reflect.Type
- func (i *AppEngineVersionIamBinding) ToAppEngineVersionIamBindingOutput() AppEngineVersionIamBindingOutput
- func (i *AppEngineVersionIamBinding) ToAppEngineVersionIamBindingOutputWithContext(ctx context.Context) AppEngineVersionIamBindingOutput
- type AppEngineVersionIamBindingArgs
- type AppEngineVersionIamBindingArray
- func (AppEngineVersionIamBindingArray) ElementType() reflect.Type
- func (i AppEngineVersionIamBindingArray) ToAppEngineVersionIamBindingArrayOutput() AppEngineVersionIamBindingArrayOutput
- func (i AppEngineVersionIamBindingArray) ToAppEngineVersionIamBindingArrayOutputWithContext(ctx context.Context) AppEngineVersionIamBindingArrayOutput
- type AppEngineVersionIamBindingArrayInput
- type AppEngineVersionIamBindingArrayOutput
- func (AppEngineVersionIamBindingArrayOutput) ElementType() reflect.Type
- func (o AppEngineVersionIamBindingArrayOutput) Index(i pulumi.IntInput) AppEngineVersionIamBindingOutput
- func (o AppEngineVersionIamBindingArrayOutput) ToAppEngineVersionIamBindingArrayOutput() AppEngineVersionIamBindingArrayOutput
- func (o AppEngineVersionIamBindingArrayOutput) ToAppEngineVersionIamBindingArrayOutputWithContext(ctx context.Context) AppEngineVersionIamBindingArrayOutput
- type AppEngineVersionIamBindingCondition
- type AppEngineVersionIamBindingConditionArgs
- func (AppEngineVersionIamBindingConditionArgs) ElementType() reflect.Type
- func (i AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionOutput() AppEngineVersionIamBindingConditionOutput
- func (i AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionOutput
- func (i AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionPtrOutput() AppEngineVersionIamBindingConditionPtrOutput
- func (i AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionPtrOutput
- type AppEngineVersionIamBindingConditionInput
- type AppEngineVersionIamBindingConditionOutput
- func (o AppEngineVersionIamBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (AppEngineVersionIamBindingConditionOutput) ElementType() reflect.Type
- func (o AppEngineVersionIamBindingConditionOutput) Expression() pulumi.StringOutput
- func (o AppEngineVersionIamBindingConditionOutput) Title() pulumi.StringOutput
- func (o AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionOutput() AppEngineVersionIamBindingConditionOutput
- func (o AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionOutput
- func (o AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionPtrOutput() AppEngineVersionIamBindingConditionPtrOutput
- func (o AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionPtrOutput
- type AppEngineVersionIamBindingConditionPtrInput
- type AppEngineVersionIamBindingConditionPtrOutput
- func (o AppEngineVersionIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o AppEngineVersionIamBindingConditionPtrOutput) Elem() AppEngineVersionIamBindingConditionOutput
- func (AppEngineVersionIamBindingConditionPtrOutput) ElementType() reflect.Type
- func (o AppEngineVersionIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o AppEngineVersionIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o AppEngineVersionIamBindingConditionPtrOutput) ToAppEngineVersionIamBindingConditionPtrOutput() AppEngineVersionIamBindingConditionPtrOutput
- func (o AppEngineVersionIamBindingConditionPtrOutput) ToAppEngineVersionIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionPtrOutput
- type AppEngineVersionIamBindingInput
- type AppEngineVersionIamBindingMap
- func (AppEngineVersionIamBindingMap) ElementType() reflect.Type
- func (i AppEngineVersionIamBindingMap) ToAppEngineVersionIamBindingMapOutput() AppEngineVersionIamBindingMapOutput
- func (i AppEngineVersionIamBindingMap) ToAppEngineVersionIamBindingMapOutputWithContext(ctx context.Context) AppEngineVersionIamBindingMapOutput
- type AppEngineVersionIamBindingMapInput
- type AppEngineVersionIamBindingMapOutput
- func (AppEngineVersionIamBindingMapOutput) ElementType() reflect.Type
- func (o AppEngineVersionIamBindingMapOutput) MapIndex(k pulumi.StringInput) AppEngineVersionIamBindingOutput
- func (o AppEngineVersionIamBindingMapOutput) ToAppEngineVersionIamBindingMapOutput() AppEngineVersionIamBindingMapOutput
- func (o AppEngineVersionIamBindingMapOutput) ToAppEngineVersionIamBindingMapOutputWithContext(ctx context.Context) AppEngineVersionIamBindingMapOutput
- type AppEngineVersionIamBindingOutput
- func (o AppEngineVersionIamBindingOutput) AppId() pulumi.StringOutput
- func (o AppEngineVersionIamBindingOutput) Condition() AppEngineVersionIamBindingConditionPtrOutput
- func (AppEngineVersionIamBindingOutput) ElementType() reflect.Type
- func (o AppEngineVersionIamBindingOutput) Etag() pulumi.StringOutput
- func (o AppEngineVersionIamBindingOutput) Members() pulumi.StringArrayOutput
- func (o AppEngineVersionIamBindingOutput) Project() pulumi.StringOutput
- func (o AppEngineVersionIamBindingOutput) Role() pulumi.StringOutput
- func (o AppEngineVersionIamBindingOutput) Service() pulumi.StringOutput
- func (o AppEngineVersionIamBindingOutput) ToAppEngineVersionIamBindingOutput() AppEngineVersionIamBindingOutput
- func (o AppEngineVersionIamBindingOutput) ToAppEngineVersionIamBindingOutputWithContext(ctx context.Context) AppEngineVersionIamBindingOutput
- func (o AppEngineVersionIamBindingOutput) VersionId() pulumi.StringOutput
- type AppEngineVersionIamBindingState
- type AppEngineVersionIamMember
- type AppEngineVersionIamMemberArgs
- type AppEngineVersionIamMemberArray
- func (AppEngineVersionIamMemberArray) ElementType() reflect.Type
- func (i AppEngineVersionIamMemberArray) ToAppEngineVersionIamMemberArrayOutput() AppEngineVersionIamMemberArrayOutput
- func (i AppEngineVersionIamMemberArray) ToAppEngineVersionIamMemberArrayOutputWithContext(ctx context.Context) AppEngineVersionIamMemberArrayOutput
- type AppEngineVersionIamMemberArrayInput
- type AppEngineVersionIamMemberArrayOutput
- func (AppEngineVersionIamMemberArrayOutput) ElementType() reflect.Type
- func (o AppEngineVersionIamMemberArrayOutput) Index(i pulumi.IntInput) AppEngineVersionIamMemberOutput
- func (o AppEngineVersionIamMemberArrayOutput) ToAppEngineVersionIamMemberArrayOutput() AppEngineVersionIamMemberArrayOutput
- func (o AppEngineVersionIamMemberArrayOutput) ToAppEngineVersionIamMemberArrayOutputWithContext(ctx context.Context) AppEngineVersionIamMemberArrayOutput
- type AppEngineVersionIamMemberCondition
- type AppEngineVersionIamMemberConditionArgs
- func (AppEngineVersionIamMemberConditionArgs) ElementType() reflect.Type
- func (i AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionOutput() AppEngineVersionIamMemberConditionOutput
- func (i AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionOutput
- func (i AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionPtrOutput() AppEngineVersionIamMemberConditionPtrOutput
- func (i AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionPtrOutput
- type AppEngineVersionIamMemberConditionInput
- type AppEngineVersionIamMemberConditionOutput
- func (o AppEngineVersionIamMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (AppEngineVersionIamMemberConditionOutput) ElementType() reflect.Type
- func (o AppEngineVersionIamMemberConditionOutput) Expression() pulumi.StringOutput
- func (o AppEngineVersionIamMemberConditionOutput) Title() pulumi.StringOutput
- func (o AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionOutput() AppEngineVersionIamMemberConditionOutput
- func (o AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionOutput
- func (o AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionPtrOutput() AppEngineVersionIamMemberConditionPtrOutput
- func (o AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionPtrOutput
- type AppEngineVersionIamMemberConditionPtrInput
- type AppEngineVersionIamMemberConditionPtrOutput
- func (o AppEngineVersionIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o AppEngineVersionIamMemberConditionPtrOutput) Elem() AppEngineVersionIamMemberConditionOutput
- func (AppEngineVersionIamMemberConditionPtrOutput) ElementType() reflect.Type
- func (o AppEngineVersionIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o AppEngineVersionIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o AppEngineVersionIamMemberConditionPtrOutput) ToAppEngineVersionIamMemberConditionPtrOutput() AppEngineVersionIamMemberConditionPtrOutput
- func (o AppEngineVersionIamMemberConditionPtrOutput) ToAppEngineVersionIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionPtrOutput
- type AppEngineVersionIamMemberInput
- type AppEngineVersionIamMemberMap
- func (AppEngineVersionIamMemberMap) ElementType() reflect.Type
- func (i AppEngineVersionIamMemberMap) ToAppEngineVersionIamMemberMapOutput() AppEngineVersionIamMemberMapOutput
- func (i AppEngineVersionIamMemberMap) ToAppEngineVersionIamMemberMapOutputWithContext(ctx context.Context) AppEngineVersionIamMemberMapOutput
- type AppEngineVersionIamMemberMapInput
- type AppEngineVersionIamMemberMapOutput
- func (AppEngineVersionIamMemberMapOutput) ElementType() reflect.Type
- func (o AppEngineVersionIamMemberMapOutput) MapIndex(k pulumi.StringInput) AppEngineVersionIamMemberOutput
- func (o AppEngineVersionIamMemberMapOutput) ToAppEngineVersionIamMemberMapOutput() AppEngineVersionIamMemberMapOutput
- func (o AppEngineVersionIamMemberMapOutput) ToAppEngineVersionIamMemberMapOutputWithContext(ctx context.Context) AppEngineVersionIamMemberMapOutput
- type AppEngineVersionIamMemberOutput
- func (o AppEngineVersionIamMemberOutput) AppId() pulumi.StringOutput
- func (o AppEngineVersionIamMemberOutput) Condition() AppEngineVersionIamMemberConditionPtrOutput
- func (AppEngineVersionIamMemberOutput) ElementType() reflect.Type
- func (o AppEngineVersionIamMemberOutput) Etag() pulumi.StringOutput
- func (o AppEngineVersionIamMemberOutput) Member() pulumi.StringOutput
- func (o AppEngineVersionIamMemberOutput) Project() pulumi.StringOutput
- func (o AppEngineVersionIamMemberOutput) Role() pulumi.StringOutput
- func (o AppEngineVersionIamMemberOutput) Service() pulumi.StringOutput
- func (o AppEngineVersionIamMemberOutput) ToAppEngineVersionIamMemberOutput() AppEngineVersionIamMemberOutput
- func (o AppEngineVersionIamMemberOutput) ToAppEngineVersionIamMemberOutputWithContext(ctx context.Context) AppEngineVersionIamMemberOutput
- func (o AppEngineVersionIamMemberOutput) VersionId() pulumi.StringOutput
- type AppEngineVersionIamMemberState
- type AppEngineVersionIamPolicy
- type AppEngineVersionIamPolicyArgs
- type AppEngineVersionIamPolicyArray
- func (AppEngineVersionIamPolicyArray) ElementType() reflect.Type
- func (i AppEngineVersionIamPolicyArray) ToAppEngineVersionIamPolicyArrayOutput() AppEngineVersionIamPolicyArrayOutput
- func (i AppEngineVersionIamPolicyArray) ToAppEngineVersionIamPolicyArrayOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyArrayOutput
- type AppEngineVersionIamPolicyArrayInput
- type AppEngineVersionIamPolicyArrayOutput
- func (AppEngineVersionIamPolicyArrayOutput) ElementType() reflect.Type
- func (o AppEngineVersionIamPolicyArrayOutput) Index(i pulumi.IntInput) AppEngineVersionIamPolicyOutput
- func (o AppEngineVersionIamPolicyArrayOutput) ToAppEngineVersionIamPolicyArrayOutput() AppEngineVersionIamPolicyArrayOutput
- func (o AppEngineVersionIamPolicyArrayOutput) ToAppEngineVersionIamPolicyArrayOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyArrayOutput
- type AppEngineVersionIamPolicyInput
- type AppEngineVersionIamPolicyMap
- func (AppEngineVersionIamPolicyMap) ElementType() reflect.Type
- func (i AppEngineVersionIamPolicyMap) ToAppEngineVersionIamPolicyMapOutput() AppEngineVersionIamPolicyMapOutput
- func (i AppEngineVersionIamPolicyMap) ToAppEngineVersionIamPolicyMapOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyMapOutput
- type AppEngineVersionIamPolicyMapInput
- type AppEngineVersionIamPolicyMapOutput
- func (AppEngineVersionIamPolicyMapOutput) ElementType() reflect.Type
- func (o AppEngineVersionIamPolicyMapOutput) MapIndex(k pulumi.StringInput) AppEngineVersionIamPolicyOutput
- func (o AppEngineVersionIamPolicyMapOutput) ToAppEngineVersionIamPolicyMapOutput() AppEngineVersionIamPolicyMapOutput
- func (o AppEngineVersionIamPolicyMapOutput) ToAppEngineVersionIamPolicyMapOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyMapOutput
- type AppEngineVersionIamPolicyOutput
- func (o AppEngineVersionIamPolicyOutput) AppId() pulumi.StringOutput
- func (AppEngineVersionIamPolicyOutput) ElementType() reflect.Type
- func (o AppEngineVersionIamPolicyOutput) Etag() pulumi.StringOutput
- func (o AppEngineVersionIamPolicyOutput) PolicyData() pulumi.StringOutput
- func (o AppEngineVersionIamPolicyOutput) Project() pulumi.StringOutput
- func (o AppEngineVersionIamPolicyOutput) Service() pulumi.StringOutput
- func (o AppEngineVersionIamPolicyOutput) ToAppEngineVersionIamPolicyOutput() AppEngineVersionIamPolicyOutput
- func (o AppEngineVersionIamPolicyOutput) ToAppEngineVersionIamPolicyOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyOutput
- func (o AppEngineVersionIamPolicyOutput) VersionId() pulumi.StringOutput
- type AppEngineVersionIamPolicyState
- type Brand
- type BrandArgs
- type BrandArray
- type BrandArrayInput
- type BrandArrayOutput
- type BrandInput
- type BrandMap
- type BrandMapInput
- type BrandMapOutput
- type BrandOutput
- func (o BrandOutput) ApplicationTitle() pulumi.StringOutput
- func (BrandOutput) ElementType() reflect.Type
- func (o BrandOutput) Name() pulumi.StringOutput
- func (o BrandOutput) OrgInternalOnly() pulumi.BoolOutput
- func (o BrandOutput) Project() pulumi.StringOutput
- func (o BrandOutput) SupportEmail() pulumi.StringOutput
- func (o BrandOutput) ToBrandOutput() BrandOutput
- func (o BrandOutput) ToBrandOutputWithContext(ctx context.Context) BrandOutput
- type BrandState
- type Client
- type ClientArgs
- type ClientArray
- type ClientArrayInput
- type ClientArrayOutput
- type ClientInput
- type ClientMap
- type ClientMapInput
- type ClientMapOutput
- type ClientOutput
- func (o ClientOutput) Brand() pulumi.StringOutput
- func (o ClientOutput) ClientId() pulumi.StringOutput
- func (o ClientOutput) DisplayName() pulumi.StringOutput
- func (ClientOutput) ElementType() reflect.Type
- func (o ClientOutput) Secret() pulumi.StringOutput
- func (o ClientOutput) ToClientOutput() ClientOutput
- func (o ClientOutput) ToClientOutputWithContext(ctx context.Context) ClientOutput
- type ClientState
- type GetTunnelInstanceIamPolicyArgs
- type GetTunnelInstanceIamPolicyOutputArgs
- type GetTunnelInstanceIamPolicyResult
- type GetTunnelInstanceIamPolicyResultOutput
- func (GetTunnelInstanceIamPolicyResultOutput) ElementType() reflect.Type
- func (o GetTunnelInstanceIamPolicyResultOutput) Etag() pulumi.StringOutput
- func (o GetTunnelInstanceIamPolicyResultOutput) Id() pulumi.StringOutput
- func (o GetTunnelInstanceIamPolicyResultOutput) Instance() pulumi.StringOutput
- func (o GetTunnelInstanceIamPolicyResultOutput) PolicyData() pulumi.StringOutput
- func (o GetTunnelInstanceIamPolicyResultOutput) Project() pulumi.StringOutput
- func (o GetTunnelInstanceIamPolicyResultOutput) ToGetTunnelInstanceIamPolicyResultOutput() GetTunnelInstanceIamPolicyResultOutput
- func (o GetTunnelInstanceIamPolicyResultOutput) ToGetTunnelInstanceIamPolicyResultOutputWithContext(ctx context.Context) GetTunnelInstanceIamPolicyResultOutput
- func (o GetTunnelInstanceIamPolicyResultOutput) Zone() pulumi.StringOutput
- type GetWebTypeAppEngineIamPolicyArgs
- type GetWebTypeAppEngineIamPolicyOutputArgs
- type GetWebTypeAppEngineIamPolicyResult
- type GetWebTypeAppEngineIamPolicyResultOutput
- func (o GetWebTypeAppEngineIamPolicyResultOutput) AppId() pulumi.StringOutput
- func (GetWebTypeAppEngineIamPolicyResultOutput) ElementType() reflect.Type
- func (o GetWebTypeAppEngineIamPolicyResultOutput) Etag() pulumi.StringOutput
- func (o GetWebTypeAppEngineIamPolicyResultOutput) Id() pulumi.StringOutput
- func (o GetWebTypeAppEngineIamPolicyResultOutput) PolicyData() pulumi.StringOutput
- func (o GetWebTypeAppEngineIamPolicyResultOutput) Project() pulumi.StringOutput
- func (o GetWebTypeAppEngineIamPolicyResultOutput) ToGetWebTypeAppEngineIamPolicyResultOutput() GetWebTypeAppEngineIamPolicyResultOutput
- func (o GetWebTypeAppEngineIamPolicyResultOutput) ToGetWebTypeAppEngineIamPolicyResultOutputWithContext(ctx context.Context) GetWebTypeAppEngineIamPolicyResultOutput
- type LookupAppEngineServiceIamPolicyArgs
- type LookupAppEngineServiceIamPolicyOutputArgs
- type LookupAppEngineServiceIamPolicyResult
- type LookupAppEngineServiceIamPolicyResultOutput
- func (o LookupAppEngineServiceIamPolicyResultOutput) AppId() pulumi.StringOutput
- func (LookupAppEngineServiceIamPolicyResultOutput) ElementType() reflect.Type
- func (o LookupAppEngineServiceIamPolicyResultOutput) Etag() pulumi.StringOutput
- func (o LookupAppEngineServiceIamPolicyResultOutput) Id() pulumi.StringOutput
- func (o LookupAppEngineServiceIamPolicyResultOutput) PolicyData() pulumi.StringOutput
- func (o LookupAppEngineServiceIamPolicyResultOutput) Project() pulumi.StringOutput
- func (o LookupAppEngineServiceIamPolicyResultOutput) Service() pulumi.StringOutput
- func (o LookupAppEngineServiceIamPolicyResultOutput) ToLookupAppEngineServiceIamPolicyResultOutput() LookupAppEngineServiceIamPolicyResultOutput
- func (o LookupAppEngineServiceIamPolicyResultOutput) ToLookupAppEngineServiceIamPolicyResultOutputWithContext(ctx context.Context) LookupAppEngineServiceIamPolicyResultOutput
- type LookupAppEngineVersionIamPolicyArgs
- type LookupAppEngineVersionIamPolicyOutputArgs
- type LookupAppEngineVersionIamPolicyResult
- type LookupAppEngineVersionIamPolicyResultOutput
- func (o LookupAppEngineVersionIamPolicyResultOutput) AppId() pulumi.StringOutput
- func (LookupAppEngineVersionIamPolicyResultOutput) ElementType() reflect.Type
- func (o LookupAppEngineVersionIamPolicyResultOutput) Etag() pulumi.StringOutput
- func (o LookupAppEngineVersionIamPolicyResultOutput) Id() pulumi.StringOutput
- func (o LookupAppEngineVersionIamPolicyResultOutput) PolicyData() pulumi.StringOutput
- func (o LookupAppEngineVersionIamPolicyResultOutput) Project() pulumi.StringOutput
- func (o LookupAppEngineVersionIamPolicyResultOutput) Service() pulumi.StringOutput
- func (o LookupAppEngineVersionIamPolicyResultOutput) ToLookupAppEngineVersionIamPolicyResultOutput() LookupAppEngineVersionIamPolicyResultOutput
- func (o LookupAppEngineVersionIamPolicyResultOutput) ToLookupAppEngineVersionIamPolicyResultOutputWithContext(ctx context.Context) LookupAppEngineVersionIamPolicyResultOutput
- func (o LookupAppEngineVersionIamPolicyResultOutput) VersionId() pulumi.StringOutput
- type LookupClientArgs
- type LookupClientOutputArgs
- type LookupClientResult
- type LookupClientResultOutput
- func (o LookupClientResultOutput) Brand() pulumi.StringOutput
- func (o LookupClientResultOutput) ClientId() pulumi.StringOutput
- func (o LookupClientResultOutput) DisplayName() pulumi.StringOutput
- func (LookupClientResultOutput) ElementType() reflect.Type
- func (o LookupClientResultOutput) Id() pulumi.StringOutput
- func (o LookupClientResultOutput) Secret() pulumi.StringOutput
- func (o LookupClientResultOutput) ToLookupClientResultOutput() LookupClientResultOutput
- func (o LookupClientResultOutput) ToLookupClientResultOutputWithContext(ctx context.Context) LookupClientResultOutput
- type LookupTunnelIamPolicyArgs
- type LookupTunnelIamPolicyOutputArgs
- type LookupTunnelIamPolicyResult
- type LookupTunnelIamPolicyResultOutput
- func (LookupTunnelIamPolicyResultOutput) ElementType() reflect.Type
- func (o LookupTunnelIamPolicyResultOutput) Etag() pulumi.StringOutput
- func (o LookupTunnelIamPolicyResultOutput) Id() pulumi.StringOutput
- func (o LookupTunnelIamPolicyResultOutput) PolicyData() pulumi.StringOutput
- func (o LookupTunnelIamPolicyResultOutput) Project() pulumi.StringOutput
- func (o LookupTunnelIamPolicyResultOutput) ToLookupTunnelIamPolicyResultOutput() LookupTunnelIamPolicyResultOutput
- func (o LookupTunnelIamPolicyResultOutput) ToLookupTunnelIamPolicyResultOutputWithContext(ctx context.Context) LookupTunnelIamPolicyResultOutput
- type LookupWebBackendServiceIamPolicyArgs
- type LookupWebBackendServiceIamPolicyOutputArgs
- type LookupWebBackendServiceIamPolicyResult
- type LookupWebBackendServiceIamPolicyResultOutput
- func (LookupWebBackendServiceIamPolicyResultOutput) ElementType() reflect.Type
- func (o LookupWebBackendServiceIamPolicyResultOutput) Etag() pulumi.StringOutput
- func (o LookupWebBackendServiceIamPolicyResultOutput) Id() pulumi.StringOutput
- func (o LookupWebBackendServiceIamPolicyResultOutput) PolicyData() pulumi.StringOutput
- func (o LookupWebBackendServiceIamPolicyResultOutput) Project() pulumi.StringOutput
- func (o LookupWebBackendServiceIamPolicyResultOutput) ToLookupWebBackendServiceIamPolicyResultOutput() LookupWebBackendServiceIamPolicyResultOutput
- func (o LookupWebBackendServiceIamPolicyResultOutput) ToLookupWebBackendServiceIamPolicyResultOutputWithContext(ctx context.Context) LookupWebBackendServiceIamPolicyResultOutput
- func (o LookupWebBackendServiceIamPolicyResultOutput) WebBackendService() pulumi.StringOutput
- type LookupWebIamPolicyArgs
- type LookupWebIamPolicyOutputArgs
- type LookupWebIamPolicyResult
- type LookupWebIamPolicyResultOutput
- func (LookupWebIamPolicyResultOutput) ElementType() reflect.Type
- func (o LookupWebIamPolicyResultOutput) Etag() pulumi.StringOutput
- func (o LookupWebIamPolicyResultOutput) Id() pulumi.StringOutput
- func (o LookupWebIamPolicyResultOutput) PolicyData() pulumi.StringOutput
- func (o LookupWebIamPolicyResultOutput) Project() pulumi.StringOutput
- func (o LookupWebIamPolicyResultOutput) ToLookupWebIamPolicyResultOutput() LookupWebIamPolicyResultOutput
- func (o LookupWebIamPolicyResultOutput) ToLookupWebIamPolicyResultOutputWithContext(ctx context.Context) LookupWebIamPolicyResultOutput
- type LookupWebTypeComputeIamPolicyArgs
- type LookupWebTypeComputeIamPolicyOutputArgs
- type LookupWebTypeComputeIamPolicyResult
- type LookupWebTypeComputeIamPolicyResultOutput
- func (LookupWebTypeComputeIamPolicyResultOutput) ElementType() reflect.Type
- func (o LookupWebTypeComputeIamPolicyResultOutput) Etag() pulumi.StringOutput
- func (o LookupWebTypeComputeIamPolicyResultOutput) Id() pulumi.StringOutput
- func (o LookupWebTypeComputeIamPolicyResultOutput) PolicyData() pulumi.StringOutput
- func (o LookupWebTypeComputeIamPolicyResultOutput) Project() pulumi.StringOutput
- func (o LookupWebTypeComputeIamPolicyResultOutput) ToLookupWebTypeComputeIamPolicyResultOutput() LookupWebTypeComputeIamPolicyResultOutput
- func (o LookupWebTypeComputeIamPolicyResultOutput) ToLookupWebTypeComputeIamPolicyResultOutputWithContext(ctx context.Context) LookupWebTypeComputeIamPolicyResultOutput
- type TunnelIamBinding
- type TunnelIamBindingArgs
- type TunnelIamBindingArray
- type TunnelIamBindingArrayInput
- type TunnelIamBindingArrayOutput
- func (TunnelIamBindingArrayOutput) ElementType() reflect.Type
- func (o TunnelIamBindingArrayOutput) Index(i pulumi.IntInput) TunnelIamBindingOutput
- func (o TunnelIamBindingArrayOutput) ToTunnelIamBindingArrayOutput() TunnelIamBindingArrayOutput
- func (o TunnelIamBindingArrayOutput) ToTunnelIamBindingArrayOutputWithContext(ctx context.Context) TunnelIamBindingArrayOutput
- type TunnelIamBindingCondition
- type TunnelIamBindingConditionArgs
- func (TunnelIamBindingConditionArgs) ElementType() reflect.Type
- func (i TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionOutput() TunnelIamBindingConditionOutput
- func (i TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionOutputWithContext(ctx context.Context) TunnelIamBindingConditionOutput
- func (i TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionPtrOutput() TunnelIamBindingConditionPtrOutput
- func (i TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionPtrOutputWithContext(ctx context.Context) TunnelIamBindingConditionPtrOutput
- type TunnelIamBindingConditionInput
- type TunnelIamBindingConditionOutput
- func (o TunnelIamBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (TunnelIamBindingConditionOutput) ElementType() reflect.Type
- func (o TunnelIamBindingConditionOutput) Expression() pulumi.StringOutput
- func (o TunnelIamBindingConditionOutput) Title() pulumi.StringOutput
- func (o TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionOutput() TunnelIamBindingConditionOutput
- func (o TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionOutputWithContext(ctx context.Context) TunnelIamBindingConditionOutput
- func (o TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionPtrOutput() TunnelIamBindingConditionPtrOutput
- func (o TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionPtrOutputWithContext(ctx context.Context) TunnelIamBindingConditionPtrOutput
- type TunnelIamBindingConditionPtrInput
- type TunnelIamBindingConditionPtrOutput
- func (o TunnelIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o TunnelIamBindingConditionPtrOutput) Elem() TunnelIamBindingConditionOutput
- func (TunnelIamBindingConditionPtrOutput) ElementType() reflect.Type
- func (o TunnelIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o TunnelIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o TunnelIamBindingConditionPtrOutput) ToTunnelIamBindingConditionPtrOutput() TunnelIamBindingConditionPtrOutput
- func (o TunnelIamBindingConditionPtrOutput) ToTunnelIamBindingConditionPtrOutputWithContext(ctx context.Context) TunnelIamBindingConditionPtrOutput
- type TunnelIamBindingInput
- type TunnelIamBindingMap
- type TunnelIamBindingMapInput
- type TunnelIamBindingMapOutput
- func (TunnelIamBindingMapOutput) ElementType() reflect.Type
- func (o TunnelIamBindingMapOutput) MapIndex(k pulumi.StringInput) TunnelIamBindingOutput
- func (o TunnelIamBindingMapOutput) ToTunnelIamBindingMapOutput() TunnelIamBindingMapOutput
- func (o TunnelIamBindingMapOutput) ToTunnelIamBindingMapOutputWithContext(ctx context.Context) TunnelIamBindingMapOutput
- type TunnelIamBindingOutput
- func (o TunnelIamBindingOutput) Condition() TunnelIamBindingConditionPtrOutput
- func (TunnelIamBindingOutput) ElementType() reflect.Type
- func (o TunnelIamBindingOutput) Etag() pulumi.StringOutput
- func (o TunnelIamBindingOutput) Members() pulumi.StringArrayOutput
- func (o TunnelIamBindingOutput) Project() pulumi.StringOutput
- func (o TunnelIamBindingOutput) Role() pulumi.StringOutput
- func (o TunnelIamBindingOutput) ToTunnelIamBindingOutput() TunnelIamBindingOutput
- func (o TunnelIamBindingOutput) ToTunnelIamBindingOutputWithContext(ctx context.Context) TunnelIamBindingOutput
- type TunnelIamBindingState
- type TunnelIamMember
- type TunnelIamMemberArgs
- type TunnelIamMemberArray
- type TunnelIamMemberArrayInput
- type TunnelIamMemberArrayOutput
- func (TunnelIamMemberArrayOutput) ElementType() reflect.Type
- func (o TunnelIamMemberArrayOutput) Index(i pulumi.IntInput) TunnelIamMemberOutput
- func (o TunnelIamMemberArrayOutput) ToTunnelIamMemberArrayOutput() TunnelIamMemberArrayOutput
- func (o TunnelIamMemberArrayOutput) ToTunnelIamMemberArrayOutputWithContext(ctx context.Context) TunnelIamMemberArrayOutput
- type TunnelIamMemberCondition
- type TunnelIamMemberConditionArgs
- func (TunnelIamMemberConditionArgs) ElementType() reflect.Type
- func (i TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionOutput() TunnelIamMemberConditionOutput
- func (i TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionOutputWithContext(ctx context.Context) TunnelIamMemberConditionOutput
- func (i TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionPtrOutput() TunnelIamMemberConditionPtrOutput
- func (i TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionPtrOutputWithContext(ctx context.Context) TunnelIamMemberConditionPtrOutput
- type TunnelIamMemberConditionInput
- type TunnelIamMemberConditionOutput
- func (o TunnelIamMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (TunnelIamMemberConditionOutput) ElementType() reflect.Type
- func (o TunnelIamMemberConditionOutput) Expression() pulumi.StringOutput
- func (o TunnelIamMemberConditionOutput) Title() pulumi.StringOutput
- func (o TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionOutput() TunnelIamMemberConditionOutput
- func (o TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionOutputWithContext(ctx context.Context) TunnelIamMemberConditionOutput
- func (o TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionPtrOutput() TunnelIamMemberConditionPtrOutput
- func (o TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionPtrOutputWithContext(ctx context.Context) TunnelIamMemberConditionPtrOutput
- type TunnelIamMemberConditionPtrInput
- type TunnelIamMemberConditionPtrOutput
- func (o TunnelIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o TunnelIamMemberConditionPtrOutput) Elem() TunnelIamMemberConditionOutput
- func (TunnelIamMemberConditionPtrOutput) ElementType() reflect.Type
- func (o TunnelIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o TunnelIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o TunnelIamMemberConditionPtrOutput) ToTunnelIamMemberConditionPtrOutput() TunnelIamMemberConditionPtrOutput
- func (o TunnelIamMemberConditionPtrOutput) ToTunnelIamMemberConditionPtrOutputWithContext(ctx context.Context) TunnelIamMemberConditionPtrOutput
- type TunnelIamMemberInput
- type TunnelIamMemberMap
- type TunnelIamMemberMapInput
- type TunnelIamMemberMapOutput
- func (TunnelIamMemberMapOutput) ElementType() reflect.Type
- func (o TunnelIamMemberMapOutput) MapIndex(k pulumi.StringInput) TunnelIamMemberOutput
- func (o TunnelIamMemberMapOutput) ToTunnelIamMemberMapOutput() TunnelIamMemberMapOutput
- func (o TunnelIamMemberMapOutput) ToTunnelIamMemberMapOutputWithContext(ctx context.Context) TunnelIamMemberMapOutput
- type TunnelIamMemberOutput
- func (o TunnelIamMemberOutput) Condition() TunnelIamMemberConditionPtrOutput
- func (TunnelIamMemberOutput) ElementType() reflect.Type
- func (o TunnelIamMemberOutput) Etag() pulumi.StringOutput
- func (o TunnelIamMemberOutput) Member() pulumi.StringOutput
- func (o TunnelIamMemberOutput) Project() pulumi.StringOutput
- func (o TunnelIamMemberOutput) Role() pulumi.StringOutput
- func (o TunnelIamMemberOutput) ToTunnelIamMemberOutput() TunnelIamMemberOutput
- func (o TunnelIamMemberOutput) ToTunnelIamMemberOutputWithContext(ctx context.Context) TunnelIamMemberOutput
- type TunnelIamMemberState
- type TunnelIamPolicy
- type TunnelIamPolicyArgs
- type TunnelIamPolicyArray
- type TunnelIamPolicyArrayInput
- type TunnelIamPolicyArrayOutput
- func (TunnelIamPolicyArrayOutput) ElementType() reflect.Type
- func (o TunnelIamPolicyArrayOutput) Index(i pulumi.IntInput) TunnelIamPolicyOutput
- func (o TunnelIamPolicyArrayOutput) ToTunnelIamPolicyArrayOutput() TunnelIamPolicyArrayOutput
- func (o TunnelIamPolicyArrayOutput) ToTunnelIamPolicyArrayOutputWithContext(ctx context.Context) TunnelIamPolicyArrayOutput
- type TunnelIamPolicyInput
- type TunnelIamPolicyMap
- type TunnelIamPolicyMapInput
- type TunnelIamPolicyMapOutput
- func (TunnelIamPolicyMapOutput) ElementType() reflect.Type
- func (o TunnelIamPolicyMapOutput) MapIndex(k pulumi.StringInput) TunnelIamPolicyOutput
- func (o TunnelIamPolicyMapOutput) ToTunnelIamPolicyMapOutput() TunnelIamPolicyMapOutput
- func (o TunnelIamPolicyMapOutput) ToTunnelIamPolicyMapOutputWithContext(ctx context.Context) TunnelIamPolicyMapOutput
- type TunnelIamPolicyOutput
- func (TunnelIamPolicyOutput) ElementType() reflect.Type
- func (o TunnelIamPolicyOutput) Etag() pulumi.StringOutput
- func (o TunnelIamPolicyOutput) PolicyData() pulumi.StringOutput
- func (o TunnelIamPolicyOutput) Project() pulumi.StringOutput
- func (o TunnelIamPolicyOutput) ToTunnelIamPolicyOutput() TunnelIamPolicyOutput
- func (o TunnelIamPolicyOutput) ToTunnelIamPolicyOutputWithContext(ctx context.Context) TunnelIamPolicyOutput
- type TunnelIamPolicyState
- type TunnelInstanceIAMBinding
- type TunnelInstanceIAMBindingArgs
- type TunnelInstanceIAMBindingArray
- func (TunnelInstanceIAMBindingArray) ElementType() reflect.Type
- func (i TunnelInstanceIAMBindingArray) ToTunnelInstanceIAMBindingArrayOutput() TunnelInstanceIAMBindingArrayOutput
- func (i TunnelInstanceIAMBindingArray) ToTunnelInstanceIAMBindingArrayOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingArrayOutput
- type TunnelInstanceIAMBindingArrayInput
- type TunnelInstanceIAMBindingArrayOutput
- func (TunnelInstanceIAMBindingArrayOutput) ElementType() reflect.Type
- func (o TunnelInstanceIAMBindingArrayOutput) Index(i pulumi.IntInput) TunnelInstanceIAMBindingOutput
- func (o TunnelInstanceIAMBindingArrayOutput) ToTunnelInstanceIAMBindingArrayOutput() TunnelInstanceIAMBindingArrayOutput
- func (o TunnelInstanceIAMBindingArrayOutput) ToTunnelInstanceIAMBindingArrayOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingArrayOutput
- type TunnelInstanceIAMBindingCondition
- type TunnelInstanceIAMBindingConditionArgs
- func (TunnelInstanceIAMBindingConditionArgs) ElementType() reflect.Type
- func (i TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionOutput() TunnelInstanceIAMBindingConditionOutput
- func (i TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionOutput
- func (i TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionPtrOutput() TunnelInstanceIAMBindingConditionPtrOutput
- func (i TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionPtrOutput
- type TunnelInstanceIAMBindingConditionInput
- type TunnelInstanceIAMBindingConditionOutput
- func (o TunnelInstanceIAMBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (TunnelInstanceIAMBindingConditionOutput) ElementType() reflect.Type
- func (o TunnelInstanceIAMBindingConditionOutput) Expression() pulumi.StringOutput
- func (o TunnelInstanceIAMBindingConditionOutput) Title() pulumi.StringOutput
- func (o TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionOutput() TunnelInstanceIAMBindingConditionOutput
- func (o TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionOutput
- func (o TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionPtrOutput() TunnelInstanceIAMBindingConditionPtrOutput
- func (o TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionPtrOutput
- type TunnelInstanceIAMBindingConditionPtrInput
- type TunnelInstanceIAMBindingConditionPtrOutput
- func (o TunnelInstanceIAMBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o TunnelInstanceIAMBindingConditionPtrOutput) Elem() TunnelInstanceIAMBindingConditionOutput
- func (TunnelInstanceIAMBindingConditionPtrOutput) ElementType() reflect.Type
- func (o TunnelInstanceIAMBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o TunnelInstanceIAMBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o TunnelInstanceIAMBindingConditionPtrOutput) ToTunnelInstanceIAMBindingConditionPtrOutput() TunnelInstanceIAMBindingConditionPtrOutput
- func (o TunnelInstanceIAMBindingConditionPtrOutput) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionPtrOutput
- type TunnelInstanceIAMBindingInput
- type TunnelInstanceIAMBindingMap
- func (TunnelInstanceIAMBindingMap) ElementType() reflect.Type
- func (i TunnelInstanceIAMBindingMap) ToTunnelInstanceIAMBindingMapOutput() TunnelInstanceIAMBindingMapOutput
- func (i TunnelInstanceIAMBindingMap) ToTunnelInstanceIAMBindingMapOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingMapOutput
- type TunnelInstanceIAMBindingMapInput
- type TunnelInstanceIAMBindingMapOutput
- func (TunnelInstanceIAMBindingMapOutput) ElementType() reflect.Type
- func (o TunnelInstanceIAMBindingMapOutput) MapIndex(k pulumi.StringInput) TunnelInstanceIAMBindingOutput
- func (o TunnelInstanceIAMBindingMapOutput) ToTunnelInstanceIAMBindingMapOutput() TunnelInstanceIAMBindingMapOutput
- func (o TunnelInstanceIAMBindingMapOutput) ToTunnelInstanceIAMBindingMapOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingMapOutput
- type TunnelInstanceIAMBindingOutput
- func (o TunnelInstanceIAMBindingOutput) Condition() TunnelInstanceIAMBindingConditionPtrOutput
- func (TunnelInstanceIAMBindingOutput) ElementType() reflect.Type
- func (o TunnelInstanceIAMBindingOutput) Etag() pulumi.StringOutput
- func (o TunnelInstanceIAMBindingOutput) Instance() pulumi.StringOutput
- func (o TunnelInstanceIAMBindingOutput) Members() pulumi.StringArrayOutput
- func (o TunnelInstanceIAMBindingOutput) Project() pulumi.StringOutput
- func (o TunnelInstanceIAMBindingOutput) Role() pulumi.StringOutput
- func (o TunnelInstanceIAMBindingOutput) ToTunnelInstanceIAMBindingOutput() TunnelInstanceIAMBindingOutput
- func (o TunnelInstanceIAMBindingOutput) ToTunnelInstanceIAMBindingOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingOutput
- func (o TunnelInstanceIAMBindingOutput) Zone() pulumi.StringOutput
- type TunnelInstanceIAMBindingState
- type TunnelInstanceIAMMember
- type TunnelInstanceIAMMemberArgs
- type TunnelInstanceIAMMemberArray
- func (TunnelInstanceIAMMemberArray) ElementType() reflect.Type
- func (i TunnelInstanceIAMMemberArray) ToTunnelInstanceIAMMemberArrayOutput() TunnelInstanceIAMMemberArrayOutput
- func (i TunnelInstanceIAMMemberArray) ToTunnelInstanceIAMMemberArrayOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberArrayOutput
- type TunnelInstanceIAMMemberArrayInput
- type TunnelInstanceIAMMemberArrayOutput
- func (TunnelInstanceIAMMemberArrayOutput) ElementType() reflect.Type
- func (o TunnelInstanceIAMMemberArrayOutput) Index(i pulumi.IntInput) TunnelInstanceIAMMemberOutput
- func (o TunnelInstanceIAMMemberArrayOutput) ToTunnelInstanceIAMMemberArrayOutput() TunnelInstanceIAMMemberArrayOutput
- func (o TunnelInstanceIAMMemberArrayOutput) ToTunnelInstanceIAMMemberArrayOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberArrayOutput
- type TunnelInstanceIAMMemberCondition
- type TunnelInstanceIAMMemberConditionArgs
- func (TunnelInstanceIAMMemberConditionArgs) ElementType() reflect.Type
- func (i TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionOutput() TunnelInstanceIAMMemberConditionOutput
- func (i TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionOutput
- func (i TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionPtrOutput() TunnelInstanceIAMMemberConditionPtrOutput
- func (i TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionPtrOutput
- type TunnelInstanceIAMMemberConditionInput
- type TunnelInstanceIAMMemberConditionOutput
- func (o TunnelInstanceIAMMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (TunnelInstanceIAMMemberConditionOutput) ElementType() reflect.Type
- func (o TunnelInstanceIAMMemberConditionOutput) Expression() pulumi.StringOutput
- func (o TunnelInstanceIAMMemberConditionOutput) Title() pulumi.StringOutput
- func (o TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionOutput() TunnelInstanceIAMMemberConditionOutput
- func (o TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionOutput
- func (o TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionPtrOutput() TunnelInstanceIAMMemberConditionPtrOutput
- func (o TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionPtrOutput
- type TunnelInstanceIAMMemberConditionPtrInput
- type TunnelInstanceIAMMemberConditionPtrOutput
- func (o TunnelInstanceIAMMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o TunnelInstanceIAMMemberConditionPtrOutput) Elem() TunnelInstanceIAMMemberConditionOutput
- func (TunnelInstanceIAMMemberConditionPtrOutput) ElementType() reflect.Type
- func (o TunnelInstanceIAMMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o TunnelInstanceIAMMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o TunnelInstanceIAMMemberConditionPtrOutput) ToTunnelInstanceIAMMemberConditionPtrOutput() TunnelInstanceIAMMemberConditionPtrOutput
- func (o TunnelInstanceIAMMemberConditionPtrOutput) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionPtrOutput
- type TunnelInstanceIAMMemberInput
- type TunnelInstanceIAMMemberMap
- func (TunnelInstanceIAMMemberMap) ElementType() reflect.Type
- func (i TunnelInstanceIAMMemberMap) ToTunnelInstanceIAMMemberMapOutput() TunnelInstanceIAMMemberMapOutput
- func (i TunnelInstanceIAMMemberMap) ToTunnelInstanceIAMMemberMapOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberMapOutput
- type TunnelInstanceIAMMemberMapInput
- type TunnelInstanceIAMMemberMapOutput
- func (TunnelInstanceIAMMemberMapOutput) ElementType() reflect.Type
- func (o TunnelInstanceIAMMemberMapOutput) MapIndex(k pulumi.StringInput) TunnelInstanceIAMMemberOutput
- func (o TunnelInstanceIAMMemberMapOutput) ToTunnelInstanceIAMMemberMapOutput() TunnelInstanceIAMMemberMapOutput
- func (o TunnelInstanceIAMMemberMapOutput) ToTunnelInstanceIAMMemberMapOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberMapOutput
- type TunnelInstanceIAMMemberOutput
- func (o TunnelInstanceIAMMemberOutput) Condition() TunnelInstanceIAMMemberConditionPtrOutput
- func (TunnelInstanceIAMMemberOutput) ElementType() reflect.Type
- func (o TunnelInstanceIAMMemberOutput) Etag() pulumi.StringOutput
- func (o TunnelInstanceIAMMemberOutput) Instance() pulumi.StringOutput
- func (o TunnelInstanceIAMMemberOutput) Member() pulumi.StringOutput
- func (o TunnelInstanceIAMMemberOutput) Project() pulumi.StringOutput
- func (o TunnelInstanceIAMMemberOutput) Role() pulumi.StringOutput
- func (o TunnelInstanceIAMMemberOutput) ToTunnelInstanceIAMMemberOutput() TunnelInstanceIAMMemberOutput
- func (o TunnelInstanceIAMMemberOutput) ToTunnelInstanceIAMMemberOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberOutput
- func (o TunnelInstanceIAMMemberOutput) Zone() pulumi.StringOutput
- type TunnelInstanceIAMMemberState
- type TunnelInstanceIAMPolicy
- type TunnelInstanceIAMPolicyArgs
- type TunnelInstanceIAMPolicyArray
- func (TunnelInstanceIAMPolicyArray) ElementType() reflect.Type
- func (i TunnelInstanceIAMPolicyArray) ToTunnelInstanceIAMPolicyArrayOutput() TunnelInstanceIAMPolicyArrayOutput
- func (i TunnelInstanceIAMPolicyArray) ToTunnelInstanceIAMPolicyArrayOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyArrayOutput
- type TunnelInstanceIAMPolicyArrayInput
- type TunnelInstanceIAMPolicyArrayOutput
- func (TunnelInstanceIAMPolicyArrayOutput) ElementType() reflect.Type
- func (o TunnelInstanceIAMPolicyArrayOutput) Index(i pulumi.IntInput) TunnelInstanceIAMPolicyOutput
- func (o TunnelInstanceIAMPolicyArrayOutput) ToTunnelInstanceIAMPolicyArrayOutput() TunnelInstanceIAMPolicyArrayOutput
- func (o TunnelInstanceIAMPolicyArrayOutput) ToTunnelInstanceIAMPolicyArrayOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyArrayOutput
- type TunnelInstanceIAMPolicyInput
- type TunnelInstanceIAMPolicyMap
- func (TunnelInstanceIAMPolicyMap) ElementType() reflect.Type
- func (i TunnelInstanceIAMPolicyMap) ToTunnelInstanceIAMPolicyMapOutput() TunnelInstanceIAMPolicyMapOutput
- func (i TunnelInstanceIAMPolicyMap) ToTunnelInstanceIAMPolicyMapOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyMapOutput
- type TunnelInstanceIAMPolicyMapInput
- type TunnelInstanceIAMPolicyMapOutput
- func (TunnelInstanceIAMPolicyMapOutput) ElementType() reflect.Type
- func (o TunnelInstanceIAMPolicyMapOutput) MapIndex(k pulumi.StringInput) TunnelInstanceIAMPolicyOutput
- func (o TunnelInstanceIAMPolicyMapOutput) ToTunnelInstanceIAMPolicyMapOutput() TunnelInstanceIAMPolicyMapOutput
- func (o TunnelInstanceIAMPolicyMapOutput) ToTunnelInstanceIAMPolicyMapOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyMapOutput
- type TunnelInstanceIAMPolicyOutput
- func (TunnelInstanceIAMPolicyOutput) ElementType() reflect.Type
- func (o TunnelInstanceIAMPolicyOutput) Etag() pulumi.StringOutput
- func (o TunnelInstanceIAMPolicyOutput) Instance() pulumi.StringOutput
- func (o TunnelInstanceIAMPolicyOutput) PolicyData() pulumi.StringOutput
- func (o TunnelInstanceIAMPolicyOutput) Project() pulumi.StringOutput
- func (o TunnelInstanceIAMPolicyOutput) ToTunnelInstanceIAMPolicyOutput() TunnelInstanceIAMPolicyOutput
- func (o TunnelInstanceIAMPolicyOutput) ToTunnelInstanceIAMPolicyOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyOutput
- func (o TunnelInstanceIAMPolicyOutput) Zone() pulumi.StringOutput
- type TunnelInstanceIAMPolicyState
- type WebBackendServiceIamBinding
- func (*WebBackendServiceIamBinding) ElementType() reflect.Type
- func (i *WebBackendServiceIamBinding) ToWebBackendServiceIamBindingOutput() WebBackendServiceIamBindingOutput
- func (i *WebBackendServiceIamBinding) ToWebBackendServiceIamBindingOutputWithContext(ctx context.Context) WebBackendServiceIamBindingOutput
- type WebBackendServiceIamBindingArgs
- type WebBackendServiceIamBindingArray
- func (WebBackendServiceIamBindingArray) ElementType() reflect.Type
- func (i WebBackendServiceIamBindingArray) ToWebBackendServiceIamBindingArrayOutput() WebBackendServiceIamBindingArrayOutput
- func (i WebBackendServiceIamBindingArray) ToWebBackendServiceIamBindingArrayOutputWithContext(ctx context.Context) WebBackendServiceIamBindingArrayOutput
- type WebBackendServiceIamBindingArrayInput
- type WebBackendServiceIamBindingArrayOutput
- func (WebBackendServiceIamBindingArrayOutput) ElementType() reflect.Type
- func (o WebBackendServiceIamBindingArrayOutput) Index(i pulumi.IntInput) WebBackendServiceIamBindingOutput
- func (o WebBackendServiceIamBindingArrayOutput) ToWebBackendServiceIamBindingArrayOutput() WebBackendServiceIamBindingArrayOutput
- func (o WebBackendServiceIamBindingArrayOutput) ToWebBackendServiceIamBindingArrayOutputWithContext(ctx context.Context) WebBackendServiceIamBindingArrayOutput
- type WebBackendServiceIamBindingCondition
- type WebBackendServiceIamBindingConditionArgs
- func (WebBackendServiceIamBindingConditionArgs) ElementType() reflect.Type
- func (i WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionOutput() WebBackendServiceIamBindingConditionOutput
- func (i WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionOutput
- func (i WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionPtrOutput() WebBackendServiceIamBindingConditionPtrOutput
- func (i WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionPtrOutput
- type WebBackendServiceIamBindingConditionInput
- type WebBackendServiceIamBindingConditionOutput
- func (o WebBackendServiceIamBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (WebBackendServiceIamBindingConditionOutput) ElementType() reflect.Type
- func (o WebBackendServiceIamBindingConditionOutput) Expression() pulumi.StringOutput
- func (o WebBackendServiceIamBindingConditionOutput) Title() pulumi.StringOutput
- func (o WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionOutput() WebBackendServiceIamBindingConditionOutput
- func (o WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionOutput
- func (o WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionPtrOutput() WebBackendServiceIamBindingConditionPtrOutput
- func (o WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionPtrOutput
- type WebBackendServiceIamBindingConditionPtrInput
- type WebBackendServiceIamBindingConditionPtrOutput
- func (o WebBackendServiceIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o WebBackendServiceIamBindingConditionPtrOutput) Elem() WebBackendServiceIamBindingConditionOutput
- func (WebBackendServiceIamBindingConditionPtrOutput) ElementType() reflect.Type
- func (o WebBackendServiceIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o WebBackendServiceIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o WebBackendServiceIamBindingConditionPtrOutput) ToWebBackendServiceIamBindingConditionPtrOutput() WebBackendServiceIamBindingConditionPtrOutput
- func (o WebBackendServiceIamBindingConditionPtrOutput) ToWebBackendServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionPtrOutput
- type WebBackendServiceIamBindingInput
- type WebBackendServiceIamBindingMap
- func (WebBackendServiceIamBindingMap) ElementType() reflect.Type
- func (i WebBackendServiceIamBindingMap) ToWebBackendServiceIamBindingMapOutput() WebBackendServiceIamBindingMapOutput
- func (i WebBackendServiceIamBindingMap) ToWebBackendServiceIamBindingMapOutputWithContext(ctx context.Context) WebBackendServiceIamBindingMapOutput
- type WebBackendServiceIamBindingMapInput
- type WebBackendServiceIamBindingMapOutput
- func (WebBackendServiceIamBindingMapOutput) ElementType() reflect.Type
- func (o WebBackendServiceIamBindingMapOutput) MapIndex(k pulumi.StringInput) WebBackendServiceIamBindingOutput
- func (o WebBackendServiceIamBindingMapOutput) ToWebBackendServiceIamBindingMapOutput() WebBackendServiceIamBindingMapOutput
- func (o WebBackendServiceIamBindingMapOutput) ToWebBackendServiceIamBindingMapOutputWithContext(ctx context.Context) WebBackendServiceIamBindingMapOutput
- type WebBackendServiceIamBindingOutput
- func (o WebBackendServiceIamBindingOutput) Condition() WebBackendServiceIamBindingConditionPtrOutput
- func (WebBackendServiceIamBindingOutput) ElementType() reflect.Type
- func (o WebBackendServiceIamBindingOutput) Etag() pulumi.StringOutput
- func (o WebBackendServiceIamBindingOutput) Members() pulumi.StringArrayOutput
- func (o WebBackendServiceIamBindingOutput) Project() pulumi.StringOutput
- func (o WebBackendServiceIamBindingOutput) Role() pulumi.StringOutput
- func (o WebBackendServiceIamBindingOutput) ToWebBackendServiceIamBindingOutput() WebBackendServiceIamBindingOutput
- func (o WebBackendServiceIamBindingOutput) ToWebBackendServiceIamBindingOutputWithContext(ctx context.Context) WebBackendServiceIamBindingOutput
- func (o WebBackendServiceIamBindingOutput) WebBackendService() pulumi.StringOutput
- type WebBackendServiceIamBindingState
- type WebBackendServiceIamMember
- func (*WebBackendServiceIamMember) ElementType() reflect.Type
- func (i *WebBackendServiceIamMember) ToWebBackendServiceIamMemberOutput() WebBackendServiceIamMemberOutput
- func (i *WebBackendServiceIamMember) ToWebBackendServiceIamMemberOutputWithContext(ctx context.Context) WebBackendServiceIamMemberOutput
- type WebBackendServiceIamMemberArgs
- type WebBackendServiceIamMemberArray
- func (WebBackendServiceIamMemberArray) ElementType() reflect.Type
- func (i WebBackendServiceIamMemberArray) ToWebBackendServiceIamMemberArrayOutput() WebBackendServiceIamMemberArrayOutput
- func (i WebBackendServiceIamMemberArray) ToWebBackendServiceIamMemberArrayOutputWithContext(ctx context.Context) WebBackendServiceIamMemberArrayOutput
- type WebBackendServiceIamMemberArrayInput
- type WebBackendServiceIamMemberArrayOutput
- func (WebBackendServiceIamMemberArrayOutput) ElementType() reflect.Type
- func (o WebBackendServiceIamMemberArrayOutput) Index(i pulumi.IntInput) WebBackendServiceIamMemberOutput
- func (o WebBackendServiceIamMemberArrayOutput) ToWebBackendServiceIamMemberArrayOutput() WebBackendServiceIamMemberArrayOutput
- func (o WebBackendServiceIamMemberArrayOutput) ToWebBackendServiceIamMemberArrayOutputWithContext(ctx context.Context) WebBackendServiceIamMemberArrayOutput
- type WebBackendServiceIamMemberCondition
- type WebBackendServiceIamMemberConditionArgs
- func (WebBackendServiceIamMemberConditionArgs) ElementType() reflect.Type
- func (i WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionOutput() WebBackendServiceIamMemberConditionOutput
- func (i WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionOutput
- func (i WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionPtrOutput() WebBackendServiceIamMemberConditionPtrOutput
- func (i WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionPtrOutput
- type WebBackendServiceIamMemberConditionInput
- type WebBackendServiceIamMemberConditionOutput
- func (o WebBackendServiceIamMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (WebBackendServiceIamMemberConditionOutput) ElementType() reflect.Type
- func (o WebBackendServiceIamMemberConditionOutput) Expression() pulumi.StringOutput
- func (o WebBackendServiceIamMemberConditionOutput) Title() pulumi.StringOutput
- func (o WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionOutput() WebBackendServiceIamMemberConditionOutput
- func (o WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionOutput
- func (o WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionPtrOutput() WebBackendServiceIamMemberConditionPtrOutput
- func (o WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionPtrOutput
- type WebBackendServiceIamMemberConditionPtrInput
- type WebBackendServiceIamMemberConditionPtrOutput
- func (o WebBackendServiceIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o WebBackendServiceIamMemberConditionPtrOutput) Elem() WebBackendServiceIamMemberConditionOutput
- func (WebBackendServiceIamMemberConditionPtrOutput) ElementType() reflect.Type
- func (o WebBackendServiceIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o WebBackendServiceIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o WebBackendServiceIamMemberConditionPtrOutput) ToWebBackendServiceIamMemberConditionPtrOutput() WebBackendServiceIamMemberConditionPtrOutput
- func (o WebBackendServiceIamMemberConditionPtrOutput) ToWebBackendServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionPtrOutput
- type WebBackendServiceIamMemberInput
- type WebBackendServiceIamMemberMap
- func (WebBackendServiceIamMemberMap) ElementType() reflect.Type
- func (i WebBackendServiceIamMemberMap) ToWebBackendServiceIamMemberMapOutput() WebBackendServiceIamMemberMapOutput
- func (i WebBackendServiceIamMemberMap) ToWebBackendServiceIamMemberMapOutputWithContext(ctx context.Context) WebBackendServiceIamMemberMapOutput
- type WebBackendServiceIamMemberMapInput
- type WebBackendServiceIamMemberMapOutput
- func (WebBackendServiceIamMemberMapOutput) ElementType() reflect.Type
- func (o WebBackendServiceIamMemberMapOutput) MapIndex(k pulumi.StringInput) WebBackendServiceIamMemberOutput
- func (o WebBackendServiceIamMemberMapOutput) ToWebBackendServiceIamMemberMapOutput() WebBackendServiceIamMemberMapOutput
- func (o WebBackendServiceIamMemberMapOutput) ToWebBackendServiceIamMemberMapOutputWithContext(ctx context.Context) WebBackendServiceIamMemberMapOutput
- type WebBackendServiceIamMemberOutput
- func (o WebBackendServiceIamMemberOutput) Condition() WebBackendServiceIamMemberConditionPtrOutput
- func (WebBackendServiceIamMemberOutput) ElementType() reflect.Type
- func (o WebBackendServiceIamMemberOutput) Etag() pulumi.StringOutput
- func (o WebBackendServiceIamMemberOutput) Member() pulumi.StringOutput
- func (o WebBackendServiceIamMemberOutput) Project() pulumi.StringOutput
- func (o WebBackendServiceIamMemberOutput) Role() pulumi.StringOutput
- func (o WebBackendServiceIamMemberOutput) ToWebBackendServiceIamMemberOutput() WebBackendServiceIamMemberOutput
- func (o WebBackendServiceIamMemberOutput) ToWebBackendServiceIamMemberOutputWithContext(ctx context.Context) WebBackendServiceIamMemberOutput
- func (o WebBackendServiceIamMemberOutput) WebBackendService() pulumi.StringOutput
- type WebBackendServiceIamMemberState
- type WebBackendServiceIamPolicy
- func (*WebBackendServiceIamPolicy) ElementType() reflect.Type
- func (i *WebBackendServiceIamPolicy) ToWebBackendServiceIamPolicyOutput() WebBackendServiceIamPolicyOutput
- func (i *WebBackendServiceIamPolicy) ToWebBackendServiceIamPolicyOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyOutput
- type WebBackendServiceIamPolicyArgs
- type WebBackendServiceIamPolicyArray
- func (WebBackendServiceIamPolicyArray) ElementType() reflect.Type
- func (i WebBackendServiceIamPolicyArray) ToWebBackendServiceIamPolicyArrayOutput() WebBackendServiceIamPolicyArrayOutput
- func (i WebBackendServiceIamPolicyArray) ToWebBackendServiceIamPolicyArrayOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyArrayOutput
- type WebBackendServiceIamPolicyArrayInput
- type WebBackendServiceIamPolicyArrayOutput
- func (WebBackendServiceIamPolicyArrayOutput) ElementType() reflect.Type
- func (o WebBackendServiceIamPolicyArrayOutput) Index(i pulumi.IntInput) WebBackendServiceIamPolicyOutput
- func (o WebBackendServiceIamPolicyArrayOutput) ToWebBackendServiceIamPolicyArrayOutput() WebBackendServiceIamPolicyArrayOutput
- func (o WebBackendServiceIamPolicyArrayOutput) ToWebBackendServiceIamPolicyArrayOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyArrayOutput
- type WebBackendServiceIamPolicyInput
- type WebBackendServiceIamPolicyMap
- func (WebBackendServiceIamPolicyMap) ElementType() reflect.Type
- func (i WebBackendServiceIamPolicyMap) ToWebBackendServiceIamPolicyMapOutput() WebBackendServiceIamPolicyMapOutput
- func (i WebBackendServiceIamPolicyMap) ToWebBackendServiceIamPolicyMapOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyMapOutput
- type WebBackendServiceIamPolicyMapInput
- type WebBackendServiceIamPolicyMapOutput
- func (WebBackendServiceIamPolicyMapOutput) ElementType() reflect.Type
- func (o WebBackendServiceIamPolicyMapOutput) MapIndex(k pulumi.StringInput) WebBackendServiceIamPolicyOutput
- func (o WebBackendServiceIamPolicyMapOutput) ToWebBackendServiceIamPolicyMapOutput() WebBackendServiceIamPolicyMapOutput
- func (o WebBackendServiceIamPolicyMapOutput) ToWebBackendServiceIamPolicyMapOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyMapOutput
- type WebBackendServiceIamPolicyOutput
- func (WebBackendServiceIamPolicyOutput) ElementType() reflect.Type
- func (o WebBackendServiceIamPolicyOutput) Etag() pulumi.StringOutput
- func (o WebBackendServiceIamPolicyOutput) PolicyData() pulumi.StringOutput
- func (o WebBackendServiceIamPolicyOutput) Project() pulumi.StringOutput
- func (o WebBackendServiceIamPolicyOutput) ToWebBackendServiceIamPolicyOutput() WebBackendServiceIamPolicyOutput
- func (o WebBackendServiceIamPolicyOutput) ToWebBackendServiceIamPolicyOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyOutput
- func (o WebBackendServiceIamPolicyOutput) WebBackendService() pulumi.StringOutput
- type WebBackendServiceIamPolicyState
- type WebIamBinding
- type WebIamBindingArgs
- type WebIamBindingArray
- type WebIamBindingArrayInput
- type WebIamBindingArrayOutput
- func (WebIamBindingArrayOutput) ElementType() reflect.Type
- func (o WebIamBindingArrayOutput) Index(i pulumi.IntInput) WebIamBindingOutput
- func (o WebIamBindingArrayOutput) ToWebIamBindingArrayOutput() WebIamBindingArrayOutput
- func (o WebIamBindingArrayOutput) ToWebIamBindingArrayOutputWithContext(ctx context.Context) WebIamBindingArrayOutput
- type WebIamBindingCondition
- type WebIamBindingConditionArgs
- func (WebIamBindingConditionArgs) ElementType() reflect.Type
- func (i WebIamBindingConditionArgs) ToWebIamBindingConditionOutput() WebIamBindingConditionOutput
- func (i WebIamBindingConditionArgs) ToWebIamBindingConditionOutputWithContext(ctx context.Context) WebIamBindingConditionOutput
- func (i WebIamBindingConditionArgs) ToWebIamBindingConditionPtrOutput() WebIamBindingConditionPtrOutput
- func (i WebIamBindingConditionArgs) ToWebIamBindingConditionPtrOutputWithContext(ctx context.Context) WebIamBindingConditionPtrOutput
- type WebIamBindingConditionInput
- type WebIamBindingConditionOutput
- func (o WebIamBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (WebIamBindingConditionOutput) ElementType() reflect.Type
- func (o WebIamBindingConditionOutput) Expression() pulumi.StringOutput
- func (o WebIamBindingConditionOutput) Title() pulumi.StringOutput
- func (o WebIamBindingConditionOutput) ToWebIamBindingConditionOutput() WebIamBindingConditionOutput
- func (o WebIamBindingConditionOutput) ToWebIamBindingConditionOutputWithContext(ctx context.Context) WebIamBindingConditionOutput
- func (o WebIamBindingConditionOutput) ToWebIamBindingConditionPtrOutput() WebIamBindingConditionPtrOutput
- func (o WebIamBindingConditionOutput) ToWebIamBindingConditionPtrOutputWithContext(ctx context.Context) WebIamBindingConditionPtrOutput
- type WebIamBindingConditionPtrInput
- type WebIamBindingConditionPtrOutput
- func (o WebIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o WebIamBindingConditionPtrOutput) Elem() WebIamBindingConditionOutput
- func (WebIamBindingConditionPtrOutput) ElementType() reflect.Type
- func (o WebIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o WebIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o WebIamBindingConditionPtrOutput) ToWebIamBindingConditionPtrOutput() WebIamBindingConditionPtrOutput
- func (o WebIamBindingConditionPtrOutput) ToWebIamBindingConditionPtrOutputWithContext(ctx context.Context) WebIamBindingConditionPtrOutput
- type WebIamBindingInput
- type WebIamBindingMap
- type WebIamBindingMapInput
- type WebIamBindingMapOutput
- func (WebIamBindingMapOutput) ElementType() reflect.Type
- func (o WebIamBindingMapOutput) MapIndex(k pulumi.StringInput) WebIamBindingOutput
- func (o WebIamBindingMapOutput) ToWebIamBindingMapOutput() WebIamBindingMapOutput
- func (o WebIamBindingMapOutput) ToWebIamBindingMapOutputWithContext(ctx context.Context) WebIamBindingMapOutput
- type WebIamBindingOutput
- func (o WebIamBindingOutput) Condition() WebIamBindingConditionPtrOutput
- func (WebIamBindingOutput) ElementType() reflect.Type
- func (o WebIamBindingOutput) Etag() pulumi.StringOutput
- func (o WebIamBindingOutput) Members() pulumi.StringArrayOutput
- func (o WebIamBindingOutput) Project() pulumi.StringOutput
- func (o WebIamBindingOutput) Role() pulumi.StringOutput
- func (o WebIamBindingOutput) ToWebIamBindingOutput() WebIamBindingOutput
- func (o WebIamBindingOutput) ToWebIamBindingOutputWithContext(ctx context.Context) WebIamBindingOutput
- type WebIamBindingState
- type WebIamMember
- type WebIamMemberArgs
- type WebIamMemberArray
- type WebIamMemberArrayInput
- type WebIamMemberArrayOutput
- func (WebIamMemberArrayOutput) ElementType() reflect.Type
- func (o WebIamMemberArrayOutput) Index(i pulumi.IntInput) WebIamMemberOutput
- func (o WebIamMemberArrayOutput) ToWebIamMemberArrayOutput() WebIamMemberArrayOutput
- func (o WebIamMemberArrayOutput) ToWebIamMemberArrayOutputWithContext(ctx context.Context) WebIamMemberArrayOutput
- type WebIamMemberCondition
- type WebIamMemberConditionArgs
- func (WebIamMemberConditionArgs) ElementType() reflect.Type
- func (i WebIamMemberConditionArgs) ToWebIamMemberConditionOutput() WebIamMemberConditionOutput
- func (i WebIamMemberConditionArgs) ToWebIamMemberConditionOutputWithContext(ctx context.Context) WebIamMemberConditionOutput
- func (i WebIamMemberConditionArgs) ToWebIamMemberConditionPtrOutput() WebIamMemberConditionPtrOutput
- func (i WebIamMemberConditionArgs) ToWebIamMemberConditionPtrOutputWithContext(ctx context.Context) WebIamMemberConditionPtrOutput
- type WebIamMemberConditionInput
- type WebIamMemberConditionOutput
- func (o WebIamMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (WebIamMemberConditionOutput) ElementType() reflect.Type
- func (o WebIamMemberConditionOutput) Expression() pulumi.StringOutput
- func (o WebIamMemberConditionOutput) Title() pulumi.StringOutput
- func (o WebIamMemberConditionOutput) ToWebIamMemberConditionOutput() WebIamMemberConditionOutput
- func (o WebIamMemberConditionOutput) ToWebIamMemberConditionOutputWithContext(ctx context.Context) WebIamMemberConditionOutput
- func (o WebIamMemberConditionOutput) ToWebIamMemberConditionPtrOutput() WebIamMemberConditionPtrOutput
- func (o WebIamMemberConditionOutput) ToWebIamMemberConditionPtrOutputWithContext(ctx context.Context) WebIamMemberConditionPtrOutput
- type WebIamMemberConditionPtrInput
- type WebIamMemberConditionPtrOutput
- func (o WebIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o WebIamMemberConditionPtrOutput) Elem() WebIamMemberConditionOutput
- func (WebIamMemberConditionPtrOutput) ElementType() reflect.Type
- func (o WebIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o WebIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o WebIamMemberConditionPtrOutput) ToWebIamMemberConditionPtrOutput() WebIamMemberConditionPtrOutput
- func (o WebIamMemberConditionPtrOutput) ToWebIamMemberConditionPtrOutputWithContext(ctx context.Context) WebIamMemberConditionPtrOutput
- type WebIamMemberInput
- type WebIamMemberMap
- type WebIamMemberMapInput
- type WebIamMemberMapOutput
- func (WebIamMemberMapOutput) ElementType() reflect.Type
- func (o WebIamMemberMapOutput) MapIndex(k pulumi.StringInput) WebIamMemberOutput
- func (o WebIamMemberMapOutput) ToWebIamMemberMapOutput() WebIamMemberMapOutput
- func (o WebIamMemberMapOutput) ToWebIamMemberMapOutputWithContext(ctx context.Context) WebIamMemberMapOutput
- type WebIamMemberOutput
- func (o WebIamMemberOutput) Condition() WebIamMemberConditionPtrOutput
- func (WebIamMemberOutput) ElementType() reflect.Type
- func (o WebIamMemberOutput) Etag() pulumi.StringOutput
- func (o WebIamMemberOutput) Member() pulumi.StringOutput
- func (o WebIamMemberOutput) Project() pulumi.StringOutput
- func (o WebIamMemberOutput) Role() pulumi.StringOutput
- func (o WebIamMemberOutput) ToWebIamMemberOutput() WebIamMemberOutput
- func (o WebIamMemberOutput) ToWebIamMemberOutputWithContext(ctx context.Context) WebIamMemberOutput
- type WebIamMemberState
- type WebIamPolicy
- type WebIamPolicyArgs
- type WebIamPolicyArray
- type WebIamPolicyArrayInput
- type WebIamPolicyArrayOutput
- func (WebIamPolicyArrayOutput) ElementType() reflect.Type
- func (o WebIamPolicyArrayOutput) Index(i pulumi.IntInput) WebIamPolicyOutput
- func (o WebIamPolicyArrayOutput) ToWebIamPolicyArrayOutput() WebIamPolicyArrayOutput
- func (o WebIamPolicyArrayOutput) ToWebIamPolicyArrayOutputWithContext(ctx context.Context) WebIamPolicyArrayOutput
- type WebIamPolicyInput
- type WebIamPolicyMap
- type WebIamPolicyMapInput
- type WebIamPolicyMapOutput
- func (WebIamPolicyMapOutput) ElementType() reflect.Type
- func (o WebIamPolicyMapOutput) MapIndex(k pulumi.StringInput) WebIamPolicyOutput
- func (o WebIamPolicyMapOutput) ToWebIamPolicyMapOutput() WebIamPolicyMapOutput
- func (o WebIamPolicyMapOutput) ToWebIamPolicyMapOutputWithContext(ctx context.Context) WebIamPolicyMapOutput
- type WebIamPolicyOutput
- func (WebIamPolicyOutput) ElementType() reflect.Type
- func (o WebIamPolicyOutput) Etag() pulumi.StringOutput
- func (o WebIamPolicyOutput) PolicyData() pulumi.StringOutput
- func (o WebIamPolicyOutput) Project() pulumi.StringOutput
- func (o WebIamPolicyOutput) ToWebIamPolicyOutput() WebIamPolicyOutput
- func (o WebIamPolicyOutput) ToWebIamPolicyOutputWithContext(ctx context.Context) WebIamPolicyOutput
- type WebIamPolicyState
- type WebTypeAppEngingIamBinding
- func (*WebTypeAppEngingIamBinding) ElementType() reflect.Type
- func (i *WebTypeAppEngingIamBinding) ToWebTypeAppEngingIamBindingOutput() WebTypeAppEngingIamBindingOutput
- func (i *WebTypeAppEngingIamBinding) ToWebTypeAppEngingIamBindingOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingOutput
- type WebTypeAppEngingIamBindingArgs
- type WebTypeAppEngingIamBindingArray
- func (WebTypeAppEngingIamBindingArray) ElementType() reflect.Type
- func (i WebTypeAppEngingIamBindingArray) ToWebTypeAppEngingIamBindingArrayOutput() WebTypeAppEngingIamBindingArrayOutput
- func (i WebTypeAppEngingIamBindingArray) ToWebTypeAppEngingIamBindingArrayOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingArrayOutput
- type WebTypeAppEngingIamBindingArrayInput
- type WebTypeAppEngingIamBindingArrayOutput
- func (WebTypeAppEngingIamBindingArrayOutput) ElementType() reflect.Type
- func (o WebTypeAppEngingIamBindingArrayOutput) Index(i pulumi.IntInput) WebTypeAppEngingIamBindingOutput
- func (o WebTypeAppEngingIamBindingArrayOutput) ToWebTypeAppEngingIamBindingArrayOutput() WebTypeAppEngingIamBindingArrayOutput
- func (o WebTypeAppEngingIamBindingArrayOutput) ToWebTypeAppEngingIamBindingArrayOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingArrayOutput
- type WebTypeAppEngingIamBindingCondition
- type WebTypeAppEngingIamBindingConditionArgs
- func (WebTypeAppEngingIamBindingConditionArgs) ElementType() reflect.Type
- func (i WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionOutput() WebTypeAppEngingIamBindingConditionOutput
- func (i WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionOutput
- func (i WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionPtrOutput() WebTypeAppEngingIamBindingConditionPtrOutput
- func (i WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionPtrOutput
- type WebTypeAppEngingIamBindingConditionInput
- type WebTypeAppEngingIamBindingConditionOutput
- func (o WebTypeAppEngingIamBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (WebTypeAppEngingIamBindingConditionOutput) ElementType() reflect.Type
- func (o WebTypeAppEngingIamBindingConditionOutput) Expression() pulumi.StringOutput
- func (o WebTypeAppEngingIamBindingConditionOutput) Title() pulumi.StringOutput
- func (o WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionOutput() WebTypeAppEngingIamBindingConditionOutput
- func (o WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionOutput
- func (o WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionPtrOutput() WebTypeAppEngingIamBindingConditionPtrOutput
- func (o WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionPtrOutput
- type WebTypeAppEngingIamBindingConditionPtrInput
- type WebTypeAppEngingIamBindingConditionPtrOutput
- func (o WebTypeAppEngingIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o WebTypeAppEngingIamBindingConditionPtrOutput) Elem() WebTypeAppEngingIamBindingConditionOutput
- func (WebTypeAppEngingIamBindingConditionPtrOutput) ElementType() reflect.Type
- func (o WebTypeAppEngingIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o WebTypeAppEngingIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o WebTypeAppEngingIamBindingConditionPtrOutput) ToWebTypeAppEngingIamBindingConditionPtrOutput() WebTypeAppEngingIamBindingConditionPtrOutput
- func (o WebTypeAppEngingIamBindingConditionPtrOutput) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionPtrOutput
- type WebTypeAppEngingIamBindingInput
- type WebTypeAppEngingIamBindingMap
- func (WebTypeAppEngingIamBindingMap) ElementType() reflect.Type
- func (i WebTypeAppEngingIamBindingMap) ToWebTypeAppEngingIamBindingMapOutput() WebTypeAppEngingIamBindingMapOutput
- func (i WebTypeAppEngingIamBindingMap) ToWebTypeAppEngingIamBindingMapOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingMapOutput
- type WebTypeAppEngingIamBindingMapInput
- type WebTypeAppEngingIamBindingMapOutput
- func (WebTypeAppEngingIamBindingMapOutput) ElementType() reflect.Type
- func (o WebTypeAppEngingIamBindingMapOutput) MapIndex(k pulumi.StringInput) WebTypeAppEngingIamBindingOutput
- func (o WebTypeAppEngingIamBindingMapOutput) ToWebTypeAppEngingIamBindingMapOutput() WebTypeAppEngingIamBindingMapOutput
- func (o WebTypeAppEngingIamBindingMapOutput) ToWebTypeAppEngingIamBindingMapOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingMapOutput
- type WebTypeAppEngingIamBindingOutput
- func (o WebTypeAppEngingIamBindingOutput) AppId() pulumi.StringOutput
- func (o WebTypeAppEngingIamBindingOutput) Condition() WebTypeAppEngingIamBindingConditionPtrOutput
- func (WebTypeAppEngingIamBindingOutput) ElementType() reflect.Type
- func (o WebTypeAppEngingIamBindingOutput) Etag() pulumi.StringOutput
- func (o WebTypeAppEngingIamBindingOutput) Members() pulumi.StringArrayOutput
- func (o WebTypeAppEngingIamBindingOutput) Project() pulumi.StringOutput
- func (o WebTypeAppEngingIamBindingOutput) Role() pulumi.StringOutput
- func (o WebTypeAppEngingIamBindingOutput) ToWebTypeAppEngingIamBindingOutput() WebTypeAppEngingIamBindingOutput
- func (o WebTypeAppEngingIamBindingOutput) ToWebTypeAppEngingIamBindingOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingOutput
- type WebTypeAppEngingIamBindingState
- type WebTypeAppEngingIamMember
- type WebTypeAppEngingIamMemberArgs
- type WebTypeAppEngingIamMemberArray
- func (WebTypeAppEngingIamMemberArray) ElementType() reflect.Type
- func (i WebTypeAppEngingIamMemberArray) ToWebTypeAppEngingIamMemberArrayOutput() WebTypeAppEngingIamMemberArrayOutput
- func (i WebTypeAppEngingIamMemberArray) ToWebTypeAppEngingIamMemberArrayOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberArrayOutput
- type WebTypeAppEngingIamMemberArrayInput
- type WebTypeAppEngingIamMemberArrayOutput
- func (WebTypeAppEngingIamMemberArrayOutput) ElementType() reflect.Type
- func (o WebTypeAppEngingIamMemberArrayOutput) Index(i pulumi.IntInput) WebTypeAppEngingIamMemberOutput
- func (o WebTypeAppEngingIamMemberArrayOutput) ToWebTypeAppEngingIamMemberArrayOutput() WebTypeAppEngingIamMemberArrayOutput
- func (o WebTypeAppEngingIamMemberArrayOutput) ToWebTypeAppEngingIamMemberArrayOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberArrayOutput
- type WebTypeAppEngingIamMemberCondition
- type WebTypeAppEngingIamMemberConditionArgs
- func (WebTypeAppEngingIamMemberConditionArgs) ElementType() reflect.Type
- func (i WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionOutput() WebTypeAppEngingIamMemberConditionOutput
- func (i WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionOutput
- func (i WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionPtrOutput() WebTypeAppEngingIamMemberConditionPtrOutput
- func (i WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionPtrOutput
- type WebTypeAppEngingIamMemberConditionInput
- type WebTypeAppEngingIamMemberConditionOutput
- func (o WebTypeAppEngingIamMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (WebTypeAppEngingIamMemberConditionOutput) ElementType() reflect.Type
- func (o WebTypeAppEngingIamMemberConditionOutput) Expression() pulumi.StringOutput
- func (o WebTypeAppEngingIamMemberConditionOutput) Title() pulumi.StringOutput
- func (o WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionOutput() WebTypeAppEngingIamMemberConditionOutput
- func (o WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionOutput
- func (o WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionPtrOutput() WebTypeAppEngingIamMemberConditionPtrOutput
- func (o WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionPtrOutput
- type WebTypeAppEngingIamMemberConditionPtrInput
- type WebTypeAppEngingIamMemberConditionPtrOutput
- func (o WebTypeAppEngingIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o WebTypeAppEngingIamMemberConditionPtrOutput) Elem() WebTypeAppEngingIamMemberConditionOutput
- func (WebTypeAppEngingIamMemberConditionPtrOutput) ElementType() reflect.Type
- func (o WebTypeAppEngingIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o WebTypeAppEngingIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o WebTypeAppEngingIamMemberConditionPtrOutput) ToWebTypeAppEngingIamMemberConditionPtrOutput() WebTypeAppEngingIamMemberConditionPtrOutput
- func (o WebTypeAppEngingIamMemberConditionPtrOutput) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionPtrOutput
- type WebTypeAppEngingIamMemberInput
- type WebTypeAppEngingIamMemberMap
- func (WebTypeAppEngingIamMemberMap) ElementType() reflect.Type
- func (i WebTypeAppEngingIamMemberMap) ToWebTypeAppEngingIamMemberMapOutput() WebTypeAppEngingIamMemberMapOutput
- func (i WebTypeAppEngingIamMemberMap) ToWebTypeAppEngingIamMemberMapOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberMapOutput
- type WebTypeAppEngingIamMemberMapInput
- type WebTypeAppEngingIamMemberMapOutput
- func (WebTypeAppEngingIamMemberMapOutput) ElementType() reflect.Type
- func (o WebTypeAppEngingIamMemberMapOutput) MapIndex(k pulumi.StringInput) WebTypeAppEngingIamMemberOutput
- func (o WebTypeAppEngingIamMemberMapOutput) ToWebTypeAppEngingIamMemberMapOutput() WebTypeAppEngingIamMemberMapOutput
- func (o WebTypeAppEngingIamMemberMapOutput) ToWebTypeAppEngingIamMemberMapOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberMapOutput
- type WebTypeAppEngingIamMemberOutput
- func (o WebTypeAppEngingIamMemberOutput) AppId() pulumi.StringOutput
- func (o WebTypeAppEngingIamMemberOutput) Condition() WebTypeAppEngingIamMemberConditionPtrOutput
- func (WebTypeAppEngingIamMemberOutput) ElementType() reflect.Type
- func (o WebTypeAppEngingIamMemberOutput) Etag() pulumi.StringOutput
- func (o WebTypeAppEngingIamMemberOutput) Member() pulumi.StringOutput
- func (o WebTypeAppEngingIamMemberOutput) Project() pulumi.StringOutput
- func (o WebTypeAppEngingIamMemberOutput) Role() pulumi.StringOutput
- func (o WebTypeAppEngingIamMemberOutput) ToWebTypeAppEngingIamMemberOutput() WebTypeAppEngingIamMemberOutput
- func (o WebTypeAppEngingIamMemberOutput) ToWebTypeAppEngingIamMemberOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberOutput
- type WebTypeAppEngingIamMemberState
- type WebTypeAppEngingIamPolicy
- type WebTypeAppEngingIamPolicyArgs
- type WebTypeAppEngingIamPolicyArray
- func (WebTypeAppEngingIamPolicyArray) ElementType() reflect.Type
- func (i WebTypeAppEngingIamPolicyArray) ToWebTypeAppEngingIamPolicyArrayOutput() WebTypeAppEngingIamPolicyArrayOutput
- func (i WebTypeAppEngingIamPolicyArray) ToWebTypeAppEngingIamPolicyArrayOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyArrayOutput
- type WebTypeAppEngingIamPolicyArrayInput
- type WebTypeAppEngingIamPolicyArrayOutput
- func (WebTypeAppEngingIamPolicyArrayOutput) ElementType() reflect.Type
- func (o WebTypeAppEngingIamPolicyArrayOutput) Index(i pulumi.IntInput) WebTypeAppEngingIamPolicyOutput
- func (o WebTypeAppEngingIamPolicyArrayOutput) ToWebTypeAppEngingIamPolicyArrayOutput() WebTypeAppEngingIamPolicyArrayOutput
- func (o WebTypeAppEngingIamPolicyArrayOutput) ToWebTypeAppEngingIamPolicyArrayOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyArrayOutput
- type WebTypeAppEngingIamPolicyInput
- type WebTypeAppEngingIamPolicyMap
- func (WebTypeAppEngingIamPolicyMap) ElementType() reflect.Type
- func (i WebTypeAppEngingIamPolicyMap) ToWebTypeAppEngingIamPolicyMapOutput() WebTypeAppEngingIamPolicyMapOutput
- func (i WebTypeAppEngingIamPolicyMap) ToWebTypeAppEngingIamPolicyMapOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyMapOutput
- type WebTypeAppEngingIamPolicyMapInput
- type WebTypeAppEngingIamPolicyMapOutput
- func (WebTypeAppEngingIamPolicyMapOutput) ElementType() reflect.Type
- func (o WebTypeAppEngingIamPolicyMapOutput) MapIndex(k pulumi.StringInput) WebTypeAppEngingIamPolicyOutput
- func (o WebTypeAppEngingIamPolicyMapOutput) ToWebTypeAppEngingIamPolicyMapOutput() WebTypeAppEngingIamPolicyMapOutput
- func (o WebTypeAppEngingIamPolicyMapOutput) ToWebTypeAppEngingIamPolicyMapOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyMapOutput
- type WebTypeAppEngingIamPolicyOutput
- func (o WebTypeAppEngingIamPolicyOutput) AppId() pulumi.StringOutput
- func (WebTypeAppEngingIamPolicyOutput) ElementType() reflect.Type
- func (o WebTypeAppEngingIamPolicyOutput) Etag() pulumi.StringOutput
- func (o WebTypeAppEngingIamPolicyOutput) PolicyData() pulumi.StringOutput
- func (o WebTypeAppEngingIamPolicyOutput) Project() pulumi.StringOutput
- func (o WebTypeAppEngingIamPolicyOutput) ToWebTypeAppEngingIamPolicyOutput() WebTypeAppEngingIamPolicyOutput
- func (o WebTypeAppEngingIamPolicyOutput) ToWebTypeAppEngingIamPolicyOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyOutput
- type WebTypeAppEngingIamPolicyState
- type WebTypeComputeIamBinding
- type WebTypeComputeIamBindingArgs
- type WebTypeComputeIamBindingArray
- func (WebTypeComputeIamBindingArray) ElementType() reflect.Type
- func (i WebTypeComputeIamBindingArray) ToWebTypeComputeIamBindingArrayOutput() WebTypeComputeIamBindingArrayOutput
- func (i WebTypeComputeIamBindingArray) ToWebTypeComputeIamBindingArrayOutputWithContext(ctx context.Context) WebTypeComputeIamBindingArrayOutput
- type WebTypeComputeIamBindingArrayInput
- type WebTypeComputeIamBindingArrayOutput
- func (WebTypeComputeIamBindingArrayOutput) ElementType() reflect.Type
- func (o WebTypeComputeIamBindingArrayOutput) Index(i pulumi.IntInput) WebTypeComputeIamBindingOutput
- func (o WebTypeComputeIamBindingArrayOutput) ToWebTypeComputeIamBindingArrayOutput() WebTypeComputeIamBindingArrayOutput
- func (o WebTypeComputeIamBindingArrayOutput) ToWebTypeComputeIamBindingArrayOutputWithContext(ctx context.Context) WebTypeComputeIamBindingArrayOutput
- type WebTypeComputeIamBindingCondition
- type WebTypeComputeIamBindingConditionArgs
- func (WebTypeComputeIamBindingConditionArgs) ElementType() reflect.Type
- func (i WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionOutput() WebTypeComputeIamBindingConditionOutput
- func (i WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionOutput
- func (i WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionPtrOutput() WebTypeComputeIamBindingConditionPtrOutput
- func (i WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionPtrOutput
- type WebTypeComputeIamBindingConditionInput
- type WebTypeComputeIamBindingConditionOutput
- func (o WebTypeComputeIamBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (WebTypeComputeIamBindingConditionOutput) ElementType() reflect.Type
- func (o WebTypeComputeIamBindingConditionOutput) Expression() pulumi.StringOutput
- func (o WebTypeComputeIamBindingConditionOutput) Title() pulumi.StringOutput
- func (o WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionOutput() WebTypeComputeIamBindingConditionOutput
- func (o WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionOutput
- func (o WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionPtrOutput() WebTypeComputeIamBindingConditionPtrOutput
- func (o WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionPtrOutput
- type WebTypeComputeIamBindingConditionPtrInput
- type WebTypeComputeIamBindingConditionPtrOutput
- func (o WebTypeComputeIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o WebTypeComputeIamBindingConditionPtrOutput) Elem() WebTypeComputeIamBindingConditionOutput
- func (WebTypeComputeIamBindingConditionPtrOutput) ElementType() reflect.Type
- func (o WebTypeComputeIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o WebTypeComputeIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o WebTypeComputeIamBindingConditionPtrOutput) ToWebTypeComputeIamBindingConditionPtrOutput() WebTypeComputeIamBindingConditionPtrOutput
- func (o WebTypeComputeIamBindingConditionPtrOutput) ToWebTypeComputeIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionPtrOutput
- type WebTypeComputeIamBindingInput
- type WebTypeComputeIamBindingMap
- func (WebTypeComputeIamBindingMap) ElementType() reflect.Type
- func (i WebTypeComputeIamBindingMap) ToWebTypeComputeIamBindingMapOutput() WebTypeComputeIamBindingMapOutput
- func (i WebTypeComputeIamBindingMap) ToWebTypeComputeIamBindingMapOutputWithContext(ctx context.Context) WebTypeComputeIamBindingMapOutput
- type WebTypeComputeIamBindingMapInput
- type WebTypeComputeIamBindingMapOutput
- func (WebTypeComputeIamBindingMapOutput) ElementType() reflect.Type
- func (o WebTypeComputeIamBindingMapOutput) MapIndex(k pulumi.StringInput) WebTypeComputeIamBindingOutput
- func (o WebTypeComputeIamBindingMapOutput) ToWebTypeComputeIamBindingMapOutput() WebTypeComputeIamBindingMapOutput
- func (o WebTypeComputeIamBindingMapOutput) ToWebTypeComputeIamBindingMapOutputWithContext(ctx context.Context) WebTypeComputeIamBindingMapOutput
- type WebTypeComputeIamBindingOutput
- func (o WebTypeComputeIamBindingOutput) Condition() WebTypeComputeIamBindingConditionPtrOutput
- func (WebTypeComputeIamBindingOutput) ElementType() reflect.Type
- func (o WebTypeComputeIamBindingOutput) Etag() pulumi.StringOutput
- func (o WebTypeComputeIamBindingOutput) Members() pulumi.StringArrayOutput
- func (o WebTypeComputeIamBindingOutput) Project() pulumi.StringOutput
- func (o WebTypeComputeIamBindingOutput) Role() pulumi.StringOutput
- func (o WebTypeComputeIamBindingOutput) ToWebTypeComputeIamBindingOutput() WebTypeComputeIamBindingOutput
- func (o WebTypeComputeIamBindingOutput) ToWebTypeComputeIamBindingOutputWithContext(ctx context.Context) WebTypeComputeIamBindingOutput
- type WebTypeComputeIamBindingState
- type WebTypeComputeIamMember
- type WebTypeComputeIamMemberArgs
- type WebTypeComputeIamMemberArray
- func (WebTypeComputeIamMemberArray) ElementType() reflect.Type
- func (i WebTypeComputeIamMemberArray) ToWebTypeComputeIamMemberArrayOutput() WebTypeComputeIamMemberArrayOutput
- func (i WebTypeComputeIamMemberArray) ToWebTypeComputeIamMemberArrayOutputWithContext(ctx context.Context) WebTypeComputeIamMemberArrayOutput
- type WebTypeComputeIamMemberArrayInput
- type WebTypeComputeIamMemberArrayOutput
- func (WebTypeComputeIamMemberArrayOutput) ElementType() reflect.Type
- func (o WebTypeComputeIamMemberArrayOutput) Index(i pulumi.IntInput) WebTypeComputeIamMemberOutput
- func (o WebTypeComputeIamMemberArrayOutput) ToWebTypeComputeIamMemberArrayOutput() WebTypeComputeIamMemberArrayOutput
- func (o WebTypeComputeIamMemberArrayOutput) ToWebTypeComputeIamMemberArrayOutputWithContext(ctx context.Context) WebTypeComputeIamMemberArrayOutput
- type WebTypeComputeIamMemberCondition
- type WebTypeComputeIamMemberConditionArgs
- func (WebTypeComputeIamMemberConditionArgs) ElementType() reflect.Type
- func (i WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionOutput() WebTypeComputeIamMemberConditionOutput
- func (i WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionOutput
- func (i WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionPtrOutput() WebTypeComputeIamMemberConditionPtrOutput
- func (i WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionPtrOutput
- type WebTypeComputeIamMemberConditionInput
- type WebTypeComputeIamMemberConditionOutput
- func (o WebTypeComputeIamMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (WebTypeComputeIamMemberConditionOutput) ElementType() reflect.Type
- func (o WebTypeComputeIamMemberConditionOutput) Expression() pulumi.StringOutput
- func (o WebTypeComputeIamMemberConditionOutput) Title() pulumi.StringOutput
- func (o WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionOutput() WebTypeComputeIamMemberConditionOutput
- func (o WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionOutput
- func (o WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionPtrOutput() WebTypeComputeIamMemberConditionPtrOutput
- func (o WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionPtrOutput
- type WebTypeComputeIamMemberConditionPtrInput
- type WebTypeComputeIamMemberConditionPtrOutput
- func (o WebTypeComputeIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o WebTypeComputeIamMemberConditionPtrOutput) Elem() WebTypeComputeIamMemberConditionOutput
- func (WebTypeComputeIamMemberConditionPtrOutput) ElementType() reflect.Type
- func (o WebTypeComputeIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o WebTypeComputeIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o WebTypeComputeIamMemberConditionPtrOutput) ToWebTypeComputeIamMemberConditionPtrOutput() WebTypeComputeIamMemberConditionPtrOutput
- func (o WebTypeComputeIamMemberConditionPtrOutput) ToWebTypeComputeIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionPtrOutput
- type WebTypeComputeIamMemberInput
- type WebTypeComputeIamMemberMap
- func (WebTypeComputeIamMemberMap) ElementType() reflect.Type
- func (i WebTypeComputeIamMemberMap) ToWebTypeComputeIamMemberMapOutput() WebTypeComputeIamMemberMapOutput
- func (i WebTypeComputeIamMemberMap) ToWebTypeComputeIamMemberMapOutputWithContext(ctx context.Context) WebTypeComputeIamMemberMapOutput
- type WebTypeComputeIamMemberMapInput
- type WebTypeComputeIamMemberMapOutput
- func (WebTypeComputeIamMemberMapOutput) ElementType() reflect.Type
- func (o WebTypeComputeIamMemberMapOutput) MapIndex(k pulumi.StringInput) WebTypeComputeIamMemberOutput
- func (o WebTypeComputeIamMemberMapOutput) ToWebTypeComputeIamMemberMapOutput() WebTypeComputeIamMemberMapOutput
- func (o WebTypeComputeIamMemberMapOutput) ToWebTypeComputeIamMemberMapOutputWithContext(ctx context.Context) WebTypeComputeIamMemberMapOutput
- type WebTypeComputeIamMemberOutput
- func (o WebTypeComputeIamMemberOutput) Condition() WebTypeComputeIamMemberConditionPtrOutput
- func (WebTypeComputeIamMemberOutput) ElementType() reflect.Type
- func (o WebTypeComputeIamMemberOutput) Etag() pulumi.StringOutput
- func (o WebTypeComputeIamMemberOutput) Member() pulumi.StringOutput
- func (o WebTypeComputeIamMemberOutput) Project() pulumi.StringOutput
- func (o WebTypeComputeIamMemberOutput) Role() pulumi.StringOutput
- func (o WebTypeComputeIamMemberOutput) ToWebTypeComputeIamMemberOutput() WebTypeComputeIamMemberOutput
- func (o WebTypeComputeIamMemberOutput) ToWebTypeComputeIamMemberOutputWithContext(ctx context.Context) WebTypeComputeIamMemberOutput
- type WebTypeComputeIamMemberState
- type WebTypeComputeIamPolicy
- type WebTypeComputeIamPolicyArgs
- type WebTypeComputeIamPolicyArray
- func (WebTypeComputeIamPolicyArray) ElementType() reflect.Type
- func (i WebTypeComputeIamPolicyArray) ToWebTypeComputeIamPolicyArrayOutput() WebTypeComputeIamPolicyArrayOutput
- func (i WebTypeComputeIamPolicyArray) ToWebTypeComputeIamPolicyArrayOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyArrayOutput
- type WebTypeComputeIamPolicyArrayInput
- type WebTypeComputeIamPolicyArrayOutput
- func (WebTypeComputeIamPolicyArrayOutput) ElementType() reflect.Type
- func (o WebTypeComputeIamPolicyArrayOutput) Index(i pulumi.IntInput) WebTypeComputeIamPolicyOutput
- func (o WebTypeComputeIamPolicyArrayOutput) ToWebTypeComputeIamPolicyArrayOutput() WebTypeComputeIamPolicyArrayOutput
- func (o WebTypeComputeIamPolicyArrayOutput) ToWebTypeComputeIamPolicyArrayOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyArrayOutput
- type WebTypeComputeIamPolicyInput
- type WebTypeComputeIamPolicyMap
- func (WebTypeComputeIamPolicyMap) ElementType() reflect.Type
- func (i WebTypeComputeIamPolicyMap) ToWebTypeComputeIamPolicyMapOutput() WebTypeComputeIamPolicyMapOutput
- func (i WebTypeComputeIamPolicyMap) ToWebTypeComputeIamPolicyMapOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyMapOutput
- type WebTypeComputeIamPolicyMapInput
- type WebTypeComputeIamPolicyMapOutput
- func (WebTypeComputeIamPolicyMapOutput) ElementType() reflect.Type
- func (o WebTypeComputeIamPolicyMapOutput) MapIndex(k pulumi.StringInput) WebTypeComputeIamPolicyOutput
- func (o WebTypeComputeIamPolicyMapOutput) ToWebTypeComputeIamPolicyMapOutput() WebTypeComputeIamPolicyMapOutput
- func (o WebTypeComputeIamPolicyMapOutput) ToWebTypeComputeIamPolicyMapOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyMapOutput
- type WebTypeComputeIamPolicyOutput
- func (WebTypeComputeIamPolicyOutput) ElementType() reflect.Type
- func (o WebTypeComputeIamPolicyOutput) Etag() pulumi.StringOutput
- func (o WebTypeComputeIamPolicyOutput) PolicyData() pulumi.StringOutput
- func (o WebTypeComputeIamPolicyOutput) Project() pulumi.StringOutput
- func (o WebTypeComputeIamPolicyOutput) ToWebTypeComputeIamPolicyOutput() WebTypeComputeIamPolicyOutput
- func (o WebTypeComputeIamPolicyOutput) ToWebTypeComputeIamPolicyOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyOutput
- type WebTypeComputeIamPolicyState
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AppEngineServiceIamBinding ¶
type AppEngineServiceIamBinding struct { pulumi.CustomResourceState // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringOutput `pulumi:"appId"` // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition AppEngineServiceIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` Members pulumi.StringArrayOutput `pulumi:"members"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringOutput `pulumi:"service"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:
* `iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached. * `iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved. * `iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice
> **Note:** `iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `iap.AppEngineServiceIamBinding` and `iap.AppEngineServiceIamMember` or they will fight over what your policy should be.
> **Note:** `iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_app\_engine\_service\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{ Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{ Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_app\_engine\_service\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Condition: &iap.AppEngineServiceIamBindingConditionArgs{ Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), Title: pulumi.String("expires_after_2019_12_31"), }, Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_app\_engine\_service\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Member: pulumi.String("user:jane@example.com"), Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Condition: &iap.AppEngineServiceIamMemberConditionArgs{ Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), Title: pulumi.String("expires_after_2019_12_31"), }, Member: pulumi.String("user:jane@example.com"), Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} * {{project}}/{{appId}}/{{service}} * {{appId}}/{{service}} * {{service}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetAppEngineServiceIamBinding ¶
func GetAppEngineServiceIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AppEngineServiceIamBindingState, opts ...pulumi.ResourceOption) (*AppEngineServiceIamBinding, error)
GetAppEngineServiceIamBinding gets an existing AppEngineServiceIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAppEngineServiceIamBinding ¶
func NewAppEngineServiceIamBinding(ctx *pulumi.Context, name string, args *AppEngineServiceIamBindingArgs, opts ...pulumi.ResourceOption) (*AppEngineServiceIamBinding, error)
NewAppEngineServiceIamBinding registers a new resource with the given unique name, arguments, and options.
func (*AppEngineServiceIamBinding) ElementType ¶
func (*AppEngineServiceIamBinding) ElementType() reflect.Type
func (*AppEngineServiceIamBinding) ToAppEngineServiceIamBindingOutput ¶
func (i *AppEngineServiceIamBinding) ToAppEngineServiceIamBindingOutput() AppEngineServiceIamBindingOutput
func (*AppEngineServiceIamBinding) ToAppEngineServiceIamBindingOutputWithContext ¶
func (i *AppEngineServiceIamBinding) ToAppEngineServiceIamBindingOutputWithContext(ctx context.Context) AppEngineServiceIamBindingOutput
type AppEngineServiceIamBindingArgs ¶
type AppEngineServiceIamBindingArgs struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringInput // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition AppEngineServiceIamBindingConditionPtrInput Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringInput }
The set of arguments for constructing a AppEngineServiceIamBinding resource.
func (AppEngineServiceIamBindingArgs) ElementType ¶
func (AppEngineServiceIamBindingArgs) ElementType() reflect.Type
type AppEngineServiceIamBindingArray ¶
type AppEngineServiceIamBindingArray []AppEngineServiceIamBindingInput
func (AppEngineServiceIamBindingArray) ElementType ¶
func (AppEngineServiceIamBindingArray) ElementType() reflect.Type
func (AppEngineServiceIamBindingArray) ToAppEngineServiceIamBindingArrayOutput ¶
func (i AppEngineServiceIamBindingArray) ToAppEngineServiceIamBindingArrayOutput() AppEngineServiceIamBindingArrayOutput
func (AppEngineServiceIamBindingArray) ToAppEngineServiceIamBindingArrayOutputWithContext ¶
func (i AppEngineServiceIamBindingArray) ToAppEngineServiceIamBindingArrayOutputWithContext(ctx context.Context) AppEngineServiceIamBindingArrayOutput
type AppEngineServiceIamBindingArrayInput ¶
type AppEngineServiceIamBindingArrayInput interface { pulumi.Input ToAppEngineServiceIamBindingArrayOutput() AppEngineServiceIamBindingArrayOutput ToAppEngineServiceIamBindingArrayOutputWithContext(context.Context) AppEngineServiceIamBindingArrayOutput }
AppEngineServiceIamBindingArrayInput is an input type that accepts AppEngineServiceIamBindingArray and AppEngineServiceIamBindingArrayOutput values. You can construct a concrete instance of `AppEngineServiceIamBindingArrayInput` via:
AppEngineServiceIamBindingArray{ AppEngineServiceIamBindingArgs{...} }
type AppEngineServiceIamBindingArrayOutput ¶
type AppEngineServiceIamBindingArrayOutput struct{ *pulumi.OutputState }
func (AppEngineServiceIamBindingArrayOutput) ElementType ¶
func (AppEngineServiceIamBindingArrayOutput) ElementType() reflect.Type
func (AppEngineServiceIamBindingArrayOutput) Index ¶
func (o AppEngineServiceIamBindingArrayOutput) Index(i pulumi.IntInput) AppEngineServiceIamBindingOutput
func (AppEngineServiceIamBindingArrayOutput) ToAppEngineServiceIamBindingArrayOutput ¶
func (o AppEngineServiceIamBindingArrayOutput) ToAppEngineServiceIamBindingArrayOutput() AppEngineServiceIamBindingArrayOutput
func (AppEngineServiceIamBindingArrayOutput) ToAppEngineServiceIamBindingArrayOutputWithContext ¶
func (o AppEngineServiceIamBindingArrayOutput) ToAppEngineServiceIamBindingArrayOutputWithContext(ctx context.Context) AppEngineServiceIamBindingArrayOutput
type AppEngineServiceIamBindingCondition ¶
type AppEngineServiceIamBindingCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type AppEngineServiceIamBindingConditionArgs ¶
type AppEngineServiceIamBindingConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (AppEngineServiceIamBindingConditionArgs) ElementType ¶
func (AppEngineServiceIamBindingConditionArgs) ElementType() reflect.Type
func (AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionOutput ¶
func (i AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionOutput() AppEngineServiceIamBindingConditionOutput
func (AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionOutputWithContext ¶
func (i AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionOutput
func (AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionPtrOutput ¶
func (i AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionPtrOutput() AppEngineServiceIamBindingConditionPtrOutput
func (AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionPtrOutputWithContext ¶
func (i AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionPtrOutput
type AppEngineServiceIamBindingConditionInput ¶
type AppEngineServiceIamBindingConditionInput interface { pulumi.Input ToAppEngineServiceIamBindingConditionOutput() AppEngineServiceIamBindingConditionOutput ToAppEngineServiceIamBindingConditionOutputWithContext(context.Context) AppEngineServiceIamBindingConditionOutput }
AppEngineServiceIamBindingConditionInput is an input type that accepts AppEngineServiceIamBindingConditionArgs and AppEngineServiceIamBindingConditionOutput values. You can construct a concrete instance of `AppEngineServiceIamBindingConditionInput` via:
AppEngineServiceIamBindingConditionArgs{...}
type AppEngineServiceIamBindingConditionOutput ¶
type AppEngineServiceIamBindingConditionOutput struct{ *pulumi.OutputState }
func (AppEngineServiceIamBindingConditionOutput) Description ¶
func (o AppEngineServiceIamBindingConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (AppEngineServiceIamBindingConditionOutput) ElementType ¶
func (AppEngineServiceIamBindingConditionOutput) ElementType() reflect.Type
func (AppEngineServiceIamBindingConditionOutput) Expression ¶
func (o AppEngineServiceIamBindingConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (AppEngineServiceIamBindingConditionOutput) Title ¶
func (o AppEngineServiceIamBindingConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionOutput ¶
func (o AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionOutput() AppEngineServiceIamBindingConditionOutput
func (AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionOutputWithContext ¶
func (o AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionOutput
func (AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionPtrOutput ¶
func (o AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionPtrOutput() AppEngineServiceIamBindingConditionPtrOutput
func (AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionPtrOutputWithContext ¶
func (o AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionPtrOutput
type AppEngineServiceIamBindingConditionPtrInput ¶
type AppEngineServiceIamBindingConditionPtrInput interface { pulumi.Input ToAppEngineServiceIamBindingConditionPtrOutput() AppEngineServiceIamBindingConditionPtrOutput ToAppEngineServiceIamBindingConditionPtrOutputWithContext(context.Context) AppEngineServiceIamBindingConditionPtrOutput }
AppEngineServiceIamBindingConditionPtrInput is an input type that accepts AppEngineServiceIamBindingConditionArgs, AppEngineServiceIamBindingConditionPtr and AppEngineServiceIamBindingConditionPtrOutput values. You can construct a concrete instance of `AppEngineServiceIamBindingConditionPtrInput` via:
AppEngineServiceIamBindingConditionArgs{...} or: nil
func AppEngineServiceIamBindingConditionPtr ¶
func AppEngineServiceIamBindingConditionPtr(v *AppEngineServiceIamBindingConditionArgs) AppEngineServiceIamBindingConditionPtrInput
type AppEngineServiceIamBindingConditionPtrOutput ¶
type AppEngineServiceIamBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (AppEngineServiceIamBindingConditionPtrOutput) Description ¶
func (o AppEngineServiceIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (AppEngineServiceIamBindingConditionPtrOutput) ElementType ¶
func (AppEngineServiceIamBindingConditionPtrOutput) ElementType() reflect.Type
func (AppEngineServiceIamBindingConditionPtrOutput) Expression ¶
func (o AppEngineServiceIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (AppEngineServiceIamBindingConditionPtrOutput) Title ¶
func (o AppEngineServiceIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (AppEngineServiceIamBindingConditionPtrOutput) ToAppEngineServiceIamBindingConditionPtrOutput ¶
func (o AppEngineServiceIamBindingConditionPtrOutput) ToAppEngineServiceIamBindingConditionPtrOutput() AppEngineServiceIamBindingConditionPtrOutput
func (AppEngineServiceIamBindingConditionPtrOutput) ToAppEngineServiceIamBindingConditionPtrOutputWithContext ¶
func (o AppEngineServiceIamBindingConditionPtrOutput) ToAppEngineServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionPtrOutput
type AppEngineServiceIamBindingInput ¶
type AppEngineServiceIamBindingInput interface { pulumi.Input ToAppEngineServiceIamBindingOutput() AppEngineServiceIamBindingOutput ToAppEngineServiceIamBindingOutputWithContext(ctx context.Context) AppEngineServiceIamBindingOutput }
type AppEngineServiceIamBindingMap ¶
type AppEngineServiceIamBindingMap map[string]AppEngineServiceIamBindingInput
func (AppEngineServiceIamBindingMap) ElementType ¶
func (AppEngineServiceIamBindingMap) ElementType() reflect.Type
func (AppEngineServiceIamBindingMap) ToAppEngineServiceIamBindingMapOutput ¶
func (i AppEngineServiceIamBindingMap) ToAppEngineServiceIamBindingMapOutput() AppEngineServiceIamBindingMapOutput
func (AppEngineServiceIamBindingMap) ToAppEngineServiceIamBindingMapOutputWithContext ¶
func (i AppEngineServiceIamBindingMap) ToAppEngineServiceIamBindingMapOutputWithContext(ctx context.Context) AppEngineServiceIamBindingMapOutput
type AppEngineServiceIamBindingMapInput ¶
type AppEngineServiceIamBindingMapInput interface { pulumi.Input ToAppEngineServiceIamBindingMapOutput() AppEngineServiceIamBindingMapOutput ToAppEngineServiceIamBindingMapOutputWithContext(context.Context) AppEngineServiceIamBindingMapOutput }
AppEngineServiceIamBindingMapInput is an input type that accepts AppEngineServiceIamBindingMap and AppEngineServiceIamBindingMapOutput values. You can construct a concrete instance of `AppEngineServiceIamBindingMapInput` via:
AppEngineServiceIamBindingMap{ "key": AppEngineServiceIamBindingArgs{...} }
type AppEngineServiceIamBindingMapOutput ¶
type AppEngineServiceIamBindingMapOutput struct{ *pulumi.OutputState }
func (AppEngineServiceIamBindingMapOutput) ElementType ¶
func (AppEngineServiceIamBindingMapOutput) ElementType() reflect.Type
func (AppEngineServiceIamBindingMapOutput) MapIndex ¶
func (o AppEngineServiceIamBindingMapOutput) MapIndex(k pulumi.StringInput) AppEngineServiceIamBindingOutput
func (AppEngineServiceIamBindingMapOutput) ToAppEngineServiceIamBindingMapOutput ¶
func (o AppEngineServiceIamBindingMapOutput) ToAppEngineServiceIamBindingMapOutput() AppEngineServiceIamBindingMapOutput
func (AppEngineServiceIamBindingMapOutput) ToAppEngineServiceIamBindingMapOutputWithContext ¶
func (o AppEngineServiceIamBindingMapOutput) ToAppEngineServiceIamBindingMapOutputWithContext(ctx context.Context) AppEngineServiceIamBindingMapOutput
type AppEngineServiceIamBindingOutput ¶
type AppEngineServiceIamBindingOutput struct{ *pulumi.OutputState }
func (AppEngineServiceIamBindingOutput) AppId ¶ added in v6.23.0
func (o AppEngineServiceIamBindingOutput) AppId() pulumi.StringOutput
Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
func (AppEngineServiceIamBindingOutput) Condition ¶ added in v6.23.0
func (o AppEngineServiceIamBindingOutput) Condition() AppEngineServiceIamBindingConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (AppEngineServiceIamBindingOutput) ElementType ¶
func (AppEngineServiceIamBindingOutput) ElementType() reflect.Type
func (AppEngineServiceIamBindingOutput) Etag ¶ added in v6.23.0
func (o AppEngineServiceIamBindingOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (AppEngineServiceIamBindingOutput) Members ¶ added in v6.23.0
func (o AppEngineServiceIamBindingOutput) Members() pulumi.StringArrayOutput
func (AppEngineServiceIamBindingOutput) Project ¶ added in v6.23.0
func (o AppEngineServiceIamBindingOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (AppEngineServiceIamBindingOutput) Role ¶ added in v6.23.0
func (o AppEngineServiceIamBindingOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (AppEngineServiceIamBindingOutput) Service ¶ added in v6.23.0
func (o AppEngineServiceIamBindingOutput) Service() pulumi.StringOutput
Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
func (AppEngineServiceIamBindingOutput) ToAppEngineServiceIamBindingOutput ¶
func (o AppEngineServiceIamBindingOutput) ToAppEngineServiceIamBindingOutput() AppEngineServiceIamBindingOutput
func (AppEngineServiceIamBindingOutput) ToAppEngineServiceIamBindingOutputWithContext ¶
func (o AppEngineServiceIamBindingOutput) ToAppEngineServiceIamBindingOutputWithContext(ctx context.Context) AppEngineServiceIamBindingOutput
type AppEngineServiceIamBindingState ¶
type AppEngineServiceIamBindingState struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringPtrInput // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition AppEngineServiceIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringPtrInput }
func (AppEngineServiceIamBindingState) ElementType ¶
func (AppEngineServiceIamBindingState) ElementType() reflect.Type
type AppEngineServiceIamMember ¶
type AppEngineServiceIamMember struct { pulumi.CustomResourceState // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringOutput `pulumi:"appId"` // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition AppEngineServiceIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` Member pulumi.StringOutput `pulumi:"member"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringOutput `pulumi:"service"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:
* `iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached. * `iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved. * `iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice
> **Note:** `iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `iap.AppEngineServiceIamBinding` and `iap.AppEngineServiceIamMember` or they will fight over what your policy should be.
> **Note:** `iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_app\_engine\_service\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{ Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{ Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_app\_engine\_service\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Condition: &iap.AppEngineServiceIamBindingConditionArgs{ Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), Title: pulumi.String("expires_after_2019_12_31"), }, Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_app\_engine\_service\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Member: pulumi.String("user:jane@example.com"), Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Condition: &iap.AppEngineServiceIamMemberConditionArgs{ Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), Title: pulumi.String("expires_after_2019_12_31"), }, Member: pulumi.String("user:jane@example.com"), Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} * {{project}}/{{appId}}/{{service}} * {{appId}}/{{service}} * {{service}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetAppEngineServiceIamMember ¶
func GetAppEngineServiceIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AppEngineServiceIamMemberState, opts ...pulumi.ResourceOption) (*AppEngineServiceIamMember, error)
GetAppEngineServiceIamMember gets an existing AppEngineServiceIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAppEngineServiceIamMember ¶
func NewAppEngineServiceIamMember(ctx *pulumi.Context, name string, args *AppEngineServiceIamMemberArgs, opts ...pulumi.ResourceOption) (*AppEngineServiceIamMember, error)
NewAppEngineServiceIamMember registers a new resource with the given unique name, arguments, and options.
func (*AppEngineServiceIamMember) ElementType ¶
func (*AppEngineServiceIamMember) ElementType() reflect.Type
func (*AppEngineServiceIamMember) ToAppEngineServiceIamMemberOutput ¶
func (i *AppEngineServiceIamMember) ToAppEngineServiceIamMemberOutput() AppEngineServiceIamMemberOutput
func (*AppEngineServiceIamMember) ToAppEngineServiceIamMemberOutputWithContext ¶
func (i *AppEngineServiceIamMember) ToAppEngineServiceIamMemberOutputWithContext(ctx context.Context) AppEngineServiceIamMemberOutput
type AppEngineServiceIamMemberArgs ¶
type AppEngineServiceIamMemberArgs struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringInput // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition AppEngineServiceIamMemberConditionPtrInput Member pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringInput }
The set of arguments for constructing a AppEngineServiceIamMember resource.
func (AppEngineServiceIamMemberArgs) ElementType ¶
func (AppEngineServiceIamMemberArgs) ElementType() reflect.Type
type AppEngineServiceIamMemberArray ¶
type AppEngineServiceIamMemberArray []AppEngineServiceIamMemberInput
func (AppEngineServiceIamMemberArray) ElementType ¶
func (AppEngineServiceIamMemberArray) ElementType() reflect.Type
func (AppEngineServiceIamMemberArray) ToAppEngineServiceIamMemberArrayOutput ¶
func (i AppEngineServiceIamMemberArray) ToAppEngineServiceIamMemberArrayOutput() AppEngineServiceIamMemberArrayOutput
func (AppEngineServiceIamMemberArray) ToAppEngineServiceIamMemberArrayOutputWithContext ¶
func (i AppEngineServiceIamMemberArray) ToAppEngineServiceIamMemberArrayOutputWithContext(ctx context.Context) AppEngineServiceIamMemberArrayOutput
type AppEngineServiceIamMemberArrayInput ¶
type AppEngineServiceIamMemberArrayInput interface { pulumi.Input ToAppEngineServiceIamMemberArrayOutput() AppEngineServiceIamMemberArrayOutput ToAppEngineServiceIamMemberArrayOutputWithContext(context.Context) AppEngineServiceIamMemberArrayOutput }
AppEngineServiceIamMemberArrayInput is an input type that accepts AppEngineServiceIamMemberArray and AppEngineServiceIamMemberArrayOutput values. You can construct a concrete instance of `AppEngineServiceIamMemberArrayInput` via:
AppEngineServiceIamMemberArray{ AppEngineServiceIamMemberArgs{...} }
type AppEngineServiceIamMemberArrayOutput ¶
type AppEngineServiceIamMemberArrayOutput struct{ *pulumi.OutputState }
func (AppEngineServiceIamMemberArrayOutput) ElementType ¶
func (AppEngineServiceIamMemberArrayOutput) ElementType() reflect.Type
func (AppEngineServiceIamMemberArrayOutput) Index ¶
func (o AppEngineServiceIamMemberArrayOutput) Index(i pulumi.IntInput) AppEngineServiceIamMemberOutput
func (AppEngineServiceIamMemberArrayOutput) ToAppEngineServiceIamMemberArrayOutput ¶
func (o AppEngineServiceIamMemberArrayOutput) ToAppEngineServiceIamMemberArrayOutput() AppEngineServiceIamMemberArrayOutput
func (AppEngineServiceIamMemberArrayOutput) ToAppEngineServiceIamMemberArrayOutputWithContext ¶
func (o AppEngineServiceIamMemberArrayOutput) ToAppEngineServiceIamMemberArrayOutputWithContext(ctx context.Context) AppEngineServiceIamMemberArrayOutput
type AppEngineServiceIamMemberCondition ¶
type AppEngineServiceIamMemberCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type AppEngineServiceIamMemberConditionArgs ¶
type AppEngineServiceIamMemberConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (AppEngineServiceIamMemberConditionArgs) ElementType ¶
func (AppEngineServiceIamMemberConditionArgs) ElementType() reflect.Type
func (AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionOutput ¶
func (i AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionOutput() AppEngineServiceIamMemberConditionOutput
func (AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionOutputWithContext ¶
func (i AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionOutput
func (AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionPtrOutput ¶
func (i AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionPtrOutput() AppEngineServiceIamMemberConditionPtrOutput
func (AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionPtrOutputWithContext ¶
func (i AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionPtrOutput
type AppEngineServiceIamMemberConditionInput ¶
type AppEngineServiceIamMemberConditionInput interface { pulumi.Input ToAppEngineServiceIamMemberConditionOutput() AppEngineServiceIamMemberConditionOutput ToAppEngineServiceIamMemberConditionOutputWithContext(context.Context) AppEngineServiceIamMemberConditionOutput }
AppEngineServiceIamMemberConditionInput is an input type that accepts AppEngineServiceIamMemberConditionArgs and AppEngineServiceIamMemberConditionOutput values. You can construct a concrete instance of `AppEngineServiceIamMemberConditionInput` via:
AppEngineServiceIamMemberConditionArgs{...}
type AppEngineServiceIamMemberConditionOutput ¶
type AppEngineServiceIamMemberConditionOutput struct{ *pulumi.OutputState }
func (AppEngineServiceIamMemberConditionOutput) Description ¶
func (o AppEngineServiceIamMemberConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (AppEngineServiceIamMemberConditionOutput) ElementType ¶
func (AppEngineServiceIamMemberConditionOutput) ElementType() reflect.Type
func (AppEngineServiceIamMemberConditionOutput) Expression ¶
func (o AppEngineServiceIamMemberConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (AppEngineServiceIamMemberConditionOutput) Title ¶
func (o AppEngineServiceIamMemberConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionOutput ¶
func (o AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionOutput() AppEngineServiceIamMemberConditionOutput
func (AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionOutputWithContext ¶
func (o AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionOutput
func (AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionPtrOutput ¶
func (o AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionPtrOutput() AppEngineServiceIamMemberConditionPtrOutput
func (AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionPtrOutputWithContext ¶
func (o AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionPtrOutput
type AppEngineServiceIamMemberConditionPtrInput ¶
type AppEngineServiceIamMemberConditionPtrInput interface { pulumi.Input ToAppEngineServiceIamMemberConditionPtrOutput() AppEngineServiceIamMemberConditionPtrOutput ToAppEngineServiceIamMemberConditionPtrOutputWithContext(context.Context) AppEngineServiceIamMemberConditionPtrOutput }
AppEngineServiceIamMemberConditionPtrInput is an input type that accepts AppEngineServiceIamMemberConditionArgs, AppEngineServiceIamMemberConditionPtr and AppEngineServiceIamMemberConditionPtrOutput values. You can construct a concrete instance of `AppEngineServiceIamMemberConditionPtrInput` via:
AppEngineServiceIamMemberConditionArgs{...} or: nil
func AppEngineServiceIamMemberConditionPtr ¶
func AppEngineServiceIamMemberConditionPtr(v *AppEngineServiceIamMemberConditionArgs) AppEngineServiceIamMemberConditionPtrInput
type AppEngineServiceIamMemberConditionPtrOutput ¶
type AppEngineServiceIamMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (AppEngineServiceIamMemberConditionPtrOutput) Description ¶
func (o AppEngineServiceIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (AppEngineServiceIamMemberConditionPtrOutput) ElementType ¶
func (AppEngineServiceIamMemberConditionPtrOutput) ElementType() reflect.Type
func (AppEngineServiceIamMemberConditionPtrOutput) Expression ¶
func (o AppEngineServiceIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (AppEngineServiceIamMemberConditionPtrOutput) Title ¶
func (o AppEngineServiceIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (AppEngineServiceIamMemberConditionPtrOutput) ToAppEngineServiceIamMemberConditionPtrOutput ¶
func (o AppEngineServiceIamMemberConditionPtrOutput) ToAppEngineServiceIamMemberConditionPtrOutput() AppEngineServiceIamMemberConditionPtrOutput
func (AppEngineServiceIamMemberConditionPtrOutput) ToAppEngineServiceIamMemberConditionPtrOutputWithContext ¶
func (o AppEngineServiceIamMemberConditionPtrOutput) ToAppEngineServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionPtrOutput
type AppEngineServiceIamMemberInput ¶
type AppEngineServiceIamMemberInput interface { pulumi.Input ToAppEngineServiceIamMemberOutput() AppEngineServiceIamMemberOutput ToAppEngineServiceIamMemberOutputWithContext(ctx context.Context) AppEngineServiceIamMemberOutput }
type AppEngineServiceIamMemberMap ¶
type AppEngineServiceIamMemberMap map[string]AppEngineServiceIamMemberInput
func (AppEngineServiceIamMemberMap) ElementType ¶
func (AppEngineServiceIamMemberMap) ElementType() reflect.Type
func (AppEngineServiceIamMemberMap) ToAppEngineServiceIamMemberMapOutput ¶
func (i AppEngineServiceIamMemberMap) ToAppEngineServiceIamMemberMapOutput() AppEngineServiceIamMemberMapOutput
func (AppEngineServiceIamMemberMap) ToAppEngineServiceIamMemberMapOutputWithContext ¶
func (i AppEngineServiceIamMemberMap) ToAppEngineServiceIamMemberMapOutputWithContext(ctx context.Context) AppEngineServiceIamMemberMapOutput
type AppEngineServiceIamMemberMapInput ¶
type AppEngineServiceIamMemberMapInput interface { pulumi.Input ToAppEngineServiceIamMemberMapOutput() AppEngineServiceIamMemberMapOutput ToAppEngineServiceIamMemberMapOutputWithContext(context.Context) AppEngineServiceIamMemberMapOutput }
AppEngineServiceIamMemberMapInput is an input type that accepts AppEngineServiceIamMemberMap and AppEngineServiceIamMemberMapOutput values. You can construct a concrete instance of `AppEngineServiceIamMemberMapInput` via:
AppEngineServiceIamMemberMap{ "key": AppEngineServiceIamMemberArgs{...} }
type AppEngineServiceIamMemberMapOutput ¶
type AppEngineServiceIamMemberMapOutput struct{ *pulumi.OutputState }
func (AppEngineServiceIamMemberMapOutput) ElementType ¶
func (AppEngineServiceIamMemberMapOutput) ElementType() reflect.Type
func (AppEngineServiceIamMemberMapOutput) MapIndex ¶
func (o AppEngineServiceIamMemberMapOutput) MapIndex(k pulumi.StringInput) AppEngineServiceIamMemberOutput
func (AppEngineServiceIamMemberMapOutput) ToAppEngineServiceIamMemberMapOutput ¶
func (o AppEngineServiceIamMemberMapOutput) ToAppEngineServiceIamMemberMapOutput() AppEngineServiceIamMemberMapOutput
func (AppEngineServiceIamMemberMapOutput) ToAppEngineServiceIamMemberMapOutputWithContext ¶
func (o AppEngineServiceIamMemberMapOutput) ToAppEngineServiceIamMemberMapOutputWithContext(ctx context.Context) AppEngineServiceIamMemberMapOutput
type AppEngineServiceIamMemberOutput ¶
type AppEngineServiceIamMemberOutput struct{ *pulumi.OutputState }
func (AppEngineServiceIamMemberOutput) AppId ¶ added in v6.23.0
func (o AppEngineServiceIamMemberOutput) AppId() pulumi.StringOutput
Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
func (AppEngineServiceIamMemberOutput) Condition ¶ added in v6.23.0
func (o AppEngineServiceIamMemberOutput) Condition() AppEngineServiceIamMemberConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (AppEngineServiceIamMemberOutput) ElementType ¶
func (AppEngineServiceIamMemberOutput) ElementType() reflect.Type
func (AppEngineServiceIamMemberOutput) Etag ¶ added in v6.23.0
func (o AppEngineServiceIamMemberOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (AppEngineServiceIamMemberOutput) Member ¶ added in v6.23.0
func (o AppEngineServiceIamMemberOutput) Member() pulumi.StringOutput
func (AppEngineServiceIamMemberOutput) Project ¶ added in v6.23.0
func (o AppEngineServiceIamMemberOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (AppEngineServiceIamMemberOutput) Role ¶ added in v6.23.0
func (o AppEngineServiceIamMemberOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (AppEngineServiceIamMemberOutput) Service ¶ added in v6.23.0
func (o AppEngineServiceIamMemberOutput) Service() pulumi.StringOutput
Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
func (AppEngineServiceIamMemberOutput) ToAppEngineServiceIamMemberOutput ¶
func (o AppEngineServiceIamMemberOutput) ToAppEngineServiceIamMemberOutput() AppEngineServiceIamMemberOutput
func (AppEngineServiceIamMemberOutput) ToAppEngineServiceIamMemberOutputWithContext ¶
func (o AppEngineServiceIamMemberOutput) ToAppEngineServiceIamMemberOutputWithContext(ctx context.Context) AppEngineServiceIamMemberOutput
type AppEngineServiceIamMemberState ¶
type AppEngineServiceIamMemberState struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringPtrInput // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition AppEngineServiceIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput Member pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringPtrInput }
func (AppEngineServiceIamMemberState) ElementType ¶
func (AppEngineServiceIamMemberState) ElementType() reflect.Type
type AppEngineServiceIamPolicy ¶
type AppEngineServiceIamPolicy struct { pulumi.CustomResourceState // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringOutput `pulumi:"appId"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringOutput `pulumi:"service"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:
* `iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached. * `iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved. * `iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice
> **Note:** `iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `iap.AppEngineServiceIamBinding` and `iap.AppEngineServiceIamMember` or they will fight over what your policy should be.
> **Note:** `iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_app\_engine\_service\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{ Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{ Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_app\_engine\_service\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Condition: &iap.AppEngineServiceIamBindingConditionArgs{ Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), Title: pulumi.String("expires_after_2019_12_31"), }, Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_app\_engine\_service\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Member: pulumi.String("user:jane@example.com"), Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Condition: &iap.AppEngineServiceIamMemberConditionArgs{ Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), Title: pulumi.String("expires_after_2019_12_31"), }, Member: pulumi.String("user:jane@example.com"), Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} * {{project}}/{{appId}}/{{service}} * {{appId}}/{{service}} * {{service}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetAppEngineServiceIamPolicy ¶
func GetAppEngineServiceIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AppEngineServiceIamPolicyState, opts ...pulumi.ResourceOption) (*AppEngineServiceIamPolicy, error)
GetAppEngineServiceIamPolicy gets an existing AppEngineServiceIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAppEngineServiceIamPolicy ¶
func NewAppEngineServiceIamPolicy(ctx *pulumi.Context, name string, args *AppEngineServiceIamPolicyArgs, opts ...pulumi.ResourceOption) (*AppEngineServiceIamPolicy, error)
NewAppEngineServiceIamPolicy registers a new resource with the given unique name, arguments, and options.
func (*AppEngineServiceIamPolicy) ElementType ¶
func (*AppEngineServiceIamPolicy) ElementType() reflect.Type
func (*AppEngineServiceIamPolicy) ToAppEngineServiceIamPolicyOutput ¶
func (i *AppEngineServiceIamPolicy) ToAppEngineServiceIamPolicyOutput() AppEngineServiceIamPolicyOutput
func (*AppEngineServiceIamPolicy) ToAppEngineServiceIamPolicyOutputWithContext ¶
func (i *AppEngineServiceIamPolicy) ToAppEngineServiceIamPolicyOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyOutput
type AppEngineServiceIamPolicyArgs ¶
type AppEngineServiceIamPolicyArgs struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringInput }
The set of arguments for constructing a AppEngineServiceIamPolicy resource.
func (AppEngineServiceIamPolicyArgs) ElementType ¶
func (AppEngineServiceIamPolicyArgs) ElementType() reflect.Type
type AppEngineServiceIamPolicyArray ¶
type AppEngineServiceIamPolicyArray []AppEngineServiceIamPolicyInput
func (AppEngineServiceIamPolicyArray) ElementType ¶
func (AppEngineServiceIamPolicyArray) ElementType() reflect.Type
func (AppEngineServiceIamPolicyArray) ToAppEngineServiceIamPolicyArrayOutput ¶
func (i AppEngineServiceIamPolicyArray) ToAppEngineServiceIamPolicyArrayOutput() AppEngineServiceIamPolicyArrayOutput
func (AppEngineServiceIamPolicyArray) ToAppEngineServiceIamPolicyArrayOutputWithContext ¶
func (i AppEngineServiceIamPolicyArray) ToAppEngineServiceIamPolicyArrayOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyArrayOutput
type AppEngineServiceIamPolicyArrayInput ¶
type AppEngineServiceIamPolicyArrayInput interface { pulumi.Input ToAppEngineServiceIamPolicyArrayOutput() AppEngineServiceIamPolicyArrayOutput ToAppEngineServiceIamPolicyArrayOutputWithContext(context.Context) AppEngineServiceIamPolicyArrayOutput }
AppEngineServiceIamPolicyArrayInput is an input type that accepts AppEngineServiceIamPolicyArray and AppEngineServiceIamPolicyArrayOutput values. You can construct a concrete instance of `AppEngineServiceIamPolicyArrayInput` via:
AppEngineServiceIamPolicyArray{ AppEngineServiceIamPolicyArgs{...} }
type AppEngineServiceIamPolicyArrayOutput ¶
type AppEngineServiceIamPolicyArrayOutput struct{ *pulumi.OutputState }
func (AppEngineServiceIamPolicyArrayOutput) ElementType ¶
func (AppEngineServiceIamPolicyArrayOutput) ElementType() reflect.Type
func (AppEngineServiceIamPolicyArrayOutput) Index ¶
func (o AppEngineServiceIamPolicyArrayOutput) Index(i pulumi.IntInput) AppEngineServiceIamPolicyOutput
func (AppEngineServiceIamPolicyArrayOutput) ToAppEngineServiceIamPolicyArrayOutput ¶
func (o AppEngineServiceIamPolicyArrayOutput) ToAppEngineServiceIamPolicyArrayOutput() AppEngineServiceIamPolicyArrayOutput
func (AppEngineServiceIamPolicyArrayOutput) ToAppEngineServiceIamPolicyArrayOutputWithContext ¶
func (o AppEngineServiceIamPolicyArrayOutput) ToAppEngineServiceIamPolicyArrayOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyArrayOutput
type AppEngineServiceIamPolicyInput ¶
type AppEngineServiceIamPolicyInput interface { pulumi.Input ToAppEngineServiceIamPolicyOutput() AppEngineServiceIamPolicyOutput ToAppEngineServiceIamPolicyOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyOutput }
type AppEngineServiceIamPolicyMap ¶
type AppEngineServiceIamPolicyMap map[string]AppEngineServiceIamPolicyInput
func (AppEngineServiceIamPolicyMap) ElementType ¶
func (AppEngineServiceIamPolicyMap) ElementType() reflect.Type
func (AppEngineServiceIamPolicyMap) ToAppEngineServiceIamPolicyMapOutput ¶
func (i AppEngineServiceIamPolicyMap) ToAppEngineServiceIamPolicyMapOutput() AppEngineServiceIamPolicyMapOutput
func (AppEngineServiceIamPolicyMap) ToAppEngineServiceIamPolicyMapOutputWithContext ¶
func (i AppEngineServiceIamPolicyMap) ToAppEngineServiceIamPolicyMapOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyMapOutput
type AppEngineServiceIamPolicyMapInput ¶
type AppEngineServiceIamPolicyMapInput interface { pulumi.Input ToAppEngineServiceIamPolicyMapOutput() AppEngineServiceIamPolicyMapOutput ToAppEngineServiceIamPolicyMapOutputWithContext(context.Context) AppEngineServiceIamPolicyMapOutput }
AppEngineServiceIamPolicyMapInput is an input type that accepts AppEngineServiceIamPolicyMap and AppEngineServiceIamPolicyMapOutput values. You can construct a concrete instance of `AppEngineServiceIamPolicyMapInput` via:
AppEngineServiceIamPolicyMap{ "key": AppEngineServiceIamPolicyArgs{...} }
type AppEngineServiceIamPolicyMapOutput ¶
type AppEngineServiceIamPolicyMapOutput struct{ *pulumi.OutputState }
func (AppEngineServiceIamPolicyMapOutput) ElementType ¶
func (AppEngineServiceIamPolicyMapOutput) ElementType() reflect.Type
func (AppEngineServiceIamPolicyMapOutput) MapIndex ¶
func (o AppEngineServiceIamPolicyMapOutput) MapIndex(k pulumi.StringInput) AppEngineServiceIamPolicyOutput
func (AppEngineServiceIamPolicyMapOutput) ToAppEngineServiceIamPolicyMapOutput ¶
func (o AppEngineServiceIamPolicyMapOutput) ToAppEngineServiceIamPolicyMapOutput() AppEngineServiceIamPolicyMapOutput
func (AppEngineServiceIamPolicyMapOutput) ToAppEngineServiceIamPolicyMapOutputWithContext ¶
func (o AppEngineServiceIamPolicyMapOutput) ToAppEngineServiceIamPolicyMapOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyMapOutput
type AppEngineServiceIamPolicyOutput ¶
type AppEngineServiceIamPolicyOutput struct{ *pulumi.OutputState }
func (AppEngineServiceIamPolicyOutput) AppId ¶ added in v6.23.0
func (o AppEngineServiceIamPolicyOutput) AppId() pulumi.StringOutput
Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
func (AppEngineServiceIamPolicyOutput) ElementType ¶
func (AppEngineServiceIamPolicyOutput) ElementType() reflect.Type
func (AppEngineServiceIamPolicyOutput) Etag ¶ added in v6.23.0
func (o AppEngineServiceIamPolicyOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (AppEngineServiceIamPolicyOutput) PolicyData ¶ added in v6.23.0
func (o AppEngineServiceIamPolicyOutput) PolicyData() pulumi.StringOutput
The policy data generated by a `organizations.getIAMPolicy` data source.
func (AppEngineServiceIamPolicyOutput) Project ¶ added in v6.23.0
func (o AppEngineServiceIamPolicyOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (AppEngineServiceIamPolicyOutput) Service ¶ added in v6.23.0
func (o AppEngineServiceIamPolicyOutput) Service() pulumi.StringOutput
Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
func (AppEngineServiceIamPolicyOutput) ToAppEngineServiceIamPolicyOutput ¶
func (o AppEngineServiceIamPolicyOutput) ToAppEngineServiceIamPolicyOutput() AppEngineServiceIamPolicyOutput
func (AppEngineServiceIamPolicyOutput) ToAppEngineServiceIamPolicyOutputWithContext ¶
func (o AppEngineServiceIamPolicyOutput) ToAppEngineServiceIamPolicyOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyOutput
type AppEngineServiceIamPolicyState ¶
type AppEngineServiceIamPolicyState struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringPtrInput }
func (AppEngineServiceIamPolicyState) ElementType ¶
func (AppEngineServiceIamPolicyState) ElementType() reflect.Type
type AppEngineVersionIamBinding ¶
type AppEngineVersionIamBinding struct { pulumi.CustomResourceState // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringOutput `pulumi:"appId"` // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition AppEngineVersionIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` Members pulumi.StringArrayOutput `pulumi:"members"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringOutput `pulumi:"service"` // Version id of the App Engine application Used to find the parent resource to bind the IAM policy to VersionId pulumi.StringOutput `pulumi:"versionId"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:
* `iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached. * `iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved. * `iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion
> **Note:** `iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `iap.AppEngineVersionIamBinding` and `iap.AppEngineVersionIamMember` or they will fight over what your policy should be.
> **Note:** `iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_app\_engine\_version\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{ Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{ Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_app\_engine\_version\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Condition: &iap.AppEngineVersionIamBindingConditionArgs{ Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), Title: pulumi.String("expires_after_2019_12_31"), }, Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_app\_engine\_version\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Member: pulumi.String("user:jane@example.com"), Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Condition: &iap.AppEngineVersionIamMemberConditionArgs{ Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), Title: pulumi.String("expires_after_2019_12_31"), }, Member: pulumi.String("user:jane@example.com"), Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id), }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} * {{project}}/{{appId}}/{{service}}/{{versionId}} * {{appId}}/{{service}}/{{versionId}} * {{version}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetAppEngineVersionIamBinding ¶
func GetAppEngineVersionIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AppEngineVersionIamBindingState, opts ...pulumi.ResourceOption) (*AppEngineVersionIamBinding, error)
GetAppEngineVersionIamBinding gets an existing AppEngineVersionIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAppEngineVersionIamBinding ¶
func NewAppEngineVersionIamBinding(ctx *pulumi.Context, name string, args *AppEngineVersionIamBindingArgs, opts ...pulumi.ResourceOption) (*AppEngineVersionIamBinding, error)
NewAppEngineVersionIamBinding registers a new resource with the given unique name, arguments, and options.
func (*AppEngineVersionIamBinding) ElementType ¶
func (*AppEngineVersionIamBinding) ElementType() reflect.Type
func (*AppEngineVersionIamBinding) ToAppEngineVersionIamBindingOutput ¶
func (i *AppEngineVersionIamBinding) ToAppEngineVersionIamBindingOutput() AppEngineVersionIamBindingOutput
func (*AppEngineVersionIamBinding) ToAppEngineVersionIamBindingOutputWithContext ¶
func (i *AppEngineVersionIamBinding) ToAppEngineVersionIamBindingOutputWithContext(ctx context.Context) AppEngineVersionIamBindingOutput
type AppEngineVersionIamBindingArgs ¶
type AppEngineVersionIamBindingArgs struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringInput // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition AppEngineVersionIamBindingConditionPtrInput Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringInput // Version id of the App Engine application Used to find the parent resource to bind the IAM policy to VersionId pulumi.StringInput }
The set of arguments for constructing a AppEngineVersionIamBinding resource.
func (AppEngineVersionIamBindingArgs) ElementType ¶
func (AppEngineVersionIamBindingArgs) ElementType() reflect.Type
type AppEngineVersionIamBindingArray ¶
type AppEngineVersionIamBindingArray []AppEngineVersionIamBindingInput
func (AppEngineVersionIamBindingArray) ElementType ¶
func (AppEngineVersionIamBindingArray) ElementType() reflect.Type
func (AppEngineVersionIamBindingArray) ToAppEngineVersionIamBindingArrayOutput ¶
func (i AppEngineVersionIamBindingArray) ToAppEngineVersionIamBindingArrayOutput() AppEngineVersionIamBindingArrayOutput
func (AppEngineVersionIamBindingArray) ToAppEngineVersionIamBindingArrayOutputWithContext ¶
func (i AppEngineVersionIamBindingArray) ToAppEngineVersionIamBindingArrayOutputWithContext(ctx context.Context) AppEngineVersionIamBindingArrayOutput
type AppEngineVersionIamBindingArrayInput ¶
type AppEngineVersionIamBindingArrayInput interface { pulumi.Input ToAppEngineVersionIamBindingArrayOutput() AppEngineVersionIamBindingArrayOutput ToAppEngineVersionIamBindingArrayOutputWithContext(context.Context) AppEngineVersionIamBindingArrayOutput }
AppEngineVersionIamBindingArrayInput is an input type that accepts AppEngineVersionIamBindingArray and AppEngineVersionIamBindingArrayOutput values. You can construct a concrete instance of `AppEngineVersionIamBindingArrayInput` via:
AppEngineVersionIamBindingArray{ AppEngineVersionIamBindingArgs{...} }
type AppEngineVersionIamBindingArrayOutput ¶
type AppEngineVersionIamBindingArrayOutput struct{ *pulumi.OutputState }
func (AppEngineVersionIamBindingArrayOutput) ElementType ¶
func (AppEngineVersionIamBindingArrayOutput) ElementType() reflect.Type
func (AppEngineVersionIamBindingArrayOutput) Index ¶
func (o AppEngineVersionIamBindingArrayOutput) Index(i pulumi.IntInput) AppEngineVersionIamBindingOutput
func (AppEngineVersionIamBindingArrayOutput) ToAppEngineVersionIamBindingArrayOutput ¶
func (o AppEngineVersionIamBindingArrayOutput) ToAppEngineVersionIamBindingArrayOutput() AppEngineVersionIamBindingArrayOutput
func (AppEngineVersionIamBindingArrayOutput) ToAppEngineVersionIamBindingArrayOutputWithContext ¶
func (o AppEngineVersionIamBindingArrayOutput) ToAppEngineVersionIamBindingArrayOutputWithContext(ctx context.Context) AppEngineVersionIamBindingArrayOutput
type AppEngineVersionIamBindingCondition ¶
type AppEngineVersionIamBindingCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type AppEngineVersionIamBindingConditionArgs ¶
type AppEngineVersionIamBindingConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (AppEngineVersionIamBindingConditionArgs) ElementType ¶
func (AppEngineVersionIamBindingConditionArgs) ElementType() reflect.Type
func (AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionOutput ¶
func (i AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionOutput() AppEngineVersionIamBindingConditionOutput
func (AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionOutputWithContext ¶
func (i AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionOutput
func (AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionPtrOutput ¶
func (i AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionPtrOutput() AppEngineVersionIamBindingConditionPtrOutput
func (AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionPtrOutputWithContext ¶
func (i AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionPtrOutput
type AppEngineVersionIamBindingConditionInput ¶
type AppEngineVersionIamBindingConditionInput interface { pulumi.Input ToAppEngineVersionIamBindingConditionOutput() AppEngineVersionIamBindingConditionOutput ToAppEngineVersionIamBindingConditionOutputWithContext(context.Context) AppEngineVersionIamBindingConditionOutput }
AppEngineVersionIamBindingConditionInput is an input type that accepts AppEngineVersionIamBindingConditionArgs and AppEngineVersionIamBindingConditionOutput values. You can construct a concrete instance of `AppEngineVersionIamBindingConditionInput` via:
AppEngineVersionIamBindingConditionArgs{...}
type AppEngineVersionIamBindingConditionOutput ¶
type AppEngineVersionIamBindingConditionOutput struct{ *pulumi.OutputState }
func (AppEngineVersionIamBindingConditionOutput) Description ¶
func (o AppEngineVersionIamBindingConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (AppEngineVersionIamBindingConditionOutput) ElementType ¶
func (AppEngineVersionIamBindingConditionOutput) ElementType() reflect.Type
func (AppEngineVersionIamBindingConditionOutput) Expression ¶
func (o AppEngineVersionIamBindingConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (AppEngineVersionIamBindingConditionOutput) Title ¶
func (o AppEngineVersionIamBindingConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionOutput ¶
func (o AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionOutput() AppEngineVersionIamBindingConditionOutput
func (AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionOutputWithContext ¶
func (o AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionOutput
func (AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionPtrOutput ¶
func (o AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionPtrOutput() AppEngineVersionIamBindingConditionPtrOutput
func (AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionPtrOutputWithContext ¶
func (o AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionPtrOutput
type AppEngineVersionIamBindingConditionPtrInput ¶
type AppEngineVersionIamBindingConditionPtrInput interface { pulumi.Input ToAppEngineVersionIamBindingConditionPtrOutput() AppEngineVersionIamBindingConditionPtrOutput ToAppEngineVersionIamBindingConditionPtrOutputWithContext(context.Context) AppEngineVersionIamBindingConditionPtrOutput }
AppEngineVersionIamBindingConditionPtrInput is an input type that accepts AppEngineVersionIamBindingConditionArgs, AppEngineVersionIamBindingConditionPtr and AppEngineVersionIamBindingConditionPtrOutput values. You can construct a concrete instance of `AppEngineVersionIamBindingConditionPtrInput` via:
AppEngineVersionIamBindingConditionArgs{...} or: nil
func AppEngineVersionIamBindingConditionPtr ¶
func AppEngineVersionIamBindingConditionPtr(v *AppEngineVersionIamBindingConditionArgs) AppEngineVersionIamBindingConditionPtrInput
type AppEngineVersionIamBindingConditionPtrOutput ¶
type AppEngineVersionIamBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (AppEngineVersionIamBindingConditionPtrOutput) Description ¶
func (o AppEngineVersionIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (AppEngineVersionIamBindingConditionPtrOutput) ElementType ¶
func (AppEngineVersionIamBindingConditionPtrOutput) ElementType() reflect.Type
func (AppEngineVersionIamBindingConditionPtrOutput) Expression ¶
func (o AppEngineVersionIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (AppEngineVersionIamBindingConditionPtrOutput) Title ¶
func (o AppEngineVersionIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (AppEngineVersionIamBindingConditionPtrOutput) ToAppEngineVersionIamBindingConditionPtrOutput ¶
func (o AppEngineVersionIamBindingConditionPtrOutput) ToAppEngineVersionIamBindingConditionPtrOutput() AppEngineVersionIamBindingConditionPtrOutput
func (AppEngineVersionIamBindingConditionPtrOutput) ToAppEngineVersionIamBindingConditionPtrOutputWithContext ¶
func (o AppEngineVersionIamBindingConditionPtrOutput) ToAppEngineVersionIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionPtrOutput
type AppEngineVersionIamBindingInput ¶
type AppEngineVersionIamBindingInput interface { pulumi.Input ToAppEngineVersionIamBindingOutput() AppEngineVersionIamBindingOutput ToAppEngineVersionIamBindingOutputWithContext(ctx context.Context) AppEngineVersionIamBindingOutput }
type AppEngineVersionIamBindingMap ¶
type AppEngineVersionIamBindingMap map[string]AppEngineVersionIamBindingInput
func (AppEngineVersionIamBindingMap) ElementType ¶
func (AppEngineVersionIamBindingMap) ElementType() reflect.Type
func (AppEngineVersionIamBindingMap) ToAppEngineVersionIamBindingMapOutput ¶
func (i AppEngineVersionIamBindingMap) ToAppEngineVersionIamBindingMapOutput() AppEngineVersionIamBindingMapOutput
func (AppEngineVersionIamBindingMap) ToAppEngineVersionIamBindingMapOutputWithContext ¶
func (i AppEngineVersionIamBindingMap) ToAppEngineVersionIamBindingMapOutputWithContext(ctx context.Context) AppEngineVersionIamBindingMapOutput
type AppEngineVersionIamBindingMapInput ¶
type AppEngineVersionIamBindingMapInput interface { pulumi.Input ToAppEngineVersionIamBindingMapOutput() AppEngineVersionIamBindingMapOutput ToAppEngineVersionIamBindingMapOutputWithContext(context.Context) AppEngineVersionIamBindingMapOutput }
AppEngineVersionIamBindingMapInput is an input type that accepts AppEngineVersionIamBindingMap and AppEngineVersionIamBindingMapOutput values. You can construct a concrete instance of `AppEngineVersionIamBindingMapInput` via:
AppEngineVersionIamBindingMap{ "key": AppEngineVersionIamBindingArgs{...} }
type AppEngineVersionIamBindingMapOutput ¶
type AppEngineVersionIamBindingMapOutput struct{ *pulumi.OutputState }
func (AppEngineVersionIamBindingMapOutput) ElementType ¶
func (AppEngineVersionIamBindingMapOutput) ElementType() reflect.Type
func (AppEngineVersionIamBindingMapOutput) MapIndex ¶
func (o AppEngineVersionIamBindingMapOutput) MapIndex(k pulumi.StringInput) AppEngineVersionIamBindingOutput
func (AppEngineVersionIamBindingMapOutput) ToAppEngineVersionIamBindingMapOutput ¶
func (o AppEngineVersionIamBindingMapOutput) ToAppEngineVersionIamBindingMapOutput() AppEngineVersionIamBindingMapOutput
func (AppEngineVersionIamBindingMapOutput) ToAppEngineVersionIamBindingMapOutputWithContext ¶
func (o AppEngineVersionIamBindingMapOutput) ToAppEngineVersionIamBindingMapOutputWithContext(ctx context.Context) AppEngineVersionIamBindingMapOutput
type AppEngineVersionIamBindingOutput ¶
type AppEngineVersionIamBindingOutput struct{ *pulumi.OutputState }
func (AppEngineVersionIamBindingOutput) AppId ¶ added in v6.23.0
func (o AppEngineVersionIamBindingOutput) AppId() pulumi.StringOutput
Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
func (AppEngineVersionIamBindingOutput) Condition ¶ added in v6.23.0
func (o AppEngineVersionIamBindingOutput) Condition() AppEngineVersionIamBindingConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (AppEngineVersionIamBindingOutput) ElementType ¶
func (AppEngineVersionIamBindingOutput) ElementType() reflect.Type
func (AppEngineVersionIamBindingOutput) Etag ¶ added in v6.23.0
func (o AppEngineVersionIamBindingOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (AppEngineVersionIamBindingOutput) Members ¶ added in v6.23.0
func (o AppEngineVersionIamBindingOutput) Members() pulumi.StringArrayOutput
func (AppEngineVersionIamBindingOutput) Project ¶ added in v6.23.0
func (o AppEngineVersionIamBindingOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (AppEngineVersionIamBindingOutput) Role ¶ added in v6.23.0
func (o AppEngineVersionIamBindingOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (AppEngineVersionIamBindingOutput) Service ¶ added in v6.23.0
func (o AppEngineVersionIamBindingOutput) Service() pulumi.StringOutput
Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
func (AppEngineVersionIamBindingOutput) ToAppEngineVersionIamBindingOutput ¶
func (o AppEngineVersionIamBindingOutput) ToAppEngineVersionIamBindingOutput() AppEngineVersionIamBindingOutput
func (AppEngineVersionIamBindingOutput) ToAppEngineVersionIamBindingOutputWithContext ¶
func (o AppEngineVersionIamBindingOutput) ToAppEngineVersionIamBindingOutputWithContext(ctx context.Context) AppEngineVersionIamBindingOutput
func (AppEngineVersionIamBindingOutput) VersionId ¶ added in v6.23.0
func (o AppEngineVersionIamBindingOutput) VersionId() pulumi.StringOutput
Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
type AppEngineVersionIamBindingState ¶
type AppEngineVersionIamBindingState struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringPtrInput // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition AppEngineVersionIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringPtrInput // Version id of the App Engine application Used to find the parent resource to bind the IAM policy to VersionId pulumi.StringPtrInput }
func (AppEngineVersionIamBindingState) ElementType ¶
func (AppEngineVersionIamBindingState) ElementType() reflect.Type
type AppEngineVersionIamMember ¶
type AppEngineVersionIamMember struct { pulumi.CustomResourceState // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringOutput `pulumi:"appId"` // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition AppEngineVersionIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` Member pulumi.StringOutput `pulumi:"member"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringOutput `pulumi:"service"` // Version id of the App Engine application Used to find the parent resource to bind the IAM policy to VersionId pulumi.StringOutput `pulumi:"versionId"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:
* `iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached. * `iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved. * `iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion
> **Note:** `iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `iap.AppEngineVersionIamBinding` and `iap.AppEngineVersionIamMember` or they will fight over what your policy should be.
> **Note:** `iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_app\_engine\_version\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{ Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{ Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_app\_engine\_version\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Condition: &iap.AppEngineVersionIamBindingConditionArgs{ Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), Title: pulumi.String("expires_after_2019_12_31"), }, Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_app\_engine\_version\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Member: pulumi.String("user:jane@example.com"), Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Condition: &iap.AppEngineVersionIamMemberConditionArgs{ Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), Title: pulumi.String("expires_after_2019_12_31"), }, Member: pulumi.String("user:jane@example.com"), Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id), }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} * {{project}}/{{appId}}/{{service}}/{{versionId}} * {{appId}}/{{service}}/{{versionId}} * {{version}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetAppEngineVersionIamMember ¶
func GetAppEngineVersionIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AppEngineVersionIamMemberState, opts ...pulumi.ResourceOption) (*AppEngineVersionIamMember, error)
GetAppEngineVersionIamMember gets an existing AppEngineVersionIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAppEngineVersionIamMember ¶
func NewAppEngineVersionIamMember(ctx *pulumi.Context, name string, args *AppEngineVersionIamMemberArgs, opts ...pulumi.ResourceOption) (*AppEngineVersionIamMember, error)
NewAppEngineVersionIamMember registers a new resource with the given unique name, arguments, and options.
func (*AppEngineVersionIamMember) ElementType ¶
func (*AppEngineVersionIamMember) ElementType() reflect.Type
func (*AppEngineVersionIamMember) ToAppEngineVersionIamMemberOutput ¶
func (i *AppEngineVersionIamMember) ToAppEngineVersionIamMemberOutput() AppEngineVersionIamMemberOutput
func (*AppEngineVersionIamMember) ToAppEngineVersionIamMemberOutputWithContext ¶
func (i *AppEngineVersionIamMember) ToAppEngineVersionIamMemberOutputWithContext(ctx context.Context) AppEngineVersionIamMemberOutput
type AppEngineVersionIamMemberArgs ¶
type AppEngineVersionIamMemberArgs struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringInput // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition AppEngineVersionIamMemberConditionPtrInput Member pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringInput // Version id of the App Engine application Used to find the parent resource to bind the IAM policy to VersionId pulumi.StringInput }
The set of arguments for constructing a AppEngineVersionIamMember resource.
func (AppEngineVersionIamMemberArgs) ElementType ¶
func (AppEngineVersionIamMemberArgs) ElementType() reflect.Type
type AppEngineVersionIamMemberArray ¶
type AppEngineVersionIamMemberArray []AppEngineVersionIamMemberInput
func (AppEngineVersionIamMemberArray) ElementType ¶
func (AppEngineVersionIamMemberArray) ElementType() reflect.Type
func (AppEngineVersionIamMemberArray) ToAppEngineVersionIamMemberArrayOutput ¶
func (i AppEngineVersionIamMemberArray) ToAppEngineVersionIamMemberArrayOutput() AppEngineVersionIamMemberArrayOutput
func (AppEngineVersionIamMemberArray) ToAppEngineVersionIamMemberArrayOutputWithContext ¶
func (i AppEngineVersionIamMemberArray) ToAppEngineVersionIamMemberArrayOutputWithContext(ctx context.Context) AppEngineVersionIamMemberArrayOutput
type AppEngineVersionIamMemberArrayInput ¶
type AppEngineVersionIamMemberArrayInput interface { pulumi.Input ToAppEngineVersionIamMemberArrayOutput() AppEngineVersionIamMemberArrayOutput ToAppEngineVersionIamMemberArrayOutputWithContext(context.Context) AppEngineVersionIamMemberArrayOutput }
AppEngineVersionIamMemberArrayInput is an input type that accepts AppEngineVersionIamMemberArray and AppEngineVersionIamMemberArrayOutput values. You can construct a concrete instance of `AppEngineVersionIamMemberArrayInput` via:
AppEngineVersionIamMemberArray{ AppEngineVersionIamMemberArgs{...} }
type AppEngineVersionIamMemberArrayOutput ¶
type AppEngineVersionIamMemberArrayOutput struct{ *pulumi.OutputState }
func (AppEngineVersionIamMemberArrayOutput) ElementType ¶
func (AppEngineVersionIamMemberArrayOutput) ElementType() reflect.Type
func (AppEngineVersionIamMemberArrayOutput) Index ¶
func (o AppEngineVersionIamMemberArrayOutput) Index(i pulumi.IntInput) AppEngineVersionIamMemberOutput
func (AppEngineVersionIamMemberArrayOutput) ToAppEngineVersionIamMemberArrayOutput ¶
func (o AppEngineVersionIamMemberArrayOutput) ToAppEngineVersionIamMemberArrayOutput() AppEngineVersionIamMemberArrayOutput
func (AppEngineVersionIamMemberArrayOutput) ToAppEngineVersionIamMemberArrayOutputWithContext ¶
func (o AppEngineVersionIamMemberArrayOutput) ToAppEngineVersionIamMemberArrayOutputWithContext(ctx context.Context) AppEngineVersionIamMemberArrayOutput
type AppEngineVersionIamMemberCondition ¶
type AppEngineVersionIamMemberCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type AppEngineVersionIamMemberConditionArgs ¶
type AppEngineVersionIamMemberConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (AppEngineVersionIamMemberConditionArgs) ElementType ¶
func (AppEngineVersionIamMemberConditionArgs) ElementType() reflect.Type
func (AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionOutput ¶
func (i AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionOutput() AppEngineVersionIamMemberConditionOutput
func (AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionOutputWithContext ¶
func (i AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionOutput
func (AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionPtrOutput ¶
func (i AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionPtrOutput() AppEngineVersionIamMemberConditionPtrOutput
func (AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionPtrOutputWithContext ¶
func (i AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionPtrOutput
type AppEngineVersionIamMemberConditionInput ¶
type AppEngineVersionIamMemberConditionInput interface { pulumi.Input ToAppEngineVersionIamMemberConditionOutput() AppEngineVersionIamMemberConditionOutput ToAppEngineVersionIamMemberConditionOutputWithContext(context.Context) AppEngineVersionIamMemberConditionOutput }
AppEngineVersionIamMemberConditionInput is an input type that accepts AppEngineVersionIamMemberConditionArgs and AppEngineVersionIamMemberConditionOutput values. You can construct a concrete instance of `AppEngineVersionIamMemberConditionInput` via:
AppEngineVersionIamMemberConditionArgs{...}
type AppEngineVersionIamMemberConditionOutput ¶
type AppEngineVersionIamMemberConditionOutput struct{ *pulumi.OutputState }
func (AppEngineVersionIamMemberConditionOutput) Description ¶
func (o AppEngineVersionIamMemberConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (AppEngineVersionIamMemberConditionOutput) ElementType ¶
func (AppEngineVersionIamMemberConditionOutput) ElementType() reflect.Type
func (AppEngineVersionIamMemberConditionOutput) Expression ¶
func (o AppEngineVersionIamMemberConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (AppEngineVersionIamMemberConditionOutput) Title ¶
func (o AppEngineVersionIamMemberConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionOutput ¶
func (o AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionOutput() AppEngineVersionIamMemberConditionOutput
func (AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionOutputWithContext ¶
func (o AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionOutput
func (AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionPtrOutput ¶
func (o AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionPtrOutput() AppEngineVersionIamMemberConditionPtrOutput
func (AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionPtrOutputWithContext ¶
func (o AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionPtrOutput
type AppEngineVersionIamMemberConditionPtrInput ¶
type AppEngineVersionIamMemberConditionPtrInput interface { pulumi.Input ToAppEngineVersionIamMemberConditionPtrOutput() AppEngineVersionIamMemberConditionPtrOutput ToAppEngineVersionIamMemberConditionPtrOutputWithContext(context.Context) AppEngineVersionIamMemberConditionPtrOutput }
AppEngineVersionIamMemberConditionPtrInput is an input type that accepts AppEngineVersionIamMemberConditionArgs, AppEngineVersionIamMemberConditionPtr and AppEngineVersionIamMemberConditionPtrOutput values. You can construct a concrete instance of `AppEngineVersionIamMemberConditionPtrInput` via:
AppEngineVersionIamMemberConditionArgs{...} or: nil
func AppEngineVersionIamMemberConditionPtr ¶
func AppEngineVersionIamMemberConditionPtr(v *AppEngineVersionIamMemberConditionArgs) AppEngineVersionIamMemberConditionPtrInput
type AppEngineVersionIamMemberConditionPtrOutput ¶
type AppEngineVersionIamMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (AppEngineVersionIamMemberConditionPtrOutput) Description ¶
func (o AppEngineVersionIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (AppEngineVersionIamMemberConditionPtrOutput) ElementType ¶
func (AppEngineVersionIamMemberConditionPtrOutput) ElementType() reflect.Type
func (AppEngineVersionIamMemberConditionPtrOutput) Expression ¶
func (o AppEngineVersionIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (AppEngineVersionIamMemberConditionPtrOutput) Title ¶
func (o AppEngineVersionIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (AppEngineVersionIamMemberConditionPtrOutput) ToAppEngineVersionIamMemberConditionPtrOutput ¶
func (o AppEngineVersionIamMemberConditionPtrOutput) ToAppEngineVersionIamMemberConditionPtrOutput() AppEngineVersionIamMemberConditionPtrOutput
func (AppEngineVersionIamMemberConditionPtrOutput) ToAppEngineVersionIamMemberConditionPtrOutputWithContext ¶
func (o AppEngineVersionIamMemberConditionPtrOutput) ToAppEngineVersionIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionPtrOutput
type AppEngineVersionIamMemberInput ¶
type AppEngineVersionIamMemberInput interface { pulumi.Input ToAppEngineVersionIamMemberOutput() AppEngineVersionIamMemberOutput ToAppEngineVersionIamMemberOutputWithContext(ctx context.Context) AppEngineVersionIamMemberOutput }
type AppEngineVersionIamMemberMap ¶
type AppEngineVersionIamMemberMap map[string]AppEngineVersionIamMemberInput
func (AppEngineVersionIamMemberMap) ElementType ¶
func (AppEngineVersionIamMemberMap) ElementType() reflect.Type
func (AppEngineVersionIamMemberMap) ToAppEngineVersionIamMemberMapOutput ¶
func (i AppEngineVersionIamMemberMap) ToAppEngineVersionIamMemberMapOutput() AppEngineVersionIamMemberMapOutput
func (AppEngineVersionIamMemberMap) ToAppEngineVersionIamMemberMapOutputWithContext ¶
func (i AppEngineVersionIamMemberMap) ToAppEngineVersionIamMemberMapOutputWithContext(ctx context.Context) AppEngineVersionIamMemberMapOutput
type AppEngineVersionIamMemberMapInput ¶
type AppEngineVersionIamMemberMapInput interface { pulumi.Input ToAppEngineVersionIamMemberMapOutput() AppEngineVersionIamMemberMapOutput ToAppEngineVersionIamMemberMapOutputWithContext(context.Context) AppEngineVersionIamMemberMapOutput }
AppEngineVersionIamMemberMapInput is an input type that accepts AppEngineVersionIamMemberMap and AppEngineVersionIamMemberMapOutput values. You can construct a concrete instance of `AppEngineVersionIamMemberMapInput` via:
AppEngineVersionIamMemberMap{ "key": AppEngineVersionIamMemberArgs{...} }
type AppEngineVersionIamMemberMapOutput ¶
type AppEngineVersionIamMemberMapOutput struct{ *pulumi.OutputState }
func (AppEngineVersionIamMemberMapOutput) ElementType ¶
func (AppEngineVersionIamMemberMapOutput) ElementType() reflect.Type
func (AppEngineVersionIamMemberMapOutput) MapIndex ¶
func (o AppEngineVersionIamMemberMapOutput) MapIndex(k pulumi.StringInput) AppEngineVersionIamMemberOutput
func (AppEngineVersionIamMemberMapOutput) ToAppEngineVersionIamMemberMapOutput ¶
func (o AppEngineVersionIamMemberMapOutput) ToAppEngineVersionIamMemberMapOutput() AppEngineVersionIamMemberMapOutput
func (AppEngineVersionIamMemberMapOutput) ToAppEngineVersionIamMemberMapOutputWithContext ¶
func (o AppEngineVersionIamMemberMapOutput) ToAppEngineVersionIamMemberMapOutputWithContext(ctx context.Context) AppEngineVersionIamMemberMapOutput
type AppEngineVersionIamMemberOutput ¶
type AppEngineVersionIamMemberOutput struct{ *pulumi.OutputState }
func (AppEngineVersionIamMemberOutput) AppId ¶ added in v6.23.0
func (o AppEngineVersionIamMemberOutput) AppId() pulumi.StringOutput
Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
func (AppEngineVersionIamMemberOutput) Condition ¶ added in v6.23.0
func (o AppEngineVersionIamMemberOutput) Condition() AppEngineVersionIamMemberConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (AppEngineVersionIamMemberOutput) ElementType ¶
func (AppEngineVersionIamMemberOutput) ElementType() reflect.Type
func (AppEngineVersionIamMemberOutput) Etag ¶ added in v6.23.0
func (o AppEngineVersionIamMemberOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (AppEngineVersionIamMemberOutput) Member ¶ added in v6.23.0
func (o AppEngineVersionIamMemberOutput) Member() pulumi.StringOutput
func (AppEngineVersionIamMemberOutput) Project ¶ added in v6.23.0
func (o AppEngineVersionIamMemberOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (AppEngineVersionIamMemberOutput) Role ¶ added in v6.23.0
func (o AppEngineVersionIamMemberOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (AppEngineVersionIamMemberOutput) Service ¶ added in v6.23.0
func (o AppEngineVersionIamMemberOutput) Service() pulumi.StringOutput
Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
func (AppEngineVersionIamMemberOutput) ToAppEngineVersionIamMemberOutput ¶
func (o AppEngineVersionIamMemberOutput) ToAppEngineVersionIamMemberOutput() AppEngineVersionIamMemberOutput
func (AppEngineVersionIamMemberOutput) ToAppEngineVersionIamMemberOutputWithContext ¶
func (o AppEngineVersionIamMemberOutput) ToAppEngineVersionIamMemberOutputWithContext(ctx context.Context) AppEngineVersionIamMemberOutput
func (AppEngineVersionIamMemberOutput) VersionId ¶ added in v6.23.0
func (o AppEngineVersionIamMemberOutput) VersionId() pulumi.StringOutput
Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
type AppEngineVersionIamMemberState ¶
type AppEngineVersionIamMemberState struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringPtrInput // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition AppEngineVersionIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput Member pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringPtrInput // Version id of the App Engine application Used to find the parent resource to bind the IAM policy to VersionId pulumi.StringPtrInput }
func (AppEngineVersionIamMemberState) ElementType ¶
func (AppEngineVersionIamMemberState) ElementType() reflect.Type
type AppEngineVersionIamPolicy ¶
type AppEngineVersionIamPolicy struct { pulumi.CustomResourceState // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringOutput `pulumi:"appId"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringOutput `pulumi:"service"` // Version id of the App Engine application Used to find the parent resource to bind the IAM policy to VersionId pulumi.StringOutput `pulumi:"versionId"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:
* `iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached. * `iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved. * `iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion
> **Note:** `iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `iap.AppEngineVersionIamBinding` and `iap.AppEngineVersionIamMember` or they will fight over what your policy should be.
> **Note:** `iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_app\_engine\_version\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{ Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{ Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_app\_engine\_version\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Condition: &iap.AppEngineVersionIamBindingConditionArgs{ Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), Title: pulumi.String("expires_after_2019_12_31"), }, Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_app\_engine\_version\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Member: pulumi.String("user:jane@example.com"), Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{ AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Condition: &iap.AppEngineVersionIamMemberConditionArgs{ Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), Title: pulumi.String("expires_after_2019_12_31"), }, Member: pulumi.String("user:jane@example.com"), Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service), VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id), }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} * {{project}}/{{appId}}/{{service}}/{{versionId}} * {{appId}}/{{service}}/{{versionId}} * {{version}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetAppEngineVersionIamPolicy ¶
func GetAppEngineVersionIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AppEngineVersionIamPolicyState, opts ...pulumi.ResourceOption) (*AppEngineVersionIamPolicy, error)
GetAppEngineVersionIamPolicy gets an existing AppEngineVersionIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAppEngineVersionIamPolicy ¶
func NewAppEngineVersionIamPolicy(ctx *pulumi.Context, name string, args *AppEngineVersionIamPolicyArgs, opts ...pulumi.ResourceOption) (*AppEngineVersionIamPolicy, error)
NewAppEngineVersionIamPolicy registers a new resource with the given unique name, arguments, and options.
func (*AppEngineVersionIamPolicy) ElementType ¶
func (*AppEngineVersionIamPolicy) ElementType() reflect.Type
func (*AppEngineVersionIamPolicy) ToAppEngineVersionIamPolicyOutput ¶
func (i *AppEngineVersionIamPolicy) ToAppEngineVersionIamPolicyOutput() AppEngineVersionIamPolicyOutput
func (*AppEngineVersionIamPolicy) ToAppEngineVersionIamPolicyOutputWithContext ¶
func (i *AppEngineVersionIamPolicy) ToAppEngineVersionIamPolicyOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyOutput
type AppEngineVersionIamPolicyArgs ¶
type AppEngineVersionIamPolicyArgs struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringInput // Version id of the App Engine application Used to find the parent resource to bind the IAM policy to VersionId pulumi.StringInput }
The set of arguments for constructing a AppEngineVersionIamPolicy resource.
func (AppEngineVersionIamPolicyArgs) ElementType ¶
func (AppEngineVersionIamPolicyArgs) ElementType() reflect.Type
type AppEngineVersionIamPolicyArray ¶
type AppEngineVersionIamPolicyArray []AppEngineVersionIamPolicyInput
func (AppEngineVersionIamPolicyArray) ElementType ¶
func (AppEngineVersionIamPolicyArray) ElementType() reflect.Type
func (AppEngineVersionIamPolicyArray) ToAppEngineVersionIamPolicyArrayOutput ¶
func (i AppEngineVersionIamPolicyArray) ToAppEngineVersionIamPolicyArrayOutput() AppEngineVersionIamPolicyArrayOutput
func (AppEngineVersionIamPolicyArray) ToAppEngineVersionIamPolicyArrayOutputWithContext ¶
func (i AppEngineVersionIamPolicyArray) ToAppEngineVersionIamPolicyArrayOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyArrayOutput
type AppEngineVersionIamPolicyArrayInput ¶
type AppEngineVersionIamPolicyArrayInput interface { pulumi.Input ToAppEngineVersionIamPolicyArrayOutput() AppEngineVersionIamPolicyArrayOutput ToAppEngineVersionIamPolicyArrayOutputWithContext(context.Context) AppEngineVersionIamPolicyArrayOutput }
AppEngineVersionIamPolicyArrayInput is an input type that accepts AppEngineVersionIamPolicyArray and AppEngineVersionIamPolicyArrayOutput values. You can construct a concrete instance of `AppEngineVersionIamPolicyArrayInput` via:
AppEngineVersionIamPolicyArray{ AppEngineVersionIamPolicyArgs{...} }
type AppEngineVersionIamPolicyArrayOutput ¶
type AppEngineVersionIamPolicyArrayOutput struct{ *pulumi.OutputState }
func (AppEngineVersionIamPolicyArrayOutput) ElementType ¶
func (AppEngineVersionIamPolicyArrayOutput) ElementType() reflect.Type
func (AppEngineVersionIamPolicyArrayOutput) Index ¶
func (o AppEngineVersionIamPolicyArrayOutput) Index(i pulumi.IntInput) AppEngineVersionIamPolicyOutput
func (AppEngineVersionIamPolicyArrayOutput) ToAppEngineVersionIamPolicyArrayOutput ¶
func (o AppEngineVersionIamPolicyArrayOutput) ToAppEngineVersionIamPolicyArrayOutput() AppEngineVersionIamPolicyArrayOutput
func (AppEngineVersionIamPolicyArrayOutput) ToAppEngineVersionIamPolicyArrayOutputWithContext ¶
func (o AppEngineVersionIamPolicyArrayOutput) ToAppEngineVersionIamPolicyArrayOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyArrayOutput
type AppEngineVersionIamPolicyInput ¶
type AppEngineVersionIamPolicyInput interface { pulumi.Input ToAppEngineVersionIamPolicyOutput() AppEngineVersionIamPolicyOutput ToAppEngineVersionIamPolicyOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyOutput }
type AppEngineVersionIamPolicyMap ¶
type AppEngineVersionIamPolicyMap map[string]AppEngineVersionIamPolicyInput
func (AppEngineVersionIamPolicyMap) ElementType ¶
func (AppEngineVersionIamPolicyMap) ElementType() reflect.Type
func (AppEngineVersionIamPolicyMap) ToAppEngineVersionIamPolicyMapOutput ¶
func (i AppEngineVersionIamPolicyMap) ToAppEngineVersionIamPolicyMapOutput() AppEngineVersionIamPolicyMapOutput
func (AppEngineVersionIamPolicyMap) ToAppEngineVersionIamPolicyMapOutputWithContext ¶
func (i AppEngineVersionIamPolicyMap) ToAppEngineVersionIamPolicyMapOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyMapOutput
type AppEngineVersionIamPolicyMapInput ¶
type AppEngineVersionIamPolicyMapInput interface { pulumi.Input ToAppEngineVersionIamPolicyMapOutput() AppEngineVersionIamPolicyMapOutput ToAppEngineVersionIamPolicyMapOutputWithContext(context.Context) AppEngineVersionIamPolicyMapOutput }
AppEngineVersionIamPolicyMapInput is an input type that accepts AppEngineVersionIamPolicyMap and AppEngineVersionIamPolicyMapOutput values. You can construct a concrete instance of `AppEngineVersionIamPolicyMapInput` via:
AppEngineVersionIamPolicyMap{ "key": AppEngineVersionIamPolicyArgs{...} }
type AppEngineVersionIamPolicyMapOutput ¶
type AppEngineVersionIamPolicyMapOutput struct{ *pulumi.OutputState }
func (AppEngineVersionIamPolicyMapOutput) ElementType ¶
func (AppEngineVersionIamPolicyMapOutput) ElementType() reflect.Type
func (AppEngineVersionIamPolicyMapOutput) MapIndex ¶
func (o AppEngineVersionIamPolicyMapOutput) MapIndex(k pulumi.StringInput) AppEngineVersionIamPolicyOutput
func (AppEngineVersionIamPolicyMapOutput) ToAppEngineVersionIamPolicyMapOutput ¶
func (o AppEngineVersionIamPolicyMapOutput) ToAppEngineVersionIamPolicyMapOutput() AppEngineVersionIamPolicyMapOutput
func (AppEngineVersionIamPolicyMapOutput) ToAppEngineVersionIamPolicyMapOutputWithContext ¶
func (o AppEngineVersionIamPolicyMapOutput) ToAppEngineVersionIamPolicyMapOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyMapOutput
type AppEngineVersionIamPolicyOutput ¶
type AppEngineVersionIamPolicyOutput struct{ *pulumi.OutputState }
func (AppEngineVersionIamPolicyOutput) AppId ¶ added in v6.23.0
func (o AppEngineVersionIamPolicyOutput) AppId() pulumi.StringOutput
Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
func (AppEngineVersionIamPolicyOutput) ElementType ¶
func (AppEngineVersionIamPolicyOutput) ElementType() reflect.Type
func (AppEngineVersionIamPolicyOutput) Etag ¶ added in v6.23.0
func (o AppEngineVersionIamPolicyOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (AppEngineVersionIamPolicyOutput) PolicyData ¶ added in v6.23.0
func (o AppEngineVersionIamPolicyOutput) PolicyData() pulumi.StringOutput
The policy data generated by a `organizations.getIAMPolicy` data source.
func (AppEngineVersionIamPolicyOutput) Project ¶ added in v6.23.0
func (o AppEngineVersionIamPolicyOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (AppEngineVersionIamPolicyOutput) Service ¶ added in v6.23.0
func (o AppEngineVersionIamPolicyOutput) Service() pulumi.StringOutput
Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
func (AppEngineVersionIamPolicyOutput) ToAppEngineVersionIamPolicyOutput ¶
func (o AppEngineVersionIamPolicyOutput) ToAppEngineVersionIamPolicyOutput() AppEngineVersionIamPolicyOutput
func (AppEngineVersionIamPolicyOutput) ToAppEngineVersionIamPolicyOutputWithContext ¶
func (o AppEngineVersionIamPolicyOutput) ToAppEngineVersionIamPolicyOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyOutput
func (AppEngineVersionIamPolicyOutput) VersionId ¶ added in v6.23.0
func (o AppEngineVersionIamPolicyOutput) VersionId() pulumi.StringOutput
Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
type AppEngineVersionIamPolicyState ¶
type AppEngineVersionIamPolicyState struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringPtrInput // Version id of the App Engine application Used to find the parent resource to bind the IAM policy to VersionId pulumi.StringPtrInput }
func (AppEngineVersionIamPolicyState) ElementType ¶
func (AppEngineVersionIamPolicyState) ElementType() reflect.Type
type Brand ¶
type Brand struct { pulumi.CustomResourceState // Application name displayed on OAuth consent screen. // // *** ApplicationTitle pulumi.StringOutput `pulumi:"applicationTitle"` // Output only. Identifier of the brand, in the format `projects/{project_number}/brands/{brand_id}` // NOTE: The name can also be expressed as `projects/{project_id}/brands/{brand_id}`, e.g. when importing. // NOTE: The brand identification corresponds to the project number as only one // brand can be created per project. Name pulumi.StringOutput `pulumi:"name"` // Whether the brand is only intended for usage inside the GSuite organization only. OrgInternalOnly pulumi.BoolOutput `pulumi:"orgInternalOnly"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // Support email displayed on the OAuth consent screen. Can be either a // user or group email. When a user email is specified, the caller must // be the user with the associated email address. When a group email is // specified, the caller can be either a user or a service account which // is an owner of the specified group in Cloud Identity. SupportEmail pulumi.StringOutput `pulumi:"supportEmail"` }
## Example Usage ### Iap Brand
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/projects" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { project, err := organizations.NewProject(ctx, "project", &organizations.ProjectArgs{ ProjectId: pulumi.String("my-project"), OrgId: pulumi.String("123456789"), }) if err != nil { return err } projectService, err := projects.NewService(ctx, "projectService", &projects.ServiceArgs{ Project: project.ProjectId, Service: pulumi.String("iap.googleapis.com"), }) if err != nil { return err } _, err = iap.NewBrand(ctx, "projectBrand", &iap.BrandArgs{ SupportEmail: pulumi.String("support@example.com"), ApplicationTitle: pulumi.String("Cloud IAP protected Application"), Project: projectService.Project, }) if err != nil { return err } return nil }) }
```
## Import
Brand can be imported using any of these accepted formats ¶
```sh
$ pulumi import gcp:iap/brand:Brand default projects/{{project_id}}/brands/{{brand_id}}
```
```sh
$ pulumi import gcp:iap/brand:Brand default projects/{{project_number}}/brands/{{brand_id}}
```
```sh
$ pulumi import gcp:iap/brand:Brand default {{project_number}}/{{brand_id}}
```
func GetBrand ¶
func GetBrand(ctx *pulumi.Context, name string, id pulumi.IDInput, state *BrandState, opts ...pulumi.ResourceOption) (*Brand, error)
GetBrand gets an existing Brand resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewBrand ¶
func NewBrand(ctx *pulumi.Context, name string, args *BrandArgs, opts ...pulumi.ResourceOption) (*Brand, error)
NewBrand registers a new resource with the given unique name, arguments, and options.
func (*Brand) ElementType ¶
func (*Brand) ToBrandOutput ¶
func (i *Brand) ToBrandOutput() BrandOutput
func (*Brand) ToBrandOutputWithContext ¶
func (i *Brand) ToBrandOutputWithContext(ctx context.Context) BrandOutput
type BrandArgs ¶
type BrandArgs struct { // Application name displayed on OAuth consent screen. // // *** ApplicationTitle pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringPtrInput // Support email displayed on the OAuth consent screen. Can be either a // user or group email. When a user email is specified, the caller must // be the user with the associated email address. When a group email is // specified, the caller can be either a user or a service account which // is an owner of the specified group in Cloud Identity. SupportEmail pulumi.StringInput }
The set of arguments for constructing a Brand resource.
func (BrandArgs) ElementType ¶
type BrandArray ¶
type BrandArray []BrandInput
func (BrandArray) ElementType ¶
func (BrandArray) ElementType() reflect.Type
func (BrandArray) ToBrandArrayOutput ¶
func (i BrandArray) ToBrandArrayOutput() BrandArrayOutput
func (BrandArray) ToBrandArrayOutputWithContext ¶
func (i BrandArray) ToBrandArrayOutputWithContext(ctx context.Context) BrandArrayOutput
type BrandArrayInput ¶
type BrandArrayInput interface { pulumi.Input ToBrandArrayOutput() BrandArrayOutput ToBrandArrayOutputWithContext(context.Context) BrandArrayOutput }
BrandArrayInput is an input type that accepts BrandArray and BrandArrayOutput values. You can construct a concrete instance of `BrandArrayInput` via:
BrandArray{ BrandArgs{...} }
type BrandArrayOutput ¶
type BrandArrayOutput struct{ *pulumi.OutputState }
func (BrandArrayOutput) ElementType ¶
func (BrandArrayOutput) ElementType() reflect.Type
func (BrandArrayOutput) Index ¶
func (o BrandArrayOutput) Index(i pulumi.IntInput) BrandOutput
func (BrandArrayOutput) ToBrandArrayOutput ¶
func (o BrandArrayOutput) ToBrandArrayOutput() BrandArrayOutput
func (BrandArrayOutput) ToBrandArrayOutputWithContext ¶
func (o BrandArrayOutput) ToBrandArrayOutputWithContext(ctx context.Context) BrandArrayOutput
type BrandInput ¶
type BrandInput interface { pulumi.Input ToBrandOutput() BrandOutput ToBrandOutputWithContext(ctx context.Context) BrandOutput }
type BrandMap ¶
type BrandMap map[string]BrandInput
func (BrandMap) ElementType ¶
func (BrandMap) ToBrandMapOutput ¶
func (i BrandMap) ToBrandMapOutput() BrandMapOutput
func (BrandMap) ToBrandMapOutputWithContext ¶
func (i BrandMap) ToBrandMapOutputWithContext(ctx context.Context) BrandMapOutput
type BrandMapInput ¶
type BrandMapInput interface { pulumi.Input ToBrandMapOutput() BrandMapOutput ToBrandMapOutputWithContext(context.Context) BrandMapOutput }
BrandMapInput is an input type that accepts BrandMap and BrandMapOutput values. You can construct a concrete instance of `BrandMapInput` via:
BrandMap{ "key": BrandArgs{...} }
type BrandMapOutput ¶
type BrandMapOutput struct{ *pulumi.OutputState }
func (BrandMapOutput) ElementType ¶
func (BrandMapOutput) ElementType() reflect.Type
func (BrandMapOutput) MapIndex ¶
func (o BrandMapOutput) MapIndex(k pulumi.StringInput) BrandOutput
func (BrandMapOutput) ToBrandMapOutput ¶
func (o BrandMapOutput) ToBrandMapOutput() BrandMapOutput
func (BrandMapOutput) ToBrandMapOutputWithContext ¶
func (o BrandMapOutput) ToBrandMapOutputWithContext(ctx context.Context) BrandMapOutput
type BrandOutput ¶
type BrandOutput struct{ *pulumi.OutputState }
func (BrandOutput) ApplicationTitle ¶ added in v6.23.0
func (o BrandOutput) ApplicationTitle() pulumi.StringOutput
Application name displayed on OAuth consent screen.
***
func (BrandOutput) ElementType ¶
func (BrandOutput) ElementType() reflect.Type
func (BrandOutput) Name ¶ added in v6.23.0
func (o BrandOutput) Name() pulumi.StringOutput
Output only. Identifier of the brand, in the format `projects/{project_number}/brands/{brand_id}` NOTE: The name can also be expressed as `projects/{project_id}/brands/{brand_id}`, e.g. when importing. NOTE: The brand identification corresponds to the project number as only one brand can be created per project.
func (BrandOutput) OrgInternalOnly ¶ added in v6.23.0
func (o BrandOutput) OrgInternalOnly() pulumi.BoolOutput
Whether the brand is only intended for usage inside the GSuite organization only.
func (BrandOutput) Project ¶ added in v6.23.0
func (o BrandOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
func (BrandOutput) SupportEmail ¶ added in v6.23.0
func (o BrandOutput) SupportEmail() pulumi.StringOutput
Support email displayed on the OAuth consent screen. Can be either a user or group email. When a user email is specified, the caller must be the user with the associated email address. When a group email is specified, the caller can be either a user or a service account which is an owner of the specified group in Cloud Identity.
func (BrandOutput) ToBrandOutput ¶
func (o BrandOutput) ToBrandOutput() BrandOutput
func (BrandOutput) ToBrandOutputWithContext ¶
func (o BrandOutput) ToBrandOutputWithContext(ctx context.Context) BrandOutput
type BrandState ¶
type BrandState struct { // Application name displayed on OAuth consent screen. // // *** ApplicationTitle pulumi.StringPtrInput // Output only. Identifier of the brand, in the format `projects/{project_number}/brands/{brand_id}` // NOTE: The name can also be expressed as `projects/{project_id}/brands/{brand_id}`, e.g. when importing. // NOTE: The brand identification corresponds to the project number as only one // brand can be created per project. Name pulumi.StringPtrInput // Whether the brand is only intended for usage inside the GSuite organization only. OrgInternalOnly pulumi.BoolPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringPtrInput // Support email displayed on the OAuth consent screen. Can be either a // user or group email. When a user email is specified, the caller must // be the user with the associated email address. When a group email is // specified, the caller can be either a user or a service account which // is an owner of the specified group in Cloud Identity. SupportEmail pulumi.StringPtrInput }
func (BrandState) ElementType ¶
func (BrandState) ElementType() reflect.Type
type Client ¶
type Client struct { pulumi.CustomResourceState // Identifier of the brand to which this client // is attached to. The format is // `projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}`. // // *** Brand pulumi.StringOutput `pulumi:"brand"` // The OAuth2 ID of the client. ClientId pulumi.StringOutput `pulumi:"clientId"` // Human-friendly name given to the OAuth client. DisplayName pulumi.StringOutput `pulumi:"displayName"` // Output only. Client secret of the OAuth client. // **Note**: This property is sensitive and will not be displayed in the plan. Secret pulumi.StringOutput `pulumi:"secret"` }
Contains the data that describes an Identity Aware Proxy owned client.
> **Note:** Only internal org clients can be created via declarative tools. External clients must be manually created via the GCP console. This restriction is due to the existing APIs and not lack of support in this tool.
To get more information about Client, see:
* [API documentation](https://cloud.google.com/iap/docs/reference/rest/v1/projects.brands.identityAwareProxyClients) * How-to Guides
- [Setting up IAP Client](https://cloud.google.com/iap/docs/authentication-howto)
> **Warning:** All arguments including `secret` will be stored in the raw state as plain-text.
## Example Usage ### Iap Client
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/projects" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { project, err := organizations.NewProject(ctx, "project", &organizations.ProjectArgs{ ProjectId: pulumi.String("my-project"), OrgId: pulumi.String("123456789"), }) if err != nil { return err } projectService, err := projects.NewService(ctx, "projectService", &projects.ServiceArgs{ Project: project.ProjectId, Service: pulumi.String("iap.googleapis.com"), }) if err != nil { return err } projectBrand, err := iap.NewBrand(ctx, "projectBrand", &iap.BrandArgs{ SupportEmail: pulumi.String("support@example.com"), ApplicationTitle: pulumi.String("Cloud IAP protected Application"), Project: projectService.Project, }) if err != nil { return err } _, err = iap.NewClient(ctx, "projectClient", &iap.ClientArgs{ DisplayName: pulumi.String("Test Client"), Brand: projectBrand.Name, }) if err != nil { return err } return nil }) }
```
## Import
Client can be imported using any of these accepted formats ¶
```sh
$ pulumi import gcp:iap/client:Client default {{brand}}/identityAwareProxyClients/{{client_id}}
```
```sh
$ pulumi import gcp:iap/client:Client default {{brand}}/{{client_id}}
```
func GetClient ¶
func GetClient(ctx *pulumi.Context, name string, id pulumi.IDInput, state *ClientState, opts ...pulumi.ResourceOption) (*Client, error)
GetClient gets an existing Client resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewClient ¶
func NewClient(ctx *pulumi.Context, name string, args *ClientArgs, opts ...pulumi.ResourceOption) (*Client, error)
NewClient registers a new resource with the given unique name, arguments, and options.
func (*Client) ElementType ¶
func (*Client) ToClientOutput ¶
func (i *Client) ToClientOutput() ClientOutput
func (*Client) ToClientOutputWithContext ¶
func (i *Client) ToClientOutputWithContext(ctx context.Context) ClientOutput
type ClientArgs ¶
type ClientArgs struct { // Identifier of the brand to which this client // is attached to. The format is // `projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}`. // // *** Brand pulumi.StringInput // Human-friendly name given to the OAuth client. DisplayName pulumi.StringInput }
The set of arguments for constructing a Client resource.
func (ClientArgs) ElementType ¶
func (ClientArgs) ElementType() reflect.Type
type ClientArray ¶
type ClientArray []ClientInput
func (ClientArray) ElementType ¶
func (ClientArray) ElementType() reflect.Type
func (ClientArray) ToClientArrayOutput ¶
func (i ClientArray) ToClientArrayOutput() ClientArrayOutput
func (ClientArray) ToClientArrayOutputWithContext ¶
func (i ClientArray) ToClientArrayOutputWithContext(ctx context.Context) ClientArrayOutput
type ClientArrayInput ¶
type ClientArrayInput interface { pulumi.Input ToClientArrayOutput() ClientArrayOutput ToClientArrayOutputWithContext(context.Context) ClientArrayOutput }
ClientArrayInput is an input type that accepts ClientArray and ClientArrayOutput values. You can construct a concrete instance of `ClientArrayInput` via:
ClientArray{ ClientArgs{...} }
type ClientArrayOutput ¶
type ClientArrayOutput struct{ *pulumi.OutputState }
func (ClientArrayOutput) ElementType ¶
func (ClientArrayOutput) ElementType() reflect.Type
func (ClientArrayOutput) Index ¶
func (o ClientArrayOutput) Index(i pulumi.IntInput) ClientOutput
func (ClientArrayOutput) ToClientArrayOutput ¶
func (o ClientArrayOutput) ToClientArrayOutput() ClientArrayOutput
func (ClientArrayOutput) ToClientArrayOutputWithContext ¶
func (o ClientArrayOutput) ToClientArrayOutputWithContext(ctx context.Context) ClientArrayOutput
type ClientInput ¶
type ClientInput interface { pulumi.Input ToClientOutput() ClientOutput ToClientOutputWithContext(ctx context.Context) ClientOutput }
type ClientMap ¶
type ClientMap map[string]ClientInput
func (ClientMap) ElementType ¶
func (ClientMap) ToClientMapOutput ¶
func (i ClientMap) ToClientMapOutput() ClientMapOutput
func (ClientMap) ToClientMapOutputWithContext ¶
func (i ClientMap) ToClientMapOutputWithContext(ctx context.Context) ClientMapOutput
type ClientMapInput ¶
type ClientMapInput interface { pulumi.Input ToClientMapOutput() ClientMapOutput ToClientMapOutputWithContext(context.Context) ClientMapOutput }
ClientMapInput is an input type that accepts ClientMap and ClientMapOutput values. You can construct a concrete instance of `ClientMapInput` via:
ClientMap{ "key": ClientArgs{...} }
type ClientMapOutput ¶
type ClientMapOutput struct{ *pulumi.OutputState }
func (ClientMapOutput) ElementType ¶
func (ClientMapOutput) ElementType() reflect.Type
func (ClientMapOutput) MapIndex ¶
func (o ClientMapOutput) MapIndex(k pulumi.StringInput) ClientOutput
func (ClientMapOutput) ToClientMapOutput ¶
func (o ClientMapOutput) ToClientMapOutput() ClientMapOutput
func (ClientMapOutput) ToClientMapOutputWithContext ¶
func (o ClientMapOutput) ToClientMapOutputWithContext(ctx context.Context) ClientMapOutput
type ClientOutput ¶
type ClientOutput struct{ *pulumi.OutputState }
func (ClientOutput) Brand ¶ added in v6.23.0
func (o ClientOutput) Brand() pulumi.StringOutput
Identifier of the brand to which this client is attached to. The format is `projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}`.
***
func (ClientOutput) ClientId ¶ added in v6.23.0
func (o ClientOutput) ClientId() pulumi.StringOutput
The OAuth2 ID of the client.
func (ClientOutput) DisplayName ¶ added in v6.23.0
func (o ClientOutput) DisplayName() pulumi.StringOutput
Human-friendly name given to the OAuth client.
func (ClientOutput) ElementType ¶
func (ClientOutput) ElementType() reflect.Type
func (ClientOutput) Secret ¶ added in v6.23.0
func (o ClientOutput) Secret() pulumi.StringOutput
Output only. Client secret of the OAuth client. **Note**: This property is sensitive and will not be displayed in the plan.
func (ClientOutput) ToClientOutput ¶
func (o ClientOutput) ToClientOutput() ClientOutput
func (ClientOutput) ToClientOutputWithContext ¶
func (o ClientOutput) ToClientOutputWithContext(ctx context.Context) ClientOutput
type ClientState ¶
type ClientState struct { // Identifier of the brand to which this client // is attached to. The format is // `projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}`. // // *** Brand pulumi.StringPtrInput // The OAuth2 ID of the client. ClientId pulumi.StringPtrInput // Human-friendly name given to the OAuth client. DisplayName pulumi.StringPtrInput // Output only. Client secret of the OAuth client. // **Note**: This property is sensitive and will not be displayed in the plan. Secret pulumi.StringPtrInput }
func (ClientState) ElementType ¶
func (ClientState) ElementType() reflect.Type
type GetTunnelInstanceIamPolicyArgs ¶ added in v6.59.0
type GetTunnelInstanceIamPolicyArgs struct { // Used to find the parent resource to bind the IAM policy to Instance string `pulumi:"instance"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Zone *string `pulumi:"zone"` }
A collection of arguments for invoking getTunnelInstanceIamPolicy.
type GetTunnelInstanceIamPolicyOutputArgs ¶ added in v6.59.0
type GetTunnelInstanceIamPolicyOutputArgs struct { // Used to find the parent resource to bind the IAM policy to Instance pulumi.StringInput `pulumi:"instance"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput `pulumi:"project"` Zone pulumi.StringPtrInput `pulumi:"zone"` }
A collection of arguments for invoking getTunnelInstanceIamPolicy.
func (GetTunnelInstanceIamPolicyOutputArgs) ElementType ¶ added in v6.59.0
func (GetTunnelInstanceIamPolicyOutputArgs) ElementType() reflect.Type
type GetTunnelInstanceIamPolicyResult ¶ added in v6.59.0
type GetTunnelInstanceIamPolicyResult struct { // (Computed) The etag of the IAM policy. Etag string `pulumi:"etag"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Instance string `pulumi:"instance"` // (Required only by `iap.TunnelInstanceIAMPolicy`) The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData string `pulumi:"policyData"` Project string `pulumi:"project"` Zone string `pulumi:"zone"` }
A collection of values returned by getTunnelInstanceIamPolicy.
func GetTunnelInstanceIamPolicy ¶ added in v6.59.0
func GetTunnelInstanceIamPolicy(ctx *pulumi.Context, args *GetTunnelInstanceIamPolicyArgs, opts ...pulumi.InvokeOption) (*GetTunnelInstanceIamPolicyResult, error)
Retrieves the current IAM policy data for tunnelinstance
## example
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.GetTunnelInstanceIamPolicy(ctx, &iap.GetTunnelInstanceIamPolicyArgs{ Project: pulumi.StringRef(google_compute_instance.Tunnelvm.Project), Zone: pulumi.StringRef(google_compute_instance.Tunnelvm.Zone), Instance: google_compute_instance.Tunnelvm.Name, }, nil) if err != nil { return err } return nil }) }
```
type GetTunnelInstanceIamPolicyResultOutput ¶ added in v6.59.0
type GetTunnelInstanceIamPolicyResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getTunnelInstanceIamPolicy.
func GetTunnelInstanceIamPolicyOutput ¶ added in v6.59.0
func GetTunnelInstanceIamPolicyOutput(ctx *pulumi.Context, args GetTunnelInstanceIamPolicyOutputArgs, opts ...pulumi.InvokeOption) GetTunnelInstanceIamPolicyResultOutput
func (GetTunnelInstanceIamPolicyResultOutput) ElementType ¶ added in v6.59.0
func (GetTunnelInstanceIamPolicyResultOutput) ElementType() reflect.Type
func (GetTunnelInstanceIamPolicyResultOutput) Etag ¶ added in v6.59.0
func (o GetTunnelInstanceIamPolicyResultOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (GetTunnelInstanceIamPolicyResultOutput) Id ¶ added in v6.59.0
func (o GetTunnelInstanceIamPolicyResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetTunnelInstanceIamPolicyResultOutput) Instance ¶ added in v6.59.0
func (o GetTunnelInstanceIamPolicyResultOutput) Instance() pulumi.StringOutput
func (GetTunnelInstanceIamPolicyResultOutput) PolicyData ¶ added in v6.59.0
func (o GetTunnelInstanceIamPolicyResultOutput) PolicyData() pulumi.StringOutput
(Required only by `iap.TunnelInstanceIAMPolicy`) The policy data generated by a `organizations.getIAMPolicy` data source.
func (GetTunnelInstanceIamPolicyResultOutput) Project ¶ added in v6.59.0
func (o GetTunnelInstanceIamPolicyResultOutput) Project() pulumi.StringOutput
func (GetTunnelInstanceIamPolicyResultOutput) ToGetTunnelInstanceIamPolicyResultOutput ¶ added in v6.59.0
func (o GetTunnelInstanceIamPolicyResultOutput) ToGetTunnelInstanceIamPolicyResultOutput() GetTunnelInstanceIamPolicyResultOutput
func (GetTunnelInstanceIamPolicyResultOutput) ToGetTunnelInstanceIamPolicyResultOutputWithContext ¶ added in v6.59.0
func (o GetTunnelInstanceIamPolicyResultOutput) ToGetTunnelInstanceIamPolicyResultOutputWithContext(ctx context.Context) GetTunnelInstanceIamPolicyResultOutput
func (GetTunnelInstanceIamPolicyResultOutput) Zone ¶ added in v6.59.0
func (o GetTunnelInstanceIamPolicyResultOutput) Zone() pulumi.StringOutput
type GetWebTypeAppEngineIamPolicyArgs ¶ added in v6.59.0
type GetWebTypeAppEngineIamPolicyArgs struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId string `pulumi:"appId"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` }
A collection of arguments for invoking getWebTypeAppEngineIamPolicy.
type GetWebTypeAppEngineIamPolicyOutputArgs ¶ added in v6.59.0
type GetWebTypeAppEngineIamPolicyOutputArgs struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringInput `pulumi:"appId"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput `pulumi:"project"` }
A collection of arguments for invoking getWebTypeAppEngineIamPolicy.
func (GetWebTypeAppEngineIamPolicyOutputArgs) ElementType ¶ added in v6.59.0
func (GetWebTypeAppEngineIamPolicyOutputArgs) ElementType() reflect.Type
type GetWebTypeAppEngineIamPolicyResult ¶ added in v6.59.0
type GetWebTypeAppEngineIamPolicyResult struct { AppId string `pulumi:"appId"` // (Computed) The etag of the IAM policy. Etag string `pulumi:"etag"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // (Required only by `iap.WebTypeAppEngingIamPolicy`) The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData string `pulumi:"policyData"` Project string `pulumi:"project"` }
A collection of values returned by getWebTypeAppEngineIamPolicy.
func GetWebTypeAppEngineIamPolicy ¶ added in v6.59.0
func GetWebTypeAppEngineIamPolicy(ctx *pulumi.Context, args *GetWebTypeAppEngineIamPolicyArgs, opts ...pulumi.InvokeOption) (*GetWebTypeAppEngineIamPolicyResult, error)
Retrieves the current IAM policy data for webtypeappengine
## example
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.GetWebTypeAppEngineIamPolicy(ctx, &iap.GetWebTypeAppEngineIamPolicyArgs{ Project: pulumi.StringRef(google_app_engine_application.App.Project), AppId: google_app_engine_application.App.App_id, }, nil) if err != nil { return err } return nil }) }
```
type GetWebTypeAppEngineIamPolicyResultOutput ¶ added in v6.59.0
type GetWebTypeAppEngineIamPolicyResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getWebTypeAppEngineIamPolicy.
func GetWebTypeAppEngineIamPolicyOutput ¶ added in v6.59.0
func GetWebTypeAppEngineIamPolicyOutput(ctx *pulumi.Context, args GetWebTypeAppEngineIamPolicyOutputArgs, opts ...pulumi.InvokeOption) GetWebTypeAppEngineIamPolicyResultOutput
func (GetWebTypeAppEngineIamPolicyResultOutput) AppId ¶ added in v6.59.0
func (o GetWebTypeAppEngineIamPolicyResultOutput) AppId() pulumi.StringOutput
func (GetWebTypeAppEngineIamPolicyResultOutput) ElementType ¶ added in v6.59.0
func (GetWebTypeAppEngineIamPolicyResultOutput) ElementType() reflect.Type
func (GetWebTypeAppEngineIamPolicyResultOutput) Etag ¶ added in v6.59.0
func (o GetWebTypeAppEngineIamPolicyResultOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (GetWebTypeAppEngineIamPolicyResultOutput) Id ¶ added in v6.59.0
func (o GetWebTypeAppEngineIamPolicyResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetWebTypeAppEngineIamPolicyResultOutput) PolicyData ¶ added in v6.59.0
func (o GetWebTypeAppEngineIamPolicyResultOutput) PolicyData() pulumi.StringOutput
(Required only by `iap.WebTypeAppEngingIamPolicy`) The policy data generated by a `organizations.getIAMPolicy` data source.
func (GetWebTypeAppEngineIamPolicyResultOutput) Project ¶ added in v6.59.0
func (o GetWebTypeAppEngineIamPolicyResultOutput) Project() pulumi.StringOutput
func (GetWebTypeAppEngineIamPolicyResultOutput) ToGetWebTypeAppEngineIamPolicyResultOutput ¶ added in v6.59.0
func (o GetWebTypeAppEngineIamPolicyResultOutput) ToGetWebTypeAppEngineIamPolicyResultOutput() GetWebTypeAppEngineIamPolicyResultOutput
func (GetWebTypeAppEngineIamPolicyResultOutput) ToGetWebTypeAppEngineIamPolicyResultOutputWithContext ¶ added in v6.59.0
func (o GetWebTypeAppEngineIamPolicyResultOutput) ToGetWebTypeAppEngineIamPolicyResultOutputWithContext(ctx context.Context) GetWebTypeAppEngineIamPolicyResultOutput
type LookupAppEngineServiceIamPolicyArgs ¶ added in v6.59.0
type LookupAppEngineServiceIamPolicyArgs struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId string `pulumi:"appId"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service string `pulumi:"service"` }
A collection of arguments for invoking getAppEngineServiceIamPolicy.
type LookupAppEngineServiceIamPolicyOutputArgs ¶ added in v6.59.0
type LookupAppEngineServiceIamPolicyOutputArgs struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringInput `pulumi:"appId"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput `pulumi:"project"` // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringInput `pulumi:"service"` }
A collection of arguments for invoking getAppEngineServiceIamPolicy.
func (LookupAppEngineServiceIamPolicyOutputArgs) ElementType ¶ added in v6.59.0
func (LookupAppEngineServiceIamPolicyOutputArgs) ElementType() reflect.Type
type LookupAppEngineServiceIamPolicyResult ¶ added in v6.59.0
type LookupAppEngineServiceIamPolicyResult struct { AppId string `pulumi:"appId"` // (Computed) The etag of the IAM policy. Etag string `pulumi:"etag"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // (Required only by `iap.AppEngineServiceIamPolicy`) The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData string `pulumi:"policyData"` Project string `pulumi:"project"` Service string `pulumi:"service"` }
A collection of values returned by getAppEngineServiceIamPolicy.
func LookupAppEngineServiceIamPolicy ¶ added in v6.59.0
func LookupAppEngineServiceIamPolicy(ctx *pulumi.Context, args *LookupAppEngineServiceIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupAppEngineServiceIamPolicyResult, error)
Retrieves the current IAM policy data for appengineservice
## example
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.LookupAppEngineServiceIamPolicy(ctx, &iap.LookupAppEngineServiceIamPolicyArgs{ AppId: google_app_engine_standard_app_version.Version.Project, Project: pulumi.StringRef(google_app_engine_standard_app_version.Version.Project), Service: google_app_engine_standard_app_version.Version.Service, }, nil) if err != nil { return err } return nil }) }
```
type LookupAppEngineServiceIamPolicyResultOutput ¶ added in v6.59.0
type LookupAppEngineServiceIamPolicyResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getAppEngineServiceIamPolicy.
func LookupAppEngineServiceIamPolicyOutput ¶ added in v6.59.0
func LookupAppEngineServiceIamPolicyOutput(ctx *pulumi.Context, args LookupAppEngineServiceIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupAppEngineServiceIamPolicyResultOutput
func (LookupAppEngineServiceIamPolicyResultOutput) AppId ¶ added in v6.59.0
func (o LookupAppEngineServiceIamPolicyResultOutput) AppId() pulumi.StringOutput
func (LookupAppEngineServiceIamPolicyResultOutput) ElementType ¶ added in v6.59.0
func (LookupAppEngineServiceIamPolicyResultOutput) ElementType() reflect.Type
func (LookupAppEngineServiceIamPolicyResultOutput) Etag ¶ added in v6.59.0
func (o LookupAppEngineServiceIamPolicyResultOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (LookupAppEngineServiceIamPolicyResultOutput) Id ¶ added in v6.59.0
func (o LookupAppEngineServiceIamPolicyResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (LookupAppEngineServiceIamPolicyResultOutput) PolicyData ¶ added in v6.59.0
func (o LookupAppEngineServiceIamPolicyResultOutput) PolicyData() pulumi.StringOutput
(Required only by `iap.AppEngineServiceIamPolicy`) The policy data generated by a `organizations.getIAMPolicy` data source.
func (LookupAppEngineServiceIamPolicyResultOutput) Project ¶ added in v6.59.0
func (o LookupAppEngineServiceIamPolicyResultOutput) Project() pulumi.StringOutput
func (LookupAppEngineServiceIamPolicyResultOutput) Service ¶ added in v6.59.0
func (o LookupAppEngineServiceIamPolicyResultOutput) Service() pulumi.StringOutput
func (LookupAppEngineServiceIamPolicyResultOutput) ToLookupAppEngineServiceIamPolicyResultOutput ¶ added in v6.59.0
func (o LookupAppEngineServiceIamPolicyResultOutput) ToLookupAppEngineServiceIamPolicyResultOutput() LookupAppEngineServiceIamPolicyResultOutput
func (LookupAppEngineServiceIamPolicyResultOutput) ToLookupAppEngineServiceIamPolicyResultOutputWithContext ¶ added in v6.59.0
func (o LookupAppEngineServiceIamPolicyResultOutput) ToLookupAppEngineServiceIamPolicyResultOutputWithContext(ctx context.Context) LookupAppEngineServiceIamPolicyResultOutput
type LookupAppEngineVersionIamPolicyArgs ¶ added in v6.59.0
type LookupAppEngineVersionIamPolicyArgs struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId string `pulumi:"appId"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service string `pulumi:"service"` // Version id of the App Engine application Used to find the parent resource to bind the IAM policy to VersionId string `pulumi:"versionId"` }
A collection of arguments for invoking getAppEngineVersionIamPolicy.
type LookupAppEngineVersionIamPolicyOutputArgs ¶ added in v6.59.0
type LookupAppEngineVersionIamPolicyOutputArgs struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringInput `pulumi:"appId"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput `pulumi:"project"` // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringInput `pulumi:"service"` // Version id of the App Engine application Used to find the parent resource to bind the IAM policy to VersionId pulumi.StringInput `pulumi:"versionId"` }
A collection of arguments for invoking getAppEngineVersionIamPolicy.
func (LookupAppEngineVersionIamPolicyOutputArgs) ElementType ¶ added in v6.59.0
func (LookupAppEngineVersionIamPolicyOutputArgs) ElementType() reflect.Type
type LookupAppEngineVersionIamPolicyResult ¶ added in v6.59.0
type LookupAppEngineVersionIamPolicyResult struct { AppId string `pulumi:"appId"` // (Computed) The etag of the IAM policy. Etag string `pulumi:"etag"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // (Required only by `iap.AppEngineVersionIamPolicy`) The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData string `pulumi:"policyData"` Project string `pulumi:"project"` Service string `pulumi:"service"` VersionId string `pulumi:"versionId"` }
A collection of values returned by getAppEngineVersionIamPolicy.
func LookupAppEngineVersionIamPolicy ¶ added in v6.59.0
func LookupAppEngineVersionIamPolicy(ctx *pulumi.Context, args *LookupAppEngineVersionIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupAppEngineVersionIamPolicyResult, error)
Retrieves the current IAM policy data for appengineversion
## example
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.LookupAppEngineVersionIamPolicy(ctx, &iap.LookupAppEngineVersionIamPolicyArgs{ AppId: google_app_engine_standard_app_version.Version.Project, Project: pulumi.StringRef(google_app_engine_standard_app_version.Version.Project), Service: google_app_engine_standard_app_version.Version.Service, VersionId: google_app_engine_standard_app_version.Version.Version_id, }, nil) if err != nil { return err } return nil }) }
```
type LookupAppEngineVersionIamPolicyResultOutput ¶ added in v6.59.0
type LookupAppEngineVersionIamPolicyResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getAppEngineVersionIamPolicy.
func LookupAppEngineVersionIamPolicyOutput ¶ added in v6.59.0
func LookupAppEngineVersionIamPolicyOutput(ctx *pulumi.Context, args LookupAppEngineVersionIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupAppEngineVersionIamPolicyResultOutput
func (LookupAppEngineVersionIamPolicyResultOutput) AppId ¶ added in v6.59.0
func (o LookupAppEngineVersionIamPolicyResultOutput) AppId() pulumi.StringOutput
func (LookupAppEngineVersionIamPolicyResultOutput) ElementType ¶ added in v6.59.0
func (LookupAppEngineVersionIamPolicyResultOutput) ElementType() reflect.Type
func (LookupAppEngineVersionIamPolicyResultOutput) Etag ¶ added in v6.59.0
func (o LookupAppEngineVersionIamPolicyResultOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (LookupAppEngineVersionIamPolicyResultOutput) Id ¶ added in v6.59.0
func (o LookupAppEngineVersionIamPolicyResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (LookupAppEngineVersionIamPolicyResultOutput) PolicyData ¶ added in v6.59.0
func (o LookupAppEngineVersionIamPolicyResultOutput) PolicyData() pulumi.StringOutput
(Required only by `iap.AppEngineVersionIamPolicy`) The policy data generated by a `organizations.getIAMPolicy` data source.
func (LookupAppEngineVersionIamPolicyResultOutput) Project ¶ added in v6.59.0
func (o LookupAppEngineVersionIamPolicyResultOutput) Project() pulumi.StringOutput
func (LookupAppEngineVersionIamPolicyResultOutput) Service ¶ added in v6.59.0
func (o LookupAppEngineVersionIamPolicyResultOutput) Service() pulumi.StringOutput
func (LookupAppEngineVersionIamPolicyResultOutput) ToLookupAppEngineVersionIamPolicyResultOutput ¶ added in v6.59.0
func (o LookupAppEngineVersionIamPolicyResultOutput) ToLookupAppEngineVersionIamPolicyResultOutput() LookupAppEngineVersionIamPolicyResultOutput
func (LookupAppEngineVersionIamPolicyResultOutput) ToLookupAppEngineVersionIamPolicyResultOutputWithContext ¶ added in v6.59.0
func (o LookupAppEngineVersionIamPolicyResultOutput) ToLookupAppEngineVersionIamPolicyResultOutputWithContext(ctx context.Context) LookupAppEngineVersionIamPolicyResultOutput
func (LookupAppEngineVersionIamPolicyResultOutput) VersionId ¶ added in v6.59.0
func (o LookupAppEngineVersionIamPolicyResultOutput) VersionId() pulumi.StringOutput
type LookupClientArgs ¶
type LookupClientArgs struct { // The name of the brand. Brand string `pulumi:"brand"` // The clientId of the brand. ClientId string `pulumi:"clientId"` }
A collection of arguments for invoking getClient.
type LookupClientOutputArgs ¶
type LookupClientOutputArgs struct { // The name of the brand. Brand pulumi.StringInput `pulumi:"brand"` // The clientId of the brand. ClientId pulumi.StringInput `pulumi:"clientId"` }
A collection of arguments for invoking getClient.
func (LookupClientOutputArgs) ElementType ¶
func (LookupClientOutputArgs) ElementType() reflect.Type
type LookupClientResult ¶
type LookupClientResult struct { Brand string `pulumi:"brand"` ClientId string `pulumi:"clientId"` DisplayName string `pulumi:"displayName"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Secret string `pulumi:"secret"` }
A collection of values returned by getClient.
func LookupClient ¶
func LookupClient(ctx *pulumi.Context, args *LookupClientArgs, opts ...pulumi.InvokeOption) (*LookupClientResult, error)
Get info about a Google Cloud IAP Client.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { project, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{ ProjectId: pulumi.StringRef("foobar"), }, nil) if err != nil { return err } _, err = iap.LookupClient(ctx, &iap.LookupClientArgs{ Brand: fmt.Sprintf("projects/%v/brands/[BRAND_NUMBER]", project.Number), ClientId: FOO.Apps.Googleusercontent.Com, }, nil) if err != nil { return err } return nil }) }
```
type LookupClientResultOutput ¶
type LookupClientResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getClient.
func LookupClientOutput ¶
func LookupClientOutput(ctx *pulumi.Context, args LookupClientOutputArgs, opts ...pulumi.InvokeOption) LookupClientResultOutput
func (LookupClientResultOutput) Brand ¶
func (o LookupClientResultOutput) Brand() pulumi.StringOutput
func (LookupClientResultOutput) ClientId ¶
func (o LookupClientResultOutput) ClientId() pulumi.StringOutput
func (LookupClientResultOutput) DisplayName ¶
func (o LookupClientResultOutput) DisplayName() pulumi.StringOutput
func (LookupClientResultOutput) ElementType ¶
func (LookupClientResultOutput) ElementType() reflect.Type
func (LookupClientResultOutput) Id ¶
func (o LookupClientResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (LookupClientResultOutput) Secret ¶
func (o LookupClientResultOutput) Secret() pulumi.StringOutput
func (LookupClientResultOutput) ToLookupClientResultOutput ¶
func (o LookupClientResultOutput) ToLookupClientResultOutput() LookupClientResultOutput
func (LookupClientResultOutput) ToLookupClientResultOutputWithContext ¶
func (o LookupClientResultOutput) ToLookupClientResultOutputWithContext(ctx context.Context) LookupClientResultOutput
type LookupTunnelIamPolicyArgs ¶ added in v6.59.0
type LookupTunnelIamPolicyArgs struct { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` }
A collection of arguments for invoking getTunnelIamPolicy.
type LookupTunnelIamPolicyOutputArgs ¶ added in v6.59.0
type LookupTunnelIamPolicyOutputArgs struct { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput `pulumi:"project"` }
A collection of arguments for invoking getTunnelIamPolicy.
func (LookupTunnelIamPolicyOutputArgs) ElementType ¶ added in v6.59.0
func (LookupTunnelIamPolicyOutputArgs) ElementType() reflect.Type
type LookupTunnelIamPolicyResult ¶ added in v6.59.0
type LookupTunnelIamPolicyResult struct { // (Computed) The etag of the IAM policy. Etag string `pulumi:"etag"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // (Required only by `iap.TunnelIamPolicy`) The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData string `pulumi:"policyData"` Project string `pulumi:"project"` }
A collection of values returned by getTunnelIamPolicy.
func LookupTunnelIamPolicy ¶ added in v6.59.0
func LookupTunnelIamPolicy(ctx *pulumi.Context, args *LookupTunnelIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupTunnelIamPolicyResult, error)
Retrieves the current IAM policy data for tunnel
## example
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.LookupTunnelIamPolicy(ctx, &iap.LookupTunnelIamPolicyArgs{ Project: pulumi.StringRef(google_project_service.Project_service.Project), }, nil) if err != nil { return err } return nil }) }
```
type LookupTunnelIamPolicyResultOutput ¶ added in v6.59.0
type LookupTunnelIamPolicyResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getTunnelIamPolicy.
func LookupTunnelIamPolicyOutput ¶ added in v6.59.0
func LookupTunnelIamPolicyOutput(ctx *pulumi.Context, args LookupTunnelIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupTunnelIamPolicyResultOutput
func (LookupTunnelIamPolicyResultOutput) ElementType ¶ added in v6.59.0
func (LookupTunnelIamPolicyResultOutput) ElementType() reflect.Type
func (LookupTunnelIamPolicyResultOutput) Etag ¶ added in v6.59.0
func (o LookupTunnelIamPolicyResultOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (LookupTunnelIamPolicyResultOutput) Id ¶ added in v6.59.0
func (o LookupTunnelIamPolicyResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (LookupTunnelIamPolicyResultOutput) PolicyData ¶ added in v6.59.0
func (o LookupTunnelIamPolicyResultOutput) PolicyData() pulumi.StringOutput
(Required only by `iap.TunnelIamPolicy`) The policy data generated by a `organizations.getIAMPolicy` data source.
func (LookupTunnelIamPolicyResultOutput) Project ¶ added in v6.59.0
func (o LookupTunnelIamPolicyResultOutput) Project() pulumi.StringOutput
func (LookupTunnelIamPolicyResultOutput) ToLookupTunnelIamPolicyResultOutput ¶ added in v6.59.0
func (o LookupTunnelIamPolicyResultOutput) ToLookupTunnelIamPolicyResultOutput() LookupTunnelIamPolicyResultOutput
func (LookupTunnelIamPolicyResultOutput) ToLookupTunnelIamPolicyResultOutputWithContext ¶ added in v6.59.0
func (o LookupTunnelIamPolicyResultOutput) ToLookupTunnelIamPolicyResultOutputWithContext(ctx context.Context) LookupTunnelIamPolicyResultOutput
type LookupWebBackendServiceIamPolicyArgs ¶ added in v6.59.0
type LookupWebBackendServiceIamPolicyArgs struct { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to WebBackendService string `pulumi:"webBackendService"` }
A collection of arguments for invoking getWebBackendServiceIamPolicy.
type LookupWebBackendServiceIamPolicyOutputArgs ¶ added in v6.59.0
type LookupWebBackendServiceIamPolicyOutputArgs struct { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to WebBackendService pulumi.StringInput `pulumi:"webBackendService"` }
A collection of arguments for invoking getWebBackendServiceIamPolicy.
func (LookupWebBackendServiceIamPolicyOutputArgs) ElementType ¶ added in v6.59.0
func (LookupWebBackendServiceIamPolicyOutputArgs) ElementType() reflect.Type
type LookupWebBackendServiceIamPolicyResult ¶ added in v6.59.0
type LookupWebBackendServiceIamPolicyResult struct { // (Computed) The etag of the IAM policy. Etag string `pulumi:"etag"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // (Required only by `iap.WebBackendServiceIamPolicy`) The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData string `pulumi:"policyData"` Project string `pulumi:"project"` WebBackendService string `pulumi:"webBackendService"` }
A collection of values returned by getWebBackendServiceIamPolicy.
func LookupWebBackendServiceIamPolicy ¶ added in v6.59.0
func LookupWebBackendServiceIamPolicy(ctx *pulumi.Context, args *LookupWebBackendServiceIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupWebBackendServiceIamPolicyResult, error)
Retrieves the current IAM policy data for webbackendservice
## example
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.LookupWebBackendServiceIamPolicy(ctx, &iap.LookupWebBackendServiceIamPolicyArgs{ Project: pulumi.StringRef(google_compute_backend_service.Default.Project), WebBackendService: google_compute_backend_service.Default.Name, }, nil) if err != nil { return err } return nil }) }
```
type LookupWebBackendServiceIamPolicyResultOutput ¶ added in v6.59.0
type LookupWebBackendServiceIamPolicyResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getWebBackendServiceIamPolicy.
func LookupWebBackendServiceIamPolicyOutput ¶ added in v6.59.0
func LookupWebBackendServiceIamPolicyOutput(ctx *pulumi.Context, args LookupWebBackendServiceIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupWebBackendServiceIamPolicyResultOutput
func (LookupWebBackendServiceIamPolicyResultOutput) ElementType ¶ added in v6.59.0
func (LookupWebBackendServiceIamPolicyResultOutput) ElementType() reflect.Type
func (LookupWebBackendServiceIamPolicyResultOutput) Etag ¶ added in v6.59.0
func (o LookupWebBackendServiceIamPolicyResultOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (LookupWebBackendServiceIamPolicyResultOutput) Id ¶ added in v6.59.0
func (o LookupWebBackendServiceIamPolicyResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (LookupWebBackendServiceIamPolicyResultOutput) PolicyData ¶ added in v6.59.0
func (o LookupWebBackendServiceIamPolicyResultOutput) PolicyData() pulumi.StringOutput
(Required only by `iap.WebBackendServiceIamPolicy`) The policy data generated by a `organizations.getIAMPolicy` data source.
func (LookupWebBackendServiceIamPolicyResultOutput) Project ¶ added in v6.59.0
func (o LookupWebBackendServiceIamPolicyResultOutput) Project() pulumi.StringOutput
func (LookupWebBackendServiceIamPolicyResultOutput) ToLookupWebBackendServiceIamPolicyResultOutput ¶ added in v6.59.0
func (o LookupWebBackendServiceIamPolicyResultOutput) ToLookupWebBackendServiceIamPolicyResultOutput() LookupWebBackendServiceIamPolicyResultOutput
func (LookupWebBackendServiceIamPolicyResultOutput) ToLookupWebBackendServiceIamPolicyResultOutputWithContext ¶ added in v6.59.0
func (o LookupWebBackendServiceIamPolicyResultOutput) ToLookupWebBackendServiceIamPolicyResultOutputWithContext(ctx context.Context) LookupWebBackendServiceIamPolicyResultOutput
func (LookupWebBackendServiceIamPolicyResultOutput) WebBackendService ¶ added in v6.59.0
func (o LookupWebBackendServiceIamPolicyResultOutput) WebBackendService() pulumi.StringOutput
type LookupWebIamPolicyArgs ¶ added in v6.59.0
type LookupWebIamPolicyArgs struct { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` }
A collection of arguments for invoking getWebIamPolicy.
type LookupWebIamPolicyOutputArgs ¶ added in v6.59.0
type LookupWebIamPolicyOutputArgs struct { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput `pulumi:"project"` }
A collection of arguments for invoking getWebIamPolicy.
func (LookupWebIamPolicyOutputArgs) ElementType ¶ added in v6.59.0
func (LookupWebIamPolicyOutputArgs) ElementType() reflect.Type
type LookupWebIamPolicyResult ¶ added in v6.59.0
type LookupWebIamPolicyResult struct { // (Computed) The etag of the IAM policy. Etag string `pulumi:"etag"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // (Required only by `iap.WebIamPolicy`) The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData string `pulumi:"policyData"` Project string `pulumi:"project"` }
A collection of values returned by getWebIamPolicy.
func LookupWebIamPolicy ¶ added in v6.59.0
func LookupWebIamPolicy(ctx *pulumi.Context, args *LookupWebIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupWebIamPolicyResult, error)
Retrieves the current IAM policy data for web
## example
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.LookupWebIamPolicy(ctx, &iap.LookupWebIamPolicyArgs{ Project: pulumi.StringRef(google_project_service.Project_service.Project), }, nil) if err != nil { return err } return nil }) }
```
type LookupWebIamPolicyResultOutput ¶ added in v6.59.0
type LookupWebIamPolicyResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getWebIamPolicy.
func LookupWebIamPolicyOutput ¶ added in v6.59.0
func LookupWebIamPolicyOutput(ctx *pulumi.Context, args LookupWebIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupWebIamPolicyResultOutput
func (LookupWebIamPolicyResultOutput) ElementType ¶ added in v6.59.0
func (LookupWebIamPolicyResultOutput) ElementType() reflect.Type
func (LookupWebIamPolicyResultOutput) Etag ¶ added in v6.59.0
func (o LookupWebIamPolicyResultOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (LookupWebIamPolicyResultOutput) Id ¶ added in v6.59.0
func (o LookupWebIamPolicyResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (LookupWebIamPolicyResultOutput) PolicyData ¶ added in v6.59.0
func (o LookupWebIamPolicyResultOutput) PolicyData() pulumi.StringOutput
(Required only by `iap.WebIamPolicy`) The policy data generated by a `organizations.getIAMPolicy` data source.
func (LookupWebIamPolicyResultOutput) Project ¶ added in v6.59.0
func (o LookupWebIamPolicyResultOutput) Project() pulumi.StringOutput
func (LookupWebIamPolicyResultOutput) ToLookupWebIamPolicyResultOutput ¶ added in v6.59.0
func (o LookupWebIamPolicyResultOutput) ToLookupWebIamPolicyResultOutput() LookupWebIamPolicyResultOutput
func (LookupWebIamPolicyResultOutput) ToLookupWebIamPolicyResultOutputWithContext ¶ added in v6.59.0
func (o LookupWebIamPolicyResultOutput) ToLookupWebIamPolicyResultOutputWithContext(ctx context.Context) LookupWebIamPolicyResultOutput
type LookupWebTypeComputeIamPolicyArgs ¶ added in v6.59.0
type LookupWebTypeComputeIamPolicyArgs struct { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` }
A collection of arguments for invoking getWebTypeComputeIamPolicy.
type LookupWebTypeComputeIamPolicyOutputArgs ¶ added in v6.59.0
type LookupWebTypeComputeIamPolicyOutputArgs struct { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput `pulumi:"project"` }
A collection of arguments for invoking getWebTypeComputeIamPolicy.
func (LookupWebTypeComputeIamPolicyOutputArgs) ElementType ¶ added in v6.59.0
func (LookupWebTypeComputeIamPolicyOutputArgs) ElementType() reflect.Type
type LookupWebTypeComputeIamPolicyResult ¶ added in v6.59.0
type LookupWebTypeComputeIamPolicyResult struct { // (Computed) The etag of the IAM policy. Etag string `pulumi:"etag"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // (Required only by `iap.WebTypeComputeIamPolicy`) The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData string `pulumi:"policyData"` Project string `pulumi:"project"` }
A collection of values returned by getWebTypeComputeIamPolicy.
func LookupWebTypeComputeIamPolicy ¶ added in v6.59.0
func LookupWebTypeComputeIamPolicy(ctx *pulumi.Context, args *LookupWebTypeComputeIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupWebTypeComputeIamPolicyResult, error)
Retrieves the current IAM policy data for webtypecompute
## example
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.LookupWebTypeComputeIamPolicy(ctx, &iap.LookupWebTypeComputeIamPolicyArgs{ Project: pulumi.StringRef(google_project_service.Project_service.Project), }, nil) if err != nil { return err } return nil }) }
```
type LookupWebTypeComputeIamPolicyResultOutput ¶ added in v6.59.0
type LookupWebTypeComputeIamPolicyResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getWebTypeComputeIamPolicy.
func LookupWebTypeComputeIamPolicyOutput ¶ added in v6.59.0
func LookupWebTypeComputeIamPolicyOutput(ctx *pulumi.Context, args LookupWebTypeComputeIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupWebTypeComputeIamPolicyResultOutput
func (LookupWebTypeComputeIamPolicyResultOutput) ElementType ¶ added in v6.59.0
func (LookupWebTypeComputeIamPolicyResultOutput) ElementType() reflect.Type
func (LookupWebTypeComputeIamPolicyResultOutput) Etag ¶ added in v6.59.0
func (o LookupWebTypeComputeIamPolicyResultOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (LookupWebTypeComputeIamPolicyResultOutput) Id ¶ added in v6.59.0
func (o LookupWebTypeComputeIamPolicyResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (LookupWebTypeComputeIamPolicyResultOutput) PolicyData ¶ added in v6.59.0
func (o LookupWebTypeComputeIamPolicyResultOutput) PolicyData() pulumi.StringOutput
(Required only by `iap.WebTypeComputeIamPolicy`) The policy data generated by a `organizations.getIAMPolicy` data source.
func (LookupWebTypeComputeIamPolicyResultOutput) Project ¶ added in v6.59.0
func (o LookupWebTypeComputeIamPolicyResultOutput) Project() pulumi.StringOutput
func (LookupWebTypeComputeIamPolicyResultOutput) ToLookupWebTypeComputeIamPolicyResultOutput ¶ added in v6.59.0
func (o LookupWebTypeComputeIamPolicyResultOutput) ToLookupWebTypeComputeIamPolicyResultOutput() LookupWebTypeComputeIamPolicyResultOutput
func (LookupWebTypeComputeIamPolicyResultOutput) ToLookupWebTypeComputeIamPolicyResultOutputWithContext ¶ added in v6.59.0
func (o LookupWebTypeComputeIamPolicyResultOutput) ToLookupWebTypeComputeIamPolicyResultOutputWithContext(ctx context.Context) LookupWebTypeComputeIamPolicyResultOutput
type TunnelIamBinding ¶
type TunnelIamBinding struct { pulumi.CustomResourceState // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition TunnelIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` Members pulumi.StringArrayOutput `pulumi:"members"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:
* `iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached. * `iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved. * `iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel
> **Note:** `iap.TunnelIamPolicy` **cannot** be used in conjunction with `iap.TunnelIamBinding` and `iap.TunnelIamMember` or they will fight over what your policy should be.
> **Note:** `iap.TunnelIamBinding` resources **can be** used in conjunction with `iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_tunnel\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.tunnelResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewTunnelIamPolicy(ctx, "policy", &iap.TunnelIamPolicyArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.tunnelResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewTunnelIamPolicy(ctx, "policy", &iap.TunnelIamPolicyArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_tunnel\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelIamBinding(ctx, "binding", &iap.TunnelIamBindingArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelIamBinding(ctx, "binding", &iap.TunnelIamBindingArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &iap.TunnelIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## google\_iap\_tunnel\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelIamMember(ctx, "member", &iap.TunnelIamMemberArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelIamMember(ctx, "member", &iap.TunnelIamMemberArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Member: pulumi.String("user:jane@example.com"), Condition: &iap.TunnelIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_tunnel * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor "projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor "projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor projects/{{project}}/iap_tunnel
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetTunnelIamBinding ¶
func GetTunnelIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TunnelIamBindingState, opts ...pulumi.ResourceOption) (*TunnelIamBinding, error)
GetTunnelIamBinding gets an existing TunnelIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewTunnelIamBinding ¶
func NewTunnelIamBinding(ctx *pulumi.Context, name string, args *TunnelIamBindingArgs, opts ...pulumi.ResourceOption) (*TunnelIamBinding, error)
NewTunnelIamBinding registers a new resource with the given unique name, arguments, and options.
func (*TunnelIamBinding) ElementType ¶
func (*TunnelIamBinding) ElementType() reflect.Type
func (*TunnelIamBinding) ToTunnelIamBindingOutput ¶
func (i *TunnelIamBinding) ToTunnelIamBindingOutput() TunnelIamBindingOutput
func (*TunnelIamBinding) ToTunnelIamBindingOutputWithContext ¶
func (i *TunnelIamBinding) ToTunnelIamBindingOutputWithContext(ctx context.Context) TunnelIamBindingOutput
type TunnelIamBindingArgs ¶
type TunnelIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition TunnelIamBindingConditionPtrInput Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput }
The set of arguments for constructing a TunnelIamBinding resource.
func (TunnelIamBindingArgs) ElementType ¶
func (TunnelIamBindingArgs) ElementType() reflect.Type
type TunnelIamBindingArray ¶
type TunnelIamBindingArray []TunnelIamBindingInput
func (TunnelIamBindingArray) ElementType ¶
func (TunnelIamBindingArray) ElementType() reflect.Type
func (TunnelIamBindingArray) ToTunnelIamBindingArrayOutput ¶
func (i TunnelIamBindingArray) ToTunnelIamBindingArrayOutput() TunnelIamBindingArrayOutput
func (TunnelIamBindingArray) ToTunnelIamBindingArrayOutputWithContext ¶
func (i TunnelIamBindingArray) ToTunnelIamBindingArrayOutputWithContext(ctx context.Context) TunnelIamBindingArrayOutput
type TunnelIamBindingArrayInput ¶
type TunnelIamBindingArrayInput interface { pulumi.Input ToTunnelIamBindingArrayOutput() TunnelIamBindingArrayOutput ToTunnelIamBindingArrayOutputWithContext(context.Context) TunnelIamBindingArrayOutput }
TunnelIamBindingArrayInput is an input type that accepts TunnelIamBindingArray and TunnelIamBindingArrayOutput values. You can construct a concrete instance of `TunnelIamBindingArrayInput` via:
TunnelIamBindingArray{ TunnelIamBindingArgs{...} }
type TunnelIamBindingArrayOutput ¶
type TunnelIamBindingArrayOutput struct{ *pulumi.OutputState }
func (TunnelIamBindingArrayOutput) ElementType ¶
func (TunnelIamBindingArrayOutput) ElementType() reflect.Type
func (TunnelIamBindingArrayOutput) Index ¶
func (o TunnelIamBindingArrayOutput) Index(i pulumi.IntInput) TunnelIamBindingOutput
func (TunnelIamBindingArrayOutput) ToTunnelIamBindingArrayOutput ¶
func (o TunnelIamBindingArrayOutput) ToTunnelIamBindingArrayOutput() TunnelIamBindingArrayOutput
func (TunnelIamBindingArrayOutput) ToTunnelIamBindingArrayOutputWithContext ¶
func (o TunnelIamBindingArrayOutput) ToTunnelIamBindingArrayOutputWithContext(ctx context.Context) TunnelIamBindingArrayOutput
type TunnelIamBindingCondition ¶
type TunnelIamBindingCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type TunnelIamBindingConditionArgs ¶
type TunnelIamBindingConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (TunnelIamBindingConditionArgs) ElementType ¶
func (TunnelIamBindingConditionArgs) ElementType() reflect.Type
func (TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionOutput ¶
func (i TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionOutput() TunnelIamBindingConditionOutput
func (TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionOutputWithContext ¶
func (i TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionOutputWithContext(ctx context.Context) TunnelIamBindingConditionOutput
func (TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionPtrOutput ¶
func (i TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionPtrOutput() TunnelIamBindingConditionPtrOutput
func (TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionPtrOutputWithContext ¶
func (i TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionPtrOutputWithContext(ctx context.Context) TunnelIamBindingConditionPtrOutput
type TunnelIamBindingConditionInput ¶
type TunnelIamBindingConditionInput interface { pulumi.Input ToTunnelIamBindingConditionOutput() TunnelIamBindingConditionOutput ToTunnelIamBindingConditionOutputWithContext(context.Context) TunnelIamBindingConditionOutput }
TunnelIamBindingConditionInput is an input type that accepts TunnelIamBindingConditionArgs and TunnelIamBindingConditionOutput values. You can construct a concrete instance of `TunnelIamBindingConditionInput` via:
TunnelIamBindingConditionArgs{...}
type TunnelIamBindingConditionOutput ¶
type TunnelIamBindingConditionOutput struct{ *pulumi.OutputState }
func (TunnelIamBindingConditionOutput) Description ¶
func (o TunnelIamBindingConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (TunnelIamBindingConditionOutput) ElementType ¶
func (TunnelIamBindingConditionOutput) ElementType() reflect.Type
func (TunnelIamBindingConditionOutput) Expression ¶
func (o TunnelIamBindingConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (TunnelIamBindingConditionOutput) Title ¶
func (o TunnelIamBindingConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionOutput ¶
func (o TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionOutput() TunnelIamBindingConditionOutput
func (TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionOutputWithContext ¶
func (o TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionOutputWithContext(ctx context.Context) TunnelIamBindingConditionOutput
func (TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionPtrOutput ¶
func (o TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionPtrOutput() TunnelIamBindingConditionPtrOutput
func (TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionPtrOutputWithContext ¶
func (o TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionPtrOutputWithContext(ctx context.Context) TunnelIamBindingConditionPtrOutput
type TunnelIamBindingConditionPtrInput ¶
type TunnelIamBindingConditionPtrInput interface { pulumi.Input ToTunnelIamBindingConditionPtrOutput() TunnelIamBindingConditionPtrOutput ToTunnelIamBindingConditionPtrOutputWithContext(context.Context) TunnelIamBindingConditionPtrOutput }
TunnelIamBindingConditionPtrInput is an input type that accepts TunnelIamBindingConditionArgs, TunnelIamBindingConditionPtr and TunnelIamBindingConditionPtrOutput values. You can construct a concrete instance of `TunnelIamBindingConditionPtrInput` via:
TunnelIamBindingConditionArgs{...} or: nil
func TunnelIamBindingConditionPtr ¶
func TunnelIamBindingConditionPtr(v *TunnelIamBindingConditionArgs) TunnelIamBindingConditionPtrInput
type TunnelIamBindingConditionPtrOutput ¶
type TunnelIamBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (TunnelIamBindingConditionPtrOutput) Description ¶
func (o TunnelIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (TunnelIamBindingConditionPtrOutput) Elem ¶
func (o TunnelIamBindingConditionPtrOutput) Elem() TunnelIamBindingConditionOutput
func (TunnelIamBindingConditionPtrOutput) ElementType ¶
func (TunnelIamBindingConditionPtrOutput) ElementType() reflect.Type
func (TunnelIamBindingConditionPtrOutput) Expression ¶
func (o TunnelIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (TunnelIamBindingConditionPtrOutput) Title ¶
func (o TunnelIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (TunnelIamBindingConditionPtrOutput) ToTunnelIamBindingConditionPtrOutput ¶
func (o TunnelIamBindingConditionPtrOutput) ToTunnelIamBindingConditionPtrOutput() TunnelIamBindingConditionPtrOutput
func (TunnelIamBindingConditionPtrOutput) ToTunnelIamBindingConditionPtrOutputWithContext ¶
func (o TunnelIamBindingConditionPtrOutput) ToTunnelIamBindingConditionPtrOutputWithContext(ctx context.Context) TunnelIamBindingConditionPtrOutput
type TunnelIamBindingInput ¶
type TunnelIamBindingInput interface { pulumi.Input ToTunnelIamBindingOutput() TunnelIamBindingOutput ToTunnelIamBindingOutputWithContext(ctx context.Context) TunnelIamBindingOutput }
type TunnelIamBindingMap ¶
type TunnelIamBindingMap map[string]TunnelIamBindingInput
func (TunnelIamBindingMap) ElementType ¶
func (TunnelIamBindingMap) ElementType() reflect.Type
func (TunnelIamBindingMap) ToTunnelIamBindingMapOutput ¶
func (i TunnelIamBindingMap) ToTunnelIamBindingMapOutput() TunnelIamBindingMapOutput
func (TunnelIamBindingMap) ToTunnelIamBindingMapOutputWithContext ¶
func (i TunnelIamBindingMap) ToTunnelIamBindingMapOutputWithContext(ctx context.Context) TunnelIamBindingMapOutput
type TunnelIamBindingMapInput ¶
type TunnelIamBindingMapInput interface { pulumi.Input ToTunnelIamBindingMapOutput() TunnelIamBindingMapOutput ToTunnelIamBindingMapOutputWithContext(context.Context) TunnelIamBindingMapOutput }
TunnelIamBindingMapInput is an input type that accepts TunnelIamBindingMap and TunnelIamBindingMapOutput values. You can construct a concrete instance of `TunnelIamBindingMapInput` via:
TunnelIamBindingMap{ "key": TunnelIamBindingArgs{...} }
type TunnelIamBindingMapOutput ¶
type TunnelIamBindingMapOutput struct{ *pulumi.OutputState }
func (TunnelIamBindingMapOutput) ElementType ¶
func (TunnelIamBindingMapOutput) ElementType() reflect.Type
func (TunnelIamBindingMapOutput) MapIndex ¶
func (o TunnelIamBindingMapOutput) MapIndex(k pulumi.StringInput) TunnelIamBindingOutput
func (TunnelIamBindingMapOutput) ToTunnelIamBindingMapOutput ¶
func (o TunnelIamBindingMapOutput) ToTunnelIamBindingMapOutput() TunnelIamBindingMapOutput
func (TunnelIamBindingMapOutput) ToTunnelIamBindingMapOutputWithContext ¶
func (o TunnelIamBindingMapOutput) ToTunnelIamBindingMapOutputWithContext(ctx context.Context) TunnelIamBindingMapOutput
type TunnelIamBindingOutput ¶
type TunnelIamBindingOutput struct{ *pulumi.OutputState }
func (TunnelIamBindingOutput) Condition ¶ added in v6.23.0
func (o TunnelIamBindingOutput) Condition() TunnelIamBindingConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (TunnelIamBindingOutput) ElementType ¶
func (TunnelIamBindingOutput) ElementType() reflect.Type
func (TunnelIamBindingOutput) Etag ¶ added in v6.23.0
func (o TunnelIamBindingOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (TunnelIamBindingOutput) Members ¶ added in v6.23.0
func (o TunnelIamBindingOutput) Members() pulumi.StringArrayOutput
func (TunnelIamBindingOutput) Project ¶ added in v6.23.0
func (o TunnelIamBindingOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (TunnelIamBindingOutput) Role ¶ added in v6.23.0
func (o TunnelIamBindingOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (TunnelIamBindingOutput) ToTunnelIamBindingOutput ¶
func (o TunnelIamBindingOutput) ToTunnelIamBindingOutput() TunnelIamBindingOutput
func (TunnelIamBindingOutput) ToTunnelIamBindingOutputWithContext ¶
func (o TunnelIamBindingOutput) ToTunnelIamBindingOutputWithContext(ctx context.Context) TunnelIamBindingOutput
type TunnelIamBindingState ¶
type TunnelIamBindingState struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition TunnelIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput }
func (TunnelIamBindingState) ElementType ¶
func (TunnelIamBindingState) ElementType() reflect.Type
type TunnelIamMember ¶
type TunnelIamMember struct { pulumi.CustomResourceState // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition TunnelIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` Member pulumi.StringOutput `pulumi:"member"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:
* `iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached. * `iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved. * `iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel
> **Note:** `iap.TunnelIamPolicy` **cannot** be used in conjunction with `iap.TunnelIamBinding` and `iap.TunnelIamMember` or they will fight over what your policy should be.
> **Note:** `iap.TunnelIamBinding` resources **can be** used in conjunction with `iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_tunnel\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.tunnelResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewTunnelIamPolicy(ctx, "policy", &iap.TunnelIamPolicyArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.tunnelResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewTunnelIamPolicy(ctx, "policy", &iap.TunnelIamPolicyArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_tunnel\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelIamBinding(ctx, "binding", &iap.TunnelIamBindingArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelIamBinding(ctx, "binding", &iap.TunnelIamBindingArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &iap.TunnelIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## google\_iap\_tunnel\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelIamMember(ctx, "member", &iap.TunnelIamMemberArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelIamMember(ctx, "member", &iap.TunnelIamMemberArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Member: pulumi.String("user:jane@example.com"), Condition: &iap.TunnelIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_tunnel * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor "projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor "projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor projects/{{project}}/iap_tunnel
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetTunnelIamMember ¶
func GetTunnelIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TunnelIamMemberState, opts ...pulumi.ResourceOption) (*TunnelIamMember, error)
GetTunnelIamMember gets an existing TunnelIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewTunnelIamMember ¶
func NewTunnelIamMember(ctx *pulumi.Context, name string, args *TunnelIamMemberArgs, opts ...pulumi.ResourceOption) (*TunnelIamMember, error)
NewTunnelIamMember registers a new resource with the given unique name, arguments, and options.
func (*TunnelIamMember) ElementType ¶
func (*TunnelIamMember) ElementType() reflect.Type
func (*TunnelIamMember) ToTunnelIamMemberOutput ¶
func (i *TunnelIamMember) ToTunnelIamMemberOutput() TunnelIamMemberOutput
func (*TunnelIamMember) ToTunnelIamMemberOutputWithContext ¶
func (i *TunnelIamMember) ToTunnelIamMemberOutputWithContext(ctx context.Context) TunnelIamMemberOutput
type TunnelIamMemberArgs ¶
type TunnelIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition TunnelIamMemberConditionPtrInput Member pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput }
The set of arguments for constructing a TunnelIamMember resource.
func (TunnelIamMemberArgs) ElementType ¶
func (TunnelIamMemberArgs) ElementType() reflect.Type
type TunnelIamMemberArray ¶
type TunnelIamMemberArray []TunnelIamMemberInput
func (TunnelIamMemberArray) ElementType ¶
func (TunnelIamMemberArray) ElementType() reflect.Type
func (TunnelIamMemberArray) ToTunnelIamMemberArrayOutput ¶
func (i TunnelIamMemberArray) ToTunnelIamMemberArrayOutput() TunnelIamMemberArrayOutput
func (TunnelIamMemberArray) ToTunnelIamMemberArrayOutputWithContext ¶
func (i TunnelIamMemberArray) ToTunnelIamMemberArrayOutputWithContext(ctx context.Context) TunnelIamMemberArrayOutput
type TunnelIamMemberArrayInput ¶
type TunnelIamMemberArrayInput interface { pulumi.Input ToTunnelIamMemberArrayOutput() TunnelIamMemberArrayOutput ToTunnelIamMemberArrayOutputWithContext(context.Context) TunnelIamMemberArrayOutput }
TunnelIamMemberArrayInput is an input type that accepts TunnelIamMemberArray and TunnelIamMemberArrayOutput values. You can construct a concrete instance of `TunnelIamMemberArrayInput` via:
TunnelIamMemberArray{ TunnelIamMemberArgs{...} }
type TunnelIamMemberArrayOutput ¶
type TunnelIamMemberArrayOutput struct{ *pulumi.OutputState }
func (TunnelIamMemberArrayOutput) ElementType ¶
func (TunnelIamMemberArrayOutput) ElementType() reflect.Type
func (TunnelIamMemberArrayOutput) Index ¶
func (o TunnelIamMemberArrayOutput) Index(i pulumi.IntInput) TunnelIamMemberOutput
func (TunnelIamMemberArrayOutput) ToTunnelIamMemberArrayOutput ¶
func (o TunnelIamMemberArrayOutput) ToTunnelIamMemberArrayOutput() TunnelIamMemberArrayOutput
func (TunnelIamMemberArrayOutput) ToTunnelIamMemberArrayOutputWithContext ¶
func (o TunnelIamMemberArrayOutput) ToTunnelIamMemberArrayOutputWithContext(ctx context.Context) TunnelIamMemberArrayOutput
type TunnelIamMemberCondition ¶
type TunnelIamMemberCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type TunnelIamMemberConditionArgs ¶
type TunnelIamMemberConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (TunnelIamMemberConditionArgs) ElementType ¶
func (TunnelIamMemberConditionArgs) ElementType() reflect.Type
func (TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionOutput ¶
func (i TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionOutput() TunnelIamMemberConditionOutput
func (TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionOutputWithContext ¶
func (i TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionOutputWithContext(ctx context.Context) TunnelIamMemberConditionOutput
func (TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionPtrOutput ¶
func (i TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionPtrOutput() TunnelIamMemberConditionPtrOutput
func (TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionPtrOutputWithContext ¶
func (i TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionPtrOutputWithContext(ctx context.Context) TunnelIamMemberConditionPtrOutput
type TunnelIamMemberConditionInput ¶
type TunnelIamMemberConditionInput interface { pulumi.Input ToTunnelIamMemberConditionOutput() TunnelIamMemberConditionOutput ToTunnelIamMemberConditionOutputWithContext(context.Context) TunnelIamMemberConditionOutput }
TunnelIamMemberConditionInput is an input type that accepts TunnelIamMemberConditionArgs and TunnelIamMemberConditionOutput values. You can construct a concrete instance of `TunnelIamMemberConditionInput` via:
TunnelIamMemberConditionArgs{...}
type TunnelIamMemberConditionOutput ¶
type TunnelIamMemberConditionOutput struct{ *pulumi.OutputState }
func (TunnelIamMemberConditionOutput) Description ¶
func (o TunnelIamMemberConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (TunnelIamMemberConditionOutput) ElementType ¶
func (TunnelIamMemberConditionOutput) ElementType() reflect.Type
func (TunnelIamMemberConditionOutput) Expression ¶
func (o TunnelIamMemberConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (TunnelIamMemberConditionOutput) Title ¶
func (o TunnelIamMemberConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionOutput ¶
func (o TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionOutput() TunnelIamMemberConditionOutput
func (TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionOutputWithContext ¶
func (o TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionOutputWithContext(ctx context.Context) TunnelIamMemberConditionOutput
func (TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionPtrOutput ¶
func (o TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionPtrOutput() TunnelIamMemberConditionPtrOutput
func (TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionPtrOutputWithContext ¶
func (o TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionPtrOutputWithContext(ctx context.Context) TunnelIamMemberConditionPtrOutput
type TunnelIamMemberConditionPtrInput ¶
type TunnelIamMemberConditionPtrInput interface { pulumi.Input ToTunnelIamMemberConditionPtrOutput() TunnelIamMemberConditionPtrOutput ToTunnelIamMemberConditionPtrOutputWithContext(context.Context) TunnelIamMemberConditionPtrOutput }
TunnelIamMemberConditionPtrInput is an input type that accepts TunnelIamMemberConditionArgs, TunnelIamMemberConditionPtr and TunnelIamMemberConditionPtrOutput values. You can construct a concrete instance of `TunnelIamMemberConditionPtrInput` via:
TunnelIamMemberConditionArgs{...} or: nil
func TunnelIamMemberConditionPtr ¶
func TunnelIamMemberConditionPtr(v *TunnelIamMemberConditionArgs) TunnelIamMemberConditionPtrInput
type TunnelIamMemberConditionPtrOutput ¶
type TunnelIamMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (TunnelIamMemberConditionPtrOutput) Description ¶
func (o TunnelIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (TunnelIamMemberConditionPtrOutput) Elem ¶
func (o TunnelIamMemberConditionPtrOutput) Elem() TunnelIamMemberConditionOutput
func (TunnelIamMemberConditionPtrOutput) ElementType ¶
func (TunnelIamMemberConditionPtrOutput) ElementType() reflect.Type
func (TunnelIamMemberConditionPtrOutput) Expression ¶
func (o TunnelIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (TunnelIamMemberConditionPtrOutput) Title ¶
func (o TunnelIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (TunnelIamMemberConditionPtrOutput) ToTunnelIamMemberConditionPtrOutput ¶
func (o TunnelIamMemberConditionPtrOutput) ToTunnelIamMemberConditionPtrOutput() TunnelIamMemberConditionPtrOutput
func (TunnelIamMemberConditionPtrOutput) ToTunnelIamMemberConditionPtrOutputWithContext ¶
func (o TunnelIamMemberConditionPtrOutput) ToTunnelIamMemberConditionPtrOutputWithContext(ctx context.Context) TunnelIamMemberConditionPtrOutput
type TunnelIamMemberInput ¶
type TunnelIamMemberInput interface { pulumi.Input ToTunnelIamMemberOutput() TunnelIamMemberOutput ToTunnelIamMemberOutputWithContext(ctx context.Context) TunnelIamMemberOutput }
type TunnelIamMemberMap ¶
type TunnelIamMemberMap map[string]TunnelIamMemberInput
func (TunnelIamMemberMap) ElementType ¶
func (TunnelIamMemberMap) ElementType() reflect.Type
func (TunnelIamMemberMap) ToTunnelIamMemberMapOutput ¶
func (i TunnelIamMemberMap) ToTunnelIamMemberMapOutput() TunnelIamMemberMapOutput
func (TunnelIamMemberMap) ToTunnelIamMemberMapOutputWithContext ¶
func (i TunnelIamMemberMap) ToTunnelIamMemberMapOutputWithContext(ctx context.Context) TunnelIamMemberMapOutput
type TunnelIamMemberMapInput ¶
type TunnelIamMemberMapInput interface { pulumi.Input ToTunnelIamMemberMapOutput() TunnelIamMemberMapOutput ToTunnelIamMemberMapOutputWithContext(context.Context) TunnelIamMemberMapOutput }
TunnelIamMemberMapInput is an input type that accepts TunnelIamMemberMap and TunnelIamMemberMapOutput values. You can construct a concrete instance of `TunnelIamMemberMapInput` via:
TunnelIamMemberMap{ "key": TunnelIamMemberArgs{...} }
type TunnelIamMemberMapOutput ¶
type TunnelIamMemberMapOutput struct{ *pulumi.OutputState }
func (TunnelIamMemberMapOutput) ElementType ¶
func (TunnelIamMemberMapOutput) ElementType() reflect.Type
func (TunnelIamMemberMapOutput) MapIndex ¶
func (o TunnelIamMemberMapOutput) MapIndex(k pulumi.StringInput) TunnelIamMemberOutput
func (TunnelIamMemberMapOutput) ToTunnelIamMemberMapOutput ¶
func (o TunnelIamMemberMapOutput) ToTunnelIamMemberMapOutput() TunnelIamMemberMapOutput
func (TunnelIamMemberMapOutput) ToTunnelIamMemberMapOutputWithContext ¶
func (o TunnelIamMemberMapOutput) ToTunnelIamMemberMapOutputWithContext(ctx context.Context) TunnelIamMemberMapOutput
type TunnelIamMemberOutput ¶
type TunnelIamMemberOutput struct{ *pulumi.OutputState }
func (TunnelIamMemberOutput) Condition ¶ added in v6.23.0
func (o TunnelIamMemberOutput) Condition() TunnelIamMemberConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (TunnelIamMemberOutput) ElementType ¶
func (TunnelIamMemberOutput) ElementType() reflect.Type
func (TunnelIamMemberOutput) Etag ¶ added in v6.23.0
func (o TunnelIamMemberOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (TunnelIamMemberOutput) Member ¶ added in v6.23.0
func (o TunnelIamMemberOutput) Member() pulumi.StringOutput
func (TunnelIamMemberOutput) Project ¶ added in v6.23.0
func (o TunnelIamMemberOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (TunnelIamMemberOutput) Role ¶ added in v6.23.0
func (o TunnelIamMemberOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (TunnelIamMemberOutput) ToTunnelIamMemberOutput ¶
func (o TunnelIamMemberOutput) ToTunnelIamMemberOutput() TunnelIamMemberOutput
func (TunnelIamMemberOutput) ToTunnelIamMemberOutputWithContext ¶
func (o TunnelIamMemberOutput) ToTunnelIamMemberOutputWithContext(ctx context.Context) TunnelIamMemberOutput
type TunnelIamMemberState ¶
type TunnelIamMemberState struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition TunnelIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput Member pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput }
func (TunnelIamMemberState) ElementType ¶
func (TunnelIamMemberState) ElementType() reflect.Type
type TunnelIamPolicy ¶
type TunnelIamPolicy struct { pulumi.CustomResourceState // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:
* `iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached. * `iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved. * `iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel
> **Note:** `iap.TunnelIamPolicy` **cannot** be used in conjunction with `iap.TunnelIamBinding` and `iap.TunnelIamMember` or they will fight over what your policy should be.
> **Note:** `iap.TunnelIamBinding` resources **can be** used in conjunction with `iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_tunnel\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.tunnelResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewTunnelIamPolicy(ctx, "policy", &iap.TunnelIamPolicyArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.tunnelResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewTunnelIamPolicy(ctx, "policy", &iap.TunnelIamPolicyArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_tunnel\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelIamBinding(ctx, "binding", &iap.TunnelIamBindingArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelIamBinding(ctx, "binding", &iap.TunnelIamBindingArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &iap.TunnelIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## google\_iap\_tunnel\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelIamMember(ctx, "member", &iap.TunnelIamMemberArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelIamMember(ctx, "member", &iap.TunnelIamMemberArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Member: pulumi.String("user:jane@example.com"), Condition: &iap.TunnelIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_tunnel * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor "projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor "projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor projects/{{project}}/iap_tunnel
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetTunnelIamPolicy ¶
func GetTunnelIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TunnelIamPolicyState, opts ...pulumi.ResourceOption) (*TunnelIamPolicy, error)
GetTunnelIamPolicy gets an existing TunnelIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewTunnelIamPolicy ¶
func NewTunnelIamPolicy(ctx *pulumi.Context, name string, args *TunnelIamPolicyArgs, opts ...pulumi.ResourceOption) (*TunnelIamPolicy, error)
NewTunnelIamPolicy registers a new resource with the given unique name, arguments, and options.
func (*TunnelIamPolicy) ElementType ¶
func (*TunnelIamPolicy) ElementType() reflect.Type
func (*TunnelIamPolicy) ToTunnelIamPolicyOutput ¶
func (i *TunnelIamPolicy) ToTunnelIamPolicyOutput() TunnelIamPolicyOutput
func (*TunnelIamPolicy) ToTunnelIamPolicyOutputWithContext ¶
func (i *TunnelIamPolicy) ToTunnelIamPolicyOutputWithContext(ctx context.Context) TunnelIamPolicyOutput
type TunnelIamPolicyArgs ¶
type TunnelIamPolicyArgs struct { // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput }
The set of arguments for constructing a TunnelIamPolicy resource.
func (TunnelIamPolicyArgs) ElementType ¶
func (TunnelIamPolicyArgs) ElementType() reflect.Type
type TunnelIamPolicyArray ¶
type TunnelIamPolicyArray []TunnelIamPolicyInput
func (TunnelIamPolicyArray) ElementType ¶
func (TunnelIamPolicyArray) ElementType() reflect.Type
func (TunnelIamPolicyArray) ToTunnelIamPolicyArrayOutput ¶
func (i TunnelIamPolicyArray) ToTunnelIamPolicyArrayOutput() TunnelIamPolicyArrayOutput
func (TunnelIamPolicyArray) ToTunnelIamPolicyArrayOutputWithContext ¶
func (i TunnelIamPolicyArray) ToTunnelIamPolicyArrayOutputWithContext(ctx context.Context) TunnelIamPolicyArrayOutput
type TunnelIamPolicyArrayInput ¶
type TunnelIamPolicyArrayInput interface { pulumi.Input ToTunnelIamPolicyArrayOutput() TunnelIamPolicyArrayOutput ToTunnelIamPolicyArrayOutputWithContext(context.Context) TunnelIamPolicyArrayOutput }
TunnelIamPolicyArrayInput is an input type that accepts TunnelIamPolicyArray and TunnelIamPolicyArrayOutput values. You can construct a concrete instance of `TunnelIamPolicyArrayInput` via:
TunnelIamPolicyArray{ TunnelIamPolicyArgs{...} }
type TunnelIamPolicyArrayOutput ¶
type TunnelIamPolicyArrayOutput struct{ *pulumi.OutputState }
func (TunnelIamPolicyArrayOutput) ElementType ¶
func (TunnelIamPolicyArrayOutput) ElementType() reflect.Type
func (TunnelIamPolicyArrayOutput) Index ¶
func (o TunnelIamPolicyArrayOutput) Index(i pulumi.IntInput) TunnelIamPolicyOutput
func (TunnelIamPolicyArrayOutput) ToTunnelIamPolicyArrayOutput ¶
func (o TunnelIamPolicyArrayOutput) ToTunnelIamPolicyArrayOutput() TunnelIamPolicyArrayOutput
func (TunnelIamPolicyArrayOutput) ToTunnelIamPolicyArrayOutputWithContext ¶
func (o TunnelIamPolicyArrayOutput) ToTunnelIamPolicyArrayOutputWithContext(ctx context.Context) TunnelIamPolicyArrayOutput
type TunnelIamPolicyInput ¶
type TunnelIamPolicyInput interface { pulumi.Input ToTunnelIamPolicyOutput() TunnelIamPolicyOutput ToTunnelIamPolicyOutputWithContext(ctx context.Context) TunnelIamPolicyOutput }
type TunnelIamPolicyMap ¶
type TunnelIamPolicyMap map[string]TunnelIamPolicyInput
func (TunnelIamPolicyMap) ElementType ¶
func (TunnelIamPolicyMap) ElementType() reflect.Type
func (TunnelIamPolicyMap) ToTunnelIamPolicyMapOutput ¶
func (i TunnelIamPolicyMap) ToTunnelIamPolicyMapOutput() TunnelIamPolicyMapOutput
func (TunnelIamPolicyMap) ToTunnelIamPolicyMapOutputWithContext ¶
func (i TunnelIamPolicyMap) ToTunnelIamPolicyMapOutputWithContext(ctx context.Context) TunnelIamPolicyMapOutput
type TunnelIamPolicyMapInput ¶
type TunnelIamPolicyMapInput interface { pulumi.Input ToTunnelIamPolicyMapOutput() TunnelIamPolicyMapOutput ToTunnelIamPolicyMapOutputWithContext(context.Context) TunnelIamPolicyMapOutput }
TunnelIamPolicyMapInput is an input type that accepts TunnelIamPolicyMap and TunnelIamPolicyMapOutput values. You can construct a concrete instance of `TunnelIamPolicyMapInput` via:
TunnelIamPolicyMap{ "key": TunnelIamPolicyArgs{...} }
type TunnelIamPolicyMapOutput ¶
type TunnelIamPolicyMapOutput struct{ *pulumi.OutputState }
func (TunnelIamPolicyMapOutput) ElementType ¶
func (TunnelIamPolicyMapOutput) ElementType() reflect.Type
func (TunnelIamPolicyMapOutput) MapIndex ¶
func (o TunnelIamPolicyMapOutput) MapIndex(k pulumi.StringInput) TunnelIamPolicyOutput
func (TunnelIamPolicyMapOutput) ToTunnelIamPolicyMapOutput ¶
func (o TunnelIamPolicyMapOutput) ToTunnelIamPolicyMapOutput() TunnelIamPolicyMapOutput
func (TunnelIamPolicyMapOutput) ToTunnelIamPolicyMapOutputWithContext ¶
func (o TunnelIamPolicyMapOutput) ToTunnelIamPolicyMapOutputWithContext(ctx context.Context) TunnelIamPolicyMapOutput
type TunnelIamPolicyOutput ¶
type TunnelIamPolicyOutput struct{ *pulumi.OutputState }
func (TunnelIamPolicyOutput) ElementType ¶
func (TunnelIamPolicyOutput) ElementType() reflect.Type
func (TunnelIamPolicyOutput) Etag ¶ added in v6.23.0
func (o TunnelIamPolicyOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (TunnelIamPolicyOutput) PolicyData ¶ added in v6.23.0
func (o TunnelIamPolicyOutput) PolicyData() pulumi.StringOutput
The policy data generated by a `organizations.getIAMPolicy` data source.
func (TunnelIamPolicyOutput) Project ¶ added in v6.23.0
func (o TunnelIamPolicyOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (TunnelIamPolicyOutput) ToTunnelIamPolicyOutput ¶
func (o TunnelIamPolicyOutput) ToTunnelIamPolicyOutput() TunnelIamPolicyOutput
func (TunnelIamPolicyOutput) ToTunnelIamPolicyOutputWithContext ¶
func (o TunnelIamPolicyOutput) ToTunnelIamPolicyOutputWithContext(ctx context.Context) TunnelIamPolicyOutput
type TunnelIamPolicyState ¶
type TunnelIamPolicyState struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput }
func (TunnelIamPolicyState) ElementType ¶
func (TunnelIamPolicyState) ElementType() reflect.Type
type TunnelInstanceIAMBinding ¶
type TunnelInstanceIAMBinding struct { pulumi.CustomResourceState // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition TunnelInstanceIAMBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to Instance pulumi.StringOutput `pulumi:"instance"` Members pulumi.StringArrayOutput `pulumi:"members"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` Zone pulumi.StringOutput `pulumi:"zone"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:
* `iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached. * `iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved. * `iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance
> **Note:** `iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `iap.TunnelInstanceIAMBinding` and `iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.
> **Note:** `iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_tunnel\_instance\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.tunnelResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{ Project: pulumi.Any(google_compute_instance.Tunnelvm.Project), Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone), Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.tunnelResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{ Project: pulumi.Any(google_compute_instance.Tunnelvm.Project), Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone), Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_tunnel\_instance\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{ Project: pulumi.Any(google_compute_instance.Tunnelvm.Project), Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone), Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{ Project: pulumi.Any(google_compute_instance.Tunnelvm.Project), Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone), Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &iap.TunnelInstanceIAMBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## google\_iap\_tunnel\_instance\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{ Project: pulumi.Any(google_compute_instance.Tunnelvm.Project), Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone), Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{ Project: pulumi.Any(google_compute_instance.Tunnelvm.Project), Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone), Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Member: pulumi.String("user:jane@example.com"), Condition: &iap.TunnelInstanceIAMMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}} * projects/{{project}}/zones/{{zone}}/instances/{{name}} * {{project}}/{{zone}}/{{name}} * {{zone}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor "projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor "projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetTunnelInstanceIAMBinding ¶
func GetTunnelInstanceIAMBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TunnelInstanceIAMBindingState, opts ...pulumi.ResourceOption) (*TunnelInstanceIAMBinding, error)
GetTunnelInstanceIAMBinding gets an existing TunnelInstanceIAMBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewTunnelInstanceIAMBinding ¶
func NewTunnelInstanceIAMBinding(ctx *pulumi.Context, name string, args *TunnelInstanceIAMBindingArgs, opts ...pulumi.ResourceOption) (*TunnelInstanceIAMBinding, error)
NewTunnelInstanceIAMBinding registers a new resource with the given unique name, arguments, and options.
func (*TunnelInstanceIAMBinding) ElementType ¶
func (*TunnelInstanceIAMBinding) ElementType() reflect.Type
func (*TunnelInstanceIAMBinding) ToTunnelInstanceIAMBindingOutput ¶
func (i *TunnelInstanceIAMBinding) ToTunnelInstanceIAMBindingOutput() TunnelInstanceIAMBindingOutput
func (*TunnelInstanceIAMBinding) ToTunnelInstanceIAMBindingOutputWithContext ¶
func (i *TunnelInstanceIAMBinding) ToTunnelInstanceIAMBindingOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingOutput
type TunnelInstanceIAMBindingArgs ¶
type TunnelInstanceIAMBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition TunnelInstanceIAMBindingConditionPtrInput // Used to find the parent resource to bind the IAM policy to Instance pulumi.StringInput Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput Zone pulumi.StringPtrInput }
The set of arguments for constructing a TunnelInstanceIAMBinding resource.
func (TunnelInstanceIAMBindingArgs) ElementType ¶
func (TunnelInstanceIAMBindingArgs) ElementType() reflect.Type
type TunnelInstanceIAMBindingArray ¶
type TunnelInstanceIAMBindingArray []TunnelInstanceIAMBindingInput
func (TunnelInstanceIAMBindingArray) ElementType ¶
func (TunnelInstanceIAMBindingArray) ElementType() reflect.Type
func (TunnelInstanceIAMBindingArray) ToTunnelInstanceIAMBindingArrayOutput ¶
func (i TunnelInstanceIAMBindingArray) ToTunnelInstanceIAMBindingArrayOutput() TunnelInstanceIAMBindingArrayOutput
func (TunnelInstanceIAMBindingArray) ToTunnelInstanceIAMBindingArrayOutputWithContext ¶
func (i TunnelInstanceIAMBindingArray) ToTunnelInstanceIAMBindingArrayOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingArrayOutput
type TunnelInstanceIAMBindingArrayInput ¶
type TunnelInstanceIAMBindingArrayInput interface { pulumi.Input ToTunnelInstanceIAMBindingArrayOutput() TunnelInstanceIAMBindingArrayOutput ToTunnelInstanceIAMBindingArrayOutputWithContext(context.Context) TunnelInstanceIAMBindingArrayOutput }
TunnelInstanceIAMBindingArrayInput is an input type that accepts TunnelInstanceIAMBindingArray and TunnelInstanceIAMBindingArrayOutput values. You can construct a concrete instance of `TunnelInstanceIAMBindingArrayInput` via:
TunnelInstanceIAMBindingArray{ TunnelInstanceIAMBindingArgs{...} }
type TunnelInstanceIAMBindingArrayOutput ¶
type TunnelInstanceIAMBindingArrayOutput struct{ *pulumi.OutputState }
func (TunnelInstanceIAMBindingArrayOutput) ElementType ¶
func (TunnelInstanceIAMBindingArrayOutput) ElementType() reflect.Type
func (TunnelInstanceIAMBindingArrayOutput) Index ¶
func (o TunnelInstanceIAMBindingArrayOutput) Index(i pulumi.IntInput) TunnelInstanceIAMBindingOutput
func (TunnelInstanceIAMBindingArrayOutput) ToTunnelInstanceIAMBindingArrayOutput ¶
func (o TunnelInstanceIAMBindingArrayOutput) ToTunnelInstanceIAMBindingArrayOutput() TunnelInstanceIAMBindingArrayOutput
func (TunnelInstanceIAMBindingArrayOutput) ToTunnelInstanceIAMBindingArrayOutputWithContext ¶
func (o TunnelInstanceIAMBindingArrayOutput) ToTunnelInstanceIAMBindingArrayOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingArrayOutput
type TunnelInstanceIAMBindingCondition ¶
type TunnelInstanceIAMBindingCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type TunnelInstanceIAMBindingConditionArgs ¶
type TunnelInstanceIAMBindingConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (TunnelInstanceIAMBindingConditionArgs) ElementType ¶
func (TunnelInstanceIAMBindingConditionArgs) ElementType() reflect.Type
func (TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionOutput ¶
func (i TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionOutput() TunnelInstanceIAMBindingConditionOutput
func (TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionOutputWithContext ¶
func (i TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionOutput
func (TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionPtrOutput ¶
func (i TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionPtrOutput() TunnelInstanceIAMBindingConditionPtrOutput
func (TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext ¶
func (i TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionPtrOutput
type TunnelInstanceIAMBindingConditionInput ¶
type TunnelInstanceIAMBindingConditionInput interface { pulumi.Input ToTunnelInstanceIAMBindingConditionOutput() TunnelInstanceIAMBindingConditionOutput ToTunnelInstanceIAMBindingConditionOutputWithContext(context.Context) TunnelInstanceIAMBindingConditionOutput }
TunnelInstanceIAMBindingConditionInput is an input type that accepts TunnelInstanceIAMBindingConditionArgs and TunnelInstanceIAMBindingConditionOutput values. You can construct a concrete instance of `TunnelInstanceIAMBindingConditionInput` via:
TunnelInstanceIAMBindingConditionArgs{...}
type TunnelInstanceIAMBindingConditionOutput ¶
type TunnelInstanceIAMBindingConditionOutput struct{ *pulumi.OutputState }
func (TunnelInstanceIAMBindingConditionOutput) Description ¶
func (o TunnelInstanceIAMBindingConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (TunnelInstanceIAMBindingConditionOutput) ElementType ¶
func (TunnelInstanceIAMBindingConditionOutput) ElementType() reflect.Type
func (TunnelInstanceIAMBindingConditionOutput) Expression ¶
func (o TunnelInstanceIAMBindingConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (TunnelInstanceIAMBindingConditionOutput) Title ¶
func (o TunnelInstanceIAMBindingConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionOutput ¶
func (o TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionOutput() TunnelInstanceIAMBindingConditionOutput
func (TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionOutputWithContext ¶
func (o TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionOutput
func (TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionPtrOutput ¶
func (o TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionPtrOutput() TunnelInstanceIAMBindingConditionPtrOutput
func (TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext ¶
func (o TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionPtrOutput
type TunnelInstanceIAMBindingConditionPtrInput ¶
type TunnelInstanceIAMBindingConditionPtrInput interface { pulumi.Input ToTunnelInstanceIAMBindingConditionPtrOutput() TunnelInstanceIAMBindingConditionPtrOutput ToTunnelInstanceIAMBindingConditionPtrOutputWithContext(context.Context) TunnelInstanceIAMBindingConditionPtrOutput }
TunnelInstanceIAMBindingConditionPtrInput is an input type that accepts TunnelInstanceIAMBindingConditionArgs, TunnelInstanceIAMBindingConditionPtr and TunnelInstanceIAMBindingConditionPtrOutput values. You can construct a concrete instance of `TunnelInstanceIAMBindingConditionPtrInput` via:
TunnelInstanceIAMBindingConditionArgs{...} or: nil
func TunnelInstanceIAMBindingConditionPtr ¶
func TunnelInstanceIAMBindingConditionPtr(v *TunnelInstanceIAMBindingConditionArgs) TunnelInstanceIAMBindingConditionPtrInput
type TunnelInstanceIAMBindingConditionPtrOutput ¶
type TunnelInstanceIAMBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (TunnelInstanceIAMBindingConditionPtrOutput) Description ¶
func (o TunnelInstanceIAMBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (TunnelInstanceIAMBindingConditionPtrOutput) ElementType ¶
func (TunnelInstanceIAMBindingConditionPtrOutput) ElementType() reflect.Type
func (TunnelInstanceIAMBindingConditionPtrOutput) Expression ¶
func (o TunnelInstanceIAMBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (TunnelInstanceIAMBindingConditionPtrOutput) Title ¶
func (o TunnelInstanceIAMBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (TunnelInstanceIAMBindingConditionPtrOutput) ToTunnelInstanceIAMBindingConditionPtrOutput ¶
func (o TunnelInstanceIAMBindingConditionPtrOutput) ToTunnelInstanceIAMBindingConditionPtrOutput() TunnelInstanceIAMBindingConditionPtrOutput
func (TunnelInstanceIAMBindingConditionPtrOutput) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext ¶
func (o TunnelInstanceIAMBindingConditionPtrOutput) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionPtrOutput
type TunnelInstanceIAMBindingInput ¶
type TunnelInstanceIAMBindingInput interface { pulumi.Input ToTunnelInstanceIAMBindingOutput() TunnelInstanceIAMBindingOutput ToTunnelInstanceIAMBindingOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingOutput }
type TunnelInstanceIAMBindingMap ¶
type TunnelInstanceIAMBindingMap map[string]TunnelInstanceIAMBindingInput
func (TunnelInstanceIAMBindingMap) ElementType ¶
func (TunnelInstanceIAMBindingMap) ElementType() reflect.Type
func (TunnelInstanceIAMBindingMap) ToTunnelInstanceIAMBindingMapOutput ¶
func (i TunnelInstanceIAMBindingMap) ToTunnelInstanceIAMBindingMapOutput() TunnelInstanceIAMBindingMapOutput
func (TunnelInstanceIAMBindingMap) ToTunnelInstanceIAMBindingMapOutputWithContext ¶
func (i TunnelInstanceIAMBindingMap) ToTunnelInstanceIAMBindingMapOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingMapOutput
type TunnelInstanceIAMBindingMapInput ¶
type TunnelInstanceIAMBindingMapInput interface { pulumi.Input ToTunnelInstanceIAMBindingMapOutput() TunnelInstanceIAMBindingMapOutput ToTunnelInstanceIAMBindingMapOutputWithContext(context.Context) TunnelInstanceIAMBindingMapOutput }
TunnelInstanceIAMBindingMapInput is an input type that accepts TunnelInstanceIAMBindingMap and TunnelInstanceIAMBindingMapOutput values. You can construct a concrete instance of `TunnelInstanceIAMBindingMapInput` via:
TunnelInstanceIAMBindingMap{ "key": TunnelInstanceIAMBindingArgs{...} }
type TunnelInstanceIAMBindingMapOutput ¶
type TunnelInstanceIAMBindingMapOutput struct{ *pulumi.OutputState }
func (TunnelInstanceIAMBindingMapOutput) ElementType ¶
func (TunnelInstanceIAMBindingMapOutput) ElementType() reflect.Type
func (TunnelInstanceIAMBindingMapOutput) MapIndex ¶
func (o TunnelInstanceIAMBindingMapOutput) MapIndex(k pulumi.StringInput) TunnelInstanceIAMBindingOutput
func (TunnelInstanceIAMBindingMapOutput) ToTunnelInstanceIAMBindingMapOutput ¶
func (o TunnelInstanceIAMBindingMapOutput) ToTunnelInstanceIAMBindingMapOutput() TunnelInstanceIAMBindingMapOutput
func (TunnelInstanceIAMBindingMapOutput) ToTunnelInstanceIAMBindingMapOutputWithContext ¶
func (o TunnelInstanceIAMBindingMapOutput) ToTunnelInstanceIAMBindingMapOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingMapOutput
type TunnelInstanceIAMBindingOutput ¶
type TunnelInstanceIAMBindingOutput struct{ *pulumi.OutputState }
func (TunnelInstanceIAMBindingOutput) Condition ¶ added in v6.23.0
func (o TunnelInstanceIAMBindingOutput) Condition() TunnelInstanceIAMBindingConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (TunnelInstanceIAMBindingOutput) ElementType ¶
func (TunnelInstanceIAMBindingOutput) ElementType() reflect.Type
func (TunnelInstanceIAMBindingOutput) Etag ¶ added in v6.23.0
func (o TunnelInstanceIAMBindingOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (TunnelInstanceIAMBindingOutput) Instance ¶ added in v6.23.0
func (o TunnelInstanceIAMBindingOutput) Instance() pulumi.StringOutput
Used to find the parent resource to bind the IAM policy to
func (TunnelInstanceIAMBindingOutput) Members ¶ added in v6.23.0
func (o TunnelInstanceIAMBindingOutput) Members() pulumi.StringArrayOutput
func (TunnelInstanceIAMBindingOutput) Project ¶ added in v6.23.0
func (o TunnelInstanceIAMBindingOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (TunnelInstanceIAMBindingOutput) Role ¶ added in v6.23.0
func (o TunnelInstanceIAMBindingOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (TunnelInstanceIAMBindingOutput) ToTunnelInstanceIAMBindingOutput ¶
func (o TunnelInstanceIAMBindingOutput) ToTunnelInstanceIAMBindingOutput() TunnelInstanceIAMBindingOutput
func (TunnelInstanceIAMBindingOutput) ToTunnelInstanceIAMBindingOutputWithContext ¶
func (o TunnelInstanceIAMBindingOutput) ToTunnelInstanceIAMBindingOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingOutput
func (TunnelInstanceIAMBindingOutput) Zone ¶ added in v6.23.0
func (o TunnelInstanceIAMBindingOutput) Zone() pulumi.StringOutput
type TunnelInstanceIAMBindingState ¶
type TunnelInstanceIAMBindingState struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition TunnelInstanceIAMBindingConditionPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Instance pulumi.StringPtrInput Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput Zone pulumi.StringPtrInput }
func (TunnelInstanceIAMBindingState) ElementType ¶
func (TunnelInstanceIAMBindingState) ElementType() reflect.Type
type TunnelInstanceIAMMember ¶
type TunnelInstanceIAMMember struct { pulumi.CustomResourceState // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition TunnelInstanceIAMMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to Instance pulumi.StringOutput `pulumi:"instance"` Member pulumi.StringOutput `pulumi:"member"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` Zone pulumi.StringOutput `pulumi:"zone"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:
* `iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached. * `iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved. * `iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance
> **Note:** `iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `iap.TunnelInstanceIAMBinding` and `iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.
> **Note:** `iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_tunnel\_instance\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.tunnelResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{ Project: pulumi.Any(google_compute_instance.Tunnelvm.Project), Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone), Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.tunnelResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{ Project: pulumi.Any(google_compute_instance.Tunnelvm.Project), Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone), Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_tunnel\_instance\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{ Project: pulumi.Any(google_compute_instance.Tunnelvm.Project), Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone), Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{ Project: pulumi.Any(google_compute_instance.Tunnelvm.Project), Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone), Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &iap.TunnelInstanceIAMBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## google\_iap\_tunnel\_instance\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{ Project: pulumi.Any(google_compute_instance.Tunnelvm.Project), Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone), Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{ Project: pulumi.Any(google_compute_instance.Tunnelvm.Project), Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone), Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Member: pulumi.String("user:jane@example.com"), Condition: &iap.TunnelInstanceIAMMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}} * projects/{{project}}/zones/{{zone}}/instances/{{name}} * {{project}}/{{zone}}/{{name}} * {{zone}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor "projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor "projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetTunnelInstanceIAMMember ¶
func GetTunnelInstanceIAMMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TunnelInstanceIAMMemberState, opts ...pulumi.ResourceOption) (*TunnelInstanceIAMMember, error)
GetTunnelInstanceIAMMember gets an existing TunnelInstanceIAMMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewTunnelInstanceIAMMember ¶
func NewTunnelInstanceIAMMember(ctx *pulumi.Context, name string, args *TunnelInstanceIAMMemberArgs, opts ...pulumi.ResourceOption) (*TunnelInstanceIAMMember, error)
NewTunnelInstanceIAMMember registers a new resource with the given unique name, arguments, and options.
func (*TunnelInstanceIAMMember) ElementType ¶
func (*TunnelInstanceIAMMember) ElementType() reflect.Type
func (*TunnelInstanceIAMMember) ToTunnelInstanceIAMMemberOutput ¶
func (i *TunnelInstanceIAMMember) ToTunnelInstanceIAMMemberOutput() TunnelInstanceIAMMemberOutput
func (*TunnelInstanceIAMMember) ToTunnelInstanceIAMMemberOutputWithContext ¶
func (i *TunnelInstanceIAMMember) ToTunnelInstanceIAMMemberOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberOutput
type TunnelInstanceIAMMemberArgs ¶
type TunnelInstanceIAMMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition TunnelInstanceIAMMemberConditionPtrInput // Used to find the parent resource to bind the IAM policy to Instance pulumi.StringInput Member pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput Zone pulumi.StringPtrInput }
The set of arguments for constructing a TunnelInstanceIAMMember resource.
func (TunnelInstanceIAMMemberArgs) ElementType ¶
func (TunnelInstanceIAMMemberArgs) ElementType() reflect.Type
type TunnelInstanceIAMMemberArray ¶
type TunnelInstanceIAMMemberArray []TunnelInstanceIAMMemberInput
func (TunnelInstanceIAMMemberArray) ElementType ¶
func (TunnelInstanceIAMMemberArray) ElementType() reflect.Type
func (TunnelInstanceIAMMemberArray) ToTunnelInstanceIAMMemberArrayOutput ¶
func (i TunnelInstanceIAMMemberArray) ToTunnelInstanceIAMMemberArrayOutput() TunnelInstanceIAMMemberArrayOutput
func (TunnelInstanceIAMMemberArray) ToTunnelInstanceIAMMemberArrayOutputWithContext ¶
func (i TunnelInstanceIAMMemberArray) ToTunnelInstanceIAMMemberArrayOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberArrayOutput
type TunnelInstanceIAMMemberArrayInput ¶
type TunnelInstanceIAMMemberArrayInput interface { pulumi.Input ToTunnelInstanceIAMMemberArrayOutput() TunnelInstanceIAMMemberArrayOutput ToTunnelInstanceIAMMemberArrayOutputWithContext(context.Context) TunnelInstanceIAMMemberArrayOutput }
TunnelInstanceIAMMemberArrayInput is an input type that accepts TunnelInstanceIAMMemberArray and TunnelInstanceIAMMemberArrayOutput values. You can construct a concrete instance of `TunnelInstanceIAMMemberArrayInput` via:
TunnelInstanceIAMMemberArray{ TunnelInstanceIAMMemberArgs{...} }
type TunnelInstanceIAMMemberArrayOutput ¶
type TunnelInstanceIAMMemberArrayOutput struct{ *pulumi.OutputState }
func (TunnelInstanceIAMMemberArrayOutput) ElementType ¶
func (TunnelInstanceIAMMemberArrayOutput) ElementType() reflect.Type
func (TunnelInstanceIAMMemberArrayOutput) Index ¶
func (o TunnelInstanceIAMMemberArrayOutput) Index(i pulumi.IntInput) TunnelInstanceIAMMemberOutput
func (TunnelInstanceIAMMemberArrayOutput) ToTunnelInstanceIAMMemberArrayOutput ¶
func (o TunnelInstanceIAMMemberArrayOutput) ToTunnelInstanceIAMMemberArrayOutput() TunnelInstanceIAMMemberArrayOutput
func (TunnelInstanceIAMMemberArrayOutput) ToTunnelInstanceIAMMemberArrayOutputWithContext ¶
func (o TunnelInstanceIAMMemberArrayOutput) ToTunnelInstanceIAMMemberArrayOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberArrayOutput
type TunnelInstanceIAMMemberCondition ¶
type TunnelInstanceIAMMemberCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type TunnelInstanceIAMMemberConditionArgs ¶
type TunnelInstanceIAMMemberConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (TunnelInstanceIAMMemberConditionArgs) ElementType ¶
func (TunnelInstanceIAMMemberConditionArgs) ElementType() reflect.Type
func (TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionOutput ¶
func (i TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionOutput() TunnelInstanceIAMMemberConditionOutput
func (TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionOutputWithContext ¶
func (i TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionOutput
func (TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionPtrOutput ¶
func (i TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionPtrOutput() TunnelInstanceIAMMemberConditionPtrOutput
func (TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext ¶
func (i TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionPtrOutput
type TunnelInstanceIAMMemberConditionInput ¶
type TunnelInstanceIAMMemberConditionInput interface { pulumi.Input ToTunnelInstanceIAMMemberConditionOutput() TunnelInstanceIAMMemberConditionOutput ToTunnelInstanceIAMMemberConditionOutputWithContext(context.Context) TunnelInstanceIAMMemberConditionOutput }
TunnelInstanceIAMMemberConditionInput is an input type that accepts TunnelInstanceIAMMemberConditionArgs and TunnelInstanceIAMMemberConditionOutput values. You can construct a concrete instance of `TunnelInstanceIAMMemberConditionInput` via:
TunnelInstanceIAMMemberConditionArgs{...}
type TunnelInstanceIAMMemberConditionOutput ¶
type TunnelInstanceIAMMemberConditionOutput struct{ *pulumi.OutputState }
func (TunnelInstanceIAMMemberConditionOutput) Description ¶
func (o TunnelInstanceIAMMemberConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (TunnelInstanceIAMMemberConditionOutput) ElementType ¶
func (TunnelInstanceIAMMemberConditionOutput) ElementType() reflect.Type
func (TunnelInstanceIAMMemberConditionOutput) Expression ¶
func (o TunnelInstanceIAMMemberConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (TunnelInstanceIAMMemberConditionOutput) Title ¶
func (o TunnelInstanceIAMMemberConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionOutput ¶
func (o TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionOutput() TunnelInstanceIAMMemberConditionOutput
func (TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionOutputWithContext ¶
func (o TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionOutput
func (TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionPtrOutput ¶
func (o TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionPtrOutput() TunnelInstanceIAMMemberConditionPtrOutput
func (TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext ¶
func (o TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionPtrOutput
type TunnelInstanceIAMMemberConditionPtrInput ¶
type TunnelInstanceIAMMemberConditionPtrInput interface { pulumi.Input ToTunnelInstanceIAMMemberConditionPtrOutput() TunnelInstanceIAMMemberConditionPtrOutput ToTunnelInstanceIAMMemberConditionPtrOutputWithContext(context.Context) TunnelInstanceIAMMemberConditionPtrOutput }
TunnelInstanceIAMMemberConditionPtrInput is an input type that accepts TunnelInstanceIAMMemberConditionArgs, TunnelInstanceIAMMemberConditionPtr and TunnelInstanceIAMMemberConditionPtrOutput values. You can construct a concrete instance of `TunnelInstanceIAMMemberConditionPtrInput` via:
TunnelInstanceIAMMemberConditionArgs{...} or: nil
func TunnelInstanceIAMMemberConditionPtr ¶
func TunnelInstanceIAMMemberConditionPtr(v *TunnelInstanceIAMMemberConditionArgs) TunnelInstanceIAMMemberConditionPtrInput
type TunnelInstanceIAMMemberConditionPtrOutput ¶
type TunnelInstanceIAMMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (TunnelInstanceIAMMemberConditionPtrOutput) Description ¶
func (o TunnelInstanceIAMMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (TunnelInstanceIAMMemberConditionPtrOutput) ElementType ¶
func (TunnelInstanceIAMMemberConditionPtrOutput) ElementType() reflect.Type
func (TunnelInstanceIAMMemberConditionPtrOutput) Expression ¶
func (o TunnelInstanceIAMMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (TunnelInstanceIAMMemberConditionPtrOutput) Title ¶
func (o TunnelInstanceIAMMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (TunnelInstanceIAMMemberConditionPtrOutput) ToTunnelInstanceIAMMemberConditionPtrOutput ¶
func (o TunnelInstanceIAMMemberConditionPtrOutput) ToTunnelInstanceIAMMemberConditionPtrOutput() TunnelInstanceIAMMemberConditionPtrOutput
func (TunnelInstanceIAMMemberConditionPtrOutput) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext ¶
func (o TunnelInstanceIAMMemberConditionPtrOutput) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionPtrOutput
type TunnelInstanceIAMMemberInput ¶
type TunnelInstanceIAMMemberInput interface { pulumi.Input ToTunnelInstanceIAMMemberOutput() TunnelInstanceIAMMemberOutput ToTunnelInstanceIAMMemberOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberOutput }
type TunnelInstanceIAMMemberMap ¶
type TunnelInstanceIAMMemberMap map[string]TunnelInstanceIAMMemberInput
func (TunnelInstanceIAMMemberMap) ElementType ¶
func (TunnelInstanceIAMMemberMap) ElementType() reflect.Type
func (TunnelInstanceIAMMemberMap) ToTunnelInstanceIAMMemberMapOutput ¶
func (i TunnelInstanceIAMMemberMap) ToTunnelInstanceIAMMemberMapOutput() TunnelInstanceIAMMemberMapOutput
func (TunnelInstanceIAMMemberMap) ToTunnelInstanceIAMMemberMapOutputWithContext ¶
func (i TunnelInstanceIAMMemberMap) ToTunnelInstanceIAMMemberMapOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberMapOutput
type TunnelInstanceIAMMemberMapInput ¶
type TunnelInstanceIAMMemberMapInput interface { pulumi.Input ToTunnelInstanceIAMMemberMapOutput() TunnelInstanceIAMMemberMapOutput ToTunnelInstanceIAMMemberMapOutputWithContext(context.Context) TunnelInstanceIAMMemberMapOutput }
TunnelInstanceIAMMemberMapInput is an input type that accepts TunnelInstanceIAMMemberMap and TunnelInstanceIAMMemberMapOutput values. You can construct a concrete instance of `TunnelInstanceIAMMemberMapInput` via:
TunnelInstanceIAMMemberMap{ "key": TunnelInstanceIAMMemberArgs{...} }
type TunnelInstanceIAMMemberMapOutput ¶
type TunnelInstanceIAMMemberMapOutput struct{ *pulumi.OutputState }
func (TunnelInstanceIAMMemberMapOutput) ElementType ¶
func (TunnelInstanceIAMMemberMapOutput) ElementType() reflect.Type
func (TunnelInstanceIAMMemberMapOutput) MapIndex ¶
func (o TunnelInstanceIAMMemberMapOutput) MapIndex(k pulumi.StringInput) TunnelInstanceIAMMemberOutput
func (TunnelInstanceIAMMemberMapOutput) ToTunnelInstanceIAMMemberMapOutput ¶
func (o TunnelInstanceIAMMemberMapOutput) ToTunnelInstanceIAMMemberMapOutput() TunnelInstanceIAMMemberMapOutput
func (TunnelInstanceIAMMemberMapOutput) ToTunnelInstanceIAMMemberMapOutputWithContext ¶
func (o TunnelInstanceIAMMemberMapOutput) ToTunnelInstanceIAMMemberMapOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberMapOutput
type TunnelInstanceIAMMemberOutput ¶
type TunnelInstanceIAMMemberOutput struct{ *pulumi.OutputState }
func (TunnelInstanceIAMMemberOutput) Condition ¶ added in v6.23.0
func (o TunnelInstanceIAMMemberOutput) Condition() TunnelInstanceIAMMemberConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (TunnelInstanceIAMMemberOutput) ElementType ¶
func (TunnelInstanceIAMMemberOutput) ElementType() reflect.Type
func (TunnelInstanceIAMMemberOutput) Etag ¶ added in v6.23.0
func (o TunnelInstanceIAMMemberOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (TunnelInstanceIAMMemberOutput) Instance ¶ added in v6.23.0
func (o TunnelInstanceIAMMemberOutput) Instance() pulumi.StringOutput
Used to find the parent resource to bind the IAM policy to
func (TunnelInstanceIAMMemberOutput) Member ¶ added in v6.23.0
func (o TunnelInstanceIAMMemberOutput) Member() pulumi.StringOutput
func (TunnelInstanceIAMMemberOutput) Project ¶ added in v6.23.0
func (o TunnelInstanceIAMMemberOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (TunnelInstanceIAMMemberOutput) Role ¶ added in v6.23.0
func (o TunnelInstanceIAMMemberOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (TunnelInstanceIAMMemberOutput) ToTunnelInstanceIAMMemberOutput ¶
func (o TunnelInstanceIAMMemberOutput) ToTunnelInstanceIAMMemberOutput() TunnelInstanceIAMMemberOutput
func (TunnelInstanceIAMMemberOutput) ToTunnelInstanceIAMMemberOutputWithContext ¶
func (o TunnelInstanceIAMMemberOutput) ToTunnelInstanceIAMMemberOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberOutput
func (TunnelInstanceIAMMemberOutput) Zone ¶ added in v6.23.0
func (o TunnelInstanceIAMMemberOutput) Zone() pulumi.StringOutput
type TunnelInstanceIAMMemberState ¶
type TunnelInstanceIAMMemberState struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition TunnelInstanceIAMMemberConditionPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Instance pulumi.StringPtrInput Member pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput Zone pulumi.StringPtrInput }
func (TunnelInstanceIAMMemberState) ElementType ¶
func (TunnelInstanceIAMMemberState) ElementType() reflect.Type
type TunnelInstanceIAMPolicy ¶
type TunnelInstanceIAMPolicy struct { pulumi.CustomResourceState // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to Instance pulumi.StringOutput `pulumi:"instance"` // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` Zone pulumi.StringOutput `pulumi:"zone"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:
* `iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached. * `iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved. * `iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance
> **Note:** `iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `iap.TunnelInstanceIAMBinding` and `iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.
> **Note:** `iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_tunnel\_instance\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.tunnelResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{ Project: pulumi.Any(google_compute_instance.Tunnelvm.Project), Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone), Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.tunnelResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{ Project: pulumi.Any(google_compute_instance.Tunnelvm.Project), Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone), Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_tunnel\_instance\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{ Project: pulumi.Any(google_compute_instance.Tunnelvm.Project), Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone), Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{ Project: pulumi.Any(google_compute_instance.Tunnelvm.Project), Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone), Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &iap.TunnelInstanceIAMBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## google\_iap\_tunnel\_instance\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{ Project: pulumi.Any(google_compute_instance.Tunnelvm.Project), Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone), Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{ Project: pulumi.Any(google_compute_instance.Tunnelvm.Project), Zone: pulumi.Any(google_compute_instance.Tunnelvm.Zone), Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name), Role: pulumi.String("roles/iap.tunnelResourceAccessor"), Member: pulumi.String("user:jane@example.com"), Condition: &iap.TunnelInstanceIAMMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}} * projects/{{project}}/zones/{{zone}}/instances/{{name}} * {{project}}/{{zone}}/{{name}} * {{zone}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor "projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor "projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetTunnelInstanceIAMPolicy ¶
func GetTunnelInstanceIAMPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TunnelInstanceIAMPolicyState, opts ...pulumi.ResourceOption) (*TunnelInstanceIAMPolicy, error)
GetTunnelInstanceIAMPolicy gets an existing TunnelInstanceIAMPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewTunnelInstanceIAMPolicy ¶
func NewTunnelInstanceIAMPolicy(ctx *pulumi.Context, name string, args *TunnelInstanceIAMPolicyArgs, opts ...pulumi.ResourceOption) (*TunnelInstanceIAMPolicy, error)
NewTunnelInstanceIAMPolicy registers a new resource with the given unique name, arguments, and options.
func (*TunnelInstanceIAMPolicy) ElementType ¶
func (*TunnelInstanceIAMPolicy) ElementType() reflect.Type
func (*TunnelInstanceIAMPolicy) ToTunnelInstanceIAMPolicyOutput ¶
func (i *TunnelInstanceIAMPolicy) ToTunnelInstanceIAMPolicyOutput() TunnelInstanceIAMPolicyOutput
func (*TunnelInstanceIAMPolicy) ToTunnelInstanceIAMPolicyOutputWithContext ¶
func (i *TunnelInstanceIAMPolicy) ToTunnelInstanceIAMPolicyOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyOutput
type TunnelInstanceIAMPolicyArgs ¶
type TunnelInstanceIAMPolicyArgs struct { // Used to find the parent resource to bind the IAM policy to Instance pulumi.StringInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput Zone pulumi.StringPtrInput }
The set of arguments for constructing a TunnelInstanceIAMPolicy resource.
func (TunnelInstanceIAMPolicyArgs) ElementType ¶
func (TunnelInstanceIAMPolicyArgs) ElementType() reflect.Type
type TunnelInstanceIAMPolicyArray ¶
type TunnelInstanceIAMPolicyArray []TunnelInstanceIAMPolicyInput
func (TunnelInstanceIAMPolicyArray) ElementType ¶
func (TunnelInstanceIAMPolicyArray) ElementType() reflect.Type
func (TunnelInstanceIAMPolicyArray) ToTunnelInstanceIAMPolicyArrayOutput ¶
func (i TunnelInstanceIAMPolicyArray) ToTunnelInstanceIAMPolicyArrayOutput() TunnelInstanceIAMPolicyArrayOutput
func (TunnelInstanceIAMPolicyArray) ToTunnelInstanceIAMPolicyArrayOutputWithContext ¶
func (i TunnelInstanceIAMPolicyArray) ToTunnelInstanceIAMPolicyArrayOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyArrayOutput
type TunnelInstanceIAMPolicyArrayInput ¶
type TunnelInstanceIAMPolicyArrayInput interface { pulumi.Input ToTunnelInstanceIAMPolicyArrayOutput() TunnelInstanceIAMPolicyArrayOutput ToTunnelInstanceIAMPolicyArrayOutputWithContext(context.Context) TunnelInstanceIAMPolicyArrayOutput }
TunnelInstanceIAMPolicyArrayInput is an input type that accepts TunnelInstanceIAMPolicyArray and TunnelInstanceIAMPolicyArrayOutput values. You can construct a concrete instance of `TunnelInstanceIAMPolicyArrayInput` via:
TunnelInstanceIAMPolicyArray{ TunnelInstanceIAMPolicyArgs{...} }
type TunnelInstanceIAMPolicyArrayOutput ¶
type TunnelInstanceIAMPolicyArrayOutput struct{ *pulumi.OutputState }
func (TunnelInstanceIAMPolicyArrayOutput) ElementType ¶
func (TunnelInstanceIAMPolicyArrayOutput) ElementType() reflect.Type
func (TunnelInstanceIAMPolicyArrayOutput) Index ¶
func (o TunnelInstanceIAMPolicyArrayOutput) Index(i pulumi.IntInput) TunnelInstanceIAMPolicyOutput
func (TunnelInstanceIAMPolicyArrayOutput) ToTunnelInstanceIAMPolicyArrayOutput ¶
func (o TunnelInstanceIAMPolicyArrayOutput) ToTunnelInstanceIAMPolicyArrayOutput() TunnelInstanceIAMPolicyArrayOutput
func (TunnelInstanceIAMPolicyArrayOutput) ToTunnelInstanceIAMPolicyArrayOutputWithContext ¶
func (o TunnelInstanceIAMPolicyArrayOutput) ToTunnelInstanceIAMPolicyArrayOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyArrayOutput
type TunnelInstanceIAMPolicyInput ¶
type TunnelInstanceIAMPolicyInput interface { pulumi.Input ToTunnelInstanceIAMPolicyOutput() TunnelInstanceIAMPolicyOutput ToTunnelInstanceIAMPolicyOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyOutput }
type TunnelInstanceIAMPolicyMap ¶
type TunnelInstanceIAMPolicyMap map[string]TunnelInstanceIAMPolicyInput
func (TunnelInstanceIAMPolicyMap) ElementType ¶
func (TunnelInstanceIAMPolicyMap) ElementType() reflect.Type
func (TunnelInstanceIAMPolicyMap) ToTunnelInstanceIAMPolicyMapOutput ¶
func (i TunnelInstanceIAMPolicyMap) ToTunnelInstanceIAMPolicyMapOutput() TunnelInstanceIAMPolicyMapOutput
func (TunnelInstanceIAMPolicyMap) ToTunnelInstanceIAMPolicyMapOutputWithContext ¶
func (i TunnelInstanceIAMPolicyMap) ToTunnelInstanceIAMPolicyMapOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyMapOutput
type TunnelInstanceIAMPolicyMapInput ¶
type TunnelInstanceIAMPolicyMapInput interface { pulumi.Input ToTunnelInstanceIAMPolicyMapOutput() TunnelInstanceIAMPolicyMapOutput ToTunnelInstanceIAMPolicyMapOutputWithContext(context.Context) TunnelInstanceIAMPolicyMapOutput }
TunnelInstanceIAMPolicyMapInput is an input type that accepts TunnelInstanceIAMPolicyMap and TunnelInstanceIAMPolicyMapOutput values. You can construct a concrete instance of `TunnelInstanceIAMPolicyMapInput` via:
TunnelInstanceIAMPolicyMap{ "key": TunnelInstanceIAMPolicyArgs{...} }
type TunnelInstanceIAMPolicyMapOutput ¶
type TunnelInstanceIAMPolicyMapOutput struct{ *pulumi.OutputState }
func (TunnelInstanceIAMPolicyMapOutput) ElementType ¶
func (TunnelInstanceIAMPolicyMapOutput) ElementType() reflect.Type
func (TunnelInstanceIAMPolicyMapOutput) MapIndex ¶
func (o TunnelInstanceIAMPolicyMapOutput) MapIndex(k pulumi.StringInput) TunnelInstanceIAMPolicyOutput
func (TunnelInstanceIAMPolicyMapOutput) ToTunnelInstanceIAMPolicyMapOutput ¶
func (o TunnelInstanceIAMPolicyMapOutput) ToTunnelInstanceIAMPolicyMapOutput() TunnelInstanceIAMPolicyMapOutput
func (TunnelInstanceIAMPolicyMapOutput) ToTunnelInstanceIAMPolicyMapOutputWithContext ¶
func (o TunnelInstanceIAMPolicyMapOutput) ToTunnelInstanceIAMPolicyMapOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyMapOutput
type TunnelInstanceIAMPolicyOutput ¶
type TunnelInstanceIAMPolicyOutput struct{ *pulumi.OutputState }
func (TunnelInstanceIAMPolicyOutput) ElementType ¶
func (TunnelInstanceIAMPolicyOutput) ElementType() reflect.Type
func (TunnelInstanceIAMPolicyOutput) Etag ¶ added in v6.23.0
func (o TunnelInstanceIAMPolicyOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (TunnelInstanceIAMPolicyOutput) Instance ¶ added in v6.23.0
func (o TunnelInstanceIAMPolicyOutput) Instance() pulumi.StringOutput
Used to find the parent resource to bind the IAM policy to
func (TunnelInstanceIAMPolicyOutput) PolicyData ¶ added in v6.23.0
func (o TunnelInstanceIAMPolicyOutput) PolicyData() pulumi.StringOutput
The policy data generated by a `organizations.getIAMPolicy` data source.
func (TunnelInstanceIAMPolicyOutput) Project ¶ added in v6.23.0
func (o TunnelInstanceIAMPolicyOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (TunnelInstanceIAMPolicyOutput) ToTunnelInstanceIAMPolicyOutput ¶
func (o TunnelInstanceIAMPolicyOutput) ToTunnelInstanceIAMPolicyOutput() TunnelInstanceIAMPolicyOutput
func (TunnelInstanceIAMPolicyOutput) ToTunnelInstanceIAMPolicyOutputWithContext ¶
func (o TunnelInstanceIAMPolicyOutput) ToTunnelInstanceIAMPolicyOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyOutput
func (TunnelInstanceIAMPolicyOutput) Zone ¶ added in v6.23.0
func (o TunnelInstanceIAMPolicyOutput) Zone() pulumi.StringOutput
type TunnelInstanceIAMPolicyState ¶
type TunnelInstanceIAMPolicyState struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Instance pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput Zone pulumi.StringPtrInput }
func (TunnelInstanceIAMPolicyState) ElementType ¶
func (TunnelInstanceIAMPolicyState) ElementType() reflect.Type
type WebBackendServiceIamBinding ¶
type WebBackendServiceIamBinding struct { pulumi.CustomResourceState // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebBackendServiceIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` Members pulumi.StringArrayOutput `pulumi:"members"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` // Used to find the parent resource to bind the IAM policy to WebBackendService pulumi.StringOutput `pulumi:"webBackendService"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:
* `iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached. * `iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved. * `iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice
> **Note:** `iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `iap.WebBackendServiceIamBinding` and `iap.WebBackendServiceIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_web\_backend\_service\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{ Project: pulumi.Any(google_compute_backend_service.Default.Project), WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{ Project: pulumi.Any(google_compute_backend_service.Default.Project), WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_backend\_service\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{ Project: pulumi.Any(google_compute_backend_service.Default.Project), WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{ Project: pulumi.Any(google_compute_backend_service.Default.Project), WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &iap.WebBackendServiceIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_backend\_service\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{ Project: pulumi.Any(google_compute_backend_service.Default.Project), WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{ Project: pulumi.Any(google_compute_backend_service.Default.Project), WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), Condition: &iap.WebBackendServiceIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/compute/services/{{name}} * {{project}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor "projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor "projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebBackendServiceIamBinding ¶
func GetWebBackendServiceIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebBackendServiceIamBindingState, opts ...pulumi.ResourceOption) (*WebBackendServiceIamBinding, error)
GetWebBackendServiceIamBinding gets an existing WebBackendServiceIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebBackendServiceIamBinding ¶
func NewWebBackendServiceIamBinding(ctx *pulumi.Context, name string, args *WebBackendServiceIamBindingArgs, opts ...pulumi.ResourceOption) (*WebBackendServiceIamBinding, error)
NewWebBackendServiceIamBinding registers a new resource with the given unique name, arguments, and options.
func (*WebBackendServiceIamBinding) ElementType ¶
func (*WebBackendServiceIamBinding) ElementType() reflect.Type
func (*WebBackendServiceIamBinding) ToWebBackendServiceIamBindingOutput ¶
func (i *WebBackendServiceIamBinding) ToWebBackendServiceIamBindingOutput() WebBackendServiceIamBindingOutput
func (*WebBackendServiceIamBinding) ToWebBackendServiceIamBindingOutputWithContext ¶
func (i *WebBackendServiceIamBinding) ToWebBackendServiceIamBindingOutputWithContext(ctx context.Context) WebBackendServiceIamBindingOutput
type WebBackendServiceIamBindingArgs ¶
type WebBackendServiceIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebBackendServiceIamBindingConditionPtrInput Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput // Used to find the parent resource to bind the IAM policy to WebBackendService pulumi.StringInput }
The set of arguments for constructing a WebBackendServiceIamBinding resource.
func (WebBackendServiceIamBindingArgs) ElementType ¶
func (WebBackendServiceIamBindingArgs) ElementType() reflect.Type
type WebBackendServiceIamBindingArray ¶
type WebBackendServiceIamBindingArray []WebBackendServiceIamBindingInput
func (WebBackendServiceIamBindingArray) ElementType ¶
func (WebBackendServiceIamBindingArray) ElementType() reflect.Type
func (WebBackendServiceIamBindingArray) ToWebBackendServiceIamBindingArrayOutput ¶
func (i WebBackendServiceIamBindingArray) ToWebBackendServiceIamBindingArrayOutput() WebBackendServiceIamBindingArrayOutput
func (WebBackendServiceIamBindingArray) ToWebBackendServiceIamBindingArrayOutputWithContext ¶
func (i WebBackendServiceIamBindingArray) ToWebBackendServiceIamBindingArrayOutputWithContext(ctx context.Context) WebBackendServiceIamBindingArrayOutput
type WebBackendServiceIamBindingArrayInput ¶
type WebBackendServiceIamBindingArrayInput interface { pulumi.Input ToWebBackendServiceIamBindingArrayOutput() WebBackendServiceIamBindingArrayOutput ToWebBackendServiceIamBindingArrayOutputWithContext(context.Context) WebBackendServiceIamBindingArrayOutput }
WebBackendServiceIamBindingArrayInput is an input type that accepts WebBackendServiceIamBindingArray and WebBackendServiceIamBindingArrayOutput values. You can construct a concrete instance of `WebBackendServiceIamBindingArrayInput` via:
WebBackendServiceIamBindingArray{ WebBackendServiceIamBindingArgs{...} }
type WebBackendServiceIamBindingArrayOutput ¶
type WebBackendServiceIamBindingArrayOutput struct{ *pulumi.OutputState }
func (WebBackendServiceIamBindingArrayOutput) ElementType ¶
func (WebBackendServiceIamBindingArrayOutput) ElementType() reflect.Type
func (WebBackendServiceIamBindingArrayOutput) ToWebBackendServiceIamBindingArrayOutput ¶
func (o WebBackendServiceIamBindingArrayOutput) ToWebBackendServiceIamBindingArrayOutput() WebBackendServiceIamBindingArrayOutput
func (WebBackendServiceIamBindingArrayOutput) ToWebBackendServiceIamBindingArrayOutputWithContext ¶
func (o WebBackendServiceIamBindingArrayOutput) ToWebBackendServiceIamBindingArrayOutputWithContext(ctx context.Context) WebBackendServiceIamBindingArrayOutput
type WebBackendServiceIamBindingCondition ¶
type WebBackendServiceIamBindingCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type WebBackendServiceIamBindingConditionArgs ¶
type WebBackendServiceIamBindingConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (WebBackendServiceIamBindingConditionArgs) ElementType ¶
func (WebBackendServiceIamBindingConditionArgs) ElementType() reflect.Type
func (WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionOutput ¶
func (i WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionOutput() WebBackendServiceIamBindingConditionOutput
func (WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionOutputWithContext ¶
func (i WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionOutput
func (WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionPtrOutput ¶
func (i WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionPtrOutput() WebBackendServiceIamBindingConditionPtrOutput
func (WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionPtrOutputWithContext ¶
func (i WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionPtrOutput
type WebBackendServiceIamBindingConditionInput ¶
type WebBackendServiceIamBindingConditionInput interface { pulumi.Input ToWebBackendServiceIamBindingConditionOutput() WebBackendServiceIamBindingConditionOutput ToWebBackendServiceIamBindingConditionOutputWithContext(context.Context) WebBackendServiceIamBindingConditionOutput }
WebBackendServiceIamBindingConditionInput is an input type that accepts WebBackendServiceIamBindingConditionArgs and WebBackendServiceIamBindingConditionOutput values. You can construct a concrete instance of `WebBackendServiceIamBindingConditionInput` via:
WebBackendServiceIamBindingConditionArgs{...}
type WebBackendServiceIamBindingConditionOutput ¶
type WebBackendServiceIamBindingConditionOutput struct{ *pulumi.OutputState }
func (WebBackendServiceIamBindingConditionOutput) Description ¶
func (o WebBackendServiceIamBindingConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (WebBackendServiceIamBindingConditionOutput) ElementType ¶
func (WebBackendServiceIamBindingConditionOutput) ElementType() reflect.Type
func (WebBackendServiceIamBindingConditionOutput) Expression ¶
func (o WebBackendServiceIamBindingConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebBackendServiceIamBindingConditionOutput) Title ¶
func (o WebBackendServiceIamBindingConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionOutput ¶
func (o WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionOutput() WebBackendServiceIamBindingConditionOutput
func (WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionOutputWithContext ¶
func (o WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionOutput
func (WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionPtrOutput ¶
func (o WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionPtrOutput() WebBackendServiceIamBindingConditionPtrOutput
func (WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionPtrOutputWithContext ¶
func (o WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionPtrOutput
type WebBackendServiceIamBindingConditionPtrInput ¶
type WebBackendServiceIamBindingConditionPtrInput interface { pulumi.Input ToWebBackendServiceIamBindingConditionPtrOutput() WebBackendServiceIamBindingConditionPtrOutput ToWebBackendServiceIamBindingConditionPtrOutputWithContext(context.Context) WebBackendServiceIamBindingConditionPtrOutput }
WebBackendServiceIamBindingConditionPtrInput is an input type that accepts WebBackendServiceIamBindingConditionArgs, WebBackendServiceIamBindingConditionPtr and WebBackendServiceIamBindingConditionPtrOutput values. You can construct a concrete instance of `WebBackendServiceIamBindingConditionPtrInput` via:
WebBackendServiceIamBindingConditionArgs{...} or: nil
func WebBackendServiceIamBindingConditionPtr ¶
func WebBackendServiceIamBindingConditionPtr(v *WebBackendServiceIamBindingConditionArgs) WebBackendServiceIamBindingConditionPtrInput
type WebBackendServiceIamBindingConditionPtrOutput ¶
type WebBackendServiceIamBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (WebBackendServiceIamBindingConditionPtrOutput) Description ¶
func (o WebBackendServiceIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (WebBackendServiceIamBindingConditionPtrOutput) ElementType ¶
func (WebBackendServiceIamBindingConditionPtrOutput) ElementType() reflect.Type
func (WebBackendServiceIamBindingConditionPtrOutput) Expression ¶
func (o WebBackendServiceIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebBackendServiceIamBindingConditionPtrOutput) Title ¶
func (o WebBackendServiceIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebBackendServiceIamBindingConditionPtrOutput) ToWebBackendServiceIamBindingConditionPtrOutput ¶
func (o WebBackendServiceIamBindingConditionPtrOutput) ToWebBackendServiceIamBindingConditionPtrOutput() WebBackendServiceIamBindingConditionPtrOutput
func (WebBackendServiceIamBindingConditionPtrOutput) ToWebBackendServiceIamBindingConditionPtrOutputWithContext ¶
func (o WebBackendServiceIamBindingConditionPtrOutput) ToWebBackendServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionPtrOutput
type WebBackendServiceIamBindingInput ¶
type WebBackendServiceIamBindingInput interface { pulumi.Input ToWebBackendServiceIamBindingOutput() WebBackendServiceIamBindingOutput ToWebBackendServiceIamBindingOutputWithContext(ctx context.Context) WebBackendServiceIamBindingOutput }
type WebBackendServiceIamBindingMap ¶
type WebBackendServiceIamBindingMap map[string]WebBackendServiceIamBindingInput
func (WebBackendServiceIamBindingMap) ElementType ¶
func (WebBackendServiceIamBindingMap) ElementType() reflect.Type
func (WebBackendServiceIamBindingMap) ToWebBackendServiceIamBindingMapOutput ¶
func (i WebBackendServiceIamBindingMap) ToWebBackendServiceIamBindingMapOutput() WebBackendServiceIamBindingMapOutput
func (WebBackendServiceIamBindingMap) ToWebBackendServiceIamBindingMapOutputWithContext ¶
func (i WebBackendServiceIamBindingMap) ToWebBackendServiceIamBindingMapOutputWithContext(ctx context.Context) WebBackendServiceIamBindingMapOutput
type WebBackendServiceIamBindingMapInput ¶
type WebBackendServiceIamBindingMapInput interface { pulumi.Input ToWebBackendServiceIamBindingMapOutput() WebBackendServiceIamBindingMapOutput ToWebBackendServiceIamBindingMapOutputWithContext(context.Context) WebBackendServiceIamBindingMapOutput }
WebBackendServiceIamBindingMapInput is an input type that accepts WebBackendServiceIamBindingMap and WebBackendServiceIamBindingMapOutput values. You can construct a concrete instance of `WebBackendServiceIamBindingMapInput` via:
WebBackendServiceIamBindingMap{ "key": WebBackendServiceIamBindingArgs{...} }
type WebBackendServiceIamBindingMapOutput ¶
type WebBackendServiceIamBindingMapOutput struct{ *pulumi.OutputState }
func (WebBackendServiceIamBindingMapOutput) ElementType ¶
func (WebBackendServiceIamBindingMapOutput) ElementType() reflect.Type
func (WebBackendServiceIamBindingMapOutput) MapIndex ¶
func (o WebBackendServiceIamBindingMapOutput) MapIndex(k pulumi.StringInput) WebBackendServiceIamBindingOutput
func (WebBackendServiceIamBindingMapOutput) ToWebBackendServiceIamBindingMapOutput ¶
func (o WebBackendServiceIamBindingMapOutput) ToWebBackendServiceIamBindingMapOutput() WebBackendServiceIamBindingMapOutput
func (WebBackendServiceIamBindingMapOutput) ToWebBackendServiceIamBindingMapOutputWithContext ¶
func (o WebBackendServiceIamBindingMapOutput) ToWebBackendServiceIamBindingMapOutputWithContext(ctx context.Context) WebBackendServiceIamBindingMapOutput
type WebBackendServiceIamBindingOutput ¶
type WebBackendServiceIamBindingOutput struct{ *pulumi.OutputState }
func (WebBackendServiceIamBindingOutput) Condition ¶ added in v6.23.0
func (o WebBackendServiceIamBindingOutput) Condition() WebBackendServiceIamBindingConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (WebBackendServiceIamBindingOutput) ElementType ¶
func (WebBackendServiceIamBindingOutput) ElementType() reflect.Type
func (WebBackendServiceIamBindingOutput) Etag ¶ added in v6.23.0
func (o WebBackendServiceIamBindingOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (WebBackendServiceIamBindingOutput) Members ¶ added in v6.23.0
func (o WebBackendServiceIamBindingOutput) Members() pulumi.StringArrayOutput
func (WebBackendServiceIamBindingOutput) Project ¶ added in v6.23.0
func (o WebBackendServiceIamBindingOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (WebBackendServiceIamBindingOutput) Role ¶ added in v6.23.0
func (o WebBackendServiceIamBindingOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (WebBackendServiceIamBindingOutput) ToWebBackendServiceIamBindingOutput ¶
func (o WebBackendServiceIamBindingOutput) ToWebBackendServiceIamBindingOutput() WebBackendServiceIamBindingOutput
func (WebBackendServiceIamBindingOutput) ToWebBackendServiceIamBindingOutputWithContext ¶
func (o WebBackendServiceIamBindingOutput) ToWebBackendServiceIamBindingOutputWithContext(ctx context.Context) WebBackendServiceIamBindingOutput
func (WebBackendServiceIamBindingOutput) WebBackendService ¶ added in v6.23.0
func (o WebBackendServiceIamBindingOutput) WebBackendService() pulumi.StringOutput
Used to find the parent resource to bind the IAM policy to
type WebBackendServiceIamBindingState ¶
type WebBackendServiceIamBindingState struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebBackendServiceIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to WebBackendService pulumi.StringPtrInput }
func (WebBackendServiceIamBindingState) ElementType ¶
func (WebBackendServiceIamBindingState) ElementType() reflect.Type
type WebBackendServiceIamMember ¶
type WebBackendServiceIamMember struct { pulumi.CustomResourceState // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebBackendServiceIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` Member pulumi.StringOutput `pulumi:"member"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` // Used to find the parent resource to bind the IAM policy to WebBackendService pulumi.StringOutput `pulumi:"webBackendService"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:
* `iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached. * `iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved. * `iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice
> **Note:** `iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `iap.WebBackendServiceIamBinding` and `iap.WebBackendServiceIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_web\_backend\_service\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{ Project: pulumi.Any(google_compute_backend_service.Default.Project), WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{ Project: pulumi.Any(google_compute_backend_service.Default.Project), WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_backend\_service\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{ Project: pulumi.Any(google_compute_backend_service.Default.Project), WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{ Project: pulumi.Any(google_compute_backend_service.Default.Project), WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &iap.WebBackendServiceIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_backend\_service\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{ Project: pulumi.Any(google_compute_backend_service.Default.Project), WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{ Project: pulumi.Any(google_compute_backend_service.Default.Project), WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), Condition: &iap.WebBackendServiceIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/compute/services/{{name}} * {{project}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor "projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor "projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebBackendServiceIamMember ¶
func GetWebBackendServiceIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebBackendServiceIamMemberState, opts ...pulumi.ResourceOption) (*WebBackendServiceIamMember, error)
GetWebBackendServiceIamMember gets an existing WebBackendServiceIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebBackendServiceIamMember ¶
func NewWebBackendServiceIamMember(ctx *pulumi.Context, name string, args *WebBackendServiceIamMemberArgs, opts ...pulumi.ResourceOption) (*WebBackendServiceIamMember, error)
NewWebBackendServiceIamMember registers a new resource with the given unique name, arguments, and options.
func (*WebBackendServiceIamMember) ElementType ¶
func (*WebBackendServiceIamMember) ElementType() reflect.Type
func (*WebBackendServiceIamMember) ToWebBackendServiceIamMemberOutput ¶
func (i *WebBackendServiceIamMember) ToWebBackendServiceIamMemberOutput() WebBackendServiceIamMemberOutput
func (*WebBackendServiceIamMember) ToWebBackendServiceIamMemberOutputWithContext ¶
func (i *WebBackendServiceIamMember) ToWebBackendServiceIamMemberOutputWithContext(ctx context.Context) WebBackendServiceIamMemberOutput
type WebBackendServiceIamMemberArgs ¶
type WebBackendServiceIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebBackendServiceIamMemberConditionPtrInput Member pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput // Used to find the parent resource to bind the IAM policy to WebBackendService pulumi.StringInput }
The set of arguments for constructing a WebBackendServiceIamMember resource.
func (WebBackendServiceIamMemberArgs) ElementType ¶
func (WebBackendServiceIamMemberArgs) ElementType() reflect.Type
type WebBackendServiceIamMemberArray ¶
type WebBackendServiceIamMemberArray []WebBackendServiceIamMemberInput
func (WebBackendServiceIamMemberArray) ElementType ¶
func (WebBackendServiceIamMemberArray) ElementType() reflect.Type
func (WebBackendServiceIamMemberArray) ToWebBackendServiceIamMemberArrayOutput ¶
func (i WebBackendServiceIamMemberArray) ToWebBackendServiceIamMemberArrayOutput() WebBackendServiceIamMemberArrayOutput
func (WebBackendServiceIamMemberArray) ToWebBackendServiceIamMemberArrayOutputWithContext ¶
func (i WebBackendServiceIamMemberArray) ToWebBackendServiceIamMemberArrayOutputWithContext(ctx context.Context) WebBackendServiceIamMemberArrayOutput
type WebBackendServiceIamMemberArrayInput ¶
type WebBackendServiceIamMemberArrayInput interface { pulumi.Input ToWebBackendServiceIamMemberArrayOutput() WebBackendServiceIamMemberArrayOutput ToWebBackendServiceIamMemberArrayOutputWithContext(context.Context) WebBackendServiceIamMemberArrayOutput }
WebBackendServiceIamMemberArrayInput is an input type that accepts WebBackendServiceIamMemberArray and WebBackendServiceIamMemberArrayOutput values. You can construct a concrete instance of `WebBackendServiceIamMemberArrayInput` via:
WebBackendServiceIamMemberArray{ WebBackendServiceIamMemberArgs{...} }
type WebBackendServiceIamMemberArrayOutput ¶
type WebBackendServiceIamMemberArrayOutput struct{ *pulumi.OutputState }
func (WebBackendServiceIamMemberArrayOutput) ElementType ¶
func (WebBackendServiceIamMemberArrayOutput) ElementType() reflect.Type
func (WebBackendServiceIamMemberArrayOutput) Index ¶
func (o WebBackendServiceIamMemberArrayOutput) Index(i pulumi.IntInput) WebBackendServiceIamMemberOutput
func (WebBackendServiceIamMemberArrayOutput) ToWebBackendServiceIamMemberArrayOutput ¶
func (o WebBackendServiceIamMemberArrayOutput) ToWebBackendServiceIamMemberArrayOutput() WebBackendServiceIamMemberArrayOutput
func (WebBackendServiceIamMemberArrayOutput) ToWebBackendServiceIamMemberArrayOutputWithContext ¶
func (o WebBackendServiceIamMemberArrayOutput) ToWebBackendServiceIamMemberArrayOutputWithContext(ctx context.Context) WebBackendServiceIamMemberArrayOutput
type WebBackendServiceIamMemberCondition ¶
type WebBackendServiceIamMemberCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type WebBackendServiceIamMemberConditionArgs ¶
type WebBackendServiceIamMemberConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (WebBackendServiceIamMemberConditionArgs) ElementType ¶
func (WebBackendServiceIamMemberConditionArgs) ElementType() reflect.Type
func (WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionOutput ¶
func (i WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionOutput() WebBackendServiceIamMemberConditionOutput
func (WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionOutputWithContext ¶
func (i WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionOutput
func (WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionPtrOutput ¶
func (i WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionPtrOutput() WebBackendServiceIamMemberConditionPtrOutput
func (WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionPtrOutputWithContext ¶
func (i WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionPtrOutput
type WebBackendServiceIamMemberConditionInput ¶
type WebBackendServiceIamMemberConditionInput interface { pulumi.Input ToWebBackendServiceIamMemberConditionOutput() WebBackendServiceIamMemberConditionOutput ToWebBackendServiceIamMemberConditionOutputWithContext(context.Context) WebBackendServiceIamMemberConditionOutput }
WebBackendServiceIamMemberConditionInput is an input type that accepts WebBackendServiceIamMemberConditionArgs and WebBackendServiceIamMemberConditionOutput values. You can construct a concrete instance of `WebBackendServiceIamMemberConditionInput` via:
WebBackendServiceIamMemberConditionArgs{...}
type WebBackendServiceIamMemberConditionOutput ¶
type WebBackendServiceIamMemberConditionOutput struct{ *pulumi.OutputState }
func (WebBackendServiceIamMemberConditionOutput) Description ¶
func (o WebBackendServiceIamMemberConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (WebBackendServiceIamMemberConditionOutput) ElementType ¶
func (WebBackendServiceIamMemberConditionOutput) ElementType() reflect.Type
func (WebBackendServiceIamMemberConditionOutput) Expression ¶
func (o WebBackendServiceIamMemberConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebBackendServiceIamMemberConditionOutput) Title ¶
func (o WebBackendServiceIamMemberConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionOutput ¶
func (o WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionOutput() WebBackendServiceIamMemberConditionOutput
func (WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionOutputWithContext ¶
func (o WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionOutput
func (WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionPtrOutput ¶
func (o WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionPtrOutput() WebBackendServiceIamMemberConditionPtrOutput
func (WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionPtrOutputWithContext ¶
func (o WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionPtrOutput
type WebBackendServiceIamMemberConditionPtrInput ¶
type WebBackendServiceIamMemberConditionPtrInput interface { pulumi.Input ToWebBackendServiceIamMemberConditionPtrOutput() WebBackendServiceIamMemberConditionPtrOutput ToWebBackendServiceIamMemberConditionPtrOutputWithContext(context.Context) WebBackendServiceIamMemberConditionPtrOutput }
WebBackendServiceIamMemberConditionPtrInput is an input type that accepts WebBackendServiceIamMemberConditionArgs, WebBackendServiceIamMemberConditionPtr and WebBackendServiceIamMemberConditionPtrOutput values. You can construct a concrete instance of `WebBackendServiceIamMemberConditionPtrInput` via:
WebBackendServiceIamMemberConditionArgs{...} or: nil
func WebBackendServiceIamMemberConditionPtr ¶
func WebBackendServiceIamMemberConditionPtr(v *WebBackendServiceIamMemberConditionArgs) WebBackendServiceIamMemberConditionPtrInput
type WebBackendServiceIamMemberConditionPtrOutput ¶
type WebBackendServiceIamMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (WebBackendServiceIamMemberConditionPtrOutput) Description ¶
func (o WebBackendServiceIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (WebBackendServiceIamMemberConditionPtrOutput) ElementType ¶
func (WebBackendServiceIamMemberConditionPtrOutput) ElementType() reflect.Type
func (WebBackendServiceIamMemberConditionPtrOutput) Expression ¶
func (o WebBackendServiceIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebBackendServiceIamMemberConditionPtrOutput) Title ¶
func (o WebBackendServiceIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebBackendServiceIamMemberConditionPtrOutput) ToWebBackendServiceIamMemberConditionPtrOutput ¶
func (o WebBackendServiceIamMemberConditionPtrOutput) ToWebBackendServiceIamMemberConditionPtrOutput() WebBackendServiceIamMemberConditionPtrOutput
func (WebBackendServiceIamMemberConditionPtrOutput) ToWebBackendServiceIamMemberConditionPtrOutputWithContext ¶
func (o WebBackendServiceIamMemberConditionPtrOutput) ToWebBackendServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionPtrOutput
type WebBackendServiceIamMemberInput ¶
type WebBackendServiceIamMemberInput interface { pulumi.Input ToWebBackendServiceIamMemberOutput() WebBackendServiceIamMemberOutput ToWebBackendServiceIamMemberOutputWithContext(ctx context.Context) WebBackendServiceIamMemberOutput }
type WebBackendServiceIamMemberMap ¶
type WebBackendServiceIamMemberMap map[string]WebBackendServiceIamMemberInput
func (WebBackendServiceIamMemberMap) ElementType ¶
func (WebBackendServiceIamMemberMap) ElementType() reflect.Type
func (WebBackendServiceIamMemberMap) ToWebBackendServiceIamMemberMapOutput ¶
func (i WebBackendServiceIamMemberMap) ToWebBackendServiceIamMemberMapOutput() WebBackendServiceIamMemberMapOutput
func (WebBackendServiceIamMemberMap) ToWebBackendServiceIamMemberMapOutputWithContext ¶
func (i WebBackendServiceIamMemberMap) ToWebBackendServiceIamMemberMapOutputWithContext(ctx context.Context) WebBackendServiceIamMemberMapOutput
type WebBackendServiceIamMemberMapInput ¶
type WebBackendServiceIamMemberMapInput interface { pulumi.Input ToWebBackendServiceIamMemberMapOutput() WebBackendServiceIamMemberMapOutput ToWebBackendServiceIamMemberMapOutputWithContext(context.Context) WebBackendServiceIamMemberMapOutput }
WebBackendServiceIamMemberMapInput is an input type that accepts WebBackendServiceIamMemberMap and WebBackendServiceIamMemberMapOutput values. You can construct a concrete instance of `WebBackendServiceIamMemberMapInput` via:
WebBackendServiceIamMemberMap{ "key": WebBackendServiceIamMemberArgs{...} }
type WebBackendServiceIamMemberMapOutput ¶
type WebBackendServiceIamMemberMapOutput struct{ *pulumi.OutputState }
func (WebBackendServiceIamMemberMapOutput) ElementType ¶
func (WebBackendServiceIamMemberMapOutput) ElementType() reflect.Type
func (WebBackendServiceIamMemberMapOutput) MapIndex ¶
func (o WebBackendServiceIamMemberMapOutput) MapIndex(k pulumi.StringInput) WebBackendServiceIamMemberOutput
func (WebBackendServiceIamMemberMapOutput) ToWebBackendServiceIamMemberMapOutput ¶
func (o WebBackendServiceIamMemberMapOutput) ToWebBackendServiceIamMemberMapOutput() WebBackendServiceIamMemberMapOutput
func (WebBackendServiceIamMemberMapOutput) ToWebBackendServiceIamMemberMapOutputWithContext ¶
func (o WebBackendServiceIamMemberMapOutput) ToWebBackendServiceIamMemberMapOutputWithContext(ctx context.Context) WebBackendServiceIamMemberMapOutput
type WebBackendServiceIamMemberOutput ¶
type WebBackendServiceIamMemberOutput struct{ *pulumi.OutputState }
func (WebBackendServiceIamMemberOutput) Condition ¶ added in v6.23.0
func (o WebBackendServiceIamMemberOutput) Condition() WebBackendServiceIamMemberConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (WebBackendServiceIamMemberOutput) ElementType ¶
func (WebBackendServiceIamMemberOutput) ElementType() reflect.Type
func (WebBackendServiceIamMemberOutput) Etag ¶ added in v6.23.0
func (o WebBackendServiceIamMemberOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (WebBackendServiceIamMemberOutput) Member ¶ added in v6.23.0
func (o WebBackendServiceIamMemberOutput) Member() pulumi.StringOutput
func (WebBackendServiceIamMemberOutput) Project ¶ added in v6.23.0
func (o WebBackendServiceIamMemberOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (WebBackendServiceIamMemberOutput) Role ¶ added in v6.23.0
func (o WebBackendServiceIamMemberOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (WebBackendServiceIamMemberOutput) ToWebBackendServiceIamMemberOutput ¶
func (o WebBackendServiceIamMemberOutput) ToWebBackendServiceIamMemberOutput() WebBackendServiceIamMemberOutput
func (WebBackendServiceIamMemberOutput) ToWebBackendServiceIamMemberOutputWithContext ¶
func (o WebBackendServiceIamMemberOutput) ToWebBackendServiceIamMemberOutputWithContext(ctx context.Context) WebBackendServiceIamMemberOutput
func (WebBackendServiceIamMemberOutput) WebBackendService ¶ added in v6.23.0
func (o WebBackendServiceIamMemberOutput) WebBackendService() pulumi.StringOutput
Used to find the parent resource to bind the IAM policy to
type WebBackendServiceIamMemberState ¶
type WebBackendServiceIamMemberState struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebBackendServiceIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput Member pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to WebBackendService pulumi.StringPtrInput }
func (WebBackendServiceIamMemberState) ElementType ¶
func (WebBackendServiceIamMemberState) ElementType() reflect.Type
type WebBackendServiceIamPolicy ¶
type WebBackendServiceIamPolicy struct { pulumi.CustomResourceState // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to WebBackendService pulumi.StringOutput `pulumi:"webBackendService"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:
* `iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached. * `iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved. * `iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice
> **Note:** `iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `iap.WebBackendServiceIamBinding` and `iap.WebBackendServiceIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_web\_backend\_service\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{ Project: pulumi.Any(google_compute_backend_service.Default.Project), WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{ Project: pulumi.Any(google_compute_backend_service.Default.Project), WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_backend\_service\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{ Project: pulumi.Any(google_compute_backend_service.Default.Project), WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{ Project: pulumi.Any(google_compute_backend_service.Default.Project), WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &iap.WebBackendServiceIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_backend\_service\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{ Project: pulumi.Any(google_compute_backend_service.Default.Project), WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{ Project: pulumi.Any(google_compute_backend_service.Default.Project), WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), Condition: &iap.WebBackendServiceIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/compute/services/{{name}} * {{project}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor "projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor "projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebBackendServiceIamPolicy ¶
func GetWebBackendServiceIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebBackendServiceIamPolicyState, opts ...pulumi.ResourceOption) (*WebBackendServiceIamPolicy, error)
GetWebBackendServiceIamPolicy gets an existing WebBackendServiceIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebBackendServiceIamPolicy ¶
func NewWebBackendServiceIamPolicy(ctx *pulumi.Context, name string, args *WebBackendServiceIamPolicyArgs, opts ...pulumi.ResourceOption) (*WebBackendServiceIamPolicy, error)
NewWebBackendServiceIamPolicy registers a new resource with the given unique name, arguments, and options.
func (*WebBackendServiceIamPolicy) ElementType ¶
func (*WebBackendServiceIamPolicy) ElementType() reflect.Type
func (*WebBackendServiceIamPolicy) ToWebBackendServiceIamPolicyOutput ¶
func (i *WebBackendServiceIamPolicy) ToWebBackendServiceIamPolicyOutput() WebBackendServiceIamPolicyOutput
func (*WebBackendServiceIamPolicy) ToWebBackendServiceIamPolicyOutputWithContext ¶
func (i *WebBackendServiceIamPolicy) ToWebBackendServiceIamPolicyOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyOutput
type WebBackendServiceIamPolicyArgs ¶
type WebBackendServiceIamPolicyArgs struct { // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to WebBackendService pulumi.StringInput }
The set of arguments for constructing a WebBackendServiceIamPolicy resource.
func (WebBackendServiceIamPolicyArgs) ElementType ¶
func (WebBackendServiceIamPolicyArgs) ElementType() reflect.Type
type WebBackendServiceIamPolicyArray ¶
type WebBackendServiceIamPolicyArray []WebBackendServiceIamPolicyInput
func (WebBackendServiceIamPolicyArray) ElementType ¶
func (WebBackendServiceIamPolicyArray) ElementType() reflect.Type
func (WebBackendServiceIamPolicyArray) ToWebBackendServiceIamPolicyArrayOutput ¶
func (i WebBackendServiceIamPolicyArray) ToWebBackendServiceIamPolicyArrayOutput() WebBackendServiceIamPolicyArrayOutput
func (WebBackendServiceIamPolicyArray) ToWebBackendServiceIamPolicyArrayOutputWithContext ¶
func (i WebBackendServiceIamPolicyArray) ToWebBackendServiceIamPolicyArrayOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyArrayOutput
type WebBackendServiceIamPolicyArrayInput ¶
type WebBackendServiceIamPolicyArrayInput interface { pulumi.Input ToWebBackendServiceIamPolicyArrayOutput() WebBackendServiceIamPolicyArrayOutput ToWebBackendServiceIamPolicyArrayOutputWithContext(context.Context) WebBackendServiceIamPolicyArrayOutput }
WebBackendServiceIamPolicyArrayInput is an input type that accepts WebBackendServiceIamPolicyArray and WebBackendServiceIamPolicyArrayOutput values. You can construct a concrete instance of `WebBackendServiceIamPolicyArrayInput` via:
WebBackendServiceIamPolicyArray{ WebBackendServiceIamPolicyArgs{...} }
type WebBackendServiceIamPolicyArrayOutput ¶
type WebBackendServiceIamPolicyArrayOutput struct{ *pulumi.OutputState }
func (WebBackendServiceIamPolicyArrayOutput) ElementType ¶
func (WebBackendServiceIamPolicyArrayOutput) ElementType() reflect.Type
func (WebBackendServiceIamPolicyArrayOutput) Index ¶
func (o WebBackendServiceIamPolicyArrayOutput) Index(i pulumi.IntInput) WebBackendServiceIamPolicyOutput
func (WebBackendServiceIamPolicyArrayOutput) ToWebBackendServiceIamPolicyArrayOutput ¶
func (o WebBackendServiceIamPolicyArrayOutput) ToWebBackendServiceIamPolicyArrayOutput() WebBackendServiceIamPolicyArrayOutput
func (WebBackendServiceIamPolicyArrayOutput) ToWebBackendServiceIamPolicyArrayOutputWithContext ¶
func (o WebBackendServiceIamPolicyArrayOutput) ToWebBackendServiceIamPolicyArrayOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyArrayOutput
type WebBackendServiceIamPolicyInput ¶
type WebBackendServiceIamPolicyInput interface { pulumi.Input ToWebBackendServiceIamPolicyOutput() WebBackendServiceIamPolicyOutput ToWebBackendServiceIamPolicyOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyOutput }
type WebBackendServiceIamPolicyMap ¶
type WebBackendServiceIamPolicyMap map[string]WebBackendServiceIamPolicyInput
func (WebBackendServiceIamPolicyMap) ElementType ¶
func (WebBackendServiceIamPolicyMap) ElementType() reflect.Type
func (WebBackendServiceIamPolicyMap) ToWebBackendServiceIamPolicyMapOutput ¶
func (i WebBackendServiceIamPolicyMap) ToWebBackendServiceIamPolicyMapOutput() WebBackendServiceIamPolicyMapOutput
func (WebBackendServiceIamPolicyMap) ToWebBackendServiceIamPolicyMapOutputWithContext ¶
func (i WebBackendServiceIamPolicyMap) ToWebBackendServiceIamPolicyMapOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyMapOutput
type WebBackendServiceIamPolicyMapInput ¶
type WebBackendServiceIamPolicyMapInput interface { pulumi.Input ToWebBackendServiceIamPolicyMapOutput() WebBackendServiceIamPolicyMapOutput ToWebBackendServiceIamPolicyMapOutputWithContext(context.Context) WebBackendServiceIamPolicyMapOutput }
WebBackendServiceIamPolicyMapInput is an input type that accepts WebBackendServiceIamPolicyMap and WebBackendServiceIamPolicyMapOutput values. You can construct a concrete instance of `WebBackendServiceIamPolicyMapInput` via:
WebBackendServiceIamPolicyMap{ "key": WebBackendServiceIamPolicyArgs{...} }
type WebBackendServiceIamPolicyMapOutput ¶
type WebBackendServiceIamPolicyMapOutput struct{ *pulumi.OutputState }
func (WebBackendServiceIamPolicyMapOutput) ElementType ¶
func (WebBackendServiceIamPolicyMapOutput) ElementType() reflect.Type
func (WebBackendServiceIamPolicyMapOutput) MapIndex ¶
func (o WebBackendServiceIamPolicyMapOutput) MapIndex(k pulumi.StringInput) WebBackendServiceIamPolicyOutput
func (WebBackendServiceIamPolicyMapOutput) ToWebBackendServiceIamPolicyMapOutput ¶
func (o WebBackendServiceIamPolicyMapOutput) ToWebBackendServiceIamPolicyMapOutput() WebBackendServiceIamPolicyMapOutput
func (WebBackendServiceIamPolicyMapOutput) ToWebBackendServiceIamPolicyMapOutputWithContext ¶
func (o WebBackendServiceIamPolicyMapOutput) ToWebBackendServiceIamPolicyMapOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyMapOutput
type WebBackendServiceIamPolicyOutput ¶
type WebBackendServiceIamPolicyOutput struct{ *pulumi.OutputState }
func (WebBackendServiceIamPolicyOutput) ElementType ¶
func (WebBackendServiceIamPolicyOutput) ElementType() reflect.Type
func (WebBackendServiceIamPolicyOutput) Etag ¶ added in v6.23.0
func (o WebBackendServiceIamPolicyOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (WebBackendServiceIamPolicyOutput) PolicyData ¶ added in v6.23.0
func (o WebBackendServiceIamPolicyOutput) PolicyData() pulumi.StringOutput
The policy data generated by a `organizations.getIAMPolicy` data source.
func (WebBackendServiceIamPolicyOutput) Project ¶ added in v6.23.0
func (o WebBackendServiceIamPolicyOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (WebBackendServiceIamPolicyOutput) ToWebBackendServiceIamPolicyOutput ¶
func (o WebBackendServiceIamPolicyOutput) ToWebBackendServiceIamPolicyOutput() WebBackendServiceIamPolicyOutput
func (WebBackendServiceIamPolicyOutput) ToWebBackendServiceIamPolicyOutputWithContext ¶
func (o WebBackendServiceIamPolicyOutput) ToWebBackendServiceIamPolicyOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyOutput
func (WebBackendServiceIamPolicyOutput) WebBackendService ¶ added in v6.23.0
func (o WebBackendServiceIamPolicyOutput) WebBackendService() pulumi.StringOutput
Used to find the parent resource to bind the IAM policy to
type WebBackendServiceIamPolicyState ¶
type WebBackendServiceIamPolicyState struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to WebBackendService pulumi.StringPtrInput }
func (WebBackendServiceIamPolicyState) ElementType ¶
func (WebBackendServiceIamPolicyState) ElementType() reflect.Type
type WebIamBinding ¶
type WebIamBinding struct { pulumi.CustomResourceState // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` Members pulumi.StringArrayOutput `pulumi:"members"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:
* `iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached. * `iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved. * `iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.WebIamPolicy`: Retrieves the IAM policy for the web
> **Note:** `iap.WebIamPolicy` **cannot** be used in conjunction with `iap.WebIamBinding` and `iap.WebIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebIamBinding` resources **can be** used in conjunction with `iap.WebIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_web\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &iap.WebIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), Condition: &iap.WebIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor "projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor "projects/{{project}}/iap_web roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor projects/{{project}}/iap_web
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebIamBinding ¶
func GetWebIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebIamBindingState, opts ...pulumi.ResourceOption) (*WebIamBinding, error)
GetWebIamBinding gets an existing WebIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebIamBinding ¶
func NewWebIamBinding(ctx *pulumi.Context, name string, args *WebIamBindingArgs, opts ...pulumi.ResourceOption) (*WebIamBinding, error)
NewWebIamBinding registers a new resource with the given unique name, arguments, and options.
func (*WebIamBinding) ElementType ¶
func (*WebIamBinding) ElementType() reflect.Type
func (*WebIamBinding) ToWebIamBindingOutput ¶
func (i *WebIamBinding) ToWebIamBindingOutput() WebIamBindingOutput
func (*WebIamBinding) ToWebIamBindingOutputWithContext ¶
func (i *WebIamBinding) ToWebIamBindingOutputWithContext(ctx context.Context) WebIamBindingOutput
type WebIamBindingArgs ¶
type WebIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebIamBindingConditionPtrInput Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput }
The set of arguments for constructing a WebIamBinding resource.
func (WebIamBindingArgs) ElementType ¶
func (WebIamBindingArgs) ElementType() reflect.Type
type WebIamBindingArray ¶
type WebIamBindingArray []WebIamBindingInput
func (WebIamBindingArray) ElementType ¶
func (WebIamBindingArray) ElementType() reflect.Type
func (WebIamBindingArray) ToWebIamBindingArrayOutput ¶
func (i WebIamBindingArray) ToWebIamBindingArrayOutput() WebIamBindingArrayOutput
func (WebIamBindingArray) ToWebIamBindingArrayOutputWithContext ¶
func (i WebIamBindingArray) ToWebIamBindingArrayOutputWithContext(ctx context.Context) WebIamBindingArrayOutput
type WebIamBindingArrayInput ¶
type WebIamBindingArrayInput interface { pulumi.Input ToWebIamBindingArrayOutput() WebIamBindingArrayOutput ToWebIamBindingArrayOutputWithContext(context.Context) WebIamBindingArrayOutput }
WebIamBindingArrayInput is an input type that accepts WebIamBindingArray and WebIamBindingArrayOutput values. You can construct a concrete instance of `WebIamBindingArrayInput` via:
WebIamBindingArray{ WebIamBindingArgs{...} }
type WebIamBindingArrayOutput ¶
type WebIamBindingArrayOutput struct{ *pulumi.OutputState }
func (WebIamBindingArrayOutput) ElementType ¶
func (WebIamBindingArrayOutput) ElementType() reflect.Type
func (WebIamBindingArrayOutput) Index ¶
func (o WebIamBindingArrayOutput) Index(i pulumi.IntInput) WebIamBindingOutput
func (WebIamBindingArrayOutput) ToWebIamBindingArrayOutput ¶
func (o WebIamBindingArrayOutput) ToWebIamBindingArrayOutput() WebIamBindingArrayOutput
func (WebIamBindingArrayOutput) ToWebIamBindingArrayOutputWithContext ¶
func (o WebIamBindingArrayOutput) ToWebIamBindingArrayOutputWithContext(ctx context.Context) WebIamBindingArrayOutput
type WebIamBindingCondition ¶
type WebIamBindingCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type WebIamBindingConditionArgs ¶
type WebIamBindingConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (WebIamBindingConditionArgs) ElementType ¶
func (WebIamBindingConditionArgs) ElementType() reflect.Type
func (WebIamBindingConditionArgs) ToWebIamBindingConditionOutput ¶
func (i WebIamBindingConditionArgs) ToWebIamBindingConditionOutput() WebIamBindingConditionOutput
func (WebIamBindingConditionArgs) ToWebIamBindingConditionOutputWithContext ¶
func (i WebIamBindingConditionArgs) ToWebIamBindingConditionOutputWithContext(ctx context.Context) WebIamBindingConditionOutput
func (WebIamBindingConditionArgs) ToWebIamBindingConditionPtrOutput ¶
func (i WebIamBindingConditionArgs) ToWebIamBindingConditionPtrOutput() WebIamBindingConditionPtrOutput
func (WebIamBindingConditionArgs) ToWebIamBindingConditionPtrOutputWithContext ¶
func (i WebIamBindingConditionArgs) ToWebIamBindingConditionPtrOutputWithContext(ctx context.Context) WebIamBindingConditionPtrOutput
type WebIamBindingConditionInput ¶
type WebIamBindingConditionInput interface { pulumi.Input ToWebIamBindingConditionOutput() WebIamBindingConditionOutput ToWebIamBindingConditionOutputWithContext(context.Context) WebIamBindingConditionOutput }
WebIamBindingConditionInput is an input type that accepts WebIamBindingConditionArgs and WebIamBindingConditionOutput values. You can construct a concrete instance of `WebIamBindingConditionInput` via:
WebIamBindingConditionArgs{...}
type WebIamBindingConditionOutput ¶
type WebIamBindingConditionOutput struct{ *pulumi.OutputState }
func (WebIamBindingConditionOutput) Description ¶
func (o WebIamBindingConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (WebIamBindingConditionOutput) ElementType ¶
func (WebIamBindingConditionOutput) ElementType() reflect.Type
func (WebIamBindingConditionOutput) Expression ¶
func (o WebIamBindingConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebIamBindingConditionOutput) Title ¶
func (o WebIamBindingConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebIamBindingConditionOutput) ToWebIamBindingConditionOutput ¶
func (o WebIamBindingConditionOutput) ToWebIamBindingConditionOutput() WebIamBindingConditionOutput
func (WebIamBindingConditionOutput) ToWebIamBindingConditionOutputWithContext ¶
func (o WebIamBindingConditionOutput) ToWebIamBindingConditionOutputWithContext(ctx context.Context) WebIamBindingConditionOutput
func (WebIamBindingConditionOutput) ToWebIamBindingConditionPtrOutput ¶
func (o WebIamBindingConditionOutput) ToWebIamBindingConditionPtrOutput() WebIamBindingConditionPtrOutput
func (WebIamBindingConditionOutput) ToWebIamBindingConditionPtrOutputWithContext ¶
func (o WebIamBindingConditionOutput) ToWebIamBindingConditionPtrOutputWithContext(ctx context.Context) WebIamBindingConditionPtrOutput
type WebIamBindingConditionPtrInput ¶
type WebIamBindingConditionPtrInput interface { pulumi.Input ToWebIamBindingConditionPtrOutput() WebIamBindingConditionPtrOutput ToWebIamBindingConditionPtrOutputWithContext(context.Context) WebIamBindingConditionPtrOutput }
WebIamBindingConditionPtrInput is an input type that accepts WebIamBindingConditionArgs, WebIamBindingConditionPtr and WebIamBindingConditionPtrOutput values. You can construct a concrete instance of `WebIamBindingConditionPtrInput` via:
WebIamBindingConditionArgs{...} or: nil
func WebIamBindingConditionPtr ¶
func WebIamBindingConditionPtr(v *WebIamBindingConditionArgs) WebIamBindingConditionPtrInput
type WebIamBindingConditionPtrOutput ¶
type WebIamBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (WebIamBindingConditionPtrOutput) Description ¶
func (o WebIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (WebIamBindingConditionPtrOutput) Elem ¶
func (o WebIamBindingConditionPtrOutput) Elem() WebIamBindingConditionOutput
func (WebIamBindingConditionPtrOutput) ElementType ¶
func (WebIamBindingConditionPtrOutput) ElementType() reflect.Type
func (WebIamBindingConditionPtrOutput) Expression ¶
func (o WebIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebIamBindingConditionPtrOutput) Title ¶
func (o WebIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebIamBindingConditionPtrOutput) ToWebIamBindingConditionPtrOutput ¶
func (o WebIamBindingConditionPtrOutput) ToWebIamBindingConditionPtrOutput() WebIamBindingConditionPtrOutput
func (WebIamBindingConditionPtrOutput) ToWebIamBindingConditionPtrOutputWithContext ¶
func (o WebIamBindingConditionPtrOutput) ToWebIamBindingConditionPtrOutputWithContext(ctx context.Context) WebIamBindingConditionPtrOutput
type WebIamBindingInput ¶
type WebIamBindingInput interface { pulumi.Input ToWebIamBindingOutput() WebIamBindingOutput ToWebIamBindingOutputWithContext(ctx context.Context) WebIamBindingOutput }
type WebIamBindingMap ¶
type WebIamBindingMap map[string]WebIamBindingInput
func (WebIamBindingMap) ElementType ¶
func (WebIamBindingMap) ElementType() reflect.Type
func (WebIamBindingMap) ToWebIamBindingMapOutput ¶
func (i WebIamBindingMap) ToWebIamBindingMapOutput() WebIamBindingMapOutput
func (WebIamBindingMap) ToWebIamBindingMapOutputWithContext ¶
func (i WebIamBindingMap) ToWebIamBindingMapOutputWithContext(ctx context.Context) WebIamBindingMapOutput
type WebIamBindingMapInput ¶
type WebIamBindingMapInput interface { pulumi.Input ToWebIamBindingMapOutput() WebIamBindingMapOutput ToWebIamBindingMapOutputWithContext(context.Context) WebIamBindingMapOutput }
WebIamBindingMapInput is an input type that accepts WebIamBindingMap and WebIamBindingMapOutput values. You can construct a concrete instance of `WebIamBindingMapInput` via:
WebIamBindingMap{ "key": WebIamBindingArgs{...} }
type WebIamBindingMapOutput ¶
type WebIamBindingMapOutput struct{ *pulumi.OutputState }
func (WebIamBindingMapOutput) ElementType ¶
func (WebIamBindingMapOutput) ElementType() reflect.Type
func (WebIamBindingMapOutput) MapIndex ¶
func (o WebIamBindingMapOutput) MapIndex(k pulumi.StringInput) WebIamBindingOutput
func (WebIamBindingMapOutput) ToWebIamBindingMapOutput ¶
func (o WebIamBindingMapOutput) ToWebIamBindingMapOutput() WebIamBindingMapOutput
func (WebIamBindingMapOutput) ToWebIamBindingMapOutputWithContext ¶
func (o WebIamBindingMapOutput) ToWebIamBindingMapOutputWithContext(ctx context.Context) WebIamBindingMapOutput
type WebIamBindingOutput ¶
type WebIamBindingOutput struct{ *pulumi.OutputState }
func (WebIamBindingOutput) Condition ¶ added in v6.23.0
func (o WebIamBindingOutput) Condition() WebIamBindingConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (WebIamBindingOutput) ElementType ¶
func (WebIamBindingOutput) ElementType() reflect.Type
func (WebIamBindingOutput) Etag ¶ added in v6.23.0
func (o WebIamBindingOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (WebIamBindingOutput) Members ¶ added in v6.23.0
func (o WebIamBindingOutput) Members() pulumi.StringArrayOutput
func (WebIamBindingOutput) Project ¶ added in v6.23.0
func (o WebIamBindingOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (WebIamBindingOutput) Role ¶ added in v6.23.0
func (o WebIamBindingOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (WebIamBindingOutput) ToWebIamBindingOutput ¶
func (o WebIamBindingOutput) ToWebIamBindingOutput() WebIamBindingOutput
func (WebIamBindingOutput) ToWebIamBindingOutputWithContext ¶
func (o WebIamBindingOutput) ToWebIamBindingOutputWithContext(ctx context.Context) WebIamBindingOutput
type WebIamBindingState ¶
type WebIamBindingState struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput }
func (WebIamBindingState) ElementType ¶
func (WebIamBindingState) ElementType() reflect.Type
type WebIamMember ¶
type WebIamMember struct { pulumi.CustomResourceState // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` Member pulumi.StringOutput `pulumi:"member"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:
* `iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached. * `iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved. * `iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.WebIamPolicy`: Retrieves the IAM policy for the web
> **Note:** `iap.WebIamPolicy` **cannot** be used in conjunction with `iap.WebIamBinding` and `iap.WebIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebIamBinding` resources **can be** used in conjunction with `iap.WebIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_web\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &iap.WebIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), Condition: &iap.WebIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webIamMember:WebIamMember editor "projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webIamMember:WebIamMember editor "projects/{{project}}/iap_web roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webIamMember:WebIamMember editor projects/{{project}}/iap_web
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebIamMember ¶
func GetWebIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebIamMemberState, opts ...pulumi.ResourceOption) (*WebIamMember, error)
GetWebIamMember gets an existing WebIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebIamMember ¶
func NewWebIamMember(ctx *pulumi.Context, name string, args *WebIamMemberArgs, opts ...pulumi.ResourceOption) (*WebIamMember, error)
NewWebIamMember registers a new resource with the given unique name, arguments, and options.
func (*WebIamMember) ElementType ¶
func (*WebIamMember) ElementType() reflect.Type
func (*WebIamMember) ToWebIamMemberOutput ¶
func (i *WebIamMember) ToWebIamMemberOutput() WebIamMemberOutput
func (*WebIamMember) ToWebIamMemberOutputWithContext ¶
func (i *WebIamMember) ToWebIamMemberOutputWithContext(ctx context.Context) WebIamMemberOutput
type WebIamMemberArgs ¶
type WebIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebIamMemberConditionPtrInput Member pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput }
The set of arguments for constructing a WebIamMember resource.
func (WebIamMemberArgs) ElementType ¶
func (WebIamMemberArgs) ElementType() reflect.Type
type WebIamMemberArray ¶
type WebIamMemberArray []WebIamMemberInput
func (WebIamMemberArray) ElementType ¶
func (WebIamMemberArray) ElementType() reflect.Type
func (WebIamMemberArray) ToWebIamMemberArrayOutput ¶
func (i WebIamMemberArray) ToWebIamMemberArrayOutput() WebIamMemberArrayOutput
func (WebIamMemberArray) ToWebIamMemberArrayOutputWithContext ¶
func (i WebIamMemberArray) ToWebIamMemberArrayOutputWithContext(ctx context.Context) WebIamMemberArrayOutput
type WebIamMemberArrayInput ¶
type WebIamMemberArrayInput interface { pulumi.Input ToWebIamMemberArrayOutput() WebIamMemberArrayOutput ToWebIamMemberArrayOutputWithContext(context.Context) WebIamMemberArrayOutput }
WebIamMemberArrayInput is an input type that accepts WebIamMemberArray and WebIamMemberArrayOutput values. You can construct a concrete instance of `WebIamMemberArrayInput` via:
WebIamMemberArray{ WebIamMemberArgs{...} }
type WebIamMemberArrayOutput ¶
type WebIamMemberArrayOutput struct{ *pulumi.OutputState }
func (WebIamMemberArrayOutput) ElementType ¶
func (WebIamMemberArrayOutput) ElementType() reflect.Type
func (WebIamMemberArrayOutput) Index ¶
func (o WebIamMemberArrayOutput) Index(i pulumi.IntInput) WebIamMemberOutput
func (WebIamMemberArrayOutput) ToWebIamMemberArrayOutput ¶
func (o WebIamMemberArrayOutput) ToWebIamMemberArrayOutput() WebIamMemberArrayOutput
func (WebIamMemberArrayOutput) ToWebIamMemberArrayOutputWithContext ¶
func (o WebIamMemberArrayOutput) ToWebIamMemberArrayOutputWithContext(ctx context.Context) WebIamMemberArrayOutput
type WebIamMemberCondition ¶
type WebIamMemberCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type WebIamMemberConditionArgs ¶
type WebIamMemberConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (WebIamMemberConditionArgs) ElementType ¶
func (WebIamMemberConditionArgs) ElementType() reflect.Type
func (WebIamMemberConditionArgs) ToWebIamMemberConditionOutput ¶
func (i WebIamMemberConditionArgs) ToWebIamMemberConditionOutput() WebIamMemberConditionOutput
func (WebIamMemberConditionArgs) ToWebIamMemberConditionOutputWithContext ¶
func (i WebIamMemberConditionArgs) ToWebIamMemberConditionOutputWithContext(ctx context.Context) WebIamMemberConditionOutput
func (WebIamMemberConditionArgs) ToWebIamMemberConditionPtrOutput ¶
func (i WebIamMemberConditionArgs) ToWebIamMemberConditionPtrOutput() WebIamMemberConditionPtrOutput
func (WebIamMemberConditionArgs) ToWebIamMemberConditionPtrOutputWithContext ¶
func (i WebIamMemberConditionArgs) ToWebIamMemberConditionPtrOutputWithContext(ctx context.Context) WebIamMemberConditionPtrOutput
type WebIamMemberConditionInput ¶
type WebIamMemberConditionInput interface { pulumi.Input ToWebIamMemberConditionOutput() WebIamMemberConditionOutput ToWebIamMemberConditionOutputWithContext(context.Context) WebIamMemberConditionOutput }
WebIamMemberConditionInput is an input type that accepts WebIamMemberConditionArgs and WebIamMemberConditionOutput values. You can construct a concrete instance of `WebIamMemberConditionInput` via:
WebIamMemberConditionArgs{...}
type WebIamMemberConditionOutput ¶
type WebIamMemberConditionOutput struct{ *pulumi.OutputState }
func (WebIamMemberConditionOutput) Description ¶
func (o WebIamMemberConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (WebIamMemberConditionOutput) ElementType ¶
func (WebIamMemberConditionOutput) ElementType() reflect.Type
func (WebIamMemberConditionOutput) Expression ¶
func (o WebIamMemberConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebIamMemberConditionOutput) Title ¶
func (o WebIamMemberConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebIamMemberConditionOutput) ToWebIamMemberConditionOutput ¶
func (o WebIamMemberConditionOutput) ToWebIamMemberConditionOutput() WebIamMemberConditionOutput
func (WebIamMemberConditionOutput) ToWebIamMemberConditionOutputWithContext ¶
func (o WebIamMemberConditionOutput) ToWebIamMemberConditionOutputWithContext(ctx context.Context) WebIamMemberConditionOutput
func (WebIamMemberConditionOutput) ToWebIamMemberConditionPtrOutput ¶
func (o WebIamMemberConditionOutput) ToWebIamMemberConditionPtrOutput() WebIamMemberConditionPtrOutput
func (WebIamMemberConditionOutput) ToWebIamMemberConditionPtrOutputWithContext ¶
func (o WebIamMemberConditionOutput) ToWebIamMemberConditionPtrOutputWithContext(ctx context.Context) WebIamMemberConditionPtrOutput
type WebIamMemberConditionPtrInput ¶
type WebIamMemberConditionPtrInput interface { pulumi.Input ToWebIamMemberConditionPtrOutput() WebIamMemberConditionPtrOutput ToWebIamMemberConditionPtrOutputWithContext(context.Context) WebIamMemberConditionPtrOutput }
WebIamMemberConditionPtrInput is an input type that accepts WebIamMemberConditionArgs, WebIamMemberConditionPtr and WebIamMemberConditionPtrOutput values. You can construct a concrete instance of `WebIamMemberConditionPtrInput` via:
WebIamMemberConditionArgs{...} or: nil
func WebIamMemberConditionPtr ¶
func WebIamMemberConditionPtr(v *WebIamMemberConditionArgs) WebIamMemberConditionPtrInput
type WebIamMemberConditionPtrOutput ¶
type WebIamMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (WebIamMemberConditionPtrOutput) Description ¶
func (o WebIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (WebIamMemberConditionPtrOutput) Elem ¶
func (o WebIamMemberConditionPtrOutput) Elem() WebIamMemberConditionOutput
func (WebIamMemberConditionPtrOutput) ElementType ¶
func (WebIamMemberConditionPtrOutput) ElementType() reflect.Type
func (WebIamMemberConditionPtrOutput) Expression ¶
func (o WebIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebIamMemberConditionPtrOutput) Title ¶
func (o WebIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebIamMemberConditionPtrOutput) ToWebIamMemberConditionPtrOutput ¶
func (o WebIamMemberConditionPtrOutput) ToWebIamMemberConditionPtrOutput() WebIamMemberConditionPtrOutput
func (WebIamMemberConditionPtrOutput) ToWebIamMemberConditionPtrOutputWithContext ¶
func (o WebIamMemberConditionPtrOutput) ToWebIamMemberConditionPtrOutputWithContext(ctx context.Context) WebIamMemberConditionPtrOutput
type WebIamMemberInput ¶
type WebIamMemberInput interface { pulumi.Input ToWebIamMemberOutput() WebIamMemberOutput ToWebIamMemberOutputWithContext(ctx context.Context) WebIamMemberOutput }
type WebIamMemberMap ¶
type WebIamMemberMap map[string]WebIamMemberInput
func (WebIamMemberMap) ElementType ¶
func (WebIamMemberMap) ElementType() reflect.Type
func (WebIamMemberMap) ToWebIamMemberMapOutput ¶
func (i WebIamMemberMap) ToWebIamMemberMapOutput() WebIamMemberMapOutput
func (WebIamMemberMap) ToWebIamMemberMapOutputWithContext ¶
func (i WebIamMemberMap) ToWebIamMemberMapOutputWithContext(ctx context.Context) WebIamMemberMapOutput
type WebIamMemberMapInput ¶
type WebIamMemberMapInput interface { pulumi.Input ToWebIamMemberMapOutput() WebIamMemberMapOutput ToWebIamMemberMapOutputWithContext(context.Context) WebIamMemberMapOutput }
WebIamMemberMapInput is an input type that accepts WebIamMemberMap and WebIamMemberMapOutput values. You can construct a concrete instance of `WebIamMemberMapInput` via:
WebIamMemberMap{ "key": WebIamMemberArgs{...} }
type WebIamMemberMapOutput ¶
type WebIamMemberMapOutput struct{ *pulumi.OutputState }
func (WebIamMemberMapOutput) ElementType ¶
func (WebIamMemberMapOutput) ElementType() reflect.Type
func (WebIamMemberMapOutput) MapIndex ¶
func (o WebIamMemberMapOutput) MapIndex(k pulumi.StringInput) WebIamMemberOutput
func (WebIamMemberMapOutput) ToWebIamMemberMapOutput ¶
func (o WebIamMemberMapOutput) ToWebIamMemberMapOutput() WebIamMemberMapOutput
func (WebIamMemberMapOutput) ToWebIamMemberMapOutputWithContext ¶
func (o WebIamMemberMapOutput) ToWebIamMemberMapOutputWithContext(ctx context.Context) WebIamMemberMapOutput
type WebIamMemberOutput ¶
type WebIamMemberOutput struct{ *pulumi.OutputState }
func (WebIamMemberOutput) Condition ¶ added in v6.23.0
func (o WebIamMemberOutput) Condition() WebIamMemberConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (WebIamMemberOutput) ElementType ¶
func (WebIamMemberOutput) ElementType() reflect.Type
func (WebIamMemberOutput) Etag ¶ added in v6.23.0
func (o WebIamMemberOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (WebIamMemberOutput) Member ¶ added in v6.23.0
func (o WebIamMemberOutput) Member() pulumi.StringOutput
func (WebIamMemberOutput) Project ¶ added in v6.23.0
func (o WebIamMemberOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (WebIamMemberOutput) Role ¶ added in v6.23.0
func (o WebIamMemberOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (WebIamMemberOutput) ToWebIamMemberOutput ¶
func (o WebIamMemberOutput) ToWebIamMemberOutput() WebIamMemberOutput
func (WebIamMemberOutput) ToWebIamMemberOutputWithContext ¶
func (o WebIamMemberOutput) ToWebIamMemberOutputWithContext(ctx context.Context) WebIamMemberOutput
type WebIamMemberState ¶
type WebIamMemberState struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput Member pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput }
func (WebIamMemberState) ElementType ¶
func (WebIamMemberState) ElementType() reflect.Type
type WebIamPolicy ¶
type WebIamPolicy struct { pulumi.CustomResourceState // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:
* `iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached. * `iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved. * `iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.WebIamPolicy`: Retrieves the IAM policy for the web
> **Note:** `iap.WebIamPolicy` **cannot** be used in conjunction with `iap.WebIamBinding` and `iap.WebIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebIamBinding` resources **can be** used in conjunction with `iap.WebIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_web\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &iap.WebIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), Condition: &iap.WebIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor "projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor "projects/{{project}}/iap_web roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor projects/{{project}}/iap_web
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebIamPolicy ¶
func GetWebIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebIamPolicyState, opts ...pulumi.ResourceOption) (*WebIamPolicy, error)
GetWebIamPolicy gets an existing WebIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebIamPolicy ¶
func NewWebIamPolicy(ctx *pulumi.Context, name string, args *WebIamPolicyArgs, opts ...pulumi.ResourceOption) (*WebIamPolicy, error)
NewWebIamPolicy registers a new resource with the given unique name, arguments, and options.
func (*WebIamPolicy) ElementType ¶
func (*WebIamPolicy) ElementType() reflect.Type
func (*WebIamPolicy) ToWebIamPolicyOutput ¶
func (i *WebIamPolicy) ToWebIamPolicyOutput() WebIamPolicyOutput
func (*WebIamPolicy) ToWebIamPolicyOutputWithContext ¶
func (i *WebIamPolicy) ToWebIamPolicyOutputWithContext(ctx context.Context) WebIamPolicyOutput
type WebIamPolicyArgs ¶
type WebIamPolicyArgs struct { // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput }
The set of arguments for constructing a WebIamPolicy resource.
func (WebIamPolicyArgs) ElementType ¶
func (WebIamPolicyArgs) ElementType() reflect.Type
type WebIamPolicyArray ¶
type WebIamPolicyArray []WebIamPolicyInput
func (WebIamPolicyArray) ElementType ¶
func (WebIamPolicyArray) ElementType() reflect.Type
func (WebIamPolicyArray) ToWebIamPolicyArrayOutput ¶
func (i WebIamPolicyArray) ToWebIamPolicyArrayOutput() WebIamPolicyArrayOutput
func (WebIamPolicyArray) ToWebIamPolicyArrayOutputWithContext ¶
func (i WebIamPolicyArray) ToWebIamPolicyArrayOutputWithContext(ctx context.Context) WebIamPolicyArrayOutput
type WebIamPolicyArrayInput ¶
type WebIamPolicyArrayInput interface { pulumi.Input ToWebIamPolicyArrayOutput() WebIamPolicyArrayOutput ToWebIamPolicyArrayOutputWithContext(context.Context) WebIamPolicyArrayOutput }
WebIamPolicyArrayInput is an input type that accepts WebIamPolicyArray and WebIamPolicyArrayOutput values. You can construct a concrete instance of `WebIamPolicyArrayInput` via:
WebIamPolicyArray{ WebIamPolicyArgs{...} }
type WebIamPolicyArrayOutput ¶
type WebIamPolicyArrayOutput struct{ *pulumi.OutputState }
func (WebIamPolicyArrayOutput) ElementType ¶
func (WebIamPolicyArrayOutput) ElementType() reflect.Type
func (WebIamPolicyArrayOutput) Index ¶
func (o WebIamPolicyArrayOutput) Index(i pulumi.IntInput) WebIamPolicyOutput
func (WebIamPolicyArrayOutput) ToWebIamPolicyArrayOutput ¶
func (o WebIamPolicyArrayOutput) ToWebIamPolicyArrayOutput() WebIamPolicyArrayOutput
func (WebIamPolicyArrayOutput) ToWebIamPolicyArrayOutputWithContext ¶
func (o WebIamPolicyArrayOutput) ToWebIamPolicyArrayOutputWithContext(ctx context.Context) WebIamPolicyArrayOutput
type WebIamPolicyInput ¶
type WebIamPolicyInput interface { pulumi.Input ToWebIamPolicyOutput() WebIamPolicyOutput ToWebIamPolicyOutputWithContext(ctx context.Context) WebIamPolicyOutput }
type WebIamPolicyMap ¶
type WebIamPolicyMap map[string]WebIamPolicyInput
func (WebIamPolicyMap) ElementType ¶
func (WebIamPolicyMap) ElementType() reflect.Type
func (WebIamPolicyMap) ToWebIamPolicyMapOutput ¶
func (i WebIamPolicyMap) ToWebIamPolicyMapOutput() WebIamPolicyMapOutput
func (WebIamPolicyMap) ToWebIamPolicyMapOutputWithContext ¶
func (i WebIamPolicyMap) ToWebIamPolicyMapOutputWithContext(ctx context.Context) WebIamPolicyMapOutput
type WebIamPolicyMapInput ¶
type WebIamPolicyMapInput interface { pulumi.Input ToWebIamPolicyMapOutput() WebIamPolicyMapOutput ToWebIamPolicyMapOutputWithContext(context.Context) WebIamPolicyMapOutput }
WebIamPolicyMapInput is an input type that accepts WebIamPolicyMap and WebIamPolicyMapOutput values. You can construct a concrete instance of `WebIamPolicyMapInput` via:
WebIamPolicyMap{ "key": WebIamPolicyArgs{...} }
type WebIamPolicyMapOutput ¶
type WebIamPolicyMapOutput struct{ *pulumi.OutputState }
func (WebIamPolicyMapOutput) ElementType ¶
func (WebIamPolicyMapOutput) ElementType() reflect.Type
func (WebIamPolicyMapOutput) MapIndex ¶
func (o WebIamPolicyMapOutput) MapIndex(k pulumi.StringInput) WebIamPolicyOutput
func (WebIamPolicyMapOutput) ToWebIamPolicyMapOutput ¶
func (o WebIamPolicyMapOutput) ToWebIamPolicyMapOutput() WebIamPolicyMapOutput
func (WebIamPolicyMapOutput) ToWebIamPolicyMapOutputWithContext ¶
func (o WebIamPolicyMapOutput) ToWebIamPolicyMapOutputWithContext(ctx context.Context) WebIamPolicyMapOutput
type WebIamPolicyOutput ¶
type WebIamPolicyOutput struct{ *pulumi.OutputState }
func (WebIamPolicyOutput) ElementType ¶
func (WebIamPolicyOutput) ElementType() reflect.Type
func (WebIamPolicyOutput) Etag ¶ added in v6.23.0
func (o WebIamPolicyOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (WebIamPolicyOutput) PolicyData ¶ added in v6.23.0
func (o WebIamPolicyOutput) PolicyData() pulumi.StringOutput
The policy data generated by a `organizations.getIAMPolicy` data source.
func (WebIamPolicyOutput) Project ¶ added in v6.23.0
func (o WebIamPolicyOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (WebIamPolicyOutput) ToWebIamPolicyOutput ¶
func (o WebIamPolicyOutput) ToWebIamPolicyOutput() WebIamPolicyOutput
func (WebIamPolicyOutput) ToWebIamPolicyOutputWithContext ¶
func (o WebIamPolicyOutput) ToWebIamPolicyOutputWithContext(ctx context.Context) WebIamPolicyOutput
type WebIamPolicyState ¶
type WebIamPolicyState struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput }
func (WebIamPolicyState) ElementType ¶
func (WebIamPolicyState) ElementType() reflect.Type
type WebTypeAppEngingIamBinding ¶
type WebTypeAppEngingIamBinding struct { pulumi.CustomResourceState // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringOutput `pulumi:"appId"` // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebTypeAppEngingIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` Members pulumi.StringArrayOutput `pulumi:"members"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:
* `iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached. * `iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved. * `iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine
> **Note:** `iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `iap.WebTypeAppEngingIamBinding` and `iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_web\_type\_app\_engine\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{ Project: pulumi.Any(google_app_engine_application.App.Project), AppId: pulumi.Any(google_app_engine_application.App.App_id), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{ Project: pulumi.Any(google_app_engine_application.App.Project), AppId: pulumi.Any(google_app_engine_application.App.App_id), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_type\_app\_engine\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{ Project: pulumi.Any(google_app_engine_application.App.Project), AppId: pulumi.Any(google_app_engine_application.App.App_id), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{ Project: pulumi.Any(google_app_engine_application.App.Project), AppId: pulumi.Any(google_app_engine_application.App.App_id), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &iap.WebTypeAppEngingIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_type\_app\_engine\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{ Project: pulumi.Any(google_app_engine_application.App.Project), AppId: pulumi.Any(google_app_engine_application.App.App_id), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{ Project: pulumi.Any(google_app_engine_application.App.Project), AppId: pulumi.Any(google_app_engine_application.App.App_id), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), Condition: &iap.WebTypeAppEngingIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}} * {{project}}/{{appId}} * {{appId}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor "projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor "projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebTypeAppEngingIamBinding ¶
func GetWebTypeAppEngingIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebTypeAppEngingIamBindingState, opts ...pulumi.ResourceOption) (*WebTypeAppEngingIamBinding, error)
GetWebTypeAppEngingIamBinding gets an existing WebTypeAppEngingIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebTypeAppEngingIamBinding ¶
func NewWebTypeAppEngingIamBinding(ctx *pulumi.Context, name string, args *WebTypeAppEngingIamBindingArgs, opts ...pulumi.ResourceOption) (*WebTypeAppEngingIamBinding, error)
NewWebTypeAppEngingIamBinding registers a new resource with the given unique name, arguments, and options.
func (*WebTypeAppEngingIamBinding) ElementType ¶
func (*WebTypeAppEngingIamBinding) ElementType() reflect.Type
func (*WebTypeAppEngingIamBinding) ToWebTypeAppEngingIamBindingOutput ¶
func (i *WebTypeAppEngingIamBinding) ToWebTypeAppEngingIamBindingOutput() WebTypeAppEngingIamBindingOutput
func (*WebTypeAppEngingIamBinding) ToWebTypeAppEngingIamBindingOutputWithContext ¶
func (i *WebTypeAppEngingIamBinding) ToWebTypeAppEngingIamBindingOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingOutput
type WebTypeAppEngingIamBindingArgs ¶
type WebTypeAppEngingIamBindingArgs struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringInput // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebTypeAppEngingIamBindingConditionPtrInput Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput }
The set of arguments for constructing a WebTypeAppEngingIamBinding resource.
func (WebTypeAppEngingIamBindingArgs) ElementType ¶
func (WebTypeAppEngingIamBindingArgs) ElementType() reflect.Type
type WebTypeAppEngingIamBindingArray ¶
type WebTypeAppEngingIamBindingArray []WebTypeAppEngingIamBindingInput
func (WebTypeAppEngingIamBindingArray) ElementType ¶
func (WebTypeAppEngingIamBindingArray) ElementType() reflect.Type
func (WebTypeAppEngingIamBindingArray) ToWebTypeAppEngingIamBindingArrayOutput ¶
func (i WebTypeAppEngingIamBindingArray) ToWebTypeAppEngingIamBindingArrayOutput() WebTypeAppEngingIamBindingArrayOutput
func (WebTypeAppEngingIamBindingArray) ToWebTypeAppEngingIamBindingArrayOutputWithContext ¶
func (i WebTypeAppEngingIamBindingArray) ToWebTypeAppEngingIamBindingArrayOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingArrayOutput
type WebTypeAppEngingIamBindingArrayInput ¶
type WebTypeAppEngingIamBindingArrayInput interface { pulumi.Input ToWebTypeAppEngingIamBindingArrayOutput() WebTypeAppEngingIamBindingArrayOutput ToWebTypeAppEngingIamBindingArrayOutputWithContext(context.Context) WebTypeAppEngingIamBindingArrayOutput }
WebTypeAppEngingIamBindingArrayInput is an input type that accepts WebTypeAppEngingIamBindingArray and WebTypeAppEngingIamBindingArrayOutput values. You can construct a concrete instance of `WebTypeAppEngingIamBindingArrayInput` via:
WebTypeAppEngingIamBindingArray{ WebTypeAppEngingIamBindingArgs{...} }
type WebTypeAppEngingIamBindingArrayOutput ¶
type WebTypeAppEngingIamBindingArrayOutput struct{ *pulumi.OutputState }
func (WebTypeAppEngingIamBindingArrayOutput) ElementType ¶
func (WebTypeAppEngingIamBindingArrayOutput) ElementType() reflect.Type
func (WebTypeAppEngingIamBindingArrayOutput) Index ¶
func (o WebTypeAppEngingIamBindingArrayOutput) Index(i pulumi.IntInput) WebTypeAppEngingIamBindingOutput
func (WebTypeAppEngingIamBindingArrayOutput) ToWebTypeAppEngingIamBindingArrayOutput ¶
func (o WebTypeAppEngingIamBindingArrayOutput) ToWebTypeAppEngingIamBindingArrayOutput() WebTypeAppEngingIamBindingArrayOutput
func (WebTypeAppEngingIamBindingArrayOutput) ToWebTypeAppEngingIamBindingArrayOutputWithContext ¶
func (o WebTypeAppEngingIamBindingArrayOutput) ToWebTypeAppEngingIamBindingArrayOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingArrayOutput
type WebTypeAppEngingIamBindingCondition ¶
type WebTypeAppEngingIamBindingCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type WebTypeAppEngingIamBindingConditionArgs ¶
type WebTypeAppEngingIamBindingConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (WebTypeAppEngingIamBindingConditionArgs) ElementType ¶
func (WebTypeAppEngingIamBindingConditionArgs) ElementType() reflect.Type
func (WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionOutput ¶
func (i WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionOutput() WebTypeAppEngingIamBindingConditionOutput
func (WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionOutputWithContext ¶
func (i WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionOutput
func (WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionPtrOutput ¶
func (i WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionPtrOutput() WebTypeAppEngingIamBindingConditionPtrOutput
func (WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext ¶
func (i WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionPtrOutput
type WebTypeAppEngingIamBindingConditionInput ¶
type WebTypeAppEngingIamBindingConditionInput interface { pulumi.Input ToWebTypeAppEngingIamBindingConditionOutput() WebTypeAppEngingIamBindingConditionOutput ToWebTypeAppEngingIamBindingConditionOutputWithContext(context.Context) WebTypeAppEngingIamBindingConditionOutput }
WebTypeAppEngingIamBindingConditionInput is an input type that accepts WebTypeAppEngingIamBindingConditionArgs and WebTypeAppEngingIamBindingConditionOutput values. You can construct a concrete instance of `WebTypeAppEngingIamBindingConditionInput` via:
WebTypeAppEngingIamBindingConditionArgs{...}
type WebTypeAppEngingIamBindingConditionOutput ¶
type WebTypeAppEngingIamBindingConditionOutput struct{ *pulumi.OutputState }
func (WebTypeAppEngingIamBindingConditionOutput) Description ¶
func (o WebTypeAppEngingIamBindingConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (WebTypeAppEngingIamBindingConditionOutput) ElementType ¶
func (WebTypeAppEngingIamBindingConditionOutput) ElementType() reflect.Type
func (WebTypeAppEngingIamBindingConditionOutput) Expression ¶
func (o WebTypeAppEngingIamBindingConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebTypeAppEngingIamBindingConditionOutput) Title ¶
func (o WebTypeAppEngingIamBindingConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionOutput ¶
func (o WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionOutput() WebTypeAppEngingIamBindingConditionOutput
func (WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionOutputWithContext ¶
func (o WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionOutput
func (WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionPtrOutput ¶
func (o WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionPtrOutput() WebTypeAppEngingIamBindingConditionPtrOutput
func (WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext ¶
func (o WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionPtrOutput
type WebTypeAppEngingIamBindingConditionPtrInput ¶
type WebTypeAppEngingIamBindingConditionPtrInput interface { pulumi.Input ToWebTypeAppEngingIamBindingConditionPtrOutput() WebTypeAppEngingIamBindingConditionPtrOutput ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext(context.Context) WebTypeAppEngingIamBindingConditionPtrOutput }
WebTypeAppEngingIamBindingConditionPtrInput is an input type that accepts WebTypeAppEngingIamBindingConditionArgs, WebTypeAppEngingIamBindingConditionPtr and WebTypeAppEngingIamBindingConditionPtrOutput values. You can construct a concrete instance of `WebTypeAppEngingIamBindingConditionPtrInput` via:
WebTypeAppEngingIamBindingConditionArgs{...} or: nil
func WebTypeAppEngingIamBindingConditionPtr ¶
func WebTypeAppEngingIamBindingConditionPtr(v *WebTypeAppEngingIamBindingConditionArgs) WebTypeAppEngingIamBindingConditionPtrInput
type WebTypeAppEngingIamBindingConditionPtrOutput ¶
type WebTypeAppEngingIamBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (WebTypeAppEngingIamBindingConditionPtrOutput) Description ¶
func (o WebTypeAppEngingIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (WebTypeAppEngingIamBindingConditionPtrOutput) ElementType ¶
func (WebTypeAppEngingIamBindingConditionPtrOutput) ElementType() reflect.Type
func (WebTypeAppEngingIamBindingConditionPtrOutput) Expression ¶
func (o WebTypeAppEngingIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebTypeAppEngingIamBindingConditionPtrOutput) Title ¶
func (o WebTypeAppEngingIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebTypeAppEngingIamBindingConditionPtrOutput) ToWebTypeAppEngingIamBindingConditionPtrOutput ¶
func (o WebTypeAppEngingIamBindingConditionPtrOutput) ToWebTypeAppEngingIamBindingConditionPtrOutput() WebTypeAppEngingIamBindingConditionPtrOutput
func (WebTypeAppEngingIamBindingConditionPtrOutput) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext ¶
func (o WebTypeAppEngingIamBindingConditionPtrOutput) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionPtrOutput
type WebTypeAppEngingIamBindingInput ¶
type WebTypeAppEngingIamBindingInput interface { pulumi.Input ToWebTypeAppEngingIamBindingOutput() WebTypeAppEngingIamBindingOutput ToWebTypeAppEngingIamBindingOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingOutput }
type WebTypeAppEngingIamBindingMap ¶
type WebTypeAppEngingIamBindingMap map[string]WebTypeAppEngingIamBindingInput
func (WebTypeAppEngingIamBindingMap) ElementType ¶
func (WebTypeAppEngingIamBindingMap) ElementType() reflect.Type
func (WebTypeAppEngingIamBindingMap) ToWebTypeAppEngingIamBindingMapOutput ¶
func (i WebTypeAppEngingIamBindingMap) ToWebTypeAppEngingIamBindingMapOutput() WebTypeAppEngingIamBindingMapOutput
func (WebTypeAppEngingIamBindingMap) ToWebTypeAppEngingIamBindingMapOutputWithContext ¶
func (i WebTypeAppEngingIamBindingMap) ToWebTypeAppEngingIamBindingMapOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingMapOutput
type WebTypeAppEngingIamBindingMapInput ¶
type WebTypeAppEngingIamBindingMapInput interface { pulumi.Input ToWebTypeAppEngingIamBindingMapOutput() WebTypeAppEngingIamBindingMapOutput ToWebTypeAppEngingIamBindingMapOutputWithContext(context.Context) WebTypeAppEngingIamBindingMapOutput }
WebTypeAppEngingIamBindingMapInput is an input type that accepts WebTypeAppEngingIamBindingMap and WebTypeAppEngingIamBindingMapOutput values. You can construct a concrete instance of `WebTypeAppEngingIamBindingMapInput` via:
WebTypeAppEngingIamBindingMap{ "key": WebTypeAppEngingIamBindingArgs{...} }
type WebTypeAppEngingIamBindingMapOutput ¶
type WebTypeAppEngingIamBindingMapOutput struct{ *pulumi.OutputState }
func (WebTypeAppEngingIamBindingMapOutput) ElementType ¶
func (WebTypeAppEngingIamBindingMapOutput) ElementType() reflect.Type
func (WebTypeAppEngingIamBindingMapOutput) MapIndex ¶
func (o WebTypeAppEngingIamBindingMapOutput) MapIndex(k pulumi.StringInput) WebTypeAppEngingIamBindingOutput
func (WebTypeAppEngingIamBindingMapOutput) ToWebTypeAppEngingIamBindingMapOutput ¶
func (o WebTypeAppEngingIamBindingMapOutput) ToWebTypeAppEngingIamBindingMapOutput() WebTypeAppEngingIamBindingMapOutput
func (WebTypeAppEngingIamBindingMapOutput) ToWebTypeAppEngingIamBindingMapOutputWithContext ¶
func (o WebTypeAppEngingIamBindingMapOutput) ToWebTypeAppEngingIamBindingMapOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingMapOutput
type WebTypeAppEngingIamBindingOutput ¶
type WebTypeAppEngingIamBindingOutput struct{ *pulumi.OutputState }
func (WebTypeAppEngingIamBindingOutput) AppId ¶ added in v6.23.0
func (o WebTypeAppEngingIamBindingOutput) AppId() pulumi.StringOutput
Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
func (WebTypeAppEngingIamBindingOutput) Condition ¶ added in v6.23.0
func (o WebTypeAppEngingIamBindingOutput) Condition() WebTypeAppEngingIamBindingConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (WebTypeAppEngingIamBindingOutput) ElementType ¶
func (WebTypeAppEngingIamBindingOutput) ElementType() reflect.Type
func (WebTypeAppEngingIamBindingOutput) Etag ¶ added in v6.23.0
func (o WebTypeAppEngingIamBindingOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (WebTypeAppEngingIamBindingOutput) Members ¶ added in v6.23.0
func (o WebTypeAppEngingIamBindingOutput) Members() pulumi.StringArrayOutput
func (WebTypeAppEngingIamBindingOutput) Project ¶ added in v6.23.0
func (o WebTypeAppEngingIamBindingOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (WebTypeAppEngingIamBindingOutput) Role ¶ added in v6.23.0
func (o WebTypeAppEngingIamBindingOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (WebTypeAppEngingIamBindingOutput) ToWebTypeAppEngingIamBindingOutput ¶
func (o WebTypeAppEngingIamBindingOutput) ToWebTypeAppEngingIamBindingOutput() WebTypeAppEngingIamBindingOutput
func (WebTypeAppEngingIamBindingOutput) ToWebTypeAppEngingIamBindingOutputWithContext ¶
func (o WebTypeAppEngingIamBindingOutput) ToWebTypeAppEngingIamBindingOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingOutput
type WebTypeAppEngingIamBindingState ¶
type WebTypeAppEngingIamBindingState struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringPtrInput // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebTypeAppEngingIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput }
func (WebTypeAppEngingIamBindingState) ElementType ¶
func (WebTypeAppEngingIamBindingState) ElementType() reflect.Type
type WebTypeAppEngingIamMember ¶
type WebTypeAppEngingIamMember struct { pulumi.CustomResourceState // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringOutput `pulumi:"appId"` // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebTypeAppEngingIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` Member pulumi.StringOutput `pulumi:"member"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:
* `iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached. * `iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved. * `iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine
> **Note:** `iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `iap.WebTypeAppEngingIamBinding` and `iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_web\_type\_app\_engine\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{ Project: pulumi.Any(google_app_engine_application.App.Project), AppId: pulumi.Any(google_app_engine_application.App.App_id), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{ Project: pulumi.Any(google_app_engine_application.App.Project), AppId: pulumi.Any(google_app_engine_application.App.App_id), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_type\_app\_engine\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{ Project: pulumi.Any(google_app_engine_application.App.Project), AppId: pulumi.Any(google_app_engine_application.App.App_id), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{ Project: pulumi.Any(google_app_engine_application.App.Project), AppId: pulumi.Any(google_app_engine_application.App.App_id), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &iap.WebTypeAppEngingIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_type\_app\_engine\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{ Project: pulumi.Any(google_app_engine_application.App.Project), AppId: pulumi.Any(google_app_engine_application.App.App_id), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{ Project: pulumi.Any(google_app_engine_application.App.Project), AppId: pulumi.Any(google_app_engine_application.App.App_id), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), Condition: &iap.WebTypeAppEngingIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}} * {{project}}/{{appId}} * {{appId}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor "projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor "projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebTypeAppEngingIamMember ¶
func GetWebTypeAppEngingIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebTypeAppEngingIamMemberState, opts ...pulumi.ResourceOption) (*WebTypeAppEngingIamMember, error)
GetWebTypeAppEngingIamMember gets an existing WebTypeAppEngingIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebTypeAppEngingIamMember ¶
func NewWebTypeAppEngingIamMember(ctx *pulumi.Context, name string, args *WebTypeAppEngingIamMemberArgs, opts ...pulumi.ResourceOption) (*WebTypeAppEngingIamMember, error)
NewWebTypeAppEngingIamMember registers a new resource with the given unique name, arguments, and options.
func (*WebTypeAppEngingIamMember) ElementType ¶
func (*WebTypeAppEngingIamMember) ElementType() reflect.Type
func (*WebTypeAppEngingIamMember) ToWebTypeAppEngingIamMemberOutput ¶
func (i *WebTypeAppEngingIamMember) ToWebTypeAppEngingIamMemberOutput() WebTypeAppEngingIamMemberOutput
func (*WebTypeAppEngingIamMember) ToWebTypeAppEngingIamMemberOutputWithContext ¶
func (i *WebTypeAppEngingIamMember) ToWebTypeAppEngingIamMemberOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberOutput
type WebTypeAppEngingIamMemberArgs ¶
type WebTypeAppEngingIamMemberArgs struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringInput // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebTypeAppEngingIamMemberConditionPtrInput Member pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput }
The set of arguments for constructing a WebTypeAppEngingIamMember resource.
func (WebTypeAppEngingIamMemberArgs) ElementType ¶
func (WebTypeAppEngingIamMemberArgs) ElementType() reflect.Type
type WebTypeAppEngingIamMemberArray ¶
type WebTypeAppEngingIamMemberArray []WebTypeAppEngingIamMemberInput
func (WebTypeAppEngingIamMemberArray) ElementType ¶
func (WebTypeAppEngingIamMemberArray) ElementType() reflect.Type
func (WebTypeAppEngingIamMemberArray) ToWebTypeAppEngingIamMemberArrayOutput ¶
func (i WebTypeAppEngingIamMemberArray) ToWebTypeAppEngingIamMemberArrayOutput() WebTypeAppEngingIamMemberArrayOutput
func (WebTypeAppEngingIamMemberArray) ToWebTypeAppEngingIamMemberArrayOutputWithContext ¶
func (i WebTypeAppEngingIamMemberArray) ToWebTypeAppEngingIamMemberArrayOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberArrayOutput
type WebTypeAppEngingIamMemberArrayInput ¶
type WebTypeAppEngingIamMemberArrayInput interface { pulumi.Input ToWebTypeAppEngingIamMemberArrayOutput() WebTypeAppEngingIamMemberArrayOutput ToWebTypeAppEngingIamMemberArrayOutputWithContext(context.Context) WebTypeAppEngingIamMemberArrayOutput }
WebTypeAppEngingIamMemberArrayInput is an input type that accepts WebTypeAppEngingIamMemberArray and WebTypeAppEngingIamMemberArrayOutput values. You can construct a concrete instance of `WebTypeAppEngingIamMemberArrayInput` via:
WebTypeAppEngingIamMemberArray{ WebTypeAppEngingIamMemberArgs{...} }
type WebTypeAppEngingIamMemberArrayOutput ¶
type WebTypeAppEngingIamMemberArrayOutput struct{ *pulumi.OutputState }
func (WebTypeAppEngingIamMemberArrayOutput) ElementType ¶
func (WebTypeAppEngingIamMemberArrayOutput) ElementType() reflect.Type
func (WebTypeAppEngingIamMemberArrayOutput) Index ¶
func (o WebTypeAppEngingIamMemberArrayOutput) Index(i pulumi.IntInput) WebTypeAppEngingIamMemberOutput
func (WebTypeAppEngingIamMemberArrayOutput) ToWebTypeAppEngingIamMemberArrayOutput ¶
func (o WebTypeAppEngingIamMemberArrayOutput) ToWebTypeAppEngingIamMemberArrayOutput() WebTypeAppEngingIamMemberArrayOutput
func (WebTypeAppEngingIamMemberArrayOutput) ToWebTypeAppEngingIamMemberArrayOutputWithContext ¶
func (o WebTypeAppEngingIamMemberArrayOutput) ToWebTypeAppEngingIamMemberArrayOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberArrayOutput
type WebTypeAppEngingIamMemberCondition ¶
type WebTypeAppEngingIamMemberCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type WebTypeAppEngingIamMemberConditionArgs ¶
type WebTypeAppEngingIamMemberConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (WebTypeAppEngingIamMemberConditionArgs) ElementType ¶
func (WebTypeAppEngingIamMemberConditionArgs) ElementType() reflect.Type
func (WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionOutput ¶
func (i WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionOutput() WebTypeAppEngingIamMemberConditionOutput
func (WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionOutputWithContext ¶
func (i WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionOutput
func (WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionPtrOutput ¶
func (i WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionPtrOutput() WebTypeAppEngingIamMemberConditionPtrOutput
func (WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext ¶
func (i WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionPtrOutput
type WebTypeAppEngingIamMemberConditionInput ¶
type WebTypeAppEngingIamMemberConditionInput interface { pulumi.Input ToWebTypeAppEngingIamMemberConditionOutput() WebTypeAppEngingIamMemberConditionOutput ToWebTypeAppEngingIamMemberConditionOutputWithContext(context.Context) WebTypeAppEngingIamMemberConditionOutput }
WebTypeAppEngingIamMemberConditionInput is an input type that accepts WebTypeAppEngingIamMemberConditionArgs and WebTypeAppEngingIamMemberConditionOutput values. You can construct a concrete instance of `WebTypeAppEngingIamMemberConditionInput` via:
WebTypeAppEngingIamMemberConditionArgs{...}
type WebTypeAppEngingIamMemberConditionOutput ¶
type WebTypeAppEngingIamMemberConditionOutput struct{ *pulumi.OutputState }
func (WebTypeAppEngingIamMemberConditionOutput) Description ¶
func (o WebTypeAppEngingIamMemberConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (WebTypeAppEngingIamMemberConditionOutput) ElementType ¶
func (WebTypeAppEngingIamMemberConditionOutput) ElementType() reflect.Type
func (WebTypeAppEngingIamMemberConditionOutput) Expression ¶
func (o WebTypeAppEngingIamMemberConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebTypeAppEngingIamMemberConditionOutput) Title ¶
func (o WebTypeAppEngingIamMemberConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionOutput ¶
func (o WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionOutput() WebTypeAppEngingIamMemberConditionOutput
func (WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionOutputWithContext ¶
func (o WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionOutput
func (WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionPtrOutput ¶
func (o WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionPtrOutput() WebTypeAppEngingIamMemberConditionPtrOutput
func (WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext ¶
func (o WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionPtrOutput
type WebTypeAppEngingIamMemberConditionPtrInput ¶
type WebTypeAppEngingIamMemberConditionPtrInput interface { pulumi.Input ToWebTypeAppEngingIamMemberConditionPtrOutput() WebTypeAppEngingIamMemberConditionPtrOutput ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext(context.Context) WebTypeAppEngingIamMemberConditionPtrOutput }
WebTypeAppEngingIamMemberConditionPtrInput is an input type that accepts WebTypeAppEngingIamMemberConditionArgs, WebTypeAppEngingIamMemberConditionPtr and WebTypeAppEngingIamMemberConditionPtrOutput values. You can construct a concrete instance of `WebTypeAppEngingIamMemberConditionPtrInput` via:
WebTypeAppEngingIamMemberConditionArgs{...} or: nil
func WebTypeAppEngingIamMemberConditionPtr ¶
func WebTypeAppEngingIamMemberConditionPtr(v *WebTypeAppEngingIamMemberConditionArgs) WebTypeAppEngingIamMemberConditionPtrInput
type WebTypeAppEngingIamMemberConditionPtrOutput ¶
type WebTypeAppEngingIamMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (WebTypeAppEngingIamMemberConditionPtrOutput) Description ¶
func (o WebTypeAppEngingIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (WebTypeAppEngingIamMemberConditionPtrOutput) ElementType ¶
func (WebTypeAppEngingIamMemberConditionPtrOutput) ElementType() reflect.Type
func (WebTypeAppEngingIamMemberConditionPtrOutput) Expression ¶
func (o WebTypeAppEngingIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebTypeAppEngingIamMemberConditionPtrOutput) Title ¶
func (o WebTypeAppEngingIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebTypeAppEngingIamMemberConditionPtrOutput) ToWebTypeAppEngingIamMemberConditionPtrOutput ¶
func (o WebTypeAppEngingIamMemberConditionPtrOutput) ToWebTypeAppEngingIamMemberConditionPtrOutput() WebTypeAppEngingIamMemberConditionPtrOutput
func (WebTypeAppEngingIamMemberConditionPtrOutput) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext ¶
func (o WebTypeAppEngingIamMemberConditionPtrOutput) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionPtrOutput
type WebTypeAppEngingIamMemberInput ¶
type WebTypeAppEngingIamMemberInput interface { pulumi.Input ToWebTypeAppEngingIamMemberOutput() WebTypeAppEngingIamMemberOutput ToWebTypeAppEngingIamMemberOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberOutput }
type WebTypeAppEngingIamMemberMap ¶
type WebTypeAppEngingIamMemberMap map[string]WebTypeAppEngingIamMemberInput
func (WebTypeAppEngingIamMemberMap) ElementType ¶
func (WebTypeAppEngingIamMemberMap) ElementType() reflect.Type
func (WebTypeAppEngingIamMemberMap) ToWebTypeAppEngingIamMemberMapOutput ¶
func (i WebTypeAppEngingIamMemberMap) ToWebTypeAppEngingIamMemberMapOutput() WebTypeAppEngingIamMemberMapOutput
func (WebTypeAppEngingIamMemberMap) ToWebTypeAppEngingIamMemberMapOutputWithContext ¶
func (i WebTypeAppEngingIamMemberMap) ToWebTypeAppEngingIamMemberMapOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberMapOutput
type WebTypeAppEngingIamMemberMapInput ¶
type WebTypeAppEngingIamMemberMapInput interface { pulumi.Input ToWebTypeAppEngingIamMemberMapOutput() WebTypeAppEngingIamMemberMapOutput ToWebTypeAppEngingIamMemberMapOutputWithContext(context.Context) WebTypeAppEngingIamMemberMapOutput }
WebTypeAppEngingIamMemberMapInput is an input type that accepts WebTypeAppEngingIamMemberMap and WebTypeAppEngingIamMemberMapOutput values. You can construct a concrete instance of `WebTypeAppEngingIamMemberMapInput` via:
WebTypeAppEngingIamMemberMap{ "key": WebTypeAppEngingIamMemberArgs{...} }
type WebTypeAppEngingIamMemberMapOutput ¶
type WebTypeAppEngingIamMemberMapOutput struct{ *pulumi.OutputState }
func (WebTypeAppEngingIamMemberMapOutput) ElementType ¶
func (WebTypeAppEngingIamMemberMapOutput) ElementType() reflect.Type
func (WebTypeAppEngingIamMemberMapOutput) MapIndex ¶
func (o WebTypeAppEngingIamMemberMapOutput) MapIndex(k pulumi.StringInput) WebTypeAppEngingIamMemberOutput
func (WebTypeAppEngingIamMemberMapOutput) ToWebTypeAppEngingIamMemberMapOutput ¶
func (o WebTypeAppEngingIamMemberMapOutput) ToWebTypeAppEngingIamMemberMapOutput() WebTypeAppEngingIamMemberMapOutput
func (WebTypeAppEngingIamMemberMapOutput) ToWebTypeAppEngingIamMemberMapOutputWithContext ¶
func (o WebTypeAppEngingIamMemberMapOutput) ToWebTypeAppEngingIamMemberMapOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberMapOutput
type WebTypeAppEngingIamMemberOutput ¶
type WebTypeAppEngingIamMemberOutput struct{ *pulumi.OutputState }
func (WebTypeAppEngingIamMemberOutput) AppId ¶ added in v6.23.0
func (o WebTypeAppEngingIamMemberOutput) AppId() pulumi.StringOutput
Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
func (WebTypeAppEngingIamMemberOutput) Condition ¶ added in v6.23.0
func (o WebTypeAppEngingIamMemberOutput) Condition() WebTypeAppEngingIamMemberConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (WebTypeAppEngingIamMemberOutput) ElementType ¶
func (WebTypeAppEngingIamMemberOutput) ElementType() reflect.Type
func (WebTypeAppEngingIamMemberOutput) Etag ¶ added in v6.23.0
func (o WebTypeAppEngingIamMemberOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (WebTypeAppEngingIamMemberOutput) Member ¶ added in v6.23.0
func (o WebTypeAppEngingIamMemberOutput) Member() pulumi.StringOutput
func (WebTypeAppEngingIamMemberOutput) Project ¶ added in v6.23.0
func (o WebTypeAppEngingIamMemberOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (WebTypeAppEngingIamMemberOutput) Role ¶ added in v6.23.0
func (o WebTypeAppEngingIamMemberOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (WebTypeAppEngingIamMemberOutput) ToWebTypeAppEngingIamMemberOutput ¶
func (o WebTypeAppEngingIamMemberOutput) ToWebTypeAppEngingIamMemberOutput() WebTypeAppEngingIamMemberOutput
func (WebTypeAppEngingIamMemberOutput) ToWebTypeAppEngingIamMemberOutputWithContext ¶
func (o WebTypeAppEngingIamMemberOutput) ToWebTypeAppEngingIamMemberOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberOutput
type WebTypeAppEngingIamMemberState ¶
type WebTypeAppEngingIamMemberState struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringPtrInput // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebTypeAppEngingIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput Member pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput }
func (WebTypeAppEngingIamMemberState) ElementType ¶
func (WebTypeAppEngingIamMemberState) ElementType() reflect.Type
type WebTypeAppEngingIamPolicy ¶
type WebTypeAppEngingIamPolicy struct { pulumi.CustomResourceState // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringOutput `pulumi:"appId"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:
* `iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached. * `iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved. * `iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine
> **Note:** `iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `iap.WebTypeAppEngingIamBinding` and `iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_web\_type\_app\_engine\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{ Project: pulumi.Any(google_app_engine_application.App.Project), AppId: pulumi.Any(google_app_engine_application.App.App_id), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{ Project: pulumi.Any(google_app_engine_application.App.Project), AppId: pulumi.Any(google_app_engine_application.App.App_id), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_type\_app\_engine\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{ Project: pulumi.Any(google_app_engine_application.App.Project), AppId: pulumi.Any(google_app_engine_application.App.App_id), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{ Project: pulumi.Any(google_app_engine_application.App.Project), AppId: pulumi.Any(google_app_engine_application.App.App_id), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &iap.WebTypeAppEngingIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_type\_app\_engine\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{ Project: pulumi.Any(google_app_engine_application.App.Project), AppId: pulumi.Any(google_app_engine_application.App.App_id), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{ Project: pulumi.Any(google_app_engine_application.App.Project), AppId: pulumi.Any(google_app_engine_application.App.App_id), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), Condition: &iap.WebTypeAppEngingIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}} * {{project}}/{{appId}} * {{appId}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor "projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor "projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebTypeAppEngingIamPolicy ¶
func GetWebTypeAppEngingIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebTypeAppEngingIamPolicyState, opts ...pulumi.ResourceOption) (*WebTypeAppEngingIamPolicy, error)
GetWebTypeAppEngingIamPolicy gets an existing WebTypeAppEngingIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebTypeAppEngingIamPolicy ¶
func NewWebTypeAppEngingIamPolicy(ctx *pulumi.Context, name string, args *WebTypeAppEngingIamPolicyArgs, opts ...pulumi.ResourceOption) (*WebTypeAppEngingIamPolicy, error)
NewWebTypeAppEngingIamPolicy registers a new resource with the given unique name, arguments, and options.
func (*WebTypeAppEngingIamPolicy) ElementType ¶
func (*WebTypeAppEngingIamPolicy) ElementType() reflect.Type
func (*WebTypeAppEngingIamPolicy) ToWebTypeAppEngingIamPolicyOutput ¶
func (i *WebTypeAppEngingIamPolicy) ToWebTypeAppEngingIamPolicyOutput() WebTypeAppEngingIamPolicyOutput
func (*WebTypeAppEngingIamPolicy) ToWebTypeAppEngingIamPolicyOutputWithContext ¶
func (i *WebTypeAppEngingIamPolicy) ToWebTypeAppEngingIamPolicyOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyOutput
type WebTypeAppEngingIamPolicyArgs ¶
type WebTypeAppEngingIamPolicyArgs struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput }
The set of arguments for constructing a WebTypeAppEngingIamPolicy resource.
func (WebTypeAppEngingIamPolicyArgs) ElementType ¶
func (WebTypeAppEngingIamPolicyArgs) ElementType() reflect.Type
type WebTypeAppEngingIamPolicyArray ¶
type WebTypeAppEngingIamPolicyArray []WebTypeAppEngingIamPolicyInput
func (WebTypeAppEngingIamPolicyArray) ElementType ¶
func (WebTypeAppEngingIamPolicyArray) ElementType() reflect.Type
func (WebTypeAppEngingIamPolicyArray) ToWebTypeAppEngingIamPolicyArrayOutput ¶
func (i WebTypeAppEngingIamPolicyArray) ToWebTypeAppEngingIamPolicyArrayOutput() WebTypeAppEngingIamPolicyArrayOutput
func (WebTypeAppEngingIamPolicyArray) ToWebTypeAppEngingIamPolicyArrayOutputWithContext ¶
func (i WebTypeAppEngingIamPolicyArray) ToWebTypeAppEngingIamPolicyArrayOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyArrayOutput
type WebTypeAppEngingIamPolicyArrayInput ¶
type WebTypeAppEngingIamPolicyArrayInput interface { pulumi.Input ToWebTypeAppEngingIamPolicyArrayOutput() WebTypeAppEngingIamPolicyArrayOutput ToWebTypeAppEngingIamPolicyArrayOutputWithContext(context.Context) WebTypeAppEngingIamPolicyArrayOutput }
WebTypeAppEngingIamPolicyArrayInput is an input type that accepts WebTypeAppEngingIamPolicyArray and WebTypeAppEngingIamPolicyArrayOutput values. You can construct a concrete instance of `WebTypeAppEngingIamPolicyArrayInput` via:
WebTypeAppEngingIamPolicyArray{ WebTypeAppEngingIamPolicyArgs{...} }
type WebTypeAppEngingIamPolicyArrayOutput ¶
type WebTypeAppEngingIamPolicyArrayOutput struct{ *pulumi.OutputState }
func (WebTypeAppEngingIamPolicyArrayOutput) ElementType ¶
func (WebTypeAppEngingIamPolicyArrayOutput) ElementType() reflect.Type
func (WebTypeAppEngingIamPolicyArrayOutput) Index ¶
func (o WebTypeAppEngingIamPolicyArrayOutput) Index(i pulumi.IntInput) WebTypeAppEngingIamPolicyOutput
func (WebTypeAppEngingIamPolicyArrayOutput) ToWebTypeAppEngingIamPolicyArrayOutput ¶
func (o WebTypeAppEngingIamPolicyArrayOutput) ToWebTypeAppEngingIamPolicyArrayOutput() WebTypeAppEngingIamPolicyArrayOutput
func (WebTypeAppEngingIamPolicyArrayOutput) ToWebTypeAppEngingIamPolicyArrayOutputWithContext ¶
func (o WebTypeAppEngingIamPolicyArrayOutput) ToWebTypeAppEngingIamPolicyArrayOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyArrayOutput
type WebTypeAppEngingIamPolicyInput ¶
type WebTypeAppEngingIamPolicyInput interface { pulumi.Input ToWebTypeAppEngingIamPolicyOutput() WebTypeAppEngingIamPolicyOutput ToWebTypeAppEngingIamPolicyOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyOutput }
type WebTypeAppEngingIamPolicyMap ¶
type WebTypeAppEngingIamPolicyMap map[string]WebTypeAppEngingIamPolicyInput
func (WebTypeAppEngingIamPolicyMap) ElementType ¶
func (WebTypeAppEngingIamPolicyMap) ElementType() reflect.Type
func (WebTypeAppEngingIamPolicyMap) ToWebTypeAppEngingIamPolicyMapOutput ¶
func (i WebTypeAppEngingIamPolicyMap) ToWebTypeAppEngingIamPolicyMapOutput() WebTypeAppEngingIamPolicyMapOutput
func (WebTypeAppEngingIamPolicyMap) ToWebTypeAppEngingIamPolicyMapOutputWithContext ¶
func (i WebTypeAppEngingIamPolicyMap) ToWebTypeAppEngingIamPolicyMapOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyMapOutput
type WebTypeAppEngingIamPolicyMapInput ¶
type WebTypeAppEngingIamPolicyMapInput interface { pulumi.Input ToWebTypeAppEngingIamPolicyMapOutput() WebTypeAppEngingIamPolicyMapOutput ToWebTypeAppEngingIamPolicyMapOutputWithContext(context.Context) WebTypeAppEngingIamPolicyMapOutput }
WebTypeAppEngingIamPolicyMapInput is an input type that accepts WebTypeAppEngingIamPolicyMap and WebTypeAppEngingIamPolicyMapOutput values. You can construct a concrete instance of `WebTypeAppEngingIamPolicyMapInput` via:
WebTypeAppEngingIamPolicyMap{ "key": WebTypeAppEngingIamPolicyArgs{...} }
type WebTypeAppEngingIamPolicyMapOutput ¶
type WebTypeAppEngingIamPolicyMapOutput struct{ *pulumi.OutputState }
func (WebTypeAppEngingIamPolicyMapOutput) ElementType ¶
func (WebTypeAppEngingIamPolicyMapOutput) ElementType() reflect.Type
func (WebTypeAppEngingIamPolicyMapOutput) MapIndex ¶
func (o WebTypeAppEngingIamPolicyMapOutput) MapIndex(k pulumi.StringInput) WebTypeAppEngingIamPolicyOutput
func (WebTypeAppEngingIamPolicyMapOutput) ToWebTypeAppEngingIamPolicyMapOutput ¶
func (o WebTypeAppEngingIamPolicyMapOutput) ToWebTypeAppEngingIamPolicyMapOutput() WebTypeAppEngingIamPolicyMapOutput
func (WebTypeAppEngingIamPolicyMapOutput) ToWebTypeAppEngingIamPolicyMapOutputWithContext ¶
func (o WebTypeAppEngingIamPolicyMapOutput) ToWebTypeAppEngingIamPolicyMapOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyMapOutput
type WebTypeAppEngingIamPolicyOutput ¶
type WebTypeAppEngingIamPolicyOutput struct{ *pulumi.OutputState }
func (WebTypeAppEngingIamPolicyOutput) AppId ¶ added in v6.23.0
func (o WebTypeAppEngingIamPolicyOutput) AppId() pulumi.StringOutput
Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
func (WebTypeAppEngingIamPolicyOutput) ElementType ¶
func (WebTypeAppEngingIamPolicyOutput) ElementType() reflect.Type
func (WebTypeAppEngingIamPolicyOutput) Etag ¶ added in v6.23.0
func (o WebTypeAppEngingIamPolicyOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (WebTypeAppEngingIamPolicyOutput) PolicyData ¶ added in v6.23.0
func (o WebTypeAppEngingIamPolicyOutput) PolicyData() pulumi.StringOutput
The policy data generated by a `organizations.getIAMPolicy` data source.
func (WebTypeAppEngingIamPolicyOutput) Project ¶ added in v6.23.0
func (o WebTypeAppEngingIamPolicyOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (WebTypeAppEngingIamPolicyOutput) ToWebTypeAppEngingIamPolicyOutput ¶
func (o WebTypeAppEngingIamPolicyOutput) ToWebTypeAppEngingIamPolicyOutput() WebTypeAppEngingIamPolicyOutput
func (WebTypeAppEngingIamPolicyOutput) ToWebTypeAppEngingIamPolicyOutputWithContext ¶
func (o WebTypeAppEngingIamPolicyOutput) ToWebTypeAppEngingIamPolicyOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyOutput
type WebTypeAppEngingIamPolicyState ¶
type WebTypeAppEngingIamPolicyState struct { // Id of the App Engine application. Used to find the parent resource to bind the IAM policy to AppId pulumi.StringPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput }
func (WebTypeAppEngingIamPolicyState) ElementType ¶
func (WebTypeAppEngingIamPolicyState) ElementType() reflect.Type
type WebTypeComputeIamBinding ¶
type WebTypeComputeIamBinding struct { pulumi.CustomResourceState // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebTypeComputeIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` Members pulumi.StringArrayOutput `pulumi:"members"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:
* `iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached. * `iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved. * `iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute
> **Note:** `iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `iap.WebTypeComputeIamBinding` and `iap.WebTypeComputeIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_web\_type\_compute\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_type\_compute\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &iap.WebTypeComputeIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_type\_compute\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), Condition: &iap.WebTypeComputeIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/compute * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor "projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor "projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor projects/{{project}}/iap_web/compute
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebTypeComputeIamBinding ¶
func GetWebTypeComputeIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebTypeComputeIamBindingState, opts ...pulumi.ResourceOption) (*WebTypeComputeIamBinding, error)
GetWebTypeComputeIamBinding gets an existing WebTypeComputeIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebTypeComputeIamBinding ¶
func NewWebTypeComputeIamBinding(ctx *pulumi.Context, name string, args *WebTypeComputeIamBindingArgs, opts ...pulumi.ResourceOption) (*WebTypeComputeIamBinding, error)
NewWebTypeComputeIamBinding registers a new resource with the given unique name, arguments, and options.
func (*WebTypeComputeIamBinding) ElementType ¶
func (*WebTypeComputeIamBinding) ElementType() reflect.Type
func (*WebTypeComputeIamBinding) ToWebTypeComputeIamBindingOutput ¶
func (i *WebTypeComputeIamBinding) ToWebTypeComputeIamBindingOutput() WebTypeComputeIamBindingOutput
func (*WebTypeComputeIamBinding) ToWebTypeComputeIamBindingOutputWithContext ¶
func (i *WebTypeComputeIamBinding) ToWebTypeComputeIamBindingOutputWithContext(ctx context.Context) WebTypeComputeIamBindingOutput
type WebTypeComputeIamBindingArgs ¶
type WebTypeComputeIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebTypeComputeIamBindingConditionPtrInput Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput }
The set of arguments for constructing a WebTypeComputeIamBinding resource.
func (WebTypeComputeIamBindingArgs) ElementType ¶
func (WebTypeComputeIamBindingArgs) ElementType() reflect.Type
type WebTypeComputeIamBindingArray ¶
type WebTypeComputeIamBindingArray []WebTypeComputeIamBindingInput
func (WebTypeComputeIamBindingArray) ElementType ¶
func (WebTypeComputeIamBindingArray) ElementType() reflect.Type
func (WebTypeComputeIamBindingArray) ToWebTypeComputeIamBindingArrayOutput ¶
func (i WebTypeComputeIamBindingArray) ToWebTypeComputeIamBindingArrayOutput() WebTypeComputeIamBindingArrayOutput
func (WebTypeComputeIamBindingArray) ToWebTypeComputeIamBindingArrayOutputWithContext ¶
func (i WebTypeComputeIamBindingArray) ToWebTypeComputeIamBindingArrayOutputWithContext(ctx context.Context) WebTypeComputeIamBindingArrayOutput
type WebTypeComputeIamBindingArrayInput ¶
type WebTypeComputeIamBindingArrayInput interface { pulumi.Input ToWebTypeComputeIamBindingArrayOutput() WebTypeComputeIamBindingArrayOutput ToWebTypeComputeIamBindingArrayOutputWithContext(context.Context) WebTypeComputeIamBindingArrayOutput }
WebTypeComputeIamBindingArrayInput is an input type that accepts WebTypeComputeIamBindingArray and WebTypeComputeIamBindingArrayOutput values. You can construct a concrete instance of `WebTypeComputeIamBindingArrayInput` via:
WebTypeComputeIamBindingArray{ WebTypeComputeIamBindingArgs{...} }
type WebTypeComputeIamBindingArrayOutput ¶
type WebTypeComputeIamBindingArrayOutput struct{ *pulumi.OutputState }
func (WebTypeComputeIamBindingArrayOutput) ElementType ¶
func (WebTypeComputeIamBindingArrayOutput) ElementType() reflect.Type
func (WebTypeComputeIamBindingArrayOutput) Index ¶
func (o WebTypeComputeIamBindingArrayOutput) Index(i pulumi.IntInput) WebTypeComputeIamBindingOutput
func (WebTypeComputeIamBindingArrayOutput) ToWebTypeComputeIamBindingArrayOutput ¶
func (o WebTypeComputeIamBindingArrayOutput) ToWebTypeComputeIamBindingArrayOutput() WebTypeComputeIamBindingArrayOutput
func (WebTypeComputeIamBindingArrayOutput) ToWebTypeComputeIamBindingArrayOutputWithContext ¶
func (o WebTypeComputeIamBindingArrayOutput) ToWebTypeComputeIamBindingArrayOutputWithContext(ctx context.Context) WebTypeComputeIamBindingArrayOutput
type WebTypeComputeIamBindingCondition ¶
type WebTypeComputeIamBindingCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type WebTypeComputeIamBindingConditionArgs ¶
type WebTypeComputeIamBindingConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (WebTypeComputeIamBindingConditionArgs) ElementType ¶
func (WebTypeComputeIamBindingConditionArgs) ElementType() reflect.Type
func (WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionOutput ¶
func (i WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionOutput() WebTypeComputeIamBindingConditionOutput
func (WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionOutputWithContext ¶
func (i WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionOutput
func (WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionPtrOutput ¶
func (i WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionPtrOutput() WebTypeComputeIamBindingConditionPtrOutput
func (WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionPtrOutputWithContext ¶
func (i WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionPtrOutput
type WebTypeComputeIamBindingConditionInput ¶
type WebTypeComputeIamBindingConditionInput interface { pulumi.Input ToWebTypeComputeIamBindingConditionOutput() WebTypeComputeIamBindingConditionOutput ToWebTypeComputeIamBindingConditionOutputWithContext(context.Context) WebTypeComputeIamBindingConditionOutput }
WebTypeComputeIamBindingConditionInput is an input type that accepts WebTypeComputeIamBindingConditionArgs and WebTypeComputeIamBindingConditionOutput values. You can construct a concrete instance of `WebTypeComputeIamBindingConditionInput` via:
WebTypeComputeIamBindingConditionArgs{...}
type WebTypeComputeIamBindingConditionOutput ¶
type WebTypeComputeIamBindingConditionOutput struct{ *pulumi.OutputState }
func (WebTypeComputeIamBindingConditionOutput) Description ¶
func (o WebTypeComputeIamBindingConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (WebTypeComputeIamBindingConditionOutput) ElementType ¶
func (WebTypeComputeIamBindingConditionOutput) ElementType() reflect.Type
func (WebTypeComputeIamBindingConditionOutput) Expression ¶
func (o WebTypeComputeIamBindingConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebTypeComputeIamBindingConditionOutput) Title ¶
func (o WebTypeComputeIamBindingConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionOutput ¶
func (o WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionOutput() WebTypeComputeIamBindingConditionOutput
func (WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionOutputWithContext ¶
func (o WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionOutput
func (WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionPtrOutput ¶
func (o WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionPtrOutput() WebTypeComputeIamBindingConditionPtrOutput
func (WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionPtrOutputWithContext ¶
func (o WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionPtrOutput
type WebTypeComputeIamBindingConditionPtrInput ¶
type WebTypeComputeIamBindingConditionPtrInput interface { pulumi.Input ToWebTypeComputeIamBindingConditionPtrOutput() WebTypeComputeIamBindingConditionPtrOutput ToWebTypeComputeIamBindingConditionPtrOutputWithContext(context.Context) WebTypeComputeIamBindingConditionPtrOutput }
WebTypeComputeIamBindingConditionPtrInput is an input type that accepts WebTypeComputeIamBindingConditionArgs, WebTypeComputeIamBindingConditionPtr and WebTypeComputeIamBindingConditionPtrOutput values. You can construct a concrete instance of `WebTypeComputeIamBindingConditionPtrInput` via:
WebTypeComputeIamBindingConditionArgs{...} or: nil
func WebTypeComputeIamBindingConditionPtr ¶
func WebTypeComputeIamBindingConditionPtr(v *WebTypeComputeIamBindingConditionArgs) WebTypeComputeIamBindingConditionPtrInput
type WebTypeComputeIamBindingConditionPtrOutput ¶
type WebTypeComputeIamBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (WebTypeComputeIamBindingConditionPtrOutput) Description ¶
func (o WebTypeComputeIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (WebTypeComputeIamBindingConditionPtrOutput) ElementType ¶
func (WebTypeComputeIamBindingConditionPtrOutput) ElementType() reflect.Type
func (WebTypeComputeIamBindingConditionPtrOutput) Expression ¶
func (o WebTypeComputeIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebTypeComputeIamBindingConditionPtrOutput) Title ¶
func (o WebTypeComputeIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebTypeComputeIamBindingConditionPtrOutput) ToWebTypeComputeIamBindingConditionPtrOutput ¶
func (o WebTypeComputeIamBindingConditionPtrOutput) ToWebTypeComputeIamBindingConditionPtrOutput() WebTypeComputeIamBindingConditionPtrOutput
func (WebTypeComputeIamBindingConditionPtrOutput) ToWebTypeComputeIamBindingConditionPtrOutputWithContext ¶
func (o WebTypeComputeIamBindingConditionPtrOutput) ToWebTypeComputeIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionPtrOutput
type WebTypeComputeIamBindingInput ¶
type WebTypeComputeIamBindingInput interface { pulumi.Input ToWebTypeComputeIamBindingOutput() WebTypeComputeIamBindingOutput ToWebTypeComputeIamBindingOutputWithContext(ctx context.Context) WebTypeComputeIamBindingOutput }
type WebTypeComputeIamBindingMap ¶
type WebTypeComputeIamBindingMap map[string]WebTypeComputeIamBindingInput
func (WebTypeComputeIamBindingMap) ElementType ¶
func (WebTypeComputeIamBindingMap) ElementType() reflect.Type
func (WebTypeComputeIamBindingMap) ToWebTypeComputeIamBindingMapOutput ¶
func (i WebTypeComputeIamBindingMap) ToWebTypeComputeIamBindingMapOutput() WebTypeComputeIamBindingMapOutput
func (WebTypeComputeIamBindingMap) ToWebTypeComputeIamBindingMapOutputWithContext ¶
func (i WebTypeComputeIamBindingMap) ToWebTypeComputeIamBindingMapOutputWithContext(ctx context.Context) WebTypeComputeIamBindingMapOutput
type WebTypeComputeIamBindingMapInput ¶
type WebTypeComputeIamBindingMapInput interface { pulumi.Input ToWebTypeComputeIamBindingMapOutput() WebTypeComputeIamBindingMapOutput ToWebTypeComputeIamBindingMapOutputWithContext(context.Context) WebTypeComputeIamBindingMapOutput }
WebTypeComputeIamBindingMapInput is an input type that accepts WebTypeComputeIamBindingMap and WebTypeComputeIamBindingMapOutput values. You can construct a concrete instance of `WebTypeComputeIamBindingMapInput` via:
WebTypeComputeIamBindingMap{ "key": WebTypeComputeIamBindingArgs{...} }
type WebTypeComputeIamBindingMapOutput ¶
type WebTypeComputeIamBindingMapOutput struct{ *pulumi.OutputState }
func (WebTypeComputeIamBindingMapOutput) ElementType ¶
func (WebTypeComputeIamBindingMapOutput) ElementType() reflect.Type
func (WebTypeComputeIamBindingMapOutput) MapIndex ¶
func (o WebTypeComputeIamBindingMapOutput) MapIndex(k pulumi.StringInput) WebTypeComputeIamBindingOutput
func (WebTypeComputeIamBindingMapOutput) ToWebTypeComputeIamBindingMapOutput ¶
func (o WebTypeComputeIamBindingMapOutput) ToWebTypeComputeIamBindingMapOutput() WebTypeComputeIamBindingMapOutput
func (WebTypeComputeIamBindingMapOutput) ToWebTypeComputeIamBindingMapOutputWithContext ¶
func (o WebTypeComputeIamBindingMapOutput) ToWebTypeComputeIamBindingMapOutputWithContext(ctx context.Context) WebTypeComputeIamBindingMapOutput
type WebTypeComputeIamBindingOutput ¶
type WebTypeComputeIamBindingOutput struct{ *pulumi.OutputState }
func (WebTypeComputeIamBindingOutput) Condition ¶ added in v6.23.0
func (o WebTypeComputeIamBindingOutput) Condition() WebTypeComputeIamBindingConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (WebTypeComputeIamBindingOutput) ElementType ¶
func (WebTypeComputeIamBindingOutput) ElementType() reflect.Type
func (WebTypeComputeIamBindingOutput) Etag ¶ added in v6.23.0
func (o WebTypeComputeIamBindingOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (WebTypeComputeIamBindingOutput) Members ¶ added in v6.23.0
func (o WebTypeComputeIamBindingOutput) Members() pulumi.StringArrayOutput
func (WebTypeComputeIamBindingOutput) Project ¶ added in v6.23.0
func (o WebTypeComputeIamBindingOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (WebTypeComputeIamBindingOutput) Role ¶ added in v6.23.0
func (o WebTypeComputeIamBindingOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (WebTypeComputeIamBindingOutput) ToWebTypeComputeIamBindingOutput ¶
func (o WebTypeComputeIamBindingOutput) ToWebTypeComputeIamBindingOutput() WebTypeComputeIamBindingOutput
func (WebTypeComputeIamBindingOutput) ToWebTypeComputeIamBindingOutputWithContext ¶
func (o WebTypeComputeIamBindingOutput) ToWebTypeComputeIamBindingOutputWithContext(ctx context.Context) WebTypeComputeIamBindingOutput
type WebTypeComputeIamBindingState ¶
type WebTypeComputeIamBindingState struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebTypeComputeIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput }
func (WebTypeComputeIamBindingState) ElementType ¶
func (WebTypeComputeIamBindingState) ElementType() reflect.Type
type WebTypeComputeIamMember ¶
type WebTypeComputeIamMember struct { pulumi.CustomResourceState // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebTypeComputeIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` Member pulumi.StringOutput `pulumi:"member"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:
* `iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached. * `iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved. * `iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute
> **Note:** `iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `iap.WebTypeComputeIamBinding` and `iap.WebTypeComputeIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_web\_type\_compute\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_type\_compute\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &iap.WebTypeComputeIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_type\_compute\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), Condition: &iap.WebTypeComputeIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/compute * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor "projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor "projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor projects/{{project}}/iap_web/compute
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebTypeComputeIamMember ¶
func GetWebTypeComputeIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebTypeComputeIamMemberState, opts ...pulumi.ResourceOption) (*WebTypeComputeIamMember, error)
GetWebTypeComputeIamMember gets an existing WebTypeComputeIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebTypeComputeIamMember ¶
func NewWebTypeComputeIamMember(ctx *pulumi.Context, name string, args *WebTypeComputeIamMemberArgs, opts ...pulumi.ResourceOption) (*WebTypeComputeIamMember, error)
NewWebTypeComputeIamMember registers a new resource with the given unique name, arguments, and options.
func (*WebTypeComputeIamMember) ElementType ¶
func (*WebTypeComputeIamMember) ElementType() reflect.Type
func (*WebTypeComputeIamMember) ToWebTypeComputeIamMemberOutput ¶
func (i *WebTypeComputeIamMember) ToWebTypeComputeIamMemberOutput() WebTypeComputeIamMemberOutput
func (*WebTypeComputeIamMember) ToWebTypeComputeIamMemberOutputWithContext ¶
func (i *WebTypeComputeIamMember) ToWebTypeComputeIamMemberOutputWithContext(ctx context.Context) WebTypeComputeIamMemberOutput
type WebTypeComputeIamMemberArgs ¶
type WebTypeComputeIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebTypeComputeIamMemberConditionPtrInput Member pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput }
The set of arguments for constructing a WebTypeComputeIamMember resource.
func (WebTypeComputeIamMemberArgs) ElementType ¶
func (WebTypeComputeIamMemberArgs) ElementType() reflect.Type
type WebTypeComputeIamMemberArray ¶
type WebTypeComputeIamMemberArray []WebTypeComputeIamMemberInput
func (WebTypeComputeIamMemberArray) ElementType ¶
func (WebTypeComputeIamMemberArray) ElementType() reflect.Type
func (WebTypeComputeIamMemberArray) ToWebTypeComputeIamMemberArrayOutput ¶
func (i WebTypeComputeIamMemberArray) ToWebTypeComputeIamMemberArrayOutput() WebTypeComputeIamMemberArrayOutput
func (WebTypeComputeIamMemberArray) ToWebTypeComputeIamMemberArrayOutputWithContext ¶
func (i WebTypeComputeIamMemberArray) ToWebTypeComputeIamMemberArrayOutputWithContext(ctx context.Context) WebTypeComputeIamMemberArrayOutput
type WebTypeComputeIamMemberArrayInput ¶
type WebTypeComputeIamMemberArrayInput interface { pulumi.Input ToWebTypeComputeIamMemberArrayOutput() WebTypeComputeIamMemberArrayOutput ToWebTypeComputeIamMemberArrayOutputWithContext(context.Context) WebTypeComputeIamMemberArrayOutput }
WebTypeComputeIamMemberArrayInput is an input type that accepts WebTypeComputeIamMemberArray and WebTypeComputeIamMemberArrayOutput values. You can construct a concrete instance of `WebTypeComputeIamMemberArrayInput` via:
WebTypeComputeIamMemberArray{ WebTypeComputeIamMemberArgs{...} }
type WebTypeComputeIamMemberArrayOutput ¶
type WebTypeComputeIamMemberArrayOutput struct{ *pulumi.OutputState }
func (WebTypeComputeIamMemberArrayOutput) ElementType ¶
func (WebTypeComputeIamMemberArrayOutput) ElementType() reflect.Type
func (WebTypeComputeIamMemberArrayOutput) Index ¶
func (o WebTypeComputeIamMemberArrayOutput) Index(i pulumi.IntInput) WebTypeComputeIamMemberOutput
func (WebTypeComputeIamMemberArrayOutput) ToWebTypeComputeIamMemberArrayOutput ¶
func (o WebTypeComputeIamMemberArrayOutput) ToWebTypeComputeIamMemberArrayOutput() WebTypeComputeIamMemberArrayOutput
func (WebTypeComputeIamMemberArrayOutput) ToWebTypeComputeIamMemberArrayOutputWithContext ¶
func (o WebTypeComputeIamMemberArrayOutput) ToWebTypeComputeIamMemberArrayOutputWithContext(ctx context.Context) WebTypeComputeIamMemberArrayOutput
type WebTypeComputeIamMemberCondition ¶
type WebTypeComputeIamMemberCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type WebTypeComputeIamMemberConditionArgs ¶
type WebTypeComputeIamMemberConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (WebTypeComputeIamMemberConditionArgs) ElementType ¶
func (WebTypeComputeIamMemberConditionArgs) ElementType() reflect.Type
func (WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionOutput ¶
func (i WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionOutput() WebTypeComputeIamMemberConditionOutput
func (WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionOutputWithContext ¶
func (i WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionOutput
func (WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionPtrOutput ¶
func (i WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionPtrOutput() WebTypeComputeIamMemberConditionPtrOutput
func (WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionPtrOutputWithContext ¶
func (i WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionPtrOutput
type WebTypeComputeIamMemberConditionInput ¶
type WebTypeComputeIamMemberConditionInput interface { pulumi.Input ToWebTypeComputeIamMemberConditionOutput() WebTypeComputeIamMemberConditionOutput ToWebTypeComputeIamMemberConditionOutputWithContext(context.Context) WebTypeComputeIamMemberConditionOutput }
WebTypeComputeIamMemberConditionInput is an input type that accepts WebTypeComputeIamMemberConditionArgs and WebTypeComputeIamMemberConditionOutput values. You can construct a concrete instance of `WebTypeComputeIamMemberConditionInput` via:
WebTypeComputeIamMemberConditionArgs{...}
type WebTypeComputeIamMemberConditionOutput ¶
type WebTypeComputeIamMemberConditionOutput struct{ *pulumi.OutputState }
func (WebTypeComputeIamMemberConditionOutput) Description ¶
func (o WebTypeComputeIamMemberConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (WebTypeComputeIamMemberConditionOutput) ElementType ¶
func (WebTypeComputeIamMemberConditionOutput) ElementType() reflect.Type
func (WebTypeComputeIamMemberConditionOutput) Expression ¶
func (o WebTypeComputeIamMemberConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebTypeComputeIamMemberConditionOutput) Title ¶
func (o WebTypeComputeIamMemberConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionOutput ¶
func (o WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionOutput() WebTypeComputeIamMemberConditionOutput
func (WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionOutputWithContext ¶
func (o WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionOutput
func (WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionPtrOutput ¶
func (o WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionPtrOutput() WebTypeComputeIamMemberConditionPtrOutput
func (WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionPtrOutputWithContext ¶
func (o WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionPtrOutput
type WebTypeComputeIamMemberConditionPtrInput ¶
type WebTypeComputeIamMemberConditionPtrInput interface { pulumi.Input ToWebTypeComputeIamMemberConditionPtrOutput() WebTypeComputeIamMemberConditionPtrOutput ToWebTypeComputeIamMemberConditionPtrOutputWithContext(context.Context) WebTypeComputeIamMemberConditionPtrOutput }
WebTypeComputeIamMemberConditionPtrInput is an input type that accepts WebTypeComputeIamMemberConditionArgs, WebTypeComputeIamMemberConditionPtr and WebTypeComputeIamMemberConditionPtrOutput values. You can construct a concrete instance of `WebTypeComputeIamMemberConditionPtrInput` via:
WebTypeComputeIamMemberConditionArgs{...} or: nil
func WebTypeComputeIamMemberConditionPtr ¶
func WebTypeComputeIamMemberConditionPtr(v *WebTypeComputeIamMemberConditionArgs) WebTypeComputeIamMemberConditionPtrInput
type WebTypeComputeIamMemberConditionPtrOutput ¶
type WebTypeComputeIamMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (WebTypeComputeIamMemberConditionPtrOutput) Description ¶
func (o WebTypeComputeIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (WebTypeComputeIamMemberConditionPtrOutput) ElementType ¶
func (WebTypeComputeIamMemberConditionPtrOutput) ElementType() reflect.Type
func (WebTypeComputeIamMemberConditionPtrOutput) Expression ¶
func (o WebTypeComputeIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (WebTypeComputeIamMemberConditionPtrOutput) Title ¶
func (o WebTypeComputeIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (WebTypeComputeIamMemberConditionPtrOutput) ToWebTypeComputeIamMemberConditionPtrOutput ¶
func (o WebTypeComputeIamMemberConditionPtrOutput) ToWebTypeComputeIamMemberConditionPtrOutput() WebTypeComputeIamMemberConditionPtrOutput
func (WebTypeComputeIamMemberConditionPtrOutput) ToWebTypeComputeIamMemberConditionPtrOutputWithContext ¶
func (o WebTypeComputeIamMemberConditionPtrOutput) ToWebTypeComputeIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionPtrOutput
type WebTypeComputeIamMemberInput ¶
type WebTypeComputeIamMemberInput interface { pulumi.Input ToWebTypeComputeIamMemberOutput() WebTypeComputeIamMemberOutput ToWebTypeComputeIamMemberOutputWithContext(ctx context.Context) WebTypeComputeIamMemberOutput }
type WebTypeComputeIamMemberMap ¶
type WebTypeComputeIamMemberMap map[string]WebTypeComputeIamMemberInput
func (WebTypeComputeIamMemberMap) ElementType ¶
func (WebTypeComputeIamMemberMap) ElementType() reflect.Type
func (WebTypeComputeIamMemberMap) ToWebTypeComputeIamMemberMapOutput ¶
func (i WebTypeComputeIamMemberMap) ToWebTypeComputeIamMemberMapOutput() WebTypeComputeIamMemberMapOutput
func (WebTypeComputeIamMemberMap) ToWebTypeComputeIamMemberMapOutputWithContext ¶
func (i WebTypeComputeIamMemberMap) ToWebTypeComputeIamMemberMapOutputWithContext(ctx context.Context) WebTypeComputeIamMemberMapOutput
type WebTypeComputeIamMemberMapInput ¶
type WebTypeComputeIamMemberMapInput interface { pulumi.Input ToWebTypeComputeIamMemberMapOutput() WebTypeComputeIamMemberMapOutput ToWebTypeComputeIamMemberMapOutputWithContext(context.Context) WebTypeComputeIamMemberMapOutput }
WebTypeComputeIamMemberMapInput is an input type that accepts WebTypeComputeIamMemberMap and WebTypeComputeIamMemberMapOutput values. You can construct a concrete instance of `WebTypeComputeIamMemberMapInput` via:
WebTypeComputeIamMemberMap{ "key": WebTypeComputeIamMemberArgs{...} }
type WebTypeComputeIamMemberMapOutput ¶
type WebTypeComputeIamMemberMapOutput struct{ *pulumi.OutputState }
func (WebTypeComputeIamMemberMapOutput) ElementType ¶
func (WebTypeComputeIamMemberMapOutput) ElementType() reflect.Type
func (WebTypeComputeIamMemberMapOutput) MapIndex ¶
func (o WebTypeComputeIamMemberMapOutput) MapIndex(k pulumi.StringInput) WebTypeComputeIamMemberOutput
func (WebTypeComputeIamMemberMapOutput) ToWebTypeComputeIamMemberMapOutput ¶
func (o WebTypeComputeIamMemberMapOutput) ToWebTypeComputeIamMemberMapOutput() WebTypeComputeIamMemberMapOutput
func (WebTypeComputeIamMemberMapOutput) ToWebTypeComputeIamMemberMapOutputWithContext ¶
func (o WebTypeComputeIamMemberMapOutput) ToWebTypeComputeIamMemberMapOutputWithContext(ctx context.Context) WebTypeComputeIamMemberMapOutput
type WebTypeComputeIamMemberOutput ¶
type WebTypeComputeIamMemberOutput struct{ *pulumi.OutputState }
func (WebTypeComputeIamMemberOutput) Condition ¶ added in v6.23.0
func (o WebTypeComputeIamMemberOutput) Condition() WebTypeComputeIamMemberConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (WebTypeComputeIamMemberOutput) ElementType ¶
func (WebTypeComputeIamMemberOutput) ElementType() reflect.Type
func (WebTypeComputeIamMemberOutput) Etag ¶ added in v6.23.0
func (o WebTypeComputeIamMemberOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (WebTypeComputeIamMemberOutput) Member ¶ added in v6.23.0
func (o WebTypeComputeIamMemberOutput) Member() pulumi.StringOutput
func (WebTypeComputeIamMemberOutput) Project ¶ added in v6.23.0
func (o WebTypeComputeIamMemberOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (WebTypeComputeIamMemberOutput) Role ¶ added in v6.23.0
func (o WebTypeComputeIamMemberOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (WebTypeComputeIamMemberOutput) ToWebTypeComputeIamMemberOutput ¶
func (o WebTypeComputeIamMemberOutput) ToWebTypeComputeIamMemberOutput() WebTypeComputeIamMemberOutput
func (WebTypeComputeIamMemberOutput) ToWebTypeComputeIamMemberOutputWithContext ¶
func (o WebTypeComputeIamMemberOutput) ToWebTypeComputeIamMemberOutputWithContext(ctx context.Context) WebTypeComputeIamMemberOutput
type WebTypeComputeIamMemberState ¶
type WebTypeComputeIamMemberState struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebTypeComputeIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput Member pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput }
func (WebTypeComputeIamMemberState) ElementType ¶
func (WebTypeComputeIamMemberState) ElementType() reflect.Type
type WebTypeComputeIamPolicy ¶
type WebTypeComputeIamPolicy struct { pulumi.CustomResourceState // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` }
Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:
* `iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached. * `iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved. * `iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute
> **Note:** `iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `iap.WebTypeComputeIamBinding` and `iap.WebTypeComputeIamMember` or they will fight over what your policy should be.
> **Note:** `iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## google\_iap\_web\_type\_compute\_iam\_policy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/iap.httpsResourceAccessor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), PolicyData: *pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_type\_compute\_iam\_binding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &iap.WebTypeComputeIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## google\_iap\_web\_type\_compute\_iam\_member
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/iap" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{ Project: pulumi.Any(google_project_service.Project_service.Project), Role: pulumi.String("roles/iap.httpsResourceAccessor"), Member: pulumi.String("user:jane@example.com"), Condition: &iap.WebTypeComputeIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/compute * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.
```sh
$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor "projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com"
```
IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.
```sh
$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor "projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor"
```
IAM policy imports use the identifier of the resource in question, e.g.
```sh
$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor projects/{{project}}/iap_web/compute
```
-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetWebTypeComputeIamPolicy ¶
func GetWebTypeComputeIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *WebTypeComputeIamPolicyState, opts ...pulumi.ResourceOption) (*WebTypeComputeIamPolicy, error)
GetWebTypeComputeIamPolicy gets an existing WebTypeComputeIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewWebTypeComputeIamPolicy ¶
func NewWebTypeComputeIamPolicy(ctx *pulumi.Context, name string, args *WebTypeComputeIamPolicyArgs, opts ...pulumi.ResourceOption) (*WebTypeComputeIamPolicy, error)
NewWebTypeComputeIamPolicy registers a new resource with the given unique name, arguments, and options.
func (*WebTypeComputeIamPolicy) ElementType ¶
func (*WebTypeComputeIamPolicy) ElementType() reflect.Type
func (*WebTypeComputeIamPolicy) ToWebTypeComputeIamPolicyOutput ¶
func (i *WebTypeComputeIamPolicy) ToWebTypeComputeIamPolicyOutput() WebTypeComputeIamPolicyOutput
func (*WebTypeComputeIamPolicy) ToWebTypeComputeIamPolicyOutputWithContext ¶
func (i *WebTypeComputeIamPolicy) ToWebTypeComputeIamPolicyOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyOutput
type WebTypeComputeIamPolicyArgs ¶
type WebTypeComputeIamPolicyArgs struct { // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput }
The set of arguments for constructing a WebTypeComputeIamPolicy resource.
func (WebTypeComputeIamPolicyArgs) ElementType ¶
func (WebTypeComputeIamPolicyArgs) ElementType() reflect.Type
type WebTypeComputeIamPolicyArray ¶
type WebTypeComputeIamPolicyArray []WebTypeComputeIamPolicyInput
func (WebTypeComputeIamPolicyArray) ElementType ¶
func (WebTypeComputeIamPolicyArray) ElementType() reflect.Type
func (WebTypeComputeIamPolicyArray) ToWebTypeComputeIamPolicyArrayOutput ¶
func (i WebTypeComputeIamPolicyArray) ToWebTypeComputeIamPolicyArrayOutput() WebTypeComputeIamPolicyArrayOutput
func (WebTypeComputeIamPolicyArray) ToWebTypeComputeIamPolicyArrayOutputWithContext ¶
func (i WebTypeComputeIamPolicyArray) ToWebTypeComputeIamPolicyArrayOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyArrayOutput
type WebTypeComputeIamPolicyArrayInput ¶
type WebTypeComputeIamPolicyArrayInput interface { pulumi.Input ToWebTypeComputeIamPolicyArrayOutput() WebTypeComputeIamPolicyArrayOutput ToWebTypeComputeIamPolicyArrayOutputWithContext(context.Context) WebTypeComputeIamPolicyArrayOutput }
WebTypeComputeIamPolicyArrayInput is an input type that accepts WebTypeComputeIamPolicyArray and WebTypeComputeIamPolicyArrayOutput values. You can construct a concrete instance of `WebTypeComputeIamPolicyArrayInput` via:
WebTypeComputeIamPolicyArray{ WebTypeComputeIamPolicyArgs{...} }
type WebTypeComputeIamPolicyArrayOutput ¶
type WebTypeComputeIamPolicyArrayOutput struct{ *pulumi.OutputState }
func (WebTypeComputeIamPolicyArrayOutput) ElementType ¶
func (WebTypeComputeIamPolicyArrayOutput) ElementType() reflect.Type
func (WebTypeComputeIamPolicyArrayOutput) Index ¶
func (o WebTypeComputeIamPolicyArrayOutput) Index(i pulumi.IntInput) WebTypeComputeIamPolicyOutput
func (WebTypeComputeIamPolicyArrayOutput) ToWebTypeComputeIamPolicyArrayOutput ¶
func (o WebTypeComputeIamPolicyArrayOutput) ToWebTypeComputeIamPolicyArrayOutput() WebTypeComputeIamPolicyArrayOutput
func (WebTypeComputeIamPolicyArrayOutput) ToWebTypeComputeIamPolicyArrayOutputWithContext ¶
func (o WebTypeComputeIamPolicyArrayOutput) ToWebTypeComputeIamPolicyArrayOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyArrayOutput
type WebTypeComputeIamPolicyInput ¶
type WebTypeComputeIamPolicyInput interface { pulumi.Input ToWebTypeComputeIamPolicyOutput() WebTypeComputeIamPolicyOutput ToWebTypeComputeIamPolicyOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyOutput }
type WebTypeComputeIamPolicyMap ¶
type WebTypeComputeIamPolicyMap map[string]WebTypeComputeIamPolicyInput
func (WebTypeComputeIamPolicyMap) ElementType ¶
func (WebTypeComputeIamPolicyMap) ElementType() reflect.Type
func (WebTypeComputeIamPolicyMap) ToWebTypeComputeIamPolicyMapOutput ¶
func (i WebTypeComputeIamPolicyMap) ToWebTypeComputeIamPolicyMapOutput() WebTypeComputeIamPolicyMapOutput
func (WebTypeComputeIamPolicyMap) ToWebTypeComputeIamPolicyMapOutputWithContext ¶
func (i WebTypeComputeIamPolicyMap) ToWebTypeComputeIamPolicyMapOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyMapOutput
type WebTypeComputeIamPolicyMapInput ¶
type WebTypeComputeIamPolicyMapInput interface { pulumi.Input ToWebTypeComputeIamPolicyMapOutput() WebTypeComputeIamPolicyMapOutput ToWebTypeComputeIamPolicyMapOutputWithContext(context.Context) WebTypeComputeIamPolicyMapOutput }
WebTypeComputeIamPolicyMapInput is an input type that accepts WebTypeComputeIamPolicyMap and WebTypeComputeIamPolicyMapOutput values. You can construct a concrete instance of `WebTypeComputeIamPolicyMapInput` via:
WebTypeComputeIamPolicyMap{ "key": WebTypeComputeIamPolicyArgs{...} }
type WebTypeComputeIamPolicyMapOutput ¶
type WebTypeComputeIamPolicyMapOutput struct{ *pulumi.OutputState }
func (WebTypeComputeIamPolicyMapOutput) ElementType ¶
func (WebTypeComputeIamPolicyMapOutput) ElementType() reflect.Type
func (WebTypeComputeIamPolicyMapOutput) MapIndex ¶
func (o WebTypeComputeIamPolicyMapOutput) MapIndex(k pulumi.StringInput) WebTypeComputeIamPolicyOutput
func (WebTypeComputeIamPolicyMapOutput) ToWebTypeComputeIamPolicyMapOutput ¶
func (o WebTypeComputeIamPolicyMapOutput) ToWebTypeComputeIamPolicyMapOutput() WebTypeComputeIamPolicyMapOutput
func (WebTypeComputeIamPolicyMapOutput) ToWebTypeComputeIamPolicyMapOutputWithContext ¶
func (o WebTypeComputeIamPolicyMapOutput) ToWebTypeComputeIamPolicyMapOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyMapOutput
type WebTypeComputeIamPolicyOutput ¶
type WebTypeComputeIamPolicyOutput struct{ *pulumi.OutputState }
func (WebTypeComputeIamPolicyOutput) ElementType ¶
func (WebTypeComputeIamPolicyOutput) ElementType() reflect.Type
func (WebTypeComputeIamPolicyOutput) Etag ¶ added in v6.23.0
func (o WebTypeComputeIamPolicyOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (WebTypeComputeIamPolicyOutput) PolicyData ¶ added in v6.23.0
func (o WebTypeComputeIamPolicyOutput) PolicyData() pulumi.StringOutput
The policy data generated by a `organizations.getIAMPolicy` data source.
func (WebTypeComputeIamPolicyOutput) Project ¶ added in v6.23.0
func (o WebTypeComputeIamPolicyOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
- `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
- **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
- **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
- **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
- **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
- **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
- **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
- **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
- **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
- **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (WebTypeComputeIamPolicyOutput) ToWebTypeComputeIamPolicyOutput ¶
func (o WebTypeComputeIamPolicyOutput) ToWebTypeComputeIamPolicyOutput() WebTypeComputeIamPolicyOutput
func (WebTypeComputeIamPolicyOutput) ToWebTypeComputeIamPolicyOutputWithContext ¶
func (o WebTypeComputeIamPolicyOutput) ToWebTypeComputeIamPolicyOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyOutput
type WebTypeComputeIamPolicyState ¶
type WebTypeComputeIamPolicyState struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. // // * `member/members` - (Required) Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput }
func (WebTypeComputeIamPolicyState) ElementType ¶
func (WebTypeComputeIamPolicyState) ElementType() reflect.Type
Source Files ¶
- appEngineServiceIamBinding.go
- appEngineServiceIamMember.go
- appEngineServiceIamPolicy.go
- appEngineVersionIamBinding.go
- appEngineVersionIamMember.go
- appEngineVersionIamPolicy.go
- brand.go
- client.go
- getAppEngineServiceIamPolicy.go
- getAppEngineVersionIamPolicy.go
- getClient.go
- getTunnelIamPolicy.go
- getTunnelInstanceIamPolicy.go
- getWebBackendServiceIamPolicy.go
- getWebIamPolicy.go
- getWebTypeAppEngineIamPolicy.go
- getWebTypeComputeIamPolicy.go
- init.go
- pulumiTypes.go
- tunnelIamBinding.go
- tunnelIamMember.go
- tunnelIamPolicy.go
- tunnelInstanceIAMBinding.go
- tunnelInstanceIAMMember.go
- tunnelInstanceIAMPolicy.go
- webBackendServiceIamBinding.go
- webBackendServiceIamMember.go
- webBackendServiceIamPolicy.go
- webIamBinding.go
- webIamMember.go
- webIamPolicy.go
- webTypeAppEngingIamBinding.go
- webTypeAppEngingIamMember.go
- webTypeAppEngingIamPolicy.go
- webTypeComputeIamBinding.go
- webTypeComputeIamMember.go
- webTypeComputeIamPolicy.go