organizations

package
v8.0.0-rc.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 13, 2024 License: Apache-2.0 Imports: 7 Imported by: 3

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessApprovalSettings 

type AccessApprovalSettings struct {
	pulumi.CustomResourceState

	// The asymmetric crypto key version to use for signing approval requests. Empty activeKeyVersion indicates that a
	// Google-managed key should be used for signing.
	ActiveKeyVersion pulumi.StringPtrOutput `pulumi:"activeKeyVersion"`
	// This field will always be unset for the organization since organizations do not have ancestors.
	AncestorHasActiveKeyVersion pulumi.BoolOutput `pulumi:"ancestorHasActiveKeyVersion"`
	// This field will always be unset for the organization since organizations do not have ancestors.
	EnrolledAncestor pulumi.BoolOutput `pulumi:"enrolledAncestor"`
	// A list of Google Cloud Services for which the given resource has Access Approval enrolled.
	// Access requests for the resource given by name against any of these services contained here will be required
	// to have explicit approval. Enrollment can be done for individual services.
	// A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.
	// Structure is documented below.
	EnrolledServices AccessApprovalSettingsEnrolledServiceArrayOutput `pulumi:"enrolledServices"`
	// If the field is true, that indicates that there is some configuration issue with the activeKeyVersion
	// configured on this Organization (e.g. it doesn't exist or the Access Approval service account doesn't have the
	// correct permissions on it, etc.).
	InvalidKeyVersion pulumi.BoolOutput `pulumi:"invalidKeyVersion"`
	// The resource name of the settings. Format is "organizations/{organization_id}/accessApprovalSettings"
	Name pulumi.StringOutput `pulumi:"name"`
	// A list of email addresses to which notifications relating to approval requests should be sent. Notifications relating to
	// a resource will be sent to all emails in the settings of ancestor resources of that resource. A maximum of 50 email
	// addresses are allowed.
	NotificationEmails pulumi.StringArrayOutput `pulumi:"notificationEmails"`
	// ID of the organization of the access approval settings.
	OrganizationId pulumi.StringOutput `pulumi:"organizationId"`
}

Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content.

To get more information about OrganizationSettings, see:

* [API documentation](https://cloud.google.com/access-approval/docs/reference/rest/v1/organizations)

## Example Usage

### Organization Access Approval Full

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewAccessApprovalSettings(ctx, "organization_access_approval", &organizations.AccessApprovalSettingsArgs{
			OrganizationId: pulumi.String("123456789"),
			NotificationEmails: pulumi.StringArray{
				pulumi.String("testuser@example.com"),
				pulumi.String("example.user@example.com"),
			},
			EnrolledServices: organizations.AccessApprovalSettingsEnrolledServiceArray{
				&organizations.AccessApprovalSettingsEnrolledServiceArgs{
					CloudProduct: pulumi.String("appengine.googleapis.com"),
				},
				&organizations.AccessApprovalSettingsEnrolledServiceArgs{
					CloudProduct:    pulumi.String("dataflow.googleapis.com"),
					EnrollmentLevel: pulumi.String("BLOCK_ALL"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Organization Access Approval Active Key Version

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/accessapproval"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myProject, err := organizations.NewProject(ctx, "my_project", &organizations.ProjectArgs{
			Name:           pulumi.String("My Project"),
			ProjectId:      pulumi.String("your-project-id"),
			OrgId:          pulumi.String("123456789"),
			DeletionPolicy: pulumi.String("DELETE"),
		})
		if err != nil {
			return err
		}
		keyRing, err := kms.NewKeyRing(ctx, "key_ring", &kms.KeyRingArgs{
			Name:     pulumi.String("key-ring"),
			Location: pulumi.String("global"),
			Project:  myProject.ProjectId,
		})
		if err != nil {
			return err
		}
		cryptoKey, err := kms.NewCryptoKey(ctx, "crypto_key", &kms.CryptoKeyArgs{
			Name:    pulumi.String("crypto-key"),
			KeyRing: keyRing.ID(),
			Purpose: pulumi.String("ASYMMETRIC_SIGN"),
			VersionTemplate: &kms.CryptoKeyVersionTemplateArgs{
				Algorithm: pulumi.String("EC_SIGN_P384_SHA384"),
			},
		})
		if err != nil {
			return err
		}
		serviceAccount, err := accessapproval.GetOrganizationServiceAccount(ctx, &accessapproval.GetOrganizationServiceAccountArgs{
			OrganizationId: "123456789",
		}, nil)
		if err != nil {
			return err
		}
		iam, err := kms.NewCryptoKeyIAMMember(ctx, "iam", &kms.CryptoKeyIAMMemberArgs{
			CryptoKeyId: cryptoKey.ID(),
			Role:        pulumi.String("roles/cloudkms.signerVerifier"),
			Member:      pulumi.Sprintf("serviceAccount:%v", serviceAccount.AccountEmail),
		})
		if err != nil {
			return err
		}
		cryptoKeyVersion := kms.GetKMSCryptoKeyVersionOutput(ctx, kms.GetKMSCryptoKeyVersionOutputArgs{
			CryptoKey: cryptoKey.ID(),
		}, nil)
		_, err = organizations.NewAccessApprovalSettings(ctx, "organization_access_approval", &organizations.AccessApprovalSettingsArgs{
			OrganizationId: pulumi.String("123456789"),
			ActiveKeyVersion: pulumi.String(cryptoKeyVersion.ApplyT(func(cryptoKeyVersion kms.GetKMSCryptoKeyVersionResult) (*string, error) {
				return &cryptoKeyVersion.Name, nil
			}).(pulumi.StringPtrOutput)),
			EnrolledServices: organizations.AccessApprovalSettingsEnrolledServiceArray{
				&organizations.AccessApprovalSettingsEnrolledServiceArgs{
					CloudProduct: pulumi.String("all"),
				},
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			iam,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

OrganizationSettings can be imported using any of these accepted formats:

* `organizations/{{organization_id}}/accessApprovalSettings`

* `{{organization_id}}`

When using the `pulumi import` command, OrganizationSettings can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:organizations/accessApprovalSettings:AccessApprovalSettings default organizations/{{organization_id}}/accessApprovalSettings ```

```sh $ pulumi import gcp:organizations/accessApprovalSettings:AccessApprovalSettings default {{organization_id}} ```

func GetAccessApprovalSettings 

func GetAccessApprovalSettings(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AccessApprovalSettingsState, opts ...pulumi.ResourceOption) (*AccessApprovalSettings, error)

GetAccessApprovalSettings gets an existing AccessApprovalSettings resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAccessApprovalSettings 

func NewAccessApprovalSettings(ctx *pulumi.Context,
	name string, args *AccessApprovalSettingsArgs, opts ...pulumi.ResourceOption) (*AccessApprovalSettings, error)

NewAccessApprovalSettings registers a new resource with the given unique name, arguments, and options.

func (*AccessApprovalSettings) ElementType 

func (*AccessApprovalSettings) ElementType() reflect.Type

func (*AccessApprovalSettings) ToAccessApprovalSettingsOutput 

func (i *AccessApprovalSettings) ToAccessApprovalSettingsOutput() AccessApprovalSettingsOutput

func (*AccessApprovalSettings) ToAccessApprovalSettingsOutputWithContext 

func (i *AccessApprovalSettings) ToAccessApprovalSettingsOutputWithContext(ctx context.Context) AccessApprovalSettingsOutput

type AccessApprovalSettingsArgs 

type AccessApprovalSettingsArgs struct {
	// The asymmetric crypto key version to use for signing approval requests. Empty activeKeyVersion indicates that a
	// Google-managed key should be used for signing.
	ActiveKeyVersion pulumi.StringPtrInput
	// A list of Google Cloud Services for which the given resource has Access Approval enrolled.
	// Access requests for the resource given by name against any of these services contained here will be required
	// to have explicit approval. Enrollment can be done for individual services.
	// A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.
	// Structure is documented below.
	EnrolledServices AccessApprovalSettingsEnrolledServiceArrayInput
	// A list of email addresses to which notifications relating to approval requests should be sent. Notifications relating to
	// a resource will be sent to all emails in the settings of ancestor resources of that resource. A maximum of 50 email
	// addresses are allowed.
	NotificationEmails pulumi.StringArrayInput
	// ID of the organization of the access approval settings.
	OrganizationId pulumi.StringInput
}

The set of arguments for constructing a AccessApprovalSettings resource.

func (AccessApprovalSettingsArgs) ElementType 

func (AccessApprovalSettingsArgs) ElementType() reflect.Type

type AccessApprovalSettingsArray 

type AccessApprovalSettingsArray []AccessApprovalSettingsInput

func (AccessApprovalSettingsArray) ElementType 

func (AccessApprovalSettingsArray) ElementType() reflect.Type

func (AccessApprovalSettingsArray) ToAccessApprovalSettingsArrayOutput 

func (i AccessApprovalSettingsArray) ToAccessApprovalSettingsArrayOutput() AccessApprovalSettingsArrayOutput

func (AccessApprovalSettingsArray) ToAccessApprovalSettingsArrayOutputWithContext 

func (i AccessApprovalSettingsArray) ToAccessApprovalSettingsArrayOutputWithContext(ctx context.Context) AccessApprovalSettingsArrayOutput

type AccessApprovalSettingsArrayInput 

type AccessApprovalSettingsArrayInput interface {
	pulumi.Input

	ToAccessApprovalSettingsArrayOutput() AccessApprovalSettingsArrayOutput
	ToAccessApprovalSettingsArrayOutputWithContext(context.Context) AccessApprovalSettingsArrayOutput
}

AccessApprovalSettingsArrayInput is an input type that accepts AccessApprovalSettingsArray and AccessApprovalSettingsArrayOutput values. You can construct a concrete instance of `AccessApprovalSettingsArrayInput` via: 

AccessApprovalSettingsArray{ AccessApprovalSettingsArgs{...} }

type AccessApprovalSettingsArrayOutput 

type AccessApprovalSettingsArrayOutput struct{ *pulumi.OutputState }

func (AccessApprovalSettingsArrayOutput) ElementType 

func (AccessApprovalSettingsArrayOutput) ElementType() reflect.Type

func (AccessApprovalSettingsArrayOutput) Index 

func (o AccessApprovalSettingsArrayOutput) Index(i pulumi.IntInput) AccessApprovalSettingsOutput

func (AccessApprovalSettingsArrayOutput) ToAccessApprovalSettingsArrayOutput 

func (o AccessApprovalSettingsArrayOutput) ToAccessApprovalSettingsArrayOutput() AccessApprovalSettingsArrayOutput

func (AccessApprovalSettingsArrayOutput) ToAccessApprovalSettingsArrayOutputWithContext 

func (o AccessApprovalSettingsArrayOutput) ToAccessApprovalSettingsArrayOutputWithContext(ctx context.Context) AccessApprovalSettingsArrayOutput

type AccessApprovalSettingsEnrolledService 

type AccessApprovalSettingsEnrolledService struct {
	// The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):
	// all
	// appengine.googleapis.com
	// bigquery.googleapis.com
	// bigtable.googleapis.com
	// cloudkms.googleapis.com
	// compute.googleapis.com
	// dataflow.googleapis.com
	// iam.googleapis.com
	// pubsub.googleapis.com
	// storage.googleapis.com
	CloudProduct string `pulumi:"cloudProduct"`
	// The enrollment level of the service.
	// Default value is `BLOCK_ALL`.
	// Possible values are: `BLOCK_ALL`.
	//
	// ***
	EnrollmentLevel *string `pulumi:"enrollmentLevel"`
}

type AccessApprovalSettingsEnrolledServiceArgs 

type AccessApprovalSettingsEnrolledServiceArgs struct {
	// The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):
	// all
	// appengine.googleapis.com
	// bigquery.googleapis.com
	// bigtable.googleapis.com
	// cloudkms.googleapis.com
	// compute.googleapis.com
	// dataflow.googleapis.com
	// iam.googleapis.com
	// pubsub.googleapis.com
	// storage.googleapis.com
	CloudProduct pulumi.StringInput `pulumi:"cloudProduct"`
	// The enrollment level of the service.
	// Default value is `BLOCK_ALL`.
	// Possible values are: `BLOCK_ALL`.
	//
	// ***
	EnrollmentLevel pulumi.StringPtrInput `pulumi:"enrollmentLevel"`
}

func (AccessApprovalSettingsEnrolledServiceArgs) ElementType 

func (AccessApprovalSettingsEnrolledServiceArgs) ElementType() reflect.Type

func (AccessApprovalSettingsEnrolledServiceArgs) ToAccessApprovalSettingsEnrolledServiceOutput 

func (i AccessApprovalSettingsEnrolledServiceArgs) ToAccessApprovalSettingsEnrolledServiceOutput() AccessApprovalSettingsEnrolledServiceOutput

func (AccessApprovalSettingsEnrolledServiceArgs) ToAccessApprovalSettingsEnrolledServiceOutputWithContext 

func (i AccessApprovalSettingsEnrolledServiceArgs) ToAccessApprovalSettingsEnrolledServiceOutputWithContext(ctx context.Context) AccessApprovalSettingsEnrolledServiceOutput

type AccessApprovalSettingsEnrolledServiceArray 

type AccessApprovalSettingsEnrolledServiceArray []AccessApprovalSettingsEnrolledServiceInput

func (AccessApprovalSettingsEnrolledServiceArray) ElementType 

func (AccessApprovalSettingsEnrolledServiceArray) ElementType() reflect.Type

func (AccessApprovalSettingsEnrolledServiceArray) ToAccessApprovalSettingsEnrolledServiceArrayOutput 

func (i AccessApprovalSettingsEnrolledServiceArray) ToAccessApprovalSettingsEnrolledServiceArrayOutput() AccessApprovalSettingsEnrolledServiceArrayOutput

func (AccessApprovalSettingsEnrolledServiceArray) ToAccessApprovalSettingsEnrolledServiceArrayOutputWithContext 

func (i AccessApprovalSettingsEnrolledServiceArray) ToAccessApprovalSettingsEnrolledServiceArrayOutputWithContext(ctx context.Context) AccessApprovalSettingsEnrolledServiceArrayOutput

type AccessApprovalSettingsEnrolledServiceArrayInput 

type AccessApprovalSettingsEnrolledServiceArrayInput interface {
	pulumi.Input

	ToAccessApprovalSettingsEnrolledServiceArrayOutput() AccessApprovalSettingsEnrolledServiceArrayOutput
	ToAccessApprovalSettingsEnrolledServiceArrayOutputWithContext(context.Context) AccessApprovalSettingsEnrolledServiceArrayOutput
}

AccessApprovalSettingsEnrolledServiceArrayInput is an input type that accepts AccessApprovalSettingsEnrolledServiceArray and AccessApprovalSettingsEnrolledServiceArrayOutput values. You can construct a concrete instance of `AccessApprovalSettingsEnrolledServiceArrayInput` via: 

AccessApprovalSettingsEnrolledServiceArray{ AccessApprovalSettingsEnrolledServiceArgs{...} }

type AccessApprovalSettingsEnrolledServiceArrayOutput 

type AccessApprovalSettingsEnrolledServiceArrayOutput struct{ *pulumi.OutputState }

func (AccessApprovalSettingsEnrolledServiceArrayOutput) ElementType 

func (AccessApprovalSettingsEnrolledServiceArrayOutput) ElementType() reflect.Type

func (AccessApprovalSettingsEnrolledServiceArrayOutput) Index 

func (o AccessApprovalSettingsEnrolledServiceArrayOutput) Index(i pulumi.IntInput) AccessApprovalSettingsEnrolledServiceOutput

func (AccessApprovalSettingsEnrolledServiceArrayOutput) ToAccessApprovalSettingsEnrolledServiceArrayOutput 

func (o AccessApprovalSettingsEnrolledServiceArrayOutput) ToAccessApprovalSettingsEnrolledServiceArrayOutput() AccessApprovalSettingsEnrolledServiceArrayOutput

func (AccessApprovalSettingsEnrolledServiceArrayOutput) ToAccessApprovalSettingsEnrolledServiceArrayOutputWithContext 

func (o AccessApprovalSettingsEnrolledServiceArrayOutput) ToAccessApprovalSettingsEnrolledServiceArrayOutputWithContext(ctx context.Context) AccessApprovalSettingsEnrolledServiceArrayOutput

type AccessApprovalSettingsEnrolledServiceInput 

type AccessApprovalSettingsEnrolledServiceInput interface {
	pulumi.Input

	ToAccessApprovalSettingsEnrolledServiceOutput() AccessApprovalSettingsEnrolledServiceOutput
	ToAccessApprovalSettingsEnrolledServiceOutputWithContext(context.Context) AccessApprovalSettingsEnrolledServiceOutput
}

AccessApprovalSettingsEnrolledServiceInput is an input type that accepts AccessApprovalSettingsEnrolledServiceArgs and AccessApprovalSettingsEnrolledServiceOutput values. You can construct a concrete instance of `AccessApprovalSettingsEnrolledServiceInput` via: 

AccessApprovalSettingsEnrolledServiceArgs{...}

type AccessApprovalSettingsEnrolledServiceOutput 

type AccessApprovalSettingsEnrolledServiceOutput struct{ *pulumi.OutputState }

func (AccessApprovalSettingsEnrolledServiceOutput) CloudProduct 

func (o AccessApprovalSettingsEnrolledServiceOutput) CloudProduct() pulumi.StringOutput

The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive): all appengine.googleapis.com bigquery.googleapis.com bigtable.googleapis.com cloudkms.googleapis.com compute.googleapis.com dataflow.googleapis.com iam.googleapis.com pubsub.googleapis.com storage.googleapis.com

func (AccessApprovalSettingsEnrolledServiceOutput) ElementType 

func (AccessApprovalSettingsEnrolledServiceOutput) ElementType() reflect.Type

func (AccessApprovalSettingsEnrolledServiceOutput) EnrollmentLevel 

func (o AccessApprovalSettingsEnrolledServiceOutput) EnrollmentLevel() pulumi.StringPtrOutput

The enrollment level of the service. Default value is `BLOCK_ALL`. Possible values are: `BLOCK_ALL`.

***

func (AccessApprovalSettingsEnrolledServiceOutput) ToAccessApprovalSettingsEnrolledServiceOutput 

func (o AccessApprovalSettingsEnrolledServiceOutput) ToAccessApprovalSettingsEnrolledServiceOutput() AccessApprovalSettingsEnrolledServiceOutput

func (AccessApprovalSettingsEnrolledServiceOutput) ToAccessApprovalSettingsEnrolledServiceOutputWithContext 

func (o AccessApprovalSettingsEnrolledServiceOutput) ToAccessApprovalSettingsEnrolledServiceOutputWithContext(ctx context.Context) AccessApprovalSettingsEnrolledServiceOutput

type AccessApprovalSettingsInput 

type AccessApprovalSettingsInput interface {
	pulumi.Input

	ToAccessApprovalSettingsOutput() AccessApprovalSettingsOutput
	ToAccessApprovalSettingsOutputWithContext(ctx context.Context) AccessApprovalSettingsOutput
}

type AccessApprovalSettingsMap 

type AccessApprovalSettingsMap map[string]AccessApprovalSettingsInput

func (AccessApprovalSettingsMap) ElementType 

func (AccessApprovalSettingsMap) ElementType() reflect.Type

func (AccessApprovalSettingsMap) ToAccessApprovalSettingsMapOutput 

func (i AccessApprovalSettingsMap) ToAccessApprovalSettingsMapOutput() AccessApprovalSettingsMapOutput

func (AccessApprovalSettingsMap) ToAccessApprovalSettingsMapOutputWithContext 

func (i AccessApprovalSettingsMap) ToAccessApprovalSettingsMapOutputWithContext(ctx context.Context) AccessApprovalSettingsMapOutput

type AccessApprovalSettingsMapInput 

type AccessApprovalSettingsMapInput interface {
	pulumi.Input

	ToAccessApprovalSettingsMapOutput() AccessApprovalSettingsMapOutput
	ToAccessApprovalSettingsMapOutputWithContext(context.Context) AccessApprovalSettingsMapOutput
}

AccessApprovalSettingsMapInput is an input type that accepts AccessApprovalSettingsMap and AccessApprovalSettingsMapOutput values. You can construct a concrete instance of `AccessApprovalSettingsMapInput` via: 

AccessApprovalSettingsMap{ "key": AccessApprovalSettingsArgs{...} }

type AccessApprovalSettingsMapOutput 

type AccessApprovalSettingsMapOutput struct{ *pulumi.OutputState }

func (AccessApprovalSettingsMapOutput) ElementType 

func (AccessApprovalSettingsMapOutput) ElementType() reflect.Type

func (AccessApprovalSettingsMapOutput) MapIndex 

func (o AccessApprovalSettingsMapOutput) MapIndex(k pulumi.StringInput) AccessApprovalSettingsOutput

func (AccessApprovalSettingsMapOutput) ToAccessApprovalSettingsMapOutput 

func (o AccessApprovalSettingsMapOutput) ToAccessApprovalSettingsMapOutput() AccessApprovalSettingsMapOutput

func (AccessApprovalSettingsMapOutput) ToAccessApprovalSettingsMapOutputWithContext 

func (o AccessApprovalSettingsMapOutput) ToAccessApprovalSettingsMapOutputWithContext(ctx context.Context) AccessApprovalSettingsMapOutput

type AccessApprovalSettingsOutput 

type AccessApprovalSettingsOutput struct{ *pulumi.OutputState }

func (AccessApprovalSettingsOutput) ActiveKeyVersion 

func (o AccessApprovalSettingsOutput) ActiveKeyVersion() pulumi.StringPtrOutput

The asymmetric crypto key version to use for signing approval requests. Empty activeKeyVersion indicates that a Google-managed key should be used for signing.

func (AccessApprovalSettingsOutput) AncestorHasActiveKeyVersion 

func (o AccessApprovalSettingsOutput) AncestorHasActiveKeyVersion() pulumi.BoolOutput

This field will always be unset for the organization since organizations do not have ancestors.

func (AccessApprovalSettingsOutput) ElementType 

func (AccessApprovalSettingsOutput) ElementType() reflect.Type

func (AccessApprovalSettingsOutput) EnrolledAncestor 

func (o AccessApprovalSettingsOutput) EnrolledAncestor() pulumi.BoolOutput

This field will always be unset for the organization since organizations do not have ancestors.

func (AccessApprovalSettingsOutput) EnrolledServices 

func (o AccessApprovalSettingsOutput) EnrolledServices() AccessApprovalSettingsEnrolledServiceArrayOutput

A list of Google Cloud Services for which the given resource has Access Approval enrolled. Access requests for the resource given by name against any of these services contained here will be required to have explicit approval. Enrollment can be done for individual services. A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded. Structure is documented below.

func (AccessApprovalSettingsOutput) InvalidKeyVersion 

func (o AccessApprovalSettingsOutput) InvalidKeyVersion() pulumi.BoolOutput

If the field is true, that indicates that there is some configuration issue with the activeKeyVersion configured on this Organization (e.g. it doesn't exist or the Access Approval service account doesn't have the correct permissions on it, etc.).

func (AccessApprovalSettingsOutput) Name 

func (o AccessApprovalSettingsOutput) Name() pulumi.StringOutput

The resource name of the settings. Format is "organizations/{organization_id}/accessApprovalSettings"

func (AccessApprovalSettingsOutput) NotificationEmails 

func (o AccessApprovalSettingsOutput) NotificationEmails() pulumi.StringArrayOutput

A list of email addresses to which notifications relating to approval requests should be sent. Notifications relating to a resource will be sent to all emails in the settings of ancestor resources of that resource. A maximum of 50 email addresses are allowed.

func (AccessApprovalSettingsOutput) OrganizationId 

func (o AccessApprovalSettingsOutput) OrganizationId() pulumi.StringOutput

ID of the organization of the access approval settings.

func (AccessApprovalSettingsOutput) ToAccessApprovalSettingsOutput 

func (o AccessApprovalSettingsOutput) ToAccessApprovalSettingsOutput() AccessApprovalSettingsOutput

func (AccessApprovalSettingsOutput) ToAccessApprovalSettingsOutputWithContext 

func (o AccessApprovalSettingsOutput) ToAccessApprovalSettingsOutputWithContext(ctx context.Context) AccessApprovalSettingsOutput

type AccessApprovalSettingsState 

type AccessApprovalSettingsState struct {
	// The asymmetric crypto key version to use for signing approval requests. Empty activeKeyVersion indicates that a
	// Google-managed key should be used for signing.
	ActiveKeyVersion pulumi.StringPtrInput
	// This field will always be unset for the organization since organizations do not have ancestors.
	AncestorHasActiveKeyVersion pulumi.BoolPtrInput
	// This field will always be unset for the organization since organizations do not have ancestors.
	EnrolledAncestor pulumi.BoolPtrInput
	// A list of Google Cloud Services for which the given resource has Access Approval enrolled.
	// Access requests for the resource given by name against any of these services contained here will be required
	// to have explicit approval. Enrollment can be done for individual services.
	// A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.
	// Structure is documented below.
	EnrolledServices AccessApprovalSettingsEnrolledServiceArrayInput
	// If the field is true, that indicates that there is some configuration issue with the activeKeyVersion
	// configured on this Organization (e.g. it doesn't exist or the Access Approval service account doesn't have the
	// correct permissions on it, etc.).
	InvalidKeyVersion pulumi.BoolPtrInput
	// The resource name of the settings. Format is "organizations/{organization_id}/accessApprovalSettings"
	Name pulumi.StringPtrInput
	// A list of email addresses to which notifications relating to approval requests should be sent. Notifications relating to
	// a resource will be sent to all emails in the settings of ancestor resources of that resource. A maximum of 50 email
	// addresses are allowed.
	NotificationEmails pulumi.StringArrayInput
	// ID of the organization of the access approval settings.
	OrganizationId pulumi.StringPtrInput
}

func (AccessApprovalSettingsState) ElementType 

func (AccessApprovalSettingsState) ElementType() reflect.Type

type Folder 

type Folder struct {
	pulumi.CustomResourceState

	// Timestamp when the Folder was created. Assigned by the server.
	// A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
	CreateTime         pulumi.StringOutput  `pulumi:"createTime"`
	DeletionProtection pulumi.BoolPtrOutput `pulumi:"deletionProtection"`
	// The folder’s display name.
	// A folder’s display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// The folder id from the name "folders/{folder_id}"
	FolderId pulumi.StringOutput `pulumi:"folderId"`
	// The lifecycle state of the folder such as `ACTIVE` or `DELETE_REQUESTED`.
	LifecycleState pulumi.StringOutput `pulumi:"lifecycleState"`
	// The resource name of the Folder. Its format is folders/{folder_id}.
	Name pulumi.StringOutput `pulumi:"name"`
	// The resource name of the parent Folder or Organization.
	// Must be of the form `folders/{folder_id}` or `organizations/{org_id}`.
	Parent pulumi.StringOutput `pulumi:"parent"`
}

Allows management of a Google Cloud Platform folder. For more information see [the official documentation](https://cloud.google.com/resource-manager/docs/creating-managing-folders) and [API](https://cloud.google.com/resource-manager/reference/rest/v2/folders).

A folder can contain projects, other folders, or a combination of both. You can use folders to group projects under an organization in a hierarchy. For example, your organization might contain multiple departments, each with its own set of Cloud Platform resources. Folders allows you to group these resources on a per-department basis. Folders are used to group resources that share common IAM policies.

Folders created live inside an Organization. See the [Organization documentation](https://cloud.google.com/resource-manager/docs/quickstarts) for more details.

The service account used to run the provider when creating a `organizations.Folder` resource must have `roles/resourcemanager.folderCreator`. See the [Access Control for Folders Using IAM](https://cloud.google.com/resource-manager/docs/access-control-folders) doc for more information.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// Top-level folder under an organization.
		department1, err := organizations.NewFolder(ctx, "department1", &organizations.FolderArgs{
			DisplayName: pulumi.String("Department 1"),
			Parent:      pulumi.String("organizations/1234567"),
		})
		if err != nil {
			return err
		}
		// Folder nested under another folder.
		_, err = organizations.NewFolder(ctx, "team-abc", &organizations.FolderArgs{
			DisplayName: pulumi.String("Team ABC"),
			Parent:      department1.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Folders can be imported using the folder's id, e.g.

* `folders/{{folder_id}}`

* `{{folder_id}}`

When using the `pulumi import` command, Folders can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:organizations/folder:Folder default {{folder_id}} ```

```sh $ pulumi import gcp:organizations/folder:Folder default folders/{{folder_id}} ```

func GetFolder 

func GetFolder(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *FolderState, opts ...pulumi.ResourceOption) (*Folder, error)

GetFolder gets an existing Folder resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewFolder 

func NewFolder(ctx *pulumi.Context,
	name string, args *FolderArgs, opts ...pulumi.ResourceOption) (*Folder, error)

NewFolder registers a new resource with the given unique name, arguments, and options.

func (*Folder) ElementType 

func (*Folder) ElementType() reflect.Type

func (*Folder) ToFolderOutput 

func (i *Folder) ToFolderOutput() FolderOutput

func (*Folder) ToFolderOutputWithContext 

func (i *Folder) ToFolderOutputWithContext(ctx context.Context) FolderOutput

type FolderArgs 

type FolderArgs struct {
	DeletionProtection pulumi.BoolPtrInput
	// The folder’s display name.
	// A folder’s display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters.
	DisplayName pulumi.StringInput
	// The resource name of the parent Folder or Organization.
	// Must be of the form `folders/{folder_id}` or `organizations/{org_id}`.
	Parent pulumi.StringInput
}

The set of arguments for constructing a Folder resource.

func (FolderArgs) ElementType 

func (FolderArgs) ElementType() reflect.Type

type FolderArray 

type FolderArray []FolderInput

func (FolderArray) ElementType 

func (FolderArray) ElementType() reflect.Type

func (FolderArray) ToFolderArrayOutput 

func (i FolderArray) ToFolderArrayOutput() FolderArrayOutput

func (FolderArray) ToFolderArrayOutputWithContext 

func (i FolderArray) ToFolderArrayOutputWithContext(ctx context.Context) FolderArrayOutput

type FolderArrayInput 

type FolderArrayInput interface {
	pulumi.Input

	ToFolderArrayOutput() FolderArrayOutput
	ToFolderArrayOutputWithContext(context.Context) FolderArrayOutput
}

FolderArrayInput is an input type that accepts FolderArray and FolderArrayOutput values. You can construct a concrete instance of `FolderArrayInput` via: 

FolderArray{ FolderArgs{...} }

type FolderArrayOutput 

type FolderArrayOutput struct{ *pulumi.OutputState }

func (FolderArrayOutput) ElementType 

func (FolderArrayOutput) ElementType() reflect.Type

func (FolderArrayOutput) Index 

func (o FolderArrayOutput) Index(i pulumi.IntInput) FolderOutput

func (FolderArrayOutput) ToFolderArrayOutput 

func (o FolderArrayOutput) ToFolderArrayOutput() FolderArrayOutput

func (FolderArrayOutput) ToFolderArrayOutputWithContext 

func (o FolderArrayOutput) ToFolderArrayOutputWithContext(ctx context.Context) FolderArrayOutput

type FolderInput 

type FolderInput interface {
	pulumi.Input

	ToFolderOutput() FolderOutput
	ToFolderOutputWithContext(ctx context.Context) FolderOutput
}

type FolderMap 

type FolderMap map[string]FolderInput

func (FolderMap) ElementType 

func (FolderMap) ElementType() reflect.Type

func (FolderMap) ToFolderMapOutput 

func (i FolderMap) ToFolderMapOutput() FolderMapOutput

func (FolderMap) ToFolderMapOutputWithContext 

func (i FolderMap) ToFolderMapOutputWithContext(ctx context.Context) FolderMapOutput

type FolderMapInput 

type FolderMapInput interface {
	pulumi.Input

	ToFolderMapOutput() FolderMapOutput
	ToFolderMapOutputWithContext(context.Context) FolderMapOutput
}

FolderMapInput is an input type that accepts FolderMap and FolderMapOutput values. You can construct a concrete instance of `FolderMapInput` via: 

FolderMap{ "key": FolderArgs{...} }

type FolderMapOutput 

type FolderMapOutput struct{ *pulumi.OutputState }

func (FolderMapOutput) ElementType 

func (FolderMapOutput) ElementType() reflect.Type

func (FolderMapOutput) MapIndex 

func (o FolderMapOutput) MapIndex(k pulumi.StringInput) FolderOutput

func (FolderMapOutput) ToFolderMapOutput 

func (o FolderMapOutput) ToFolderMapOutput() FolderMapOutput

func (FolderMapOutput) ToFolderMapOutputWithContext 

func (o FolderMapOutput) ToFolderMapOutputWithContext(ctx context.Context) FolderMapOutput

type FolderOutput 

type FolderOutput struct{ *pulumi.OutputState }

func (FolderOutput) CreateTime 

func (o FolderOutput) CreateTime() pulumi.StringOutput

Timestamp when the Folder was created. Assigned by the server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

func (FolderOutput) DeletionProtection 

func (o FolderOutput) DeletionProtection() pulumi.BoolPtrOutput

func (FolderOutput) DisplayName 

func (o FolderOutput) DisplayName() pulumi.StringOutput

The folder’s display name. A folder’s display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters.

func (FolderOutput) ElementType 

func (FolderOutput) ElementType() reflect.Type

func (FolderOutput) FolderId 

func (o FolderOutput) FolderId() pulumi.StringOutput

The folder id from the name "folders/{folder_id}"

func (FolderOutput) LifecycleState 

func (o FolderOutput) LifecycleState() pulumi.StringOutput

The lifecycle state of the folder such as `ACTIVE` or `DELETE_REQUESTED`.

func (FolderOutput) Name 

func (o FolderOutput) Name() pulumi.StringOutput

The resource name of the Folder. Its format is folders/{folder_id}.

func (FolderOutput) Parent 

func (o FolderOutput) Parent() pulumi.StringOutput

The resource name of the parent Folder or Organization. Must be of the form `folders/{folder_id}` or `organizations/{org_id}`.

func (FolderOutput) ToFolderOutput 

func (o FolderOutput) ToFolderOutput() FolderOutput

func (FolderOutput) ToFolderOutputWithContext 

func (o FolderOutput) ToFolderOutputWithContext(ctx context.Context) FolderOutput

type FolderState 

type FolderState struct {
	// Timestamp when the Folder was created. Assigned by the server.
	// A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
	CreateTime         pulumi.StringPtrInput
	DeletionProtection pulumi.BoolPtrInput
	// The folder’s display name.
	// A folder’s display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters.
	DisplayName pulumi.StringPtrInput
	// The folder id from the name "folders/{folder_id}"
	FolderId pulumi.StringPtrInput
	// The lifecycle state of the folder such as `ACTIVE` or `DELETE_REQUESTED`.
	LifecycleState pulumi.StringPtrInput
	// The resource name of the Folder. Its format is folders/{folder_id}.
	Name pulumi.StringPtrInput
	// The resource name of the parent Folder or Organization.
	// Must be of the form `folders/{folder_id}` or `organizations/{org_id}`.
	Parent pulumi.StringPtrInput
}

func (FolderState) ElementType 

func (FolderState) ElementType() reflect.Type

type GetActiveFolderArgs 

type GetActiveFolderArgs struct {
	// The API method to use to search for the folder. Valid values are `LIST` and `SEARCH`. Default Value is `LIST`. `LIST` is [strongly consistent](<https://cloud.google.com/resource-manager/reference/rest/v3/folders/list#:~:text=list()%20provides%20a-,strongly%20consistent,-view%20of%20the>) and requires `resourcemanager.folders.list` on the parent folder, while `SEARCH` is [eventually consistent](https://cloud.google.com/resource-manager/reference/rest/v3/folders/search#:~:text=eventually%20consistent) and only returns folders that the user has `resourcemanager.folders.get` permission on.
	ApiMethod *string `pulumi:"apiMethod"`
	// The folder's display name.
	DisplayName string `pulumi:"displayName"`
	// The resource name of the parent Folder or Organization.
	Parent string `pulumi:"parent"`
}

A collection of arguments for invoking getActiveFolder.

type GetActiveFolderOutputArgs 

type GetActiveFolderOutputArgs struct {
	// The API method to use to search for the folder. Valid values are `LIST` and `SEARCH`. Default Value is `LIST`. `LIST` is [strongly consistent](<https://cloud.google.com/resource-manager/reference/rest/v3/folders/list#:~:text=list()%20provides%20a-,strongly%20consistent,-view%20of%20the>) and requires `resourcemanager.folders.list` on the parent folder, while `SEARCH` is [eventually consistent](https://cloud.google.com/resource-manager/reference/rest/v3/folders/search#:~:text=eventually%20consistent) and only returns folders that the user has `resourcemanager.folders.get` permission on.
	ApiMethod pulumi.StringPtrInput `pulumi:"apiMethod"`
	// The folder's display name.
	DisplayName pulumi.StringInput `pulumi:"displayName"`
	// The resource name of the parent Folder or Organization.
	Parent pulumi.StringInput `pulumi:"parent"`
}

A collection of arguments for invoking getActiveFolder.

func (GetActiveFolderOutputArgs) ElementType 

func (GetActiveFolderOutputArgs) ElementType() reflect.Type

type GetActiveFolderResult 

type GetActiveFolderResult struct {
	ApiMethod   *string `pulumi:"apiMethod"`
	DisplayName string  `pulumi:"displayName"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The resource name of the Folder. This uniquely identifies the folder.
	Name   string `pulumi:"name"`
	Parent string `pulumi:"parent"`
}

A collection of values returned by getActiveFolder.

func GetActiveFolder 

func GetActiveFolder(ctx *pulumi.Context, args *GetActiveFolderArgs, opts ...pulumi.InvokeOption) (*GetActiveFolderResult, error)

Get an active folder within GCP by `displayName` and `parent`.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.GetActiveFolder(ctx, &organizations.GetActiveFolderArgs{
			DisplayName: "Department 1",
			Parent:      "organizations/1234567",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetActiveFolderResultOutput 

type GetActiveFolderResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getActiveFolder.

func GetActiveFolderOutput 

func GetActiveFolderOutput(ctx *pulumi.Context, args GetActiveFolderOutputArgs, opts ...pulumi.InvokeOption) GetActiveFolderResultOutput

func (GetActiveFolderResultOutput) ApiMethod 

func (o GetActiveFolderResultOutput) ApiMethod() pulumi.StringPtrOutput

func (GetActiveFolderResultOutput) DisplayName 

func (o GetActiveFolderResultOutput) DisplayName() pulumi.StringOutput

func (GetActiveFolderResultOutput) ElementType 

func (GetActiveFolderResultOutput) ElementType() reflect.Type

func (GetActiveFolderResultOutput) Id 

func (o GetActiveFolderResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetActiveFolderResultOutput) Name 

func (o GetActiveFolderResultOutput) Name() pulumi.StringOutput

The resource name of the Folder. This uniquely identifies the folder.

func (GetActiveFolderResultOutput) Parent 

func (o GetActiveFolderResultOutput) Parent() pulumi.StringOutput

func (GetActiveFolderResultOutput) ToGetActiveFolderResultOutput 

func (o GetActiveFolderResultOutput) ToGetActiveFolderResultOutput() GetActiveFolderResultOutput

func (GetActiveFolderResultOutput) ToGetActiveFolderResultOutputWithContext 

func (o GetActiveFolderResultOutput) ToGetActiveFolderResultOutputWithContext(ctx context.Context) GetActiveFolderResultOutput

type GetBillingAccountArgs 

type GetBillingAccountArgs struct {
	// The name of the billing account in the form `{billing_account_id}` or `billingAccounts/{billing_account_id}`.
	BillingAccount *string `pulumi:"billingAccount"`
	// The display name of the billing account.
	DisplayName *string `pulumi:"displayName"`
	// `true` if projects associated with the billing account should be read, `false` if this step
	// should be skipped. Setting `false` may be useful if the user permissions do not allow listing projects. Defaults to `true`.
	//
	// > **NOTE:** One of `billingAccount` or `displayName` must be specified.
	LookupProjects *bool `pulumi:"lookupProjects"`
	// `true` if the billing account is open, `false` if the billing account is closed.
	Open *bool `pulumi:"open"`
}

A collection of arguments for invoking getBillingAccount.

type GetBillingAccountOutputArgs 

type GetBillingAccountOutputArgs struct {
	// The name of the billing account in the form `{billing_account_id}` or `billingAccounts/{billing_account_id}`.
	BillingAccount pulumi.StringPtrInput `pulumi:"billingAccount"`
	// The display name of the billing account.
	DisplayName pulumi.StringPtrInput `pulumi:"displayName"`
	// `true` if projects associated with the billing account should be read, `false` if this step
	// should be skipped. Setting `false` may be useful if the user permissions do not allow listing projects. Defaults to `true`.
	//
	// > **NOTE:** One of `billingAccount` or `displayName` must be specified.
	LookupProjects pulumi.BoolPtrInput `pulumi:"lookupProjects"`
	// `true` if the billing account is open, `false` if the billing account is closed.
	Open pulumi.BoolPtrInput `pulumi:"open"`
}

A collection of arguments for invoking getBillingAccount.

func (GetBillingAccountOutputArgs) ElementType 

func (GetBillingAccountOutputArgs) ElementType() reflect.Type

type GetBillingAccountResult 

type GetBillingAccountResult struct {
	BillingAccount *string `pulumi:"billingAccount"`
	DisplayName    string  `pulumi:"displayName"`
	// The provider-assigned unique ID for this managed resource.
	Id             string `pulumi:"id"`
	LookupProjects *bool  `pulumi:"lookupProjects"`
	// The resource name of the billing account in the form `billingAccounts/{billing_account_id}`.
	Name string `pulumi:"name"`
	Open bool   `pulumi:"open"`
	// The IDs of any projects associated with the billing account. `lookupProjects` must not be false
	// for this to be populated.
	ProjectIds []string `pulumi:"projectIds"`
}

A collection of values returned by getBillingAccount.

func GetBillingAccount 

func GetBillingAccount(ctx *pulumi.Context, args *GetBillingAccountArgs, opts ...pulumi.InvokeOption) (*GetBillingAccountResult, error)

Use this data source to get information about a Google Billing Account.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		acct, err := organizations.GetBillingAccount(ctx, &organizations.GetBillingAccountArgs{
			DisplayName: pulumi.StringRef("My Billing Account"),
			Open:        pulumi.BoolRef(true),
		}, nil)
		if err != nil {
			return err
		}
		_, err = organizations.NewProject(ctx, "my_project", &organizations.ProjectArgs{
			Name:           pulumi.String("My Project"),
			ProjectId:      pulumi.String("your-project-id"),
			OrgId:          pulumi.String("1234567"),
			BillingAccount: pulumi.String(acct.Id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetBillingAccountResultOutput 

type GetBillingAccountResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getBillingAccount.

func GetBillingAccountOutput 

func GetBillingAccountOutput(ctx *pulumi.Context, args GetBillingAccountOutputArgs, opts ...pulumi.InvokeOption) GetBillingAccountResultOutput

func (GetBillingAccountResultOutput) BillingAccount 

func (o GetBillingAccountResultOutput) BillingAccount() pulumi.StringPtrOutput

func (GetBillingAccountResultOutput) DisplayName 

func (o GetBillingAccountResultOutput) DisplayName() pulumi.StringOutput

func (GetBillingAccountResultOutput) ElementType 

func (GetBillingAccountResultOutput) ElementType() reflect.Type

func (GetBillingAccountResultOutput) Id 

func (o GetBillingAccountResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetBillingAccountResultOutput) LookupProjects 

func (o GetBillingAccountResultOutput) LookupProjects() pulumi.BoolPtrOutput

func (GetBillingAccountResultOutput) Name 

func (o GetBillingAccountResultOutput) Name() pulumi.StringOutput

The resource name of the billing account in the form `billingAccounts/{billing_account_id}`.

func (GetBillingAccountResultOutput) Open 

func (o GetBillingAccountResultOutput) Open() pulumi.BoolOutput

func (GetBillingAccountResultOutput) ProjectIds 

func (o GetBillingAccountResultOutput) ProjectIds() pulumi.StringArrayOutput

The IDs of any projects associated with the billing account. `lookupProjects` must not be false for this to be populated.

func (GetBillingAccountResultOutput) ToGetBillingAccountResultOutput 

func (o GetBillingAccountResultOutput) ToGetBillingAccountResultOutput() GetBillingAccountResultOutput

func (GetBillingAccountResultOutput) ToGetBillingAccountResultOutputWithContext 

func (o GetBillingAccountResultOutput) ToGetBillingAccountResultOutputWithContext(ctx context.Context) GetBillingAccountResultOutput

type GetClientConfigResult 

type GetClientConfigResult struct {
	// The OAuth2 access token used by the client to authenticate against the Google Cloud API.
	AccessToken string `pulumi:"accessToken"`
	// The default labels configured on the provider.
	DefaultLabels map[string]string `pulumi:"defaultLabels"`
	Id            string            `pulumi:"id"`
	// The ID of the project to apply any resources to.
	Project string `pulumi:"project"`
	// The region to operate under.
	Region string `pulumi:"region"`
	// The zone to operate under.
	Zone string `pulumi:"zone"`
}

A collection of values returned by getClientConfig.

func GetClientConfig 

func GetClientConfig(ctx *pulumi.Context, opts ...pulumi.InvokeOption) (*GetClientConfigResult, error)

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := organizations.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		ctx.Export("project", current.Project)
		return nil
	})
}

```

type GetClientConfigResultOutput 

type GetClientConfigResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getClientConfig.

func GetClientConfigOutput 

func GetClientConfigOutput(ctx *pulumi.Context, opts ...pulumi.InvokeOption) GetClientConfigResultOutput

func (GetClientConfigResultOutput) AccessToken 

func (o GetClientConfigResultOutput) AccessToken() pulumi.StringOutput

The OAuth2 access token used by the client to authenticate against the Google Cloud API.

func (GetClientConfigResultOutput) DefaultLabels 

func (o GetClientConfigResultOutput) DefaultLabels() pulumi.StringMapOutput

The default labels configured on the provider.

func (GetClientConfigResultOutput) ElementType 

func (GetClientConfigResultOutput) ElementType() reflect.Type

func (GetClientConfigResultOutput) Id 

func (o GetClientConfigResultOutput) Id() pulumi.StringOutput

func (GetClientConfigResultOutput) Project 

func (o GetClientConfigResultOutput) Project() pulumi.StringOutput

The ID of the project to apply any resources to.

func (GetClientConfigResultOutput) Region 

func (o GetClientConfigResultOutput) Region() pulumi.StringOutput

The region to operate under.

func (GetClientConfigResultOutput) ToGetClientConfigResultOutput 

func (o GetClientConfigResultOutput) ToGetClientConfigResultOutput() GetClientConfigResultOutput

func (GetClientConfigResultOutput) ToGetClientConfigResultOutputWithContext 

func (o GetClientConfigResultOutput) ToGetClientConfigResultOutputWithContext(ctx context.Context) GetClientConfigResultOutput

func (GetClientConfigResultOutput) Zone 

func (o GetClientConfigResultOutput) Zone() pulumi.StringOutput

The zone to operate under.

type GetClientOpenIdUserInfoResult 

type GetClientOpenIdUserInfoResult struct {
	// The email of the account used by the provider to authenticate with GCP.
	Email string `pulumi:"email"`
	Id    string `pulumi:"id"`
}

A collection of values returned by getClientOpenIdUserInfo.

func GetClientOpenIdUserInfo 

func GetClientOpenIdUserInfo(ctx *pulumi.Context, opts ...pulumi.InvokeOption) (*GetClientOpenIdUserInfoResult, error)

Get OpenID userinfo about the credentials used with the Google provider, specifically the email.

This datasource enables you to export the email of the account you've authenticated the provider with; this can be used alongside `data.google_client_config`'s `accessToken` to perform OpenID Connect authentication with GKE and configure an RBAC role for the email used.

> This resource will only work as expected if the provider is configured to use the `https://www.googleapis.com/auth/userinfo.email` scope! You will receive an error otherwise. The provider uses this scope by default.

## Example Usage

### Exporting An Email

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		me, err := organizations.GetClientOpenIdUserInfo(ctx, nil, nil)
		if err != nil {
			return err
		}
		ctx.Export("my-email", me.Email)
		return nil
	})
}

```

type GetClientOpenIdUserInfoResultOutput 

type GetClientOpenIdUserInfoResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getClientOpenIdUserInfo.

func GetClientOpenIdUserInfoOutput 

func GetClientOpenIdUserInfoOutput(ctx *pulumi.Context, opts ...pulumi.InvokeOption) GetClientOpenIdUserInfoResultOutput

func (GetClientOpenIdUserInfoResultOutput) ElementType 

func (GetClientOpenIdUserInfoResultOutput) ElementType() reflect.Type

func (GetClientOpenIdUserInfoResultOutput) Email 

func (o GetClientOpenIdUserInfoResultOutput) Email() pulumi.StringOutput

The email of the account used by the provider to authenticate with GCP.

func (GetClientOpenIdUserInfoResultOutput) Id 

func (o GetClientOpenIdUserInfoResultOutput) Id() pulumi.StringOutput

func (GetClientOpenIdUserInfoResultOutput) ToGetClientOpenIdUserInfoResultOutput 

func (o GetClientOpenIdUserInfoResultOutput) ToGetClientOpenIdUserInfoResultOutput() GetClientOpenIdUserInfoResultOutput

func (GetClientOpenIdUserInfoResultOutput) ToGetClientOpenIdUserInfoResultOutputWithContext 

func (o GetClientOpenIdUserInfoResultOutput) ToGetClientOpenIdUserInfoResultOutputWithContext(ctx context.Context) GetClientOpenIdUserInfoResultOutput

type GetFoldersArgs 

type GetFoldersArgs struct {
	// A string parent as defined in the [REST API](https://cloud.google.com/resource-manager/reference/rest/v3/folders/list#query-parameters).
	ParentId string `pulumi:"parentId"`
}

A collection of arguments for invoking getFolders.

type GetFoldersFolder 

type GetFoldersFolder struct {
	// The timestamp of when the folder was created
	CreateTime string `pulumi:"createTime"`
	// The timestamp of when the folder was requested to be deleted (if applicable)
	DeleteTime string `pulumi:"deleteTime"`
	// The display name of the folder
	DisplayName string `pulumi:"displayName"`
	// Entity tag identifier of the folder
	Etag string `pulumi:"etag"`
	// The id of the folder
	Name string `pulumi:"name"`
	// The parent id of the folder
	Parent string `pulumi:"parent"`
	// The lifecycle state of the folder
	State string `pulumi:"state"`
	// The timestamp of when the folder was last modified
	UpdateTime string `pulumi:"updateTime"`
}

type GetFoldersFolderArgs 

type GetFoldersFolderArgs struct {
	// The timestamp of when the folder was created
	CreateTime pulumi.StringInput `pulumi:"createTime"`
	// The timestamp of when the folder was requested to be deleted (if applicable)
	DeleteTime pulumi.StringInput `pulumi:"deleteTime"`
	// The display name of the folder
	DisplayName pulumi.StringInput `pulumi:"displayName"`
	// Entity tag identifier of the folder
	Etag pulumi.StringInput `pulumi:"etag"`
	// The id of the folder
	Name pulumi.StringInput `pulumi:"name"`
	// The parent id of the folder
	Parent pulumi.StringInput `pulumi:"parent"`
	// The lifecycle state of the folder
	State pulumi.StringInput `pulumi:"state"`
	// The timestamp of when the folder was last modified
	UpdateTime pulumi.StringInput `pulumi:"updateTime"`
}

func (GetFoldersFolderArgs) ElementType 

func (GetFoldersFolderArgs) ElementType() reflect.Type

func (GetFoldersFolderArgs) ToGetFoldersFolderOutput 

func (i GetFoldersFolderArgs) ToGetFoldersFolderOutput() GetFoldersFolderOutput

func (GetFoldersFolderArgs) ToGetFoldersFolderOutputWithContext 

func (i GetFoldersFolderArgs) ToGetFoldersFolderOutputWithContext(ctx context.Context) GetFoldersFolderOutput

type GetFoldersFolderArray 

type GetFoldersFolderArray []GetFoldersFolderInput

func (GetFoldersFolderArray) ElementType 

func (GetFoldersFolderArray) ElementType() reflect.Type

func (GetFoldersFolderArray) ToGetFoldersFolderArrayOutput 

func (i GetFoldersFolderArray) ToGetFoldersFolderArrayOutput() GetFoldersFolderArrayOutput

func (GetFoldersFolderArray) ToGetFoldersFolderArrayOutputWithContext 

func (i GetFoldersFolderArray) ToGetFoldersFolderArrayOutputWithContext(ctx context.Context) GetFoldersFolderArrayOutput

type GetFoldersFolderArrayInput 

type GetFoldersFolderArrayInput interface {
	pulumi.Input

	ToGetFoldersFolderArrayOutput() GetFoldersFolderArrayOutput
	ToGetFoldersFolderArrayOutputWithContext(context.Context) GetFoldersFolderArrayOutput
}

GetFoldersFolderArrayInput is an input type that accepts GetFoldersFolderArray and GetFoldersFolderArrayOutput values. You can construct a concrete instance of `GetFoldersFolderArrayInput` via: 

GetFoldersFolderArray{ GetFoldersFolderArgs{...} }

type GetFoldersFolderArrayOutput 

type GetFoldersFolderArrayOutput struct{ *pulumi.OutputState }

func (GetFoldersFolderArrayOutput) ElementType 

func (GetFoldersFolderArrayOutput) ElementType() reflect.Type

func (GetFoldersFolderArrayOutput) Index 

func (o GetFoldersFolderArrayOutput) Index(i pulumi.IntInput) GetFoldersFolderOutput

func (GetFoldersFolderArrayOutput) ToGetFoldersFolderArrayOutput 

func (o GetFoldersFolderArrayOutput) ToGetFoldersFolderArrayOutput() GetFoldersFolderArrayOutput

func (GetFoldersFolderArrayOutput) ToGetFoldersFolderArrayOutputWithContext 

func (o GetFoldersFolderArrayOutput) ToGetFoldersFolderArrayOutputWithContext(ctx context.Context) GetFoldersFolderArrayOutput

type GetFoldersFolderInput 

type GetFoldersFolderInput interface {
	pulumi.Input

	ToGetFoldersFolderOutput() GetFoldersFolderOutput
	ToGetFoldersFolderOutputWithContext(context.Context) GetFoldersFolderOutput
}

GetFoldersFolderInput is an input type that accepts GetFoldersFolderArgs and GetFoldersFolderOutput values. You can construct a concrete instance of `GetFoldersFolderInput` via: 

GetFoldersFolderArgs{...}

type GetFoldersFolderOutput 

type GetFoldersFolderOutput struct{ *pulumi.OutputState }

func (GetFoldersFolderOutput) CreateTime 

func (o GetFoldersFolderOutput) CreateTime() pulumi.StringOutput

The timestamp of when the folder was created

func (GetFoldersFolderOutput) DeleteTime 

func (o GetFoldersFolderOutput) DeleteTime() pulumi.StringOutput

The timestamp of when the folder was requested to be deleted (if applicable)

func (GetFoldersFolderOutput) DisplayName 

func (o GetFoldersFolderOutput) DisplayName() pulumi.StringOutput

The display name of the folder

func (GetFoldersFolderOutput) ElementType 

func (GetFoldersFolderOutput) ElementType() reflect.Type

func (GetFoldersFolderOutput) Etag 

func (o GetFoldersFolderOutput) Etag() pulumi.StringOutput

Entity tag identifier of the folder

func (GetFoldersFolderOutput) Name 

func (o GetFoldersFolderOutput) Name() pulumi.StringOutput

The id of the folder

func (GetFoldersFolderOutput) Parent 

func (o GetFoldersFolderOutput) Parent() pulumi.StringOutput

The parent id of the folder

func (GetFoldersFolderOutput) State 

func (o GetFoldersFolderOutput) State() pulumi.StringOutput

The lifecycle state of the folder

func (GetFoldersFolderOutput) ToGetFoldersFolderOutput 

func (o GetFoldersFolderOutput) ToGetFoldersFolderOutput() GetFoldersFolderOutput

func (GetFoldersFolderOutput) ToGetFoldersFolderOutputWithContext 

func (o GetFoldersFolderOutput) ToGetFoldersFolderOutputWithContext(ctx context.Context) GetFoldersFolderOutput

func (GetFoldersFolderOutput) UpdateTime 

func (o GetFoldersFolderOutput) UpdateTime() pulumi.StringOutput

The timestamp of when the folder was last modified

type GetFoldersOutputArgs 

type GetFoldersOutputArgs struct {
	// A string parent as defined in the [REST API](https://cloud.google.com/resource-manager/reference/rest/v3/folders/list#query-parameters).
	ParentId pulumi.StringInput `pulumi:"parentId"`
}

A collection of arguments for invoking getFolders.

func (GetFoldersOutputArgs) ElementType 

func (GetFoldersOutputArgs) ElementType() reflect.Type

type GetFoldersResult 

type GetFoldersResult struct {
	// A list of folders matching the provided filter. Structure is defined below.
	Folders []GetFoldersFolder `pulumi:"folders"`
	// The provider-assigned unique ID for this managed resource.
	Id       string `pulumi:"id"`
	ParentId string `pulumi:"parentId"`
}

A collection of values returned by getFolders.

func GetFolders 

func GetFolders(ctx *pulumi.Context, args *GetFoldersArgs, opts ...pulumi.InvokeOption) (*GetFoldersResult, error)

Retrieve information about a set of folders based on a parent ID. See the [REST API](https://cloud.google.com/resource-manager/reference/rest/v3/folders/list) for more details.

## Example Usage

### Searching For Folders At The Root Of An Org

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		my_org_folders, err := organizations.GetFolders(ctx, &organizations.GetFoldersArgs{
			ParentId: fmt.Sprintf("organizations/%v", organizationId),
		}, nil)
		if err != nil {
			return err
		}
		_, err = organizations.LookupFolder(ctx, &organizations.LookupFolderArgs{
			Folder: my_org_folders.Folders[0].Name,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetFoldersResultOutput 

type GetFoldersResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getFolders.

func GetFoldersOutput 

func GetFoldersOutput(ctx *pulumi.Context, args GetFoldersOutputArgs, opts ...pulumi.InvokeOption) GetFoldersResultOutput

func (GetFoldersResultOutput) ElementType 

func (GetFoldersResultOutput) ElementType() reflect.Type

func (GetFoldersResultOutput) Folders 

func (o GetFoldersResultOutput) Folders() GetFoldersFolderArrayOutput

A list of folders matching the provided filter. Structure is defined below.

func (GetFoldersResultOutput) Id 

func (o GetFoldersResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetFoldersResultOutput) ParentId 

func (o GetFoldersResultOutput) ParentId() pulumi.StringOutput

func (GetFoldersResultOutput) ToGetFoldersResultOutput 

func (o GetFoldersResultOutput) ToGetFoldersResultOutput() GetFoldersResultOutput

func (GetFoldersResultOutput) ToGetFoldersResultOutputWithContext 

func (o GetFoldersResultOutput) ToGetFoldersResultOutputWithContext(ctx context.Context) GetFoldersResultOutput

type GetIAMPolicyAuditConfig 

type GetIAMPolicyAuditConfig struct {
	// A nested block that defines the operations you'd like to log.
	AuditLogConfigs []GetIAMPolicyAuditConfigAuditLogConfig `pulumi:"auditLogConfigs"`
	// Defines a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
	Service string `pulumi:"service"`
}

type GetIAMPolicyAuditConfigArgs 

type GetIAMPolicyAuditConfigArgs struct {
	// A nested block that defines the operations you'd like to log.
	AuditLogConfigs GetIAMPolicyAuditConfigAuditLogConfigArrayInput `pulumi:"auditLogConfigs"`
	// Defines a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
	Service pulumi.StringInput `pulumi:"service"`
}

func (GetIAMPolicyAuditConfigArgs) ElementType 

func (GetIAMPolicyAuditConfigArgs) ElementType() reflect.Type

func (GetIAMPolicyAuditConfigArgs) ToGetIAMPolicyAuditConfigOutput 

func (i GetIAMPolicyAuditConfigArgs) ToGetIAMPolicyAuditConfigOutput() GetIAMPolicyAuditConfigOutput

func (GetIAMPolicyAuditConfigArgs) ToGetIAMPolicyAuditConfigOutputWithContext 

func (i GetIAMPolicyAuditConfigArgs) ToGetIAMPolicyAuditConfigOutputWithContext(ctx context.Context) GetIAMPolicyAuditConfigOutput

type GetIAMPolicyAuditConfigArray 

type GetIAMPolicyAuditConfigArray []GetIAMPolicyAuditConfigInput

func (GetIAMPolicyAuditConfigArray) ElementType 

func (GetIAMPolicyAuditConfigArray) ElementType() reflect.Type

func (GetIAMPolicyAuditConfigArray) ToGetIAMPolicyAuditConfigArrayOutput 

func (i GetIAMPolicyAuditConfigArray) ToGetIAMPolicyAuditConfigArrayOutput() GetIAMPolicyAuditConfigArrayOutput

func (GetIAMPolicyAuditConfigArray) ToGetIAMPolicyAuditConfigArrayOutputWithContext 

func (i GetIAMPolicyAuditConfigArray) ToGetIAMPolicyAuditConfigArrayOutputWithContext(ctx context.Context) GetIAMPolicyAuditConfigArrayOutput

type GetIAMPolicyAuditConfigArrayInput 

type GetIAMPolicyAuditConfigArrayInput interface {
	pulumi.Input

	ToGetIAMPolicyAuditConfigArrayOutput() GetIAMPolicyAuditConfigArrayOutput
	ToGetIAMPolicyAuditConfigArrayOutputWithContext(context.Context) GetIAMPolicyAuditConfigArrayOutput
}

GetIAMPolicyAuditConfigArrayInput is an input type that accepts GetIAMPolicyAuditConfigArray and GetIAMPolicyAuditConfigArrayOutput values. You can construct a concrete instance of `GetIAMPolicyAuditConfigArrayInput` via: 

GetIAMPolicyAuditConfigArray{ GetIAMPolicyAuditConfigArgs{...} }

type GetIAMPolicyAuditConfigArrayOutput 

type GetIAMPolicyAuditConfigArrayOutput struct{ *pulumi.OutputState }

func (GetIAMPolicyAuditConfigArrayOutput) ElementType 

func (GetIAMPolicyAuditConfigArrayOutput) ElementType() reflect.Type

func (GetIAMPolicyAuditConfigArrayOutput) Index 

func (o GetIAMPolicyAuditConfigArrayOutput) Index(i pulumi.IntInput) GetIAMPolicyAuditConfigOutput

func (GetIAMPolicyAuditConfigArrayOutput) ToGetIAMPolicyAuditConfigArrayOutput 

func (o GetIAMPolicyAuditConfigArrayOutput) ToGetIAMPolicyAuditConfigArrayOutput() GetIAMPolicyAuditConfigArrayOutput

func (GetIAMPolicyAuditConfigArrayOutput) ToGetIAMPolicyAuditConfigArrayOutputWithContext 

func (o GetIAMPolicyAuditConfigArrayOutput) ToGetIAMPolicyAuditConfigArrayOutputWithContext(ctx context.Context) GetIAMPolicyAuditConfigArrayOutput

type GetIAMPolicyAuditConfigAuditLogConfig 

type GetIAMPolicyAuditConfigAuditLogConfig struct {
	// Specifies the identities that are exempt from these types of logging operations. Follows the same format of the `members` array for `binding`.
	ExemptedMembers []string `pulumi:"exemptedMembers"`
	// Defines the logging level. `DATA_READ`, `DATA_WRITE` and `ADMIN_READ` capture different types of events. See [the audit configuration documentation](https://cloud.google.com/resource-manager/reference/rest/Shared.Types/AuditConfig) for more details.
	LogType string `pulumi:"logType"`
}

type GetIAMPolicyAuditConfigAuditLogConfigArgs 

type GetIAMPolicyAuditConfigAuditLogConfigArgs struct {
	// Specifies the identities that are exempt from these types of logging operations. Follows the same format of the `members` array for `binding`.
	ExemptedMembers pulumi.StringArrayInput `pulumi:"exemptedMembers"`
	// Defines the logging level. `DATA_READ`, `DATA_WRITE` and `ADMIN_READ` capture different types of events. See [the audit configuration documentation](https://cloud.google.com/resource-manager/reference/rest/Shared.Types/AuditConfig) for more details.
	LogType pulumi.StringInput `pulumi:"logType"`
}

func (GetIAMPolicyAuditConfigAuditLogConfigArgs) ElementType 

func (GetIAMPolicyAuditConfigAuditLogConfigArgs) ElementType() reflect.Type

func (GetIAMPolicyAuditConfigAuditLogConfigArgs) ToGetIAMPolicyAuditConfigAuditLogConfigOutput 

func (i GetIAMPolicyAuditConfigAuditLogConfigArgs) ToGetIAMPolicyAuditConfigAuditLogConfigOutput() GetIAMPolicyAuditConfigAuditLogConfigOutput

func (GetIAMPolicyAuditConfigAuditLogConfigArgs) ToGetIAMPolicyAuditConfigAuditLogConfigOutputWithContext 

func (i GetIAMPolicyAuditConfigAuditLogConfigArgs) ToGetIAMPolicyAuditConfigAuditLogConfigOutputWithContext(ctx context.Context) GetIAMPolicyAuditConfigAuditLogConfigOutput

type GetIAMPolicyAuditConfigAuditLogConfigArray 

type GetIAMPolicyAuditConfigAuditLogConfigArray []GetIAMPolicyAuditConfigAuditLogConfigInput

func (GetIAMPolicyAuditConfigAuditLogConfigArray) ElementType 

func (GetIAMPolicyAuditConfigAuditLogConfigArray) ElementType() reflect.Type

func (GetIAMPolicyAuditConfigAuditLogConfigArray) ToGetIAMPolicyAuditConfigAuditLogConfigArrayOutput 

func (i GetIAMPolicyAuditConfigAuditLogConfigArray) ToGetIAMPolicyAuditConfigAuditLogConfigArrayOutput() GetIAMPolicyAuditConfigAuditLogConfigArrayOutput

func (GetIAMPolicyAuditConfigAuditLogConfigArray) ToGetIAMPolicyAuditConfigAuditLogConfigArrayOutputWithContext 

func (i GetIAMPolicyAuditConfigAuditLogConfigArray) ToGetIAMPolicyAuditConfigAuditLogConfigArrayOutputWithContext(ctx context.Context) GetIAMPolicyAuditConfigAuditLogConfigArrayOutput

type GetIAMPolicyAuditConfigAuditLogConfigArrayInput 

type GetIAMPolicyAuditConfigAuditLogConfigArrayInput interface {
	pulumi.Input

	ToGetIAMPolicyAuditConfigAuditLogConfigArrayOutput() GetIAMPolicyAuditConfigAuditLogConfigArrayOutput
	ToGetIAMPolicyAuditConfigAuditLogConfigArrayOutputWithContext(context.Context) GetIAMPolicyAuditConfigAuditLogConfigArrayOutput
}

GetIAMPolicyAuditConfigAuditLogConfigArrayInput is an input type that accepts GetIAMPolicyAuditConfigAuditLogConfigArray and GetIAMPolicyAuditConfigAuditLogConfigArrayOutput values. You can construct a concrete instance of `GetIAMPolicyAuditConfigAuditLogConfigArrayInput` via: 

GetIAMPolicyAuditConfigAuditLogConfigArray{ GetIAMPolicyAuditConfigAuditLogConfigArgs{...} }

type GetIAMPolicyAuditConfigAuditLogConfigArrayOutput 

type GetIAMPolicyAuditConfigAuditLogConfigArrayOutput struct{ *pulumi.OutputState }

func (GetIAMPolicyAuditConfigAuditLogConfigArrayOutput) ElementType 

func (GetIAMPolicyAuditConfigAuditLogConfigArrayOutput) ElementType() reflect.Type

func (GetIAMPolicyAuditConfigAuditLogConfigArrayOutput) Index 

func (o GetIAMPolicyAuditConfigAuditLogConfigArrayOutput) Index(i pulumi.IntInput) GetIAMPolicyAuditConfigAuditLogConfigOutput

func (GetIAMPolicyAuditConfigAuditLogConfigArrayOutput) ToGetIAMPolicyAuditConfigAuditLogConfigArrayOutput 

func (o GetIAMPolicyAuditConfigAuditLogConfigArrayOutput) ToGetIAMPolicyAuditConfigAuditLogConfigArrayOutput() GetIAMPolicyAuditConfigAuditLogConfigArrayOutput

func (GetIAMPolicyAuditConfigAuditLogConfigArrayOutput) ToGetIAMPolicyAuditConfigAuditLogConfigArrayOutputWithContext 

func (o GetIAMPolicyAuditConfigAuditLogConfigArrayOutput) ToGetIAMPolicyAuditConfigAuditLogConfigArrayOutputWithContext(ctx context.Context) GetIAMPolicyAuditConfigAuditLogConfigArrayOutput

type GetIAMPolicyAuditConfigAuditLogConfigInput 

type GetIAMPolicyAuditConfigAuditLogConfigInput interface {
	pulumi.Input

	ToGetIAMPolicyAuditConfigAuditLogConfigOutput() GetIAMPolicyAuditConfigAuditLogConfigOutput
	ToGetIAMPolicyAuditConfigAuditLogConfigOutputWithContext(context.Context) GetIAMPolicyAuditConfigAuditLogConfigOutput
}

GetIAMPolicyAuditConfigAuditLogConfigInput is an input type that accepts GetIAMPolicyAuditConfigAuditLogConfigArgs and GetIAMPolicyAuditConfigAuditLogConfigOutput values. You can construct a concrete instance of `GetIAMPolicyAuditConfigAuditLogConfigInput` via: 

GetIAMPolicyAuditConfigAuditLogConfigArgs{...}

type GetIAMPolicyAuditConfigAuditLogConfigOutput 

type GetIAMPolicyAuditConfigAuditLogConfigOutput struct{ *pulumi.OutputState }

func (GetIAMPolicyAuditConfigAuditLogConfigOutput) ElementType 

func (GetIAMPolicyAuditConfigAuditLogConfigOutput) ElementType() reflect.Type

func (GetIAMPolicyAuditConfigAuditLogConfigOutput) ExemptedMembers 

func (o GetIAMPolicyAuditConfigAuditLogConfigOutput) ExemptedMembers() pulumi.StringArrayOutput

Specifies the identities that are exempt from these types of logging operations. Follows the same format of the `members` array for `binding`.

func (GetIAMPolicyAuditConfigAuditLogConfigOutput) LogType 

func (o GetIAMPolicyAuditConfigAuditLogConfigOutput) LogType() pulumi.StringOutput

Defines the logging level. `DATA_READ`, `DATA_WRITE` and `ADMIN_READ` capture different types of events. See [the audit configuration documentation](https://cloud.google.com/resource-manager/reference/rest/Shared.Types/AuditConfig) for more details.

func (GetIAMPolicyAuditConfigAuditLogConfigOutput) ToGetIAMPolicyAuditConfigAuditLogConfigOutput 

func (o GetIAMPolicyAuditConfigAuditLogConfigOutput) ToGetIAMPolicyAuditConfigAuditLogConfigOutput() GetIAMPolicyAuditConfigAuditLogConfigOutput

func (GetIAMPolicyAuditConfigAuditLogConfigOutput) ToGetIAMPolicyAuditConfigAuditLogConfigOutputWithContext 

func (o GetIAMPolicyAuditConfigAuditLogConfigOutput) ToGetIAMPolicyAuditConfigAuditLogConfigOutputWithContext(ctx context.Context) GetIAMPolicyAuditConfigAuditLogConfigOutput

type GetIAMPolicyAuditConfigInput 

type GetIAMPolicyAuditConfigInput interface {
	pulumi.Input

	ToGetIAMPolicyAuditConfigOutput() GetIAMPolicyAuditConfigOutput
	ToGetIAMPolicyAuditConfigOutputWithContext(context.Context) GetIAMPolicyAuditConfigOutput
}

GetIAMPolicyAuditConfigInput is an input type that accepts GetIAMPolicyAuditConfigArgs and GetIAMPolicyAuditConfigOutput values. You can construct a concrete instance of `GetIAMPolicyAuditConfigInput` via: 

GetIAMPolicyAuditConfigArgs{...}

type GetIAMPolicyAuditConfigOutput 

type GetIAMPolicyAuditConfigOutput struct{ *pulumi.OutputState }

func (GetIAMPolicyAuditConfigOutput) AuditLogConfigs 

func (o GetIAMPolicyAuditConfigOutput) AuditLogConfigs() GetIAMPolicyAuditConfigAuditLogConfigArrayOutput

A nested block that defines the operations you'd like to log.

func (GetIAMPolicyAuditConfigOutput) ElementType 

func (GetIAMPolicyAuditConfigOutput) ElementType() reflect.Type

func (GetIAMPolicyAuditConfigOutput) Service 

func (o GetIAMPolicyAuditConfigOutput) Service() pulumi.StringOutput

Defines a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.

func (GetIAMPolicyAuditConfigOutput) ToGetIAMPolicyAuditConfigOutput 

func (o GetIAMPolicyAuditConfigOutput) ToGetIAMPolicyAuditConfigOutput() GetIAMPolicyAuditConfigOutput

func (GetIAMPolicyAuditConfigOutput) ToGetIAMPolicyAuditConfigOutputWithContext 

func (o GetIAMPolicyAuditConfigOutput) ToGetIAMPolicyAuditConfigOutputWithContext(ctx context.Context) GetIAMPolicyAuditConfigOutput

type GetIAMPolicyBinding 

type GetIAMPolicyBinding struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
	Condition *GetIAMPolicyBindingCondition `pulumi:"condition"`
	// An array of identities that will be granted the privilege in the `role`. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. Some resources **don't** support this identity.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. Some resources **don't** support this identity.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members []string `pulumi:"members"`
	// The role/permission that will be granted to the members.
	// See the [IAM Roles](https://cloud.google.com/compute/docs/access/iam) documentation for a complete list of roles.
	// Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role string `pulumi:"role"`
}

type GetIAMPolicyBindingArgs 

type GetIAMPolicyBindingArgs struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
	Condition GetIAMPolicyBindingConditionPtrInput `pulumi:"condition"`
	// An array of identities that will be granted the privilege in the `role`. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. Some resources **don't** support this identity.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. Some resources **don't** support this identity.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayInput `pulumi:"members"`
	// The role/permission that will be granted to the members.
	// See the [IAM Roles](https://cloud.google.com/compute/docs/access/iam) documentation for a complete list of roles.
	// Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput `pulumi:"role"`
}

func (GetIAMPolicyBindingArgs) ElementType 

func (GetIAMPolicyBindingArgs) ElementType() reflect.Type

func (GetIAMPolicyBindingArgs) ToGetIAMPolicyBindingOutput 

func (i GetIAMPolicyBindingArgs) ToGetIAMPolicyBindingOutput() GetIAMPolicyBindingOutput

func (GetIAMPolicyBindingArgs) ToGetIAMPolicyBindingOutputWithContext 

func (i GetIAMPolicyBindingArgs) ToGetIAMPolicyBindingOutputWithContext(ctx context.Context) GetIAMPolicyBindingOutput

type GetIAMPolicyBindingArray 

type GetIAMPolicyBindingArray []GetIAMPolicyBindingInput

func (GetIAMPolicyBindingArray) ElementType 

func (GetIAMPolicyBindingArray) ElementType() reflect.Type

func (GetIAMPolicyBindingArray) ToGetIAMPolicyBindingArrayOutput 

func (i GetIAMPolicyBindingArray) ToGetIAMPolicyBindingArrayOutput() GetIAMPolicyBindingArrayOutput

func (GetIAMPolicyBindingArray) ToGetIAMPolicyBindingArrayOutputWithContext 

func (i GetIAMPolicyBindingArray) ToGetIAMPolicyBindingArrayOutputWithContext(ctx context.Context) GetIAMPolicyBindingArrayOutput

type GetIAMPolicyBindingArrayInput 

type GetIAMPolicyBindingArrayInput interface {
	pulumi.Input

	ToGetIAMPolicyBindingArrayOutput() GetIAMPolicyBindingArrayOutput
	ToGetIAMPolicyBindingArrayOutputWithContext(context.Context) GetIAMPolicyBindingArrayOutput
}

GetIAMPolicyBindingArrayInput is an input type that accepts GetIAMPolicyBindingArray and GetIAMPolicyBindingArrayOutput values. You can construct a concrete instance of `GetIAMPolicyBindingArrayInput` via: 

GetIAMPolicyBindingArray{ GetIAMPolicyBindingArgs{...} }

type GetIAMPolicyBindingArrayOutput 

type GetIAMPolicyBindingArrayOutput struct{ *pulumi.OutputState }

func (GetIAMPolicyBindingArrayOutput) ElementType 

func (GetIAMPolicyBindingArrayOutput) ElementType() reflect.Type

func (GetIAMPolicyBindingArrayOutput) Index 

func (o GetIAMPolicyBindingArrayOutput) Index(i pulumi.IntInput) GetIAMPolicyBindingOutput

func (GetIAMPolicyBindingArrayOutput) ToGetIAMPolicyBindingArrayOutput 

func (o GetIAMPolicyBindingArrayOutput) ToGetIAMPolicyBindingArrayOutput() GetIAMPolicyBindingArrayOutput

func (GetIAMPolicyBindingArrayOutput) ToGetIAMPolicyBindingArrayOutputWithContext 

func (o GetIAMPolicyBindingArrayOutput) ToGetIAMPolicyBindingArrayOutputWithContext(ctx context.Context) GetIAMPolicyBindingArrayOutput

type GetIAMPolicyBindingCondition 

type GetIAMPolicyBindingCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type GetIAMPolicyBindingConditionArgs 

type GetIAMPolicyBindingConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (GetIAMPolicyBindingConditionArgs) ElementType 

func (GetIAMPolicyBindingConditionArgs) ElementType() reflect.Type

func (GetIAMPolicyBindingConditionArgs) ToGetIAMPolicyBindingConditionOutput 

func (i GetIAMPolicyBindingConditionArgs) ToGetIAMPolicyBindingConditionOutput() GetIAMPolicyBindingConditionOutput

func (GetIAMPolicyBindingConditionArgs) ToGetIAMPolicyBindingConditionOutputWithContext 

func (i GetIAMPolicyBindingConditionArgs) ToGetIAMPolicyBindingConditionOutputWithContext(ctx context.Context) GetIAMPolicyBindingConditionOutput

func (GetIAMPolicyBindingConditionArgs) ToGetIAMPolicyBindingConditionPtrOutput 

func (i GetIAMPolicyBindingConditionArgs) ToGetIAMPolicyBindingConditionPtrOutput() GetIAMPolicyBindingConditionPtrOutput

func (GetIAMPolicyBindingConditionArgs) ToGetIAMPolicyBindingConditionPtrOutputWithContext 

func (i GetIAMPolicyBindingConditionArgs) ToGetIAMPolicyBindingConditionPtrOutputWithContext(ctx context.Context) GetIAMPolicyBindingConditionPtrOutput

type GetIAMPolicyBindingConditionInput 

type GetIAMPolicyBindingConditionInput interface {
	pulumi.Input

	ToGetIAMPolicyBindingConditionOutput() GetIAMPolicyBindingConditionOutput
	ToGetIAMPolicyBindingConditionOutputWithContext(context.Context) GetIAMPolicyBindingConditionOutput
}

GetIAMPolicyBindingConditionInput is an input type that accepts GetIAMPolicyBindingConditionArgs and GetIAMPolicyBindingConditionOutput values. You can construct a concrete instance of `GetIAMPolicyBindingConditionInput` via: 

GetIAMPolicyBindingConditionArgs{...}

type GetIAMPolicyBindingConditionOutput 

type GetIAMPolicyBindingConditionOutput struct{ *pulumi.OutputState }

func (GetIAMPolicyBindingConditionOutput) Description 

func (o GetIAMPolicyBindingConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (GetIAMPolicyBindingConditionOutput) ElementType 

func (GetIAMPolicyBindingConditionOutput) ElementType() reflect.Type

func (GetIAMPolicyBindingConditionOutput) Expression 

func (o GetIAMPolicyBindingConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (GetIAMPolicyBindingConditionOutput) Title 

func (o GetIAMPolicyBindingConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (GetIAMPolicyBindingConditionOutput) ToGetIAMPolicyBindingConditionOutput 

func (o GetIAMPolicyBindingConditionOutput) ToGetIAMPolicyBindingConditionOutput() GetIAMPolicyBindingConditionOutput

func (GetIAMPolicyBindingConditionOutput) ToGetIAMPolicyBindingConditionOutputWithContext 

func (o GetIAMPolicyBindingConditionOutput) ToGetIAMPolicyBindingConditionOutputWithContext(ctx context.Context) GetIAMPolicyBindingConditionOutput

func (GetIAMPolicyBindingConditionOutput) ToGetIAMPolicyBindingConditionPtrOutput 

func (o GetIAMPolicyBindingConditionOutput) ToGetIAMPolicyBindingConditionPtrOutput() GetIAMPolicyBindingConditionPtrOutput

func (GetIAMPolicyBindingConditionOutput) ToGetIAMPolicyBindingConditionPtrOutputWithContext 

func (o GetIAMPolicyBindingConditionOutput) ToGetIAMPolicyBindingConditionPtrOutputWithContext(ctx context.Context) GetIAMPolicyBindingConditionPtrOutput

type GetIAMPolicyBindingConditionPtrInput 

type GetIAMPolicyBindingConditionPtrInput interface {
	pulumi.Input

	ToGetIAMPolicyBindingConditionPtrOutput() GetIAMPolicyBindingConditionPtrOutput
	ToGetIAMPolicyBindingConditionPtrOutputWithContext(context.Context) GetIAMPolicyBindingConditionPtrOutput
}

GetIAMPolicyBindingConditionPtrInput is an input type that accepts GetIAMPolicyBindingConditionArgs, GetIAMPolicyBindingConditionPtr and GetIAMPolicyBindingConditionPtrOutput values. You can construct a concrete instance of `GetIAMPolicyBindingConditionPtrInput` via: 

        GetIAMPolicyBindingConditionArgs{...}

or:

        nil

func GetIAMPolicyBindingConditionPtr 

func GetIAMPolicyBindingConditionPtr(v *GetIAMPolicyBindingConditionArgs) GetIAMPolicyBindingConditionPtrInput

type GetIAMPolicyBindingConditionPtrOutput 

type GetIAMPolicyBindingConditionPtrOutput struct{ *pulumi.OutputState }

func (GetIAMPolicyBindingConditionPtrOutput) Description 

func (o GetIAMPolicyBindingConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (GetIAMPolicyBindingConditionPtrOutput) Elem 

func (o GetIAMPolicyBindingConditionPtrOutput) Elem() GetIAMPolicyBindingConditionOutput

func (GetIAMPolicyBindingConditionPtrOutput) ElementType 

func (GetIAMPolicyBindingConditionPtrOutput) ElementType() reflect.Type

func (GetIAMPolicyBindingConditionPtrOutput) Expression 

func (o GetIAMPolicyBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (GetIAMPolicyBindingConditionPtrOutput) Title 

func (o GetIAMPolicyBindingConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (GetIAMPolicyBindingConditionPtrOutput) ToGetIAMPolicyBindingConditionPtrOutput 

func (o GetIAMPolicyBindingConditionPtrOutput) ToGetIAMPolicyBindingConditionPtrOutput() GetIAMPolicyBindingConditionPtrOutput

func (GetIAMPolicyBindingConditionPtrOutput) ToGetIAMPolicyBindingConditionPtrOutputWithContext 

func (o GetIAMPolicyBindingConditionPtrOutput) ToGetIAMPolicyBindingConditionPtrOutputWithContext(ctx context.Context) GetIAMPolicyBindingConditionPtrOutput

type GetIAMPolicyBindingInput 

type GetIAMPolicyBindingInput interface {
	pulumi.Input

	ToGetIAMPolicyBindingOutput() GetIAMPolicyBindingOutput
	ToGetIAMPolicyBindingOutputWithContext(context.Context) GetIAMPolicyBindingOutput
}

GetIAMPolicyBindingInput is an input type that accepts GetIAMPolicyBindingArgs and GetIAMPolicyBindingOutput values. You can construct a concrete instance of `GetIAMPolicyBindingInput` via: 

GetIAMPolicyBindingArgs{...}

type GetIAMPolicyBindingOutput 

type GetIAMPolicyBindingOutput struct{ *pulumi.OutputState }

func (GetIAMPolicyBindingOutput) Condition 

func (o GetIAMPolicyBindingOutput) Condition() GetIAMPolicyBindingConditionPtrOutput

An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.

func (GetIAMPolicyBindingOutput) ElementType 

func (GetIAMPolicyBindingOutput) ElementType() reflect.Type

func (GetIAMPolicyBindingOutput) Members 

func (o GetIAMPolicyBindingOutput) Members() pulumi.StringArrayOutput

An array of identities that will be granted the privilege in the `role`. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. Some resources **don't** support this identity. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. Some resources **don't** support this identity. * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

func (GetIAMPolicyBindingOutput) Role 

func (o GetIAMPolicyBindingOutput) Role() pulumi.StringOutput

The role/permission that will be granted to the members. See the [IAM Roles](https://cloud.google.com/compute/docs/access/iam) documentation for a complete list of roles. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.

func (GetIAMPolicyBindingOutput) ToGetIAMPolicyBindingOutput 

func (o GetIAMPolicyBindingOutput) ToGetIAMPolicyBindingOutput() GetIAMPolicyBindingOutput

func (GetIAMPolicyBindingOutput) ToGetIAMPolicyBindingOutputWithContext 

func (o GetIAMPolicyBindingOutput) ToGetIAMPolicyBindingOutputWithContext(ctx context.Context) GetIAMPolicyBindingOutput

type GetOrganizationArgs 

type GetOrganizationArgs struct {
	// The domain name of the Organization.
	//
	// > **NOTE:** One of `organization` or `domain` must be specified.
	Domain *string `pulumi:"domain"`
	// The Organization's numeric ID, including an optional `organizations/` prefix.
	Organization *string `pulumi:"organization"`
}

A collection of arguments for invoking getOrganization.

type GetOrganizationOutputArgs 

type GetOrganizationOutputArgs struct {
	// The domain name of the Organization.
	//
	// > **NOTE:** One of `organization` or `domain` must be specified.
	Domain pulumi.StringPtrInput `pulumi:"domain"`
	// The Organization's numeric ID, including an optional `organizations/` prefix.
	Organization pulumi.StringPtrInput `pulumi:"organization"`
}

A collection of arguments for invoking getOrganization.

func (GetOrganizationOutputArgs) ElementType 

func (GetOrganizationOutputArgs) ElementType() reflect.Type

type GetOrganizationResult 

type GetOrganizationResult struct {
	// Timestamp when the Organization was created. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
	CreateTime string `pulumi:"createTime"`
	// The Google for Work customer ID of the Organization.
	DirectoryCustomerId string `pulumi:"directoryCustomerId"`
	Domain              string `pulumi:"domain"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The Organization's current lifecycle state.
	LifecycleState string `pulumi:"lifecycleState"`
	// The resource name of the Organization in the form `organizations/{organization_id}`.
	Name string `pulumi:"name"`
	// The Organization ID.
	OrgId        string  `pulumi:"orgId"`
	Organization *string `pulumi:"organization"`
}

A collection of values returned by getOrganization.

func GetOrganization 

func GetOrganization(ctx *pulumi.Context, args *GetOrganizationArgs, opts ...pulumi.InvokeOption) (*GetOrganizationResult, error)

Get information about a Google Cloud Organization. Note that you must have the `roles/resourcemanager.organizationViewer` role (or equivalent permissions) at the organization level to use this datasource.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		org, err := organizations.GetOrganization(ctx, &organizations.GetOrganizationArgs{
			Domain: pulumi.StringRef("example.com"),
		}, nil)
		if err != nil {
			return err
		}
		_, err = organizations.NewFolder(ctx, "sales", &organizations.FolderArgs{
			DisplayName: pulumi.String("Sales"),
			Parent:      pulumi.String(org.Name),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetOrganizationResultOutput 

type GetOrganizationResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getOrganization.

func GetOrganizationOutput 

func GetOrganizationOutput(ctx *pulumi.Context, args GetOrganizationOutputArgs, opts ...pulumi.InvokeOption) GetOrganizationResultOutput

func (GetOrganizationResultOutput) CreateTime 

func (o GetOrganizationResultOutput) CreateTime() pulumi.StringOutput

Timestamp when the Organization was created. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

func (GetOrganizationResultOutput) DirectoryCustomerId 

func (o GetOrganizationResultOutput) DirectoryCustomerId() pulumi.StringOutput

The Google for Work customer ID of the Organization.

func (GetOrganizationResultOutput) Domain 

func (o GetOrganizationResultOutput) Domain() pulumi.StringOutput

func (GetOrganizationResultOutput) ElementType 

func (GetOrganizationResultOutput) ElementType() reflect.Type

func (GetOrganizationResultOutput) Id 

func (o GetOrganizationResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetOrganizationResultOutput) LifecycleState 

func (o GetOrganizationResultOutput) LifecycleState() pulumi.StringOutput

The Organization's current lifecycle state.

func (GetOrganizationResultOutput) Name 

func (o GetOrganizationResultOutput) Name() pulumi.StringOutput

The resource name of the Organization in the form `organizations/{organization_id}`.

func (GetOrganizationResultOutput) OrgId 

func (o GetOrganizationResultOutput) OrgId() pulumi.StringOutput

The Organization ID.

func (GetOrganizationResultOutput) Organization 

func (o GetOrganizationResultOutput) Organization() pulumi.StringPtrOutput

func (GetOrganizationResultOutput) ToGetOrganizationResultOutput 

func (o GetOrganizationResultOutput) ToGetOrganizationResultOutput() GetOrganizationResultOutput

func (GetOrganizationResultOutput) ToGetOrganizationResultOutputWithContext 

func (o GetOrganizationResultOutput) ToGetOrganizationResultOutputWithContext(ctx context.Context) GetOrganizationResultOutput

type IAMBinding 

type IAMBinding struct {
	pulumi.CustomResourceState

	Condition IAMBindingConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the organization's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// A list of users that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The numeric ID of the organization in which you want to create a custom role.
	OrgId pulumi.StringOutput `pulumi:"orgId"`
	// The role that should be applied. Only one
	// `organizations.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Allows creation and management of a single binding within IAM policy for an existing Google Cloud Platform Organization.

> **Note:** This resource __must not__ be used in conjunction with 

`organizations.IAMMember` for the __same role__ or they will fight over
what your policy should be.

> **Note:** On create, this resource will overwrite members of any existing roles. 

Use `pulumi import` and inspect the `output to ensure
your existing members are preserved.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIAMBinding(ctx, "binding", &organizations.IAMBindingArgs{
			OrgId: pulumi.String("123456789"),
			Role:  pulumi.String("roles/browser"),
			Members: pulumi.StringArray{
				pulumi.String("user:alice@gmail.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

IAM binding imports use space-delimited identifiers; first the resource in question and then the role. These bindings can be imported using the `org_id` and role, e.g.

```sh $ pulumi import gcp:organizations/iAMBinding:IAMBinding my_org "your-org-id roles/viewer" ```

-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the 

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetIAMBinding 

func GetIAMBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMBindingState, opts ...pulumi.ResourceOption) (*IAMBinding, error)

GetIAMBinding gets an existing IAMBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMBinding 

func NewIAMBinding(ctx *pulumi.Context,
	name string, args *IAMBindingArgs, opts ...pulumi.ResourceOption) (*IAMBinding, error)

NewIAMBinding registers a new resource with the given unique name, arguments, and options.

func (*IAMBinding) ElementType 

func (*IAMBinding) ElementType() reflect.Type

func (*IAMBinding) ToIAMBindingOutput 

func (i *IAMBinding) ToIAMBindingOutput() IAMBindingOutput

func (*IAMBinding) ToIAMBindingOutputWithContext 

func (i *IAMBinding) ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput

type IAMBindingArgs 

type IAMBindingArgs struct {
	Condition IAMBindingConditionPtrInput
	// A list of users that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding
	Members pulumi.StringArrayInput
	// The numeric ID of the organization in which you want to create a custom role.
	OrgId pulumi.StringInput
	// The role that should be applied. Only one
	// `organizations.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a IAMBinding resource.

func (IAMBindingArgs) ElementType 

func (IAMBindingArgs) ElementType() reflect.Type

type IAMBindingArray 

type IAMBindingArray []IAMBindingInput

func (IAMBindingArray) ElementType 

func (IAMBindingArray) ElementType() reflect.Type

func (IAMBindingArray) ToIAMBindingArrayOutput 

func (i IAMBindingArray) ToIAMBindingArrayOutput() IAMBindingArrayOutput

func (IAMBindingArray) ToIAMBindingArrayOutputWithContext 

func (i IAMBindingArray) ToIAMBindingArrayOutputWithContext(ctx context.Context) IAMBindingArrayOutput

type IAMBindingArrayInput 

type IAMBindingArrayInput interface {
	pulumi.Input

	ToIAMBindingArrayOutput() IAMBindingArrayOutput
	ToIAMBindingArrayOutputWithContext(context.Context) IAMBindingArrayOutput
}

IAMBindingArrayInput is an input type that accepts IAMBindingArray and IAMBindingArrayOutput values. You can construct a concrete instance of `IAMBindingArrayInput` via: 

IAMBindingArray{ IAMBindingArgs{...} }

type IAMBindingArrayOutput 

type IAMBindingArrayOutput struct{ *pulumi.OutputState }

func (IAMBindingArrayOutput) ElementType 

func (IAMBindingArrayOutput) ElementType() reflect.Type

func (IAMBindingArrayOutput) Index 

func (o IAMBindingArrayOutput) Index(i pulumi.IntInput) IAMBindingOutput

func (IAMBindingArrayOutput) ToIAMBindingArrayOutput 

func (o IAMBindingArrayOutput) ToIAMBindingArrayOutput() IAMBindingArrayOutput

func (IAMBindingArrayOutput) ToIAMBindingArrayOutputWithContext 

func (o IAMBindingArrayOutput) ToIAMBindingArrayOutputWithContext(ctx context.Context) IAMBindingArrayOutput

type IAMBindingCondition 

type IAMBindingCondition struct {
	Description *string `pulumi:"description"`
	Expression  string  `pulumi:"expression"`
	Title       string  `pulumi:"title"`
}

type IAMBindingConditionArgs 

type IAMBindingConditionArgs struct {
	Description pulumi.StringPtrInput `pulumi:"description"`
	Expression  pulumi.StringInput    `pulumi:"expression"`
	Title       pulumi.StringInput    `pulumi:"title"`
}

func (IAMBindingConditionArgs) ElementType 

func (IAMBindingConditionArgs) ElementType() reflect.Type

func (IAMBindingConditionArgs) ToIAMBindingConditionOutput 

func (i IAMBindingConditionArgs) ToIAMBindingConditionOutput() IAMBindingConditionOutput

func (IAMBindingConditionArgs) ToIAMBindingConditionOutputWithContext 

func (i IAMBindingConditionArgs) ToIAMBindingConditionOutputWithContext(ctx context.Context) IAMBindingConditionOutput

func (IAMBindingConditionArgs) ToIAMBindingConditionPtrOutput 

func (i IAMBindingConditionArgs) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput

func (IAMBindingConditionArgs) ToIAMBindingConditionPtrOutputWithContext 

func (i IAMBindingConditionArgs) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput

type IAMBindingConditionInput 

type IAMBindingConditionInput interface {
	pulumi.Input

	ToIAMBindingConditionOutput() IAMBindingConditionOutput
	ToIAMBindingConditionOutputWithContext(context.Context) IAMBindingConditionOutput
}

IAMBindingConditionInput is an input type that accepts IAMBindingConditionArgs and IAMBindingConditionOutput values. You can construct a concrete instance of `IAMBindingConditionInput` via: 

IAMBindingConditionArgs{...}

type IAMBindingConditionOutput 

type IAMBindingConditionOutput struct{ *pulumi.OutputState }

func (IAMBindingConditionOutput) Description 

func (o IAMBindingConditionOutput) Description() pulumi.StringPtrOutput

func (IAMBindingConditionOutput) ElementType 

func (IAMBindingConditionOutput) ElementType() reflect.Type

func (IAMBindingConditionOutput) Expression 

func (o IAMBindingConditionOutput) Expression() pulumi.StringOutput

func (IAMBindingConditionOutput) Title 

func (o IAMBindingConditionOutput) Title() pulumi.StringOutput

func (IAMBindingConditionOutput) ToIAMBindingConditionOutput 

func (o IAMBindingConditionOutput) ToIAMBindingConditionOutput() IAMBindingConditionOutput

func (IAMBindingConditionOutput) ToIAMBindingConditionOutputWithContext 

func (o IAMBindingConditionOutput) ToIAMBindingConditionOutputWithContext(ctx context.Context) IAMBindingConditionOutput

func (IAMBindingConditionOutput) ToIAMBindingConditionPtrOutput 

func (o IAMBindingConditionOutput) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput

func (IAMBindingConditionOutput) ToIAMBindingConditionPtrOutputWithContext 

func (o IAMBindingConditionOutput) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput

type IAMBindingConditionPtrInput 

type IAMBindingConditionPtrInput interface {
	pulumi.Input

	ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput
	ToIAMBindingConditionPtrOutputWithContext(context.Context) IAMBindingConditionPtrOutput
}

IAMBindingConditionPtrInput is an input type that accepts IAMBindingConditionArgs, IAMBindingConditionPtr and IAMBindingConditionPtrOutput values. You can construct a concrete instance of `IAMBindingConditionPtrInput` via: 

        IAMBindingConditionArgs{...}

or:

        nil

func IAMBindingConditionPtr 

func IAMBindingConditionPtr(v *IAMBindingConditionArgs) IAMBindingConditionPtrInput

type IAMBindingConditionPtrOutput 

type IAMBindingConditionPtrOutput struct{ *pulumi.OutputState }

func (IAMBindingConditionPtrOutput) Description 

func (o IAMBindingConditionPtrOutput) Description() pulumi.StringPtrOutput

func (IAMBindingConditionPtrOutput) Elem 

func (o IAMBindingConditionPtrOutput) Elem() IAMBindingConditionOutput

func (IAMBindingConditionPtrOutput) ElementType 

func (IAMBindingConditionPtrOutput) ElementType() reflect.Type

func (IAMBindingConditionPtrOutput) Expression 

func (o IAMBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput

func (IAMBindingConditionPtrOutput) Title 

func (o IAMBindingConditionPtrOutput) Title() pulumi.StringPtrOutput

func (IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutput 

func (o IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutput() IAMBindingConditionPtrOutput

func (IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutputWithContext 

func (o IAMBindingConditionPtrOutput) ToIAMBindingConditionPtrOutputWithContext(ctx context.Context) IAMBindingConditionPtrOutput

type IAMBindingInput 

type IAMBindingInput interface {
	pulumi.Input

	ToIAMBindingOutput() IAMBindingOutput
	ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput
}

type IAMBindingMap 

type IAMBindingMap map[string]IAMBindingInput

func (IAMBindingMap) ElementType 

func (IAMBindingMap) ElementType() reflect.Type

func (IAMBindingMap) ToIAMBindingMapOutput 

func (i IAMBindingMap) ToIAMBindingMapOutput() IAMBindingMapOutput

func (IAMBindingMap) ToIAMBindingMapOutputWithContext 

func (i IAMBindingMap) ToIAMBindingMapOutputWithContext(ctx context.Context) IAMBindingMapOutput

type IAMBindingMapInput 

type IAMBindingMapInput interface {
	pulumi.Input

	ToIAMBindingMapOutput() IAMBindingMapOutput
	ToIAMBindingMapOutputWithContext(context.Context) IAMBindingMapOutput
}

IAMBindingMapInput is an input type that accepts IAMBindingMap and IAMBindingMapOutput values. You can construct a concrete instance of `IAMBindingMapInput` via: 

IAMBindingMap{ "key": IAMBindingArgs{...} }

type IAMBindingMapOutput 

type IAMBindingMapOutput struct{ *pulumi.OutputState }

func (IAMBindingMapOutput) ElementType 

func (IAMBindingMapOutput) ElementType() reflect.Type

func (IAMBindingMapOutput) MapIndex 

func (o IAMBindingMapOutput) MapIndex(k pulumi.StringInput) IAMBindingOutput

func (IAMBindingMapOutput) ToIAMBindingMapOutput 

func (o IAMBindingMapOutput) ToIAMBindingMapOutput() IAMBindingMapOutput

func (IAMBindingMapOutput) ToIAMBindingMapOutputWithContext 

func (o IAMBindingMapOutput) ToIAMBindingMapOutputWithContext(ctx context.Context) IAMBindingMapOutput

type IAMBindingOutput 

type IAMBindingOutput struct{ *pulumi.OutputState }

func (IAMBindingOutput) Condition 

func (o IAMBindingOutput) Condition() IAMBindingConditionPtrOutput

func (IAMBindingOutput) ElementType 

func (IAMBindingOutput) ElementType() reflect.Type

func (IAMBindingOutput) Etag 

func (o IAMBindingOutput) Etag() pulumi.StringOutput

(Computed) The etag of the organization's IAM policy.

func (IAMBindingOutput) Members 

func (o IAMBindingOutput) Members() pulumi.StringArrayOutput

A list of users that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

func (IAMBindingOutput) OrgId 

func (o IAMBindingOutput) OrgId() pulumi.StringOutput

The numeric ID of the organization in which you want to create a custom role.

func (IAMBindingOutput) Role 

func (o IAMBindingOutput) Role() pulumi.StringOutput

The role that should be applied. Only one `organizations.IAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.

func (IAMBindingOutput) ToIAMBindingOutput 

func (o IAMBindingOutput) ToIAMBindingOutput() IAMBindingOutput

func (IAMBindingOutput) ToIAMBindingOutputWithContext 

func (o IAMBindingOutput) ToIAMBindingOutputWithContext(ctx context.Context) IAMBindingOutput

type IAMBindingState 

type IAMBindingState struct {
	Condition IAMBindingConditionPtrInput
	// (Computed) The etag of the organization's IAM policy.
	Etag pulumi.StringPtrInput
	// A list of users that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding
	Members pulumi.StringArrayInput
	// The numeric ID of the organization in which you want to create a custom role.
	OrgId pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `organizations.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (IAMBindingState) ElementType 

func (IAMBindingState) ElementType() reflect.Type

type IAMCustomRole 

type IAMCustomRole struct {
	pulumi.CustomResourceState

	// (Optional) The current deleted state of the role.
	Deleted pulumi.BoolOutput `pulumi:"deleted"`
	// A human-readable description for the role.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The name of the role in the format `organizations/{{org_id}}/roles/{{role_id}}`. Like `id`, this field can be used as a reference in other resources such as IAM role bindings.
	Name pulumi.StringOutput `pulumi:"name"`
	// The numeric ID of the organization in which you want to create a custom role.
	OrgId pulumi.StringOutput `pulumi:"orgId"`
	// The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.
	Permissions pulumi.StringArrayOutput `pulumi:"permissions"`
	// The role id to use for this role.
	RoleId pulumi.StringOutput `pulumi:"roleId"`
	// The current launch stage of the role.
	// Defaults to `GA`.
	// List of possible stages is [here](https://cloud.google.com/iam/reference/rest/v1/organizations.roles#Role.RoleLaunchStage).
	Stage pulumi.StringPtrOutput `pulumi:"stage"`
	// A human-readable title for the role.
	Title pulumi.StringOutput `pulumi:"title"`
}

Allows management of a customized Cloud IAM organization role. For more information see [the official documentation](https://cloud.google.com/iam/docs/understanding-custom-roles) and [API](https://cloud.google.com/iam/reference/rest/v1/organizations.roles).

> **Warning:** Note that custom roles in GCP have the concept of a soft-delete. There are two issues that may arise 

from this and how roles are propagated. 1) creating a role may involve undeleting and then updating a role with the
same name, possibly causing confusing behavior between undelete and update. 2) A deleted role is permanently deleted
after 7 days, but it can take up to 30 more days (i.e. between 7 and 37 days after deletion) before the role name is
made available again. This means a deleted role that has been deleted for more than 7 days cannot be changed at all
by the provider, and new roles cannot share that name.

## Example Usage

This snippet creates a customized IAM organization role.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIAMCustomRole(ctx, "my-custom-role", &organizations.IAMCustomRoleArgs{
			RoleId:      pulumi.String("myCustomRole"),
			OrgId:       pulumi.String("123456789"),
			Title:       pulumi.String("My Custom Role"),
			Description: pulumi.String("A description"),
			Permissions: pulumi.StringArray{
				pulumi.String("iam.roles.list"),
				pulumi.String("iam.roles.create"),
				pulumi.String("iam.roles.delete"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Customized IAM organization role can be imported using their URI, e.g.

```sh $ pulumi import gcp:organizations/iAMCustomRole:IAMCustomRole my-custom-role organizations/123456789/roles/myCustomRole ```

func GetIAMCustomRole 

func GetIAMCustomRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMCustomRoleState, opts ...pulumi.ResourceOption) (*IAMCustomRole, error)

GetIAMCustomRole gets an existing IAMCustomRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMCustomRole 

func NewIAMCustomRole(ctx *pulumi.Context,
	name string, args *IAMCustomRoleArgs, opts ...pulumi.ResourceOption) (*IAMCustomRole, error)

NewIAMCustomRole registers a new resource with the given unique name, arguments, and options.

func (*IAMCustomRole) ElementType 

func (*IAMCustomRole) ElementType() reflect.Type

func (*IAMCustomRole) ToIAMCustomRoleOutput 

func (i *IAMCustomRole) ToIAMCustomRoleOutput() IAMCustomRoleOutput

func (*IAMCustomRole) ToIAMCustomRoleOutputWithContext 

func (i *IAMCustomRole) ToIAMCustomRoleOutputWithContext(ctx context.Context) IAMCustomRoleOutput

type IAMCustomRoleArgs 

type IAMCustomRoleArgs struct {
	// A human-readable description for the role.
	Description pulumi.StringPtrInput
	// The numeric ID of the organization in which you want to create a custom role.
	OrgId pulumi.StringInput
	// The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.
	Permissions pulumi.StringArrayInput
	// The role id to use for this role.
	RoleId pulumi.StringInput
	// The current launch stage of the role.
	// Defaults to `GA`.
	// List of possible stages is [here](https://cloud.google.com/iam/reference/rest/v1/organizations.roles#Role.RoleLaunchStage).
	Stage pulumi.StringPtrInput
	// A human-readable title for the role.
	Title pulumi.StringInput
}

The set of arguments for constructing a IAMCustomRole resource.

func (IAMCustomRoleArgs) ElementType 

func (IAMCustomRoleArgs) ElementType() reflect.Type

type IAMCustomRoleArray 

type IAMCustomRoleArray []IAMCustomRoleInput

func (IAMCustomRoleArray) ElementType 

func (IAMCustomRoleArray) ElementType() reflect.Type

func (IAMCustomRoleArray) ToIAMCustomRoleArrayOutput 

func (i IAMCustomRoleArray) ToIAMCustomRoleArrayOutput() IAMCustomRoleArrayOutput

func (IAMCustomRoleArray) ToIAMCustomRoleArrayOutputWithContext 

func (i IAMCustomRoleArray) ToIAMCustomRoleArrayOutputWithContext(ctx context.Context) IAMCustomRoleArrayOutput

type IAMCustomRoleArrayInput 

type IAMCustomRoleArrayInput interface {
	pulumi.Input

	ToIAMCustomRoleArrayOutput() IAMCustomRoleArrayOutput
	ToIAMCustomRoleArrayOutputWithContext(context.Context) IAMCustomRoleArrayOutput
}

IAMCustomRoleArrayInput is an input type that accepts IAMCustomRoleArray and IAMCustomRoleArrayOutput values. You can construct a concrete instance of `IAMCustomRoleArrayInput` via: 

IAMCustomRoleArray{ IAMCustomRoleArgs{...} }

type IAMCustomRoleArrayOutput 

type IAMCustomRoleArrayOutput struct{ *pulumi.OutputState }

func (IAMCustomRoleArrayOutput) ElementType 

func (IAMCustomRoleArrayOutput) ElementType() reflect.Type

func (IAMCustomRoleArrayOutput) Index 

func (o IAMCustomRoleArrayOutput) Index(i pulumi.IntInput) IAMCustomRoleOutput

func (IAMCustomRoleArrayOutput) ToIAMCustomRoleArrayOutput 

func (o IAMCustomRoleArrayOutput) ToIAMCustomRoleArrayOutput() IAMCustomRoleArrayOutput

func (IAMCustomRoleArrayOutput) ToIAMCustomRoleArrayOutputWithContext 

func (o IAMCustomRoleArrayOutput) ToIAMCustomRoleArrayOutputWithContext(ctx context.Context) IAMCustomRoleArrayOutput

type IAMCustomRoleInput 

type IAMCustomRoleInput interface {
	pulumi.Input

	ToIAMCustomRoleOutput() IAMCustomRoleOutput
	ToIAMCustomRoleOutputWithContext(ctx context.Context) IAMCustomRoleOutput
}

type IAMCustomRoleMap 

type IAMCustomRoleMap map[string]IAMCustomRoleInput

func (IAMCustomRoleMap) ElementType 

func (IAMCustomRoleMap) ElementType() reflect.Type

func (IAMCustomRoleMap) ToIAMCustomRoleMapOutput 

func (i IAMCustomRoleMap) ToIAMCustomRoleMapOutput() IAMCustomRoleMapOutput

func (IAMCustomRoleMap) ToIAMCustomRoleMapOutputWithContext 

func (i IAMCustomRoleMap) ToIAMCustomRoleMapOutputWithContext(ctx context.Context) IAMCustomRoleMapOutput

type IAMCustomRoleMapInput 

type IAMCustomRoleMapInput interface {
	pulumi.Input

	ToIAMCustomRoleMapOutput() IAMCustomRoleMapOutput
	ToIAMCustomRoleMapOutputWithContext(context.Context) IAMCustomRoleMapOutput
}

IAMCustomRoleMapInput is an input type that accepts IAMCustomRoleMap and IAMCustomRoleMapOutput values. You can construct a concrete instance of `IAMCustomRoleMapInput` via: 

IAMCustomRoleMap{ "key": IAMCustomRoleArgs{...} }

type IAMCustomRoleMapOutput 

type IAMCustomRoleMapOutput struct{ *pulumi.OutputState }

func (IAMCustomRoleMapOutput) ElementType 

func (IAMCustomRoleMapOutput) ElementType() reflect.Type

func (IAMCustomRoleMapOutput) MapIndex 

func (o IAMCustomRoleMapOutput) MapIndex(k pulumi.StringInput) IAMCustomRoleOutput

func (IAMCustomRoleMapOutput) ToIAMCustomRoleMapOutput 

func (o IAMCustomRoleMapOutput) ToIAMCustomRoleMapOutput() IAMCustomRoleMapOutput

func (IAMCustomRoleMapOutput) ToIAMCustomRoleMapOutputWithContext 

func (o IAMCustomRoleMapOutput) ToIAMCustomRoleMapOutputWithContext(ctx context.Context) IAMCustomRoleMapOutput

type IAMCustomRoleOutput 

type IAMCustomRoleOutput struct{ *pulumi.OutputState }

func (IAMCustomRoleOutput) Deleted 

func (o IAMCustomRoleOutput) Deleted() pulumi.BoolOutput

(Optional) The current deleted state of the role.

func (IAMCustomRoleOutput) Description 

func (o IAMCustomRoleOutput) Description() pulumi.StringPtrOutput

A human-readable description for the role.

func (IAMCustomRoleOutput) ElementType 

func (IAMCustomRoleOutput) ElementType() reflect.Type

func (IAMCustomRoleOutput) Name 

func (o IAMCustomRoleOutput) Name() pulumi.StringOutput

The name of the role in the format `organizations/{{org_id}}/roles/{{role_id}}`. Like `id`, this field can be used as a reference in other resources such as IAM role bindings.

func (IAMCustomRoleOutput) OrgId 

func (o IAMCustomRoleOutput) OrgId() pulumi.StringOutput

The numeric ID of the organization in which you want to create a custom role.

func (IAMCustomRoleOutput) Permissions 

func (o IAMCustomRoleOutput) Permissions() pulumi.StringArrayOutput

The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.

func (IAMCustomRoleOutput) RoleId 

func (o IAMCustomRoleOutput) RoleId() pulumi.StringOutput

The role id to use for this role.

func (IAMCustomRoleOutput) Stage 

func (o IAMCustomRoleOutput) Stage() pulumi.StringPtrOutput

The current launch stage of the role. Defaults to `GA`. List of possible stages is [here](https://cloud.google.com/iam/reference/rest/v1/organizations.roles#Role.RoleLaunchStage).

func (IAMCustomRoleOutput) Title 

func (o IAMCustomRoleOutput) Title() pulumi.StringOutput

A human-readable title for the role.

func (IAMCustomRoleOutput) ToIAMCustomRoleOutput 

func (o IAMCustomRoleOutput) ToIAMCustomRoleOutput() IAMCustomRoleOutput

func (IAMCustomRoleOutput) ToIAMCustomRoleOutputWithContext 

func (o IAMCustomRoleOutput) ToIAMCustomRoleOutputWithContext(ctx context.Context) IAMCustomRoleOutput

type IAMCustomRoleState 

type IAMCustomRoleState struct {
	// (Optional) The current deleted state of the role.
	Deleted pulumi.BoolPtrInput
	// A human-readable description for the role.
	Description pulumi.StringPtrInput
	// The name of the role in the format `organizations/{{org_id}}/roles/{{role_id}}`. Like `id`, this field can be used as a reference in other resources such as IAM role bindings.
	Name pulumi.StringPtrInput
	// The numeric ID of the organization in which you want to create a custom role.
	OrgId pulumi.StringPtrInput
	// The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.
	Permissions pulumi.StringArrayInput
	// The role id to use for this role.
	RoleId pulumi.StringPtrInput
	// The current launch stage of the role.
	// Defaults to `GA`.
	// List of possible stages is [here](https://cloud.google.com/iam/reference/rest/v1/organizations.roles#Role.RoleLaunchStage).
	Stage pulumi.StringPtrInput
	// A human-readable title for the role.
	Title pulumi.StringPtrInput
}

func (IAMCustomRoleState) ElementType 

func (IAMCustomRoleState) ElementType() reflect.Type

type IAMMember 

type IAMMember struct {
	pulumi.CustomResourceState

	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMMemberConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the organization's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringOutput `pulumi:"member"`
	// The organization id of the target organization.
	OrgId pulumi.StringOutput `pulumi:"orgId"`
	// The role that should be applied. Only one
	// `organizations.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `organizations/{{org_id}}/roles/{{role_id}}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Four different resources help you manage your IAM policy for a organization. Each of these resources serves a different use case:

* `organizations.IAMPolicy`: Authoritative. Sets the IAM policy for the organization and replaces any existing policy already attached. * `organizations.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organization are preserved. * `organizations.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organization are preserved. * `organizations.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.

> **Note:** `organizations.IAMPolicy` **cannot** be used in conjunction with `organizations.IAMBinding`, `organizations.IAMMember`, or `organizations.IamAuditConfig` or they will fight over what your policy should be.

> **Note:** `organizations.IAMBinding` resources **can be** used in conjunction with `organizations.IAMMember` resources **only if** they do not grant privilege to the same role.

## organizations.IAMPolicy

!> **Warning:** New organizations have several default policies which will, 

without extreme caution, be **overwritten** by use of this resource.
The safest alternative is to use multiple `organizations.IAMBinding`
resources. This resource makes it easy to remove your own access to
an organization, which will require a call to Google Support to have
fixed, and can take multiple days to resolve.

In general, this resource should only be used with organizations
fully managed by this provider.I f you do use this resource,
the best way to be sure that you are not making dangerous changes is to start
by **importing** your existing policy, and examining the diff very closely.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/editor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = organizations.NewIAMPolicy(ctx, "organization", &organizations.IAMPolicyArgs{
			OrgId:      pulumi.String("1234567890"),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/editor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: {
						Title:       "expires_after_2019_12_31",
						Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = organizations.NewIAMPolicy(ctx, "organization", &organizations.IAMPolicyArgs{
			OrgId:      pulumi.String("1234567890"),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## organizations.IAMBinding

> **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIAMBinding(ctx, "organization", &organizations.IAMBindingArgs{
			OrgId: pulumi.String("1234567890"),
			Role:  pulumi.String("roles/editor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIAMBinding(ctx, "organization", &organizations.IAMBindingArgs{
			OrgId: pulumi.String("1234567890"),
			Role:  pulumi.String("roles/editor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &organizations.IAMBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## organizations.IAMMember

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIAMMember(ctx, "organization", &organizations.IAMMemberArgs{
			OrgId:  pulumi.String("1234567890"),
			Role:   pulumi.String("roles/editor"),
			Member: pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIAMMember(ctx, "organization", &organizations.IAMMemberArgs{
			OrgId:  pulumi.String("1234567890"),
			Role:   pulumi.String("roles/editor"),
			Member: pulumi.String("user:jane@example.com"),
			Condition: &organizations.IAMMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## organizations.IamAuditConfig

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIamAuditConfig(ctx, "organization", &organizations.IamAuditConfigArgs{
			OrgId:   pulumi.String("1234567890"),
			Service: pulumi.String("allServices"),
			AuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{
				&organizations.IamAuditConfigAuditLogConfigArgs{
					LogType: pulumi.String("ADMIN_READ"),
				},
				&organizations.IamAuditConfigAuditLogConfigArgs{
					LogType: pulumi.String("DATA_READ"),
					ExemptedMembers: pulumi.StringArray{
						pulumi.String("user:joebloggs@example.com"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## organizations.IAMBinding

> **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIAMBinding(ctx, "organization", &organizations.IAMBindingArgs{
			OrgId: pulumi.String("1234567890"),
			Role:  pulumi.String("roles/editor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIAMBinding(ctx, "organization", &organizations.IAMBindingArgs{
			OrgId: pulumi.String("1234567890"),
			Role:  pulumi.String("roles/editor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &organizations.IAMBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## organizations.IAMMember

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIAMMember(ctx, "organization", &organizations.IAMMemberArgs{
			OrgId:  pulumi.String("1234567890"),
			Role:   pulumi.String("roles/editor"),
			Member: pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIAMMember(ctx, "organization", &organizations.IAMMemberArgs{
			OrgId:  pulumi.String("1234567890"),
			Role:   pulumi.String("roles/editor"),
			Member: pulumi.String("user:jane@example.com"),
			Condition: &organizations.IAMMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## organizations.IamAuditConfig

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIamAuditConfig(ctx, "organization", &organizations.IamAuditConfigArgs{
			OrgId:   pulumi.String("1234567890"),
			Service: pulumi.String("allServices"),
			AuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{
				&organizations.IamAuditConfigAuditLogConfigArgs{
					LogType: pulumi.String("ADMIN_READ"),
				},
				&organizations.IamAuditConfigAuditLogConfigArgs{
					LogType: pulumi.String("DATA_READ"),
					ExemptedMembers: pulumi.StringArray{
						pulumi.String("user:joebloggs@example.com"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

### Importing Audit Configs

An audit config can be imported into a `google_organization_iam_audit_config` resource using the resource's `org_id` and the `service`, e.g:

* `"{{org_id}} foo.googleapis.com"`

An `import` block (Terraform v1.5.0 and later) can be used to import audit configs:

tf

import { 

id = "{{org_id}} foo.googleapis.com"

to = google_organization_iam_audit_config.default

}

The `pulumi import` command can also be used:

```sh $ pulumi import gcp:organizations/iAMMember:IAMMember default "{{org_id}} foo.googleapis.com" ```

func GetIAMMember 

func GetIAMMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMMemberState, opts ...pulumi.ResourceOption) (*IAMMember, error)

GetIAMMember gets an existing IAMMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMMember 

func NewIAMMember(ctx *pulumi.Context,
	name string, args *IAMMemberArgs, opts ...pulumi.ResourceOption) (*IAMMember, error)

NewIAMMember registers a new resource with the given unique name, arguments, and options.

func (*IAMMember) ElementType 

func (*IAMMember) ElementType() reflect.Type

func (*IAMMember) ToIAMMemberOutput 

func (i *IAMMember) ToIAMMemberOutput() IAMMemberOutput

func (*IAMMember) ToIAMMemberOutputWithContext 

func (i *IAMMember) ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput

type IAMMemberArgs 

type IAMMemberArgs struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMMemberConditionPtrInput
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringInput
	// The organization id of the target organization.
	OrgId pulumi.StringInput
	// The role that should be applied. Only one
	// `organizations.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `organizations/{{org_id}}/roles/{{role_id}}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a IAMMember resource.

func (IAMMemberArgs) ElementType 

func (IAMMemberArgs) ElementType() reflect.Type

type IAMMemberArray 

type IAMMemberArray []IAMMemberInput

func (IAMMemberArray) ElementType 

func (IAMMemberArray) ElementType() reflect.Type

func (IAMMemberArray) ToIAMMemberArrayOutput 

func (i IAMMemberArray) ToIAMMemberArrayOutput() IAMMemberArrayOutput

func (IAMMemberArray) ToIAMMemberArrayOutputWithContext 

func (i IAMMemberArray) ToIAMMemberArrayOutputWithContext(ctx context.Context) IAMMemberArrayOutput

type IAMMemberArrayInput 

type IAMMemberArrayInput interface {
	pulumi.Input

	ToIAMMemberArrayOutput() IAMMemberArrayOutput
	ToIAMMemberArrayOutputWithContext(context.Context) IAMMemberArrayOutput
}

IAMMemberArrayInput is an input type that accepts IAMMemberArray and IAMMemberArrayOutput values. You can construct a concrete instance of `IAMMemberArrayInput` via: 

IAMMemberArray{ IAMMemberArgs{...} }

type IAMMemberArrayOutput 

type IAMMemberArrayOutput struct{ *pulumi.OutputState }

func (IAMMemberArrayOutput) ElementType 

func (IAMMemberArrayOutput) ElementType() reflect.Type

func (IAMMemberArrayOutput) Index 

func (o IAMMemberArrayOutput) Index(i pulumi.IntInput) IAMMemberOutput

func (IAMMemberArrayOutput) ToIAMMemberArrayOutput 

func (o IAMMemberArrayOutput) ToIAMMemberArrayOutput() IAMMemberArrayOutput

func (IAMMemberArrayOutput) ToIAMMemberArrayOutputWithContext 

func (o IAMMemberArrayOutput) ToIAMMemberArrayOutputWithContext(ctx context.Context) IAMMemberArrayOutput

type IAMMemberCondition 

type IAMMemberCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	//
	// > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the
	// identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will
	// consider it to be an entirely different resource and will treat it as such.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type IAMMemberConditionArgs 

type IAMMemberConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	//
	// > **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the
	// identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will
	// consider it to be an entirely different resource and will treat it as such.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (IAMMemberConditionArgs) ElementType 

func (IAMMemberConditionArgs) ElementType() reflect.Type

func (IAMMemberConditionArgs) ToIAMMemberConditionOutput 

func (i IAMMemberConditionArgs) ToIAMMemberConditionOutput() IAMMemberConditionOutput

func (IAMMemberConditionArgs) ToIAMMemberConditionOutputWithContext 

func (i IAMMemberConditionArgs) ToIAMMemberConditionOutputWithContext(ctx context.Context) IAMMemberConditionOutput

func (IAMMemberConditionArgs) ToIAMMemberConditionPtrOutput 

func (i IAMMemberConditionArgs) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput

func (IAMMemberConditionArgs) ToIAMMemberConditionPtrOutputWithContext 

func (i IAMMemberConditionArgs) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput

type IAMMemberConditionInput 

type IAMMemberConditionInput interface {
	pulumi.Input

	ToIAMMemberConditionOutput() IAMMemberConditionOutput
	ToIAMMemberConditionOutputWithContext(context.Context) IAMMemberConditionOutput
}

IAMMemberConditionInput is an input type that accepts IAMMemberConditionArgs and IAMMemberConditionOutput values. You can construct a concrete instance of `IAMMemberConditionInput` via: 

IAMMemberConditionArgs{...}

type IAMMemberConditionOutput 

type IAMMemberConditionOutput struct{ *pulumi.OutputState }

func (IAMMemberConditionOutput) Description 

func (o IAMMemberConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.

func (IAMMemberConditionOutput) ElementType 

func (IAMMemberConditionOutput) ElementType() reflect.Type

func (IAMMemberConditionOutput) Expression 

func (o IAMMemberConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (IAMMemberConditionOutput) Title 

func (o IAMMemberConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (IAMMemberConditionOutput) ToIAMMemberConditionOutput 

func (o IAMMemberConditionOutput) ToIAMMemberConditionOutput() IAMMemberConditionOutput

func (IAMMemberConditionOutput) ToIAMMemberConditionOutputWithContext 

func (o IAMMemberConditionOutput) ToIAMMemberConditionOutputWithContext(ctx context.Context) IAMMemberConditionOutput

func (IAMMemberConditionOutput) ToIAMMemberConditionPtrOutput 

func (o IAMMemberConditionOutput) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput

func (IAMMemberConditionOutput) ToIAMMemberConditionPtrOutputWithContext 

func (o IAMMemberConditionOutput) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput

type IAMMemberConditionPtrInput 

type IAMMemberConditionPtrInput interface {
	pulumi.Input

	ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput
	ToIAMMemberConditionPtrOutputWithContext(context.Context) IAMMemberConditionPtrOutput
}

IAMMemberConditionPtrInput is an input type that accepts IAMMemberConditionArgs, IAMMemberConditionPtr and IAMMemberConditionPtrOutput values. You can construct a concrete instance of `IAMMemberConditionPtrInput` via: 

        IAMMemberConditionArgs{...}

or:

        nil

func IAMMemberConditionPtr 

func IAMMemberConditionPtr(v *IAMMemberConditionArgs) IAMMemberConditionPtrInput

type IAMMemberConditionPtrOutput 

type IAMMemberConditionPtrOutput struct{ *pulumi.OutputState }

func (IAMMemberConditionPtrOutput) Description 

func (o IAMMemberConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

> **Warning:** This provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.

func (IAMMemberConditionPtrOutput) Elem 

func (o IAMMemberConditionPtrOutput) Elem() IAMMemberConditionOutput

func (IAMMemberConditionPtrOutput) ElementType 

func (IAMMemberConditionPtrOutput) ElementType() reflect.Type

func (IAMMemberConditionPtrOutput) Expression 

func (o IAMMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (IAMMemberConditionPtrOutput) Title 

func (o IAMMemberConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutput 

func (o IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutput() IAMMemberConditionPtrOutput

func (IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutputWithContext 

func (o IAMMemberConditionPtrOutput) ToIAMMemberConditionPtrOutputWithContext(ctx context.Context) IAMMemberConditionPtrOutput

type IAMMemberInput 

type IAMMemberInput interface {
	pulumi.Input

	ToIAMMemberOutput() IAMMemberOutput
	ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput
}

type IAMMemberMap 

type IAMMemberMap map[string]IAMMemberInput

func (IAMMemberMap) ElementType 

func (IAMMemberMap) ElementType() reflect.Type

func (IAMMemberMap) ToIAMMemberMapOutput 

func (i IAMMemberMap) ToIAMMemberMapOutput() IAMMemberMapOutput

func (IAMMemberMap) ToIAMMemberMapOutputWithContext 

func (i IAMMemberMap) ToIAMMemberMapOutputWithContext(ctx context.Context) IAMMemberMapOutput

type IAMMemberMapInput 

type IAMMemberMapInput interface {
	pulumi.Input

	ToIAMMemberMapOutput() IAMMemberMapOutput
	ToIAMMemberMapOutputWithContext(context.Context) IAMMemberMapOutput
}

IAMMemberMapInput is an input type that accepts IAMMemberMap and IAMMemberMapOutput values. You can construct a concrete instance of `IAMMemberMapInput` via: 

IAMMemberMap{ "key": IAMMemberArgs{...} }

type IAMMemberMapOutput 

type IAMMemberMapOutput struct{ *pulumi.OutputState }

func (IAMMemberMapOutput) ElementType 

func (IAMMemberMapOutput) ElementType() reflect.Type

func (IAMMemberMapOutput) MapIndex 

func (o IAMMemberMapOutput) MapIndex(k pulumi.StringInput) IAMMemberOutput

func (IAMMemberMapOutput) ToIAMMemberMapOutput 

func (o IAMMemberMapOutput) ToIAMMemberMapOutput() IAMMemberMapOutput

func (IAMMemberMapOutput) ToIAMMemberMapOutputWithContext 

func (o IAMMemberMapOutput) ToIAMMemberMapOutputWithContext(ctx context.Context) IAMMemberMapOutput

type IAMMemberOutput 

type IAMMemberOutput struct{ *pulumi.OutputState }

func (IAMMemberOutput) Condition 

func (o IAMMemberOutput) Condition() IAMMemberConditionPtrOutput

An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.

func (IAMMemberOutput) ElementType 

func (IAMMemberOutput) ElementType() reflect.Type

func (IAMMemberOutput) Etag 

func (o IAMMemberOutput) Etag() pulumi.StringOutput

(Computed) The etag of the organization's IAM policy.

func (IAMMemberOutput) Member 

func (o IAMMemberOutput) Member() pulumi.StringOutput

Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

func (IAMMemberOutput) OrgId 

func (o IAMMemberOutput) OrgId() pulumi.StringOutput

The organization id of the target organization.

func (IAMMemberOutput) Role 

func (o IAMMemberOutput) Role() pulumi.StringOutput

The role that should be applied. Only one `organizations.IAMBinding` can be used per role. Note that custom roles must be of the format `organizations/{{org_id}}/roles/{{role_id}}`.

func (IAMMemberOutput) ToIAMMemberOutput 

func (o IAMMemberOutput) ToIAMMemberOutput() IAMMemberOutput

func (IAMMemberOutput) ToIAMMemberOutputWithContext 

func (o IAMMemberOutput) ToIAMMemberOutputWithContext(ctx context.Context) IAMMemberOutput

type IAMMemberState 

type IAMMemberState struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition IAMMemberConditionPtrInput
	// (Computed) The etag of the organization's IAM policy.
	Etag pulumi.StringPtrInput
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringPtrInput
	// The organization id of the target organization.
	OrgId pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `organizations.IAMBinding` can be used per role. Note that custom roles must be of the format
	// `organizations/{{org_id}}/roles/{{role_id}}`.
	Role pulumi.StringPtrInput
}

func (IAMMemberState) ElementType 

func (IAMMemberState) ElementType() reflect.Type

type IAMPolicy 

type IAMPolicy struct {
	pulumi.CustomResourceState

	// (Computed) The etag of the organization's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The organization id of the target organization.
	OrgId pulumi.StringOutput `pulumi:"orgId"`
	// The `organizations.getIAMPolicy` data source that represents
	// the IAM policy that will be applied to the organization. The policy will be
	// merged with any existing policy applied to the organization.
	//
	// Changing this updates the policy.
	//
	// Deleting this removes all policies from the organization, locking out users without
	// organization-level access.
	PolicyData pulumi.StringOutput `pulumi:"policyData"`
}

Four different resources help you manage your IAM policy for a organization. Each of these resources serves a different use case:

* `organizations.IAMPolicy`: Authoritative. Sets the IAM policy for the organization and replaces any existing policy already attached. * `organizations.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organization are preserved. * `organizations.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organization are preserved. * `organizations.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.

> **Note:** `organizations.IAMPolicy` **cannot** be used in conjunction with `organizations.IAMBinding`, `organizations.IAMMember`, or `organizations.IamAuditConfig` or they will fight over what your policy should be.

> **Note:** `organizations.IAMBinding` resources **can be** used in conjunction with `organizations.IAMMember` resources **only if** they do not grant privilege to the same role.

## organizations.IAMPolicy

!> **Warning:** New organizations have several default policies which will, 

without extreme caution, be **overwritten** by use of this resource.
The safest alternative is to use multiple `organizations.IAMBinding`
resources. This resource makes it easy to remove your own access to
an organization, which will require a call to Google Support to have
fixed, and can take multiple days to resolve.

In general, this resource should only be used with organizations
fully managed by this provider.I f you do use this resource,
the best way to be sure that you are not making dangerous changes is to start
by **importing** your existing policy, and examining the diff very closely.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/editor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = organizations.NewIAMPolicy(ctx, "organization", &organizations.IAMPolicyArgs{
			OrgId:      pulumi.String("1234567890"),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/editor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: {
						Title:       "expires_after_2019_12_31",
						Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = organizations.NewIAMPolicy(ctx, "organization", &organizations.IAMPolicyArgs{
			OrgId:      pulumi.String("1234567890"),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## organizations.IAMBinding

> **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIAMBinding(ctx, "organization", &organizations.IAMBindingArgs{
			OrgId: pulumi.String("1234567890"),
			Role:  pulumi.String("roles/editor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIAMBinding(ctx, "organization", &organizations.IAMBindingArgs{
			OrgId: pulumi.String("1234567890"),
			Role:  pulumi.String("roles/editor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &organizations.IAMBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## organizations.IAMMember

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIAMMember(ctx, "organization", &organizations.IAMMemberArgs{
			OrgId:  pulumi.String("1234567890"),
			Role:   pulumi.String("roles/editor"),
			Member: pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIAMMember(ctx, "organization", &organizations.IAMMemberArgs{
			OrgId:  pulumi.String("1234567890"),
			Role:   pulumi.String("roles/editor"),
			Member: pulumi.String("user:jane@example.com"),
			Condition: &organizations.IAMMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## organizations.IamAuditConfig

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIamAuditConfig(ctx, "organization", &organizations.IamAuditConfigArgs{
			OrgId:   pulumi.String("1234567890"),
			Service: pulumi.String("allServices"),
			AuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{
				&organizations.IamAuditConfigAuditLogConfigArgs{
					LogType: pulumi.String("ADMIN_READ"),
				},
				&organizations.IamAuditConfigAuditLogConfigArgs{
					LogType: pulumi.String("DATA_READ"),
					ExemptedMembers: pulumi.StringArray{
						pulumi.String("user:joebloggs@example.com"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## organizations.IAMBinding

> **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIAMBinding(ctx, "organization", &organizations.IAMBindingArgs{
			OrgId: pulumi.String("1234567890"),
			Role:  pulumi.String("roles/editor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIAMBinding(ctx, "organization", &organizations.IAMBindingArgs{
			OrgId: pulumi.String("1234567890"),
			Role:  pulumi.String("roles/editor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &organizations.IAMBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## organizations.IAMMember

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIAMMember(ctx, "organization", &organizations.IAMMemberArgs{
			OrgId:  pulumi.String("1234567890"),
			Role:   pulumi.String("roles/editor"),
			Member: pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIAMMember(ctx, "organization", &organizations.IAMMemberArgs{
			OrgId:  pulumi.String("1234567890"),
			Role:   pulumi.String("roles/editor"),
			Member: pulumi.String("user:jane@example.com"),
			Condition: &organizations.IAMMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## organizations.IamAuditConfig

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIamAuditConfig(ctx, "organization", &organizations.IamAuditConfigArgs{
			OrgId:   pulumi.String("1234567890"),
			Service: pulumi.String("allServices"),
			AuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{
				&organizations.IamAuditConfigAuditLogConfigArgs{
					LogType: pulumi.String("ADMIN_READ"),
				},
				&organizations.IamAuditConfigAuditLogConfigArgs{
					LogType: pulumi.String("DATA_READ"),
					ExemptedMembers: pulumi.StringArray{
						pulumi.String("user:joebloggs@example.com"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

### Importing Audit Configs

An audit config can be imported into a `google_organization_iam_audit_config` resource using the resource's `org_id` and the `service`, e.g:

* `"{{org_id}} foo.googleapis.com"`

An `import` block (Terraform v1.5.0 and later) can be used to import audit configs:

tf

import { 

id = "{{org_id}} foo.googleapis.com"

to = google_organization_iam_audit_config.default

}

The `pulumi import` command can also be used:

```sh $ pulumi import gcp:organizations/iAMPolicy:IAMPolicy default "{{org_id}} foo.googleapis.com" ```

func GetIAMPolicy 

func GetIAMPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IAMPolicyState, opts ...pulumi.ResourceOption) (*IAMPolicy, error)

GetIAMPolicy gets an existing IAMPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIAMPolicy 

func NewIAMPolicy(ctx *pulumi.Context,
	name string, args *IAMPolicyArgs, opts ...pulumi.ResourceOption) (*IAMPolicy, error)

NewIAMPolicy registers a new resource with the given unique name, arguments, and options.

func (*IAMPolicy) ElementType 

func (*IAMPolicy) ElementType() reflect.Type

func (*IAMPolicy) ToIAMPolicyOutput 

func (i *IAMPolicy) ToIAMPolicyOutput() IAMPolicyOutput

func (*IAMPolicy) ToIAMPolicyOutputWithContext 

func (i *IAMPolicy) ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput

type IAMPolicyArgs 

type IAMPolicyArgs struct {
	// The organization id of the target organization.
	OrgId pulumi.StringInput
	// The `organizations.getIAMPolicy` data source that represents
	// the IAM policy that will be applied to the organization. The policy will be
	// merged with any existing policy applied to the organization.
	//
	// Changing this updates the policy.
	//
	// Deleting this removes all policies from the organization, locking out users without
	// organization-level access.
	PolicyData pulumi.StringInput
}

The set of arguments for constructing a IAMPolicy resource.

func (IAMPolicyArgs) ElementType 

func (IAMPolicyArgs) ElementType() reflect.Type

type IAMPolicyArray 

type IAMPolicyArray []IAMPolicyInput

func (IAMPolicyArray) ElementType 

func (IAMPolicyArray) ElementType() reflect.Type

func (IAMPolicyArray) ToIAMPolicyArrayOutput 

func (i IAMPolicyArray) ToIAMPolicyArrayOutput() IAMPolicyArrayOutput

func (IAMPolicyArray) ToIAMPolicyArrayOutputWithContext 

func (i IAMPolicyArray) ToIAMPolicyArrayOutputWithContext(ctx context.Context) IAMPolicyArrayOutput

type IAMPolicyArrayInput 

type IAMPolicyArrayInput interface {
	pulumi.Input

	ToIAMPolicyArrayOutput() IAMPolicyArrayOutput
	ToIAMPolicyArrayOutputWithContext(context.Context) IAMPolicyArrayOutput
}

IAMPolicyArrayInput is an input type that accepts IAMPolicyArray and IAMPolicyArrayOutput values. You can construct a concrete instance of `IAMPolicyArrayInput` via: 

IAMPolicyArray{ IAMPolicyArgs{...} }

type IAMPolicyArrayOutput 

type IAMPolicyArrayOutput struct{ *pulumi.OutputState }

func (IAMPolicyArrayOutput) ElementType 

func (IAMPolicyArrayOutput) ElementType() reflect.Type

func (IAMPolicyArrayOutput) Index 

func (o IAMPolicyArrayOutput) Index(i pulumi.IntInput) IAMPolicyOutput

func (IAMPolicyArrayOutput) ToIAMPolicyArrayOutput 

func (o IAMPolicyArrayOutput) ToIAMPolicyArrayOutput() IAMPolicyArrayOutput

func (IAMPolicyArrayOutput) ToIAMPolicyArrayOutputWithContext 

func (o IAMPolicyArrayOutput) ToIAMPolicyArrayOutputWithContext(ctx context.Context) IAMPolicyArrayOutput

type IAMPolicyInput 

type IAMPolicyInput interface {
	pulumi.Input

	ToIAMPolicyOutput() IAMPolicyOutput
	ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput
}

type IAMPolicyMap 

type IAMPolicyMap map[string]IAMPolicyInput

func (IAMPolicyMap) ElementType 

func (IAMPolicyMap) ElementType() reflect.Type

func (IAMPolicyMap) ToIAMPolicyMapOutput 

func (i IAMPolicyMap) ToIAMPolicyMapOutput() IAMPolicyMapOutput

func (IAMPolicyMap) ToIAMPolicyMapOutputWithContext 

func (i IAMPolicyMap) ToIAMPolicyMapOutputWithContext(ctx context.Context) IAMPolicyMapOutput

type IAMPolicyMapInput 

type IAMPolicyMapInput interface {
	pulumi.Input

	ToIAMPolicyMapOutput() IAMPolicyMapOutput
	ToIAMPolicyMapOutputWithContext(context.Context) IAMPolicyMapOutput
}

IAMPolicyMapInput is an input type that accepts IAMPolicyMap and IAMPolicyMapOutput values. You can construct a concrete instance of `IAMPolicyMapInput` via: 

IAMPolicyMap{ "key": IAMPolicyArgs{...} }

type IAMPolicyMapOutput 

type IAMPolicyMapOutput struct{ *pulumi.OutputState }

func (IAMPolicyMapOutput) ElementType 

func (IAMPolicyMapOutput) ElementType() reflect.Type

func (IAMPolicyMapOutput) MapIndex 

func (o IAMPolicyMapOutput) MapIndex(k pulumi.StringInput) IAMPolicyOutput

func (IAMPolicyMapOutput) ToIAMPolicyMapOutput 

func (o IAMPolicyMapOutput) ToIAMPolicyMapOutput() IAMPolicyMapOutput

func (IAMPolicyMapOutput) ToIAMPolicyMapOutputWithContext 

func (o IAMPolicyMapOutput) ToIAMPolicyMapOutputWithContext(ctx context.Context) IAMPolicyMapOutput

type IAMPolicyOutput 

type IAMPolicyOutput struct{ *pulumi.OutputState }

func (IAMPolicyOutput) ElementType 

func (IAMPolicyOutput) ElementType() reflect.Type

func (IAMPolicyOutput) Etag 

func (o IAMPolicyOutput) Etag() pulumi.StringOutput

(Computed) The etag of the organization's IAM policy.

func (IAMPolicyOutput) OrgId 

func (o IAMPolicyOutput) OrgId() pulumi.StringOutput

The organization id of the target organization.

func (IAMPolicyOutput) PolicyData 

func (o IAMPolicyOutput) PolicyData() pulumi.StringOutput

The `organizations.getIAMPolicy` data source that represents the IAM policy that will be applied to the organization. The policy will be merged with any existing policy applied to the organization.

Changing this updates the policy.

Deleting this removes all policies from the organization, locking out users without organization-level access.

func (IAMPolicyOutput) ToIAMPolicyOutput 

func (o IAMPolicyOutput) ToIAMPolicyOutput() IAMPolicyOutput

func (IAMPolicyOutput) ToIAMPolicyOutputWithContext 

func (o IAMPolicyOutput) ToIAMPolicyOutputWithContext(ctx context.Context) IAMPolicyOutput

type IAMPolicyState 

type IAMPolicyState struct {
	// (Computed) The etag of the organization's IAM policy.
	Etag pulumi.StringPtrInput
	// The organization id of the target organization.
	OrgId pulumi.StringPtrInput
	// The `organizations.getIAMPolicy` data source that represents
	// the IAM policy that will be applied to the organization. The policy will be
	// merged with any existing policy applied to the organization.
	//
	// Changing this updates the policy.
	//
	// Deleting this removes all policies from the organization, locking out users without
	// organization-level access.
	PolicyData pulumi.StringPtrInput
}

func (IAMPolicyState) ElementType 

func (IAMPolicyState) ElementType() reflect.Type

type IamAuditConfig 

type IamAuditConfig struct {
	pulumi.CustomResourceState

	// The configuration for logging of each type of permission.  This can be specified multiple times.  Structure is documented below.
	AuditLogConfigs IamAuditConfigAuditLogConfigArrayOutput `pulumi:"auditLogConfigs"`
	// The etag of iam policy
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The numeric ID of the organization in which you want to manage the audit logging config.
	OrgId pulumi.StringOutput `pulumi:"orgId"`
	// Service which will be enabled for audit logging.  The special value `allServices` covers all services.  Note that if there are google\_organization\_iam\_audit\_config resources covering both `allServices` and a specific service then the union of the two AuditConfigs is used for that service: the `logTypes` specified in each `auditLogConfig` are enabled, and the `exemptedMembers` in each `auditLogConfig` are exempted.
	Service pulumi.StringOutput `pulumi:"service"`
}

Allows management of audit logging config for a given service for a Google Cloud Platform Organization.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewIamAuditConfig(ctx, "config", &organizations.IamAuditConfigArgs{
			OrgId:   pulumi.String("your-organization-id"),
			Service: pulumi.String("allServices"),
			AuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{
				&organizations.IamAuditConfigAuditLogConfigArgs{
					LogType: pulumi.String("DATA_READ"),
					ExemptedMembers: pulumi.StringArray{
						pulumi.String("user:joebloggs@example.com"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

IAM audit config imports use the identifier of the resource in question and the service, e.g.

```sh $ pulumi import gcp:organizations/iamAuditConfig:IamAuditConfig config "your-organization-id foo.googleapis.com" ```

func GetIamAuditConfig 

func GetIamAuditConfig(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IamAuditConfigState, opts ...pulumi.ResourceOption) (*IamAuditConfig, error)

GetIamAuditConfig gets an existing IamAuditConfig resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIamAuditConfig 

func NewIamAuditConfig(ctx *pulumi.Context,
	name string, args *IamAuditConfigArgs, opts ...pulumi.ResourceOption) (*IamAuditConfig, error)

NewIamAuditConfig registers a new resource with the given unique name, arguments, and options.

func (*IamAuditConfig) ElementType 

func (*IamAuditConfig) ElementType() reflect.Type

func (*IamAuditConfig) ToIamAuditConfigOutput 

func (i *IamAuditConfig) ToIamAuditConfigOutput() IamAuditConfigOutput

func (*IamAuditConfig) ToIamAuditConfigOutputWithContext 

func (i *IamAuditConfig) ToIamAuditConfigOutputWithContext(ctx context.Context) IamAuditConfigOutput

type IamAuditConfigArgs 

type IamAuditConfigArgs struct {
	// The configuration for logging of each type of permission.  This can be specified multiple times.  Structure is documented below.
	AuditLogConfigs IamAuditConfigAuditLogConfigArrayInput
	// The numeric ID of the organization in which you want to manage the audit logging config.
	OrgId pulumi.StringInput
	// Service which will be enabled for audit logging.  The special value `allServices` covers all services.  Note that if there are google\_organization\_iam\_audit\_config resources covering both `allServices` and a specific service then the union of the two AuditConfigs is used for that service: the `logTypes` specified in each `auditLogConfig` are enabled, and the `exemptedMembers` in each `auditLogConfig` are exempted.
	Service pulumi.StringInput
}

The set of arguments for constructing a IamAuditConfig resource.

func (IamAuditConfigArgs) ElementType 

func (IamAuditConfigArgs) ElementType() reflect.Type

type IamAuditConfigArray 

type IamAuditConfigArray []IamAuditConfigInput

func (IamAuditConfigArray) ElementType 

func (IamAuditConfigArray) ElementType() reflect.Type

func (IamAuditConfigArray) ToIamAuditConfigArrayOutput 

func (i IamAuditConfigArray) ToIamAuditConfigArrayOutput() IamAuditConfigArrayOutput

func (IamAuditConfigArray) ToIamAuditConfigArrayOutputWithContext 

func (i IamAuditConfigArray) ToIamAuditConfigArrayOutputWithContext(ctx context.Context) IamAuditConfigArrayOutput

type IamAuditConfigArrayInput 

type IamAuditConfigArrayInput interface {
	pulumi.Input

	ToIamAuditConfigArrayOutput() IamAuditConfigArrayOutput
	ToIamAuditConfigArrayOutputWithContext(context.Context) IamAuditConfigArrayOutput
}

IamAuditConfigArrayInput is an input type that accepts IamAuditConfigArray and IamAuditConfigArrayOutput values. You can construct a concrete instance of `IamAuditConfigArrayInput` via: 

IamAuditConfigArray{ IamAuditConfigArgs{...} }

type IamAuditConfigArrayOutput 

type IamAuditConfigArrayOutput struct{ *pulumi.OutputState }

func (IamAuditConfigArrayOutput) ElementType 

func (IamAuditConfigArrayOutput) ElementType() reflect.Type

func (IamAuditConfigArrayOutput) Index 

func (o IamAuditConfigArrayOutput) Index(i pulumi.IntInput) IamAuditConfigOutput

func (IamAuditConfigArrayOutput) ToIamAuditConfigArrayOutput 

func (o IamAuditConfigArrayOutput) ToIamAuditConfigArrayOutput() IamAuditConfigArrayOutput

func (IamAuditConfigArrayOutput) ToIamAuditConfigArrayOutputWithContext 

func (o IamAuditConfigArrayOutput) ToIamAuditConfigArrayOutputWithContext(ctx context.Context) IamAuditConfigArrayOutput

type IamAuditConfigAuditLogConfig 

type IamAuditConfigAuditLogConfig struct {
	// Identities that do not cause logging for this type of permission.
	// Each entry can have one of the following values:
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	ExemptedMembers []string `pulumi:"exemptedMembers"`
	// Permission type for which logging is to be configured.  Must be one of `DATA_READ`, `DATA_WRITE`, or `ADMIN_READ`.
	LogType string `pulumi:"logType"`
}

type IamAuditConfigAuditLogConfigArgs 

type IamAuditConfigAuditLogConfigArgs struct {
	// Identities that do not cause logging for this type of permission.
	// Each entry can have one of the following values:
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	ExemptedMembers pulumi.StringArrayInput `pulumi:"exemptedMembers"`
	// Permission type for which logging is to be configured.  Must be one of `DATA_READ`, `DATA_WRITE`, or `ADMIN_READ`.
	LogType pulumi.StringInput `pulumi:"logType"`
}

func (IamAuditConfigAuditLogConfigArgs) ElementType 

func (IamAuditConfigAuditLogConfigArgs) ElementType() reflect.Type

func (IamAuditConfigAuditLogConfigArgs) ToIamAuditConfigAuditLogConfigOutput 

func (i IamAuditConfigAuditLogConfigArgs) ToIamAuditConfigAuditLogConfigOutput() IamAuditConfigAuditLogConfigOutput

func (IamAuditConfigAuditLogConfigArgs) ToIamAuditConfigAuditLogConfigOutputWithContext 

func (i IamAuditConfigAuditLogConfigArgs) ToIamAuditConfigAuditLogConfigOutputWithContext(ctx context.Context) IamAuditConfigAuditLogConfigOutput

type IamAuditConfigAuditLogConfigArray 

type IamAuditConfigAuditLogConfigArray []IamAuditConfigAuditLogConfigInput

func (IamAuditConfigAuditLogConfigArray) ElementType 

func (IamAuditConfigAuditLogConfigArray) ElementType() reflect.Type

func (IamAuditConfigAuditLogConfigArray) ToIamAuditConfigAuditLogConfigArrayOutput 

func (i IamAuditConfigAuditLogConfigArray) ToIamAuditConfigAuditLogConfigArrayOutput() IamAuditConfigAuditLogConfigArrayOutput

func (IamAuditConfigAuditLogConfigArray) ToIamAuditConfigAuditLogConfigArrayOutputWithContext 

func (i IamAuditConfigAuditLogConfigArray) ToIamAuditConfigAuditLogConfigArrayOutputWithContext(ctx context.Context) IamAuditConfigAuditLogConfigArrayOutput

type IamAuditConfigAuditLogConfigArrayInput 

type IamAuditConfigAuditLogConfigArrayInput interface {
	pulumi.Input

	ToIamAuditConfigAuditLogConfigArrayOutput() IamAuditConfigAuditLogConfigArrayOutput
	ToIamAuditConfigAuditLogConfigArrayOutputWithContext(context.Context) IamAuditConfigAuditLogConfigArrayOutput
}

IamAuditConfigAuditLogConfigArrayInput is an input type that accepts IamAuditConfigAuditLogConfigArray and IamAuditConfigAuditLogConfigArrayOutput values. You can construct a concrete instance of `IamAuditConfigAuditLogConfigArrayInput` via: 

IamAuditConfigAuditLogConfigArray{ IamAuditConfigAuditLogConfigArgs{...} }

type IamAuditConfigAuditLogConfigArrayOutput 

type IamAuditConfigAuditLogConfigArrayOutput struct{ *pulumi.OutputState }

func (IamAuditConfigAuditLogConfigArrayOutput) ElementType 

func (IamAuditConfigAuditLogConfigArrayOutput) ElementType() reflect.Type

func (IamAuditConfigAuditLogConfigArrayOutput) Index 

func (o IamAuditConfigAuditLogConfigArrayOutput) Index(i pulumi.IntInput) IamAuditConfigAuditLogConfigOutput

func (IamAuditConfigAuditLogConfigArrayOutput) ToIamAuditConfigAuditLogConfigArrayOutput 

func (o IamAuditConfigAuditLogConfigArrayOutput) ToIamAuditConfigAuditLogConfigArrayOutput() IamAuditConfigAuditLogConfigArrayOutput

func (IamAuditConfigAuditLogConfigArrayOutput) ToIamAuditConfigAuditLogConfigArrayOutputWithContext 

func (o IamAuditConfigAuditLogConfigArrayOutput) ToIamAuditConfigAuditLogConfigArrayOutputWithContext(ctx context.Context) IamAuditConfigAuditLogConfigArrayOutput

type IamAuditConfigAuditLogConfigInput 

type IamAuditConfigAuditLogConfigInput interface {
	pulumi.Input

	ToIamAuditConfigAuditLogConfigOutput() IamAuditConfigAuditLogConfigOutput
	ToIamAuditConfigAuditLogConfigOutputWithContext(context.Context) IamAuditConfigAuditLogConfigOutput
}

IamAuditConfigAuditLogConfigInput is an input type that accepts IamAuditConfigAuditLogConfigArgs and IamAuditConfigAuditLogConfigOutput values. You can construct a concrete instance of `IamAuditConfigAuditLogConfigInput` via: 

IamAuditConfigAuditLogConfigArgs{...}

type IamAuditConfigAuditLogConfigOutput 

type IamAuditConfigAuditLogConfigOutput struct{ *pulumi.OutputState }

func (IamAuditConfigAuditLogConfigOutput) ElementType 

func (IamAuditConfigAuditLogConfigOutput) ElementType() reflect.Type

func (IamAuditConfigAuditLogConfigOutput) ExemptedMembers 

func (o IamAuditConfigAuditLogConfigOutput) ExemptedMembers() pulumi.StringArrayOutput

Identities that do not cause logging for this type of permission. Each entry can have one of the following values: * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

func (IamAuditConfigAuditLogConfigOutput) LogType 

func (o IamAuditConfigAuditLogConfigOutput) LogType() pulumi.StringOutput

Permission type for which logging is to be configured. Must be one of `DATA_READ`, `DATA_WRITE`, or `ADMIN_READ`.

func (IamAuditConfigAuditLogConfigOutput) ToIamAuditConfigAuditLogConfigOutput 

func (o IamAuditConfigAuditLogConfigOutput) ToIamAuditConfigAuditLogConfigOutput() IamAuditConfigAuditLogConfigOutput

func (IamAuditConfigAuditLogConfigOutput) ToIamAuditConfigAuditLogConfigOutputWithContext 

func (o IamAuditConfigAuditLogConfigOutput) ToIamAuditConfigAuditLogConfigOutputWithContext(ctx context.Context) IamAuditConfigAuditLogConfigOutput

type IamAuditConfigInput 

type IamAuditConfigInput interface {
	pulumi.Input

	ToIamAuditConfigOutput() IamAuditConfigOutput
	ToIamAuditConfigOutputWithContext(ctx context.Context) IamAuditConfigOutput
}

type IamAuditConfigMap 

type IamAuditConfigMap map[string]IamAuditConfigInput

func (IamAuditConfigMap) ElementType 

func (IamAuditConfigMap) ElementType() reflect.Type

func (IamAuditConfigMap) ToIamAuditConfigMapOutput 

func (i IamAuditConfigMap) ToIamAuditConfigMapOutput() IamAuditConfigMapOutput

func (IamAuditConfigMap) ToIamAuditConfigMapOutputWithContext 

func (i IamAuditConfigMap) ToIamAuditConfigMapOutputWithContext(ctx context.Context) IamAuditConfigMapOutput

type IamAuditConfigMapInput 

type IamAuditConfigMapInput interface {
	pulumi.Input

	ToIamAuditConfigMapOutput() IamAuditConfigMapOutput
	ToIamAuditConfigMapOutputWithContext(context.Context) IamAuditConfigMapOutput
}

IamAuditConfigMapInput is an input type that accepts IamAuditConfigMap and IamAuditConfigMapOutput values. You can construct a concrete instance of `IamAuditConfigMapInput` via: 

IamAuditConfigMap{ "key": IamAuditConfigArgs{...} }

type IamAuditConfigMapOutput 

type IamAuditConfigMapOutput struct{ *pulumi.OutputState }

func (IamAuditConfigMapOutput) ElementType 

func (IamAuditConfigMapOutput) ElementType() reflect.Type

func (IamAuditConfigMapOutput) MapIndex 

func (o IamAuditConfigMapOutput) MapIndex(k pulumi.StringInput) IamAuditConfigOutput

func (IamAuditConfigMapOutput) ToIamAuditConfigMapOutput 

func (o IamAuditConfigMapOutput) ToIamAuditConfigMapOutput() IamAuditConfigMapOutput

func (IamAuditConfigMapOutput) ToIamAuditConfigMapOutputWithContext 

func (o IamAuditConfigMapOutput) ToIamAuditConfigMapOutputWithContext(ctx context.Context) IamAuditConfigMapOutput

type IamAuditConfigOutput 

type IamAuditConfigOutput struct{ *pulumi.OutputState }

func (IamAuditConfigOutput) AuditLogConfigs 

func (o IamAuditConfigOutput) AuditLogConfigs() IamAuditConfigAuditLogConfigArrayOutput

The configuration for logging of each type of permission. This can be specified multiple times. Structure is documented below.

func (IamAuditConfigOutput) ElementType 

func (IamAuditConfigOutput) ElementType() reflect.Type

func (IamAuditConfigOutput) Etag 

func (o IamAuditConfigOutput) Etag() pulumi.StringOutput

The etag of iam policy

func (IamAuditConfigOutput) OrgId 

func (o IamAuditConfigOutput) OrgId() pulumi.StringOutput

The numeric ID of the organization in which you want to manage the audit logging config.

func (IamAuditConfigOutput) Service 

func (o IamAuditConfigOutput) Service() pulumi.StringOutput

Service which will be enabled for audit logging. The special value `allServices` covers all services. Note that if there are google\_organization\_iam\_audit\_config resources covering both `allServices` and a specific service then the union of the two AuditConfigs is used for that service: the `logTypes` specified in each `auditLogConfig` are enabled, and the `exemptedMembers` in each `auditLogConfig` are exempted.

func (IamAuditConfigOutput) ToIamAuditConfigOutput 

func (o IamAuditConfigOutput) ToIamAuditConfigOutput() IamAuditConfigOutput

func (IamAuditConfigOutput) ToIamAuditConfigOutputWithContext 

func (o IamAuditConfigOutput) ToIamAuditConfigOutputWithContext(ctx context.Context) IamAuditConfigOutput

type IamAuditConfigState 

type IamAuditConfigState struct {
	// The configuration for logging of each type of permission.  This can be specified multiple times.  Structure is documented below.
	AuditLogConfigs IamAuditConfigAuditLogConfigArrayInput
	// The etag of iam policy
	Etag pulumi.StringPtrInput
	// The numeric ID of the organization in which you want to manage the audit logging config.
	OrgId pulumi.StringPtrInput
	// Service which will be enabled for audit logging.  The special value `allServices` covers all services.  Note that if there are google\_organization\_iam\_audit\_config resources covering both `allServices` and a specific service then the union of the two AuditConfigs is used for that service: the `logTypes` specified in each `auditLogConfig` are enabled, and the `exemptedMembers` in each `auditLogConfig` are exempted.
	Service pulumi.StringPtrInput
}

func (IamAuditConfigState) ElementType 

func (IamAuditConfigState) ElementType() reflect.Type

type LookupFolderArgs 

type LookupFolderArgs struct {
	// The name of the Folder in the form `{folder_id}` or `folders/{folder_id}`.
	Folder string `pulumi:"folder"`
	// `true` to find the organization that the folder belongs, `false` to avoid the lookup. It searches up the tree. (defaults to `false`)
	LookupOrganization *bool `pulumi:"lookupOrganization"`
}

A collection of arguments for invoking getFolder.

type LookupFolderOutputArgs 

type LookupFolderOutputArgs struct {
	// The name of the Folder in the form `{folder_id}` or `folders/{folder_id}`.
	Folder pulumi.StringInput `pulumi:"folder"`
	// `true` to find the organization that the folder belongs, `false` to avoid the lookup. It searches up the tree. (defaults to `false`)
	LookupOrganization pulumi.BoolPtrInput `pulumi:"lookupOrganization"`
}

A collection of arguments for invoking getFolder.

func (LookupFolderOutputArgs) ElementType 

func (LookupFolderOutputArgs) ElementType() reflect.Type

type LookupFolderResult 

type LookupFolderResult struct {
	// Timestamp when the Organization was created. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
	CreateTime         string `pulumi:"createTime"`
	DeletionProtection bool   `pulumi:"deletionProtection"`
	// The folder's display name.
	DisplayName string `pulumi:"displayName"`
	Folder      string `pulumi:"folder"`
	FolderId    string `pulumi:"folderId"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The Folder's current lifecycle state.
	LifecycleState     string `pulumi:"lifecycleState"`
	LookupOrganization *bool  `pulumi:"lookupOrganization"`
	// The resource name of the Folder in the form `folders/{folder_id}`.
	Name string `pulumi:"name"`
	// If `lookupOrganization` is enable, the resource name of the Organization that the folder belongs.
	Organization string `pulumi:"organization"`
	// The resource name of the parent Folder or Organization.
	Parent string `pulumi:"parent"`
}

A collection of values returned by getFolder.

func LookupFolder 

func LookupFolder(ctx *pulumi.Context, args *LookupFolderArgs, opts ...pulumi.InvokeOption) (*LookupFolderResult, error)

Use this data source to get information about a Google Cloud Folder.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myFolder1, err := organizations.LookupFolder(ctx, &organizations.LookupFolderArgs{
			Folder:             "folders/12345",
			LookupOrganization: pulumi.BoolRef(true),
		}, nil)
		if err != nil {
			return err
		}
		myFolder2, err := organizations.LookupFolder(ctx, &organizations.LookupFolderArgs{
			Folder: "folders/23456",
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("myFolder1Organization", myFolder1.Organization)
		ctx.Export("myFolder2Parent", myFolder2.Parent)
		return nil
	})
}

```

type LookupFolderResultOutput 

type LookupFolderResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getFolder.

func LookupFolderOutput 

func LookupFolderOutput(ctx *pulumi.Context, args LookupFolderOutputArgs, opts ...pulumi.InvokeOption) LookupFolderResultOutput

func (LookupFolderResultOutput) CreateTime 

func (o LookupFolderResultOutput) CreateTime() pulumi.StringOutput

Timestamp when the Organization was created. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

func (LookupFolderResultOutput) DeletionProtection 

func (o LookupFolderResultOutput) DeletionProtection() pulumi.BoolOutput

func (LookupFolderResultOutput) DisplayName 

func (o LookupFolderResultOutput) DisplayName() pulumi.StringOutput

The folder's display name.

func (LookupFolderResultOutput) ElementType 

func (LookupFolderResultOutput) ElementType() reflect.Type

func (LookupFolderResultOutput) Folder 

func (o LookupFolderResultOutput) Folder() pulumi.StringOutput

func (LookupFolderResultOutput) FolderId 

func (o LookupFolderResultOutput) FolderId() pulumi.StringOutput

func (LookupFolderResultOutput) Id 

func (o LookupFolderResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (LookupFolderResultOutput) LifecycleState 

func (o LookupFolderResultOutput) LifecycleState() pulumi.StringOutput

The Folder's current lifecycle state.

func (LookupFolderResultOutput) LookupOrganization 

func (o LookupFolderResultOutput) LookupOrganization() pulumi.BoolPtrOutput

func (LookupFolderResultOutput) Name 

func (o LookupFolderResultOutput) Name() pulumi.StringOutput

The resource name of the Folder in the form `folders/{folder_id}`.

func (LookupFolderResultOutput) Organization 

func (o LookupFolderResultOutput) Organization() pulumi.StringOutput

If `lookupOrganization` is enable, the resource name of the Organization that the folder belongs.

func (LookupFolderResultOutput) Parent 

func (o LookupFolderResultOutput) Parent() pulumi.StringOutput

The resource name of the parent Folder or Organization.

func (LookupFolderResultOutput) ToLookupFolderResultOutput 

func (o LookupFolderResultOutput) ToLookupFolderResultOutput() LookupFolderResultOutput

func (LookupFolderResultOutput) ToLookupFolderResultOutputWithContext 

func (o LookupFolderResultOutput) ToLookupFolderResultOutputWithContext(ctx context.Context) LookupFolderResultOutput

type LookupIAMPolicyArgs 

type LookupIAMPolicyArgs struct {
	// A nested configuration block that defines logging additional configuration for your project. This field is only supported on `projects.IAMPolicy`, `folder.IAMPolicy` and `organizations.IAMPolicy`.
	AuditConfigs []GetIAMPolicyAuditConfig `pulumi:"auditConfigs"`
	// A nested configuration block (described below)
	// defining a binding to be included in the policy document. Multiple
	// `binding` arguments are supported.
	//
	// Each document configuration must have one or more `binding` blocks, which
	// each accept the following arguments:
	Bindings []GetIAMPolicyBinding `pulumi:"bindings"`
}

A collection of arguments for invoking getIAMPolicy.

type LookupIAMPolicyOutputArgs 

type LookupIAMPolicyOutputArgs struct {
	// A nested configuration block that defines logging additional configuration for your project. This field is only supported on `projects.IAMPolicy`, `folder.IAMPolicy` and `organizations.IAMPolicy`.
	AuditConfigs GetIAMPolicyAuditConfigArrayInput `pulumi:"auditConfigs"`
	// A nested configuration block (described below)
	// defining a binding to be included in the policy document. Multiple
	// `binding` arguments are supported.
	//
	// Each document configuration must have one or more `binding` blocks, which
	// each accept the following arguments:
	Bindings GetIAMPolicyBindingArrayInput `pulumi:"bindings"`
}

A collection of arguments for invoking getIAMPolicy.

func (LookupIAMPolicyOutputArgs) ElementType 

func (LookupIAMPolicyOutputArgs) ElementType() reflect.Type

type LookupIAMPolicyResult 

type LookupIAMPolicyResult struct {
	AuditConfigs []GetIAMPolicyAuditConfig `pulumi:"auditConfigs"`
	Bindings     []GetIAMPolicyBinding     `pulumi:"bindings"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The above bindings serialized in a format suitable for
	// referencing from a resource that supports IAM.
	PolicyData string `pulumi:"policyData"`
}

A collection of values returned by getIAMPolicy.

func LookupIAMPolicy 

func LookupIAMPolicy(ctx *pulumi.Context, args *LookupIAMPolicyArgs, opts ...pulumi.InvokeOption) (*LookupIAMPolicyResult, error)

Generates an IAM policy document that may be referenced by and applied to other Google Cloud Platform IAM resources, such as the `projects.IAMPolicy` resource.

**Note:** Please review the documentation of the resource that you will be using the datasource with. Some resources such as `projects.IAMPolicy` and others have limitations in their API methods which are noted on their respective page.

type LookupIAMPolicyResultOutput 

type LookupIAMPolicyResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getIAMPolicy.

func LookupIAMPolicyOutput 

func LookupIAMPolicyOutput(ctx *pulumi.Context, args LookupIAMPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupIAMPolicyResultOutput

func (LookupIAMPolicyResultOutput) AuditConfigs 

func (o LookupIAMPolicyResultOutput) AuditConfigs() GetIAMPolicyAuditConfigArrayOutput

func (LookupIAMPolicyResultOutput) Bindings 

func (o LookupIAMPolicyResultOutput) Bindings() GetIAMPolicyBindingArrayOutput

func (LookupIAMPolicyResultOutput) ElementType 

func (LookupIAMPolicyResultOutput) ElementType() reflect.Type

func (LookupIAMPolicyResultOutput) Id 

func (o LookupIAMPolicyResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (LookupIAMPolicyResultOutput) PolicyData 

func (o LookupIAMPolicyResultOutput) PolicyData() pulumi.StringOutput

The above bindings serialized in a format suitable for referencing from a resource that supports IAM.

func (LookupIAMPolicyResultOutput) ToLookupIAMPolicyResultOutput 

func (o LookupIAMPolicyResultOutput) ToLookupIAMPolicyResultOutput() LookupIAMPolicyResultOutput

func (LookupIAMPolicyResultOutput) ToLookupIAMPolicyResultOutputWithContext 

func (o LookupIAMPolicyResultOutput) ToLookupIAMPolicyResultOutputWithContext(ctx context.Context) LookupIAMPolicyResultOutput

type LookupProjectArgs 

type LookupProjectArgs struct {
	// The project ID. If it is not provided, the provider project is used.
	ProjectId *string `pulumi:"projectId"`
}

A collection of arguments for invoking getProject.

type LookupProjectOutputArgs 

type LookupProjectOutputArgs struct {
	// The project ID. If it is not provided, the provider project is used.
	ProjectId pulumi.StringPtrInput `pulumi:"projectId"`
}

A collection of arguments for invoking getProject.

func (LookupProjectOutputArgs) ElementType 

func (LookupProjectOutputArgs) ElementType() reflect.Type

type LookupProjectResult 

type LookupProjectResult struct {
	AutoCreateNetwork bool              `pulumi:"autoCreateNetwork"`
	BillingAccount    string            `pulumi:"billingAccount"`
	DeletionPolicy    string            `pulumi:"deletionPolicy"`
	EffectiveLabels   map[string]string `pulumi:"effectiveLabels"`
	FolderId          string            `pulumi:"folderId"`
	// The provider-assigned unique ID for this managed resource.
	Id     string            `pulumi:"id"`
	Labels map[string]string `pulumi:"labels"`
	Name   string            `pulumi:"name"`
	// The numeric identifier of the project.
	Number       string            `pulumi:"number"`
	OrgId        string            `pulumi:"orgId"`
	ProjectId    *string           `pulumi:"projectId"`
	PulumiLabels map[string]string `pulumi:"pulumiLabels"`
}

A collection of values returned by getProject.

func LookupProject 

func LookupProject(ctx *pulumi.Context, args *LookupProjectArgs, opts ...pulumi.InvokeOption) (*LookupProjectResult, error)

Use this data source to get project details. For more information see [API](https://cloud.google.com/resource-manager/reference/rest/v1/projects#Project)

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		project, err := organizations.LookupProject(ctx, nil, nil)
		if err != nil {
			return err
		}
		ctx.Export("projectNumber", project.Number)
		return nil
	})
}

```

type LookupProjectResultOutput 

type LookupProjectResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getProject.

func LookupProjectOutput 

func LookupProjectOutput(ctx *pulumi.Context, args LookupProjectOutputArgs, opts ...pulumi.InvokeOption) LookupProjectResultOutput

func (LookupProjectResultOutput) AutoCreateNetwork 

func (o LookupProjectResultOutput) AutoCreateNetwork() pulumi.BoolOutput

func (LookupProjectResultOutput) BillingAccount 

func (o LookupProjectResultOutput) BillingAccount() pulumi.StringOutput

func (LookupProjectResultOutput) DeletionPolicy 

func (o LookupProjectResultOutput) DeletionPolicy() pulumi.StringOutput

func (LookupProjectResultOutput) EffectiveLabels 

func (o LookupProjectResultOutput) EffectiveLabels() pulumi.StringMapOutput

func (LookupProjectResultOutput) ElementType 

func (LookupProjectResultOutput) ElementType() reflect.Type

func (LookupProjectResultOutput) FolderId 

func (o LookupProjectResultOutput) FolderId() pulumi.StringOutput

func (LookupProjectResultOutput) Id 

func (o LookupProjectResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (LookupProjectResultOutput) Labels 

func (o LookupProjectResultOutput) Labels() pulumi.StringMapOutput

func (LookupProjectResultOutput) Name 

func (o LookupProjectResultOutput) Name() pulumi.StringOutput

func (LookupProjectResultOutput) Number 

func (o LookupProjectResultOutput) Number() pulumi.StringOutput

The numeric identifier of the project.

func (LookupProjectResultOutput) OrgId 

func (o LookupProjectResultOutput) OrgId() pulumi.StringOutput

func (LookupProjectResultOutput) ProjectId 

func (o LookupProjectResultOutput) ProjectId() pulumi.StringPtrOutput

func (LookupProjectResultOutput) PulumiLabels 

func (o LookupProjectResultOutput) PulumiLabels() pulumi.StringMapOutput

func (LookupProjectResultOutput) ToLookupProjectResultOutput 

func (o LookupProjectResultOutput) ToLookupProjectResultOutput() LookupProjectResultOutput

func (LookupProjectResultOutput) ToLookupProjectResultOutputWithContext 

func (o LookupProjectResultOutput) ToLookupProjectResultOutputWithContext(ctx context.Context) LookupProjectResultOutput

type Policy 

type Policy struct {
	pulumi.CustomResourceState

	// A boolean policy is a constraint that is either enforced or not. Structure is documented
	// below.
	BooleanPolicy PolicyBooleanPolicyPtrOutput `pulumi:"booleanPolicy"`
	// The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).
	//
	// ***
	Constraint pulumi.StringOutput `pulumi:"constraint"`
	// (Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
	ListPolicy PolicyListPolicyPtrOutput `pulumi:"listPolicy"`
	// The numeric ID of the organization to set the policy for.
	OrgId pulumi.StringOutput `pulumi:"orgId"`
	// A restore policy is a constraint to restore the default policy. Structure is documented below.
	//
	// > **Note:** If none of [`booleanPolicy`, `listPolicy`, `restorePolicy`] are defined the policy for a given constraint will
	// effectively be unset. This is represented in the UI as the constraint being 'Inherited'.
	//
	// ***
	RestorePolicy PolicyRestorePolicyPtrOutput `pulumi:"restorePolicy"`
	// (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
	UpdateTime pulumi.StringOutput `pulumi:"updateTime"`
	// Version of the Policy. Default version is 0.
	Version pulumi.IntOutput `pulumi:"version"`
}

Allows management of Organization Policies for a Google Cloud Organization.

> **Warning:** This resource has been superseded by `orgpolicy.Policy`. `orgpolicy.Policy` uses Organization Policy API V2 instead of Cloud Resource Manager API V1 and it supports additional features such as tags and conditions.

To get more information about Organization Policies, see:

* [API documentation](https://cloud.google.com/resource-manager/reference/rest/v1/organizations/setOrgPolicy) * How-to Guides

## Example Usage

To set policy with a [boolean constraint](https://cloud.google.com/resource-manager/docs/organization-policy/quickstart-boolean-constraints):

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewPolicy(ctx, "serial_port_policy", &organizations.PolicyArgs{
			OrgId:      pulumi.String("123456789"),
			Constraint: pulumi.String("compute.disableSerialPortAccess"),
			BooleanPolicy: &organizations.PolicyBooleanPolicyArgs{
				Enforced: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

To set a policy with a [list constraint](https://cloud.google.com/resource-manager/docs/organization-policy/quickstart-list-constraints):

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewPolicy(ctx, "services_policy", &organizations.PolicyArgs{
			OrgId:      pulumi.String("123456789"),
			Constraint: pulumi.String("serviceuser.services"),
			ListPolicy: &organizations.PolicyListPolicyArgs{
				Allow: &organizations.PolicyListPolicyAllowArgs{
					All: pulumi.Bool(true),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

Or to deny some services, use the following instead:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewPolicy(ctx, "services_policy", &organizations.PolicyArgs{
			OrgId:      pulumi.String("123456789"),
			Constraint: pulumi.String("serviceuser.services"),
			ListPolicy: &organizations.PolicyListPolicyArgs{
				SuggestedValue: pulumi.String("compute.googleapis.com"),
				Deny: &organizations.PolicyListPolicyDenyArgs{
					Values: pulumi.StringArray{
						pulumi.String("cloudresourcemanager.googleapis.com"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

To restore the default organization policy, use the following instead:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewPolicy(ctx, "services_policy", &organizations.PolicyArgs{
			OrgId:      pulumi.String("123456789"),
			Constraint: pulumi.String("serviceuser.services"),
			RestorePolicy: &organizations.PolicyRestorePolicyArgs{
				Default: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Organization Policies can be imported using the `org_id` and the `constraint`, e.g.

* `{{org_id}}/constraints/{{constraint}}`

When using the `pulumi import` command, Organization Policies can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:organizations/policy:Policy default {{org_id}}/constraints/{{constraint}} ```

It is all right if the constraint contains a slash, as in the example above.

func GetPolicy 

func GetPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *PolicyState, opts ...pulumi.ResourceOption) (*Policy, error)

GetPolicy gets an existing Policy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewPolicy 

func NewPolicy(ctx *pulumi.Context,
	name string, args *PolicyArgs, opts ...pulumi.ResourceOption) (*Policy, error)

NewPolicy registers a new resource with the given unique name, arguments, and options.

func (*Policy) ElementType 

func (*Policy) ElementType() reflect.Type

func (*Policy) ToPolicyOutput 

func (i *Policy) ToPolicyOutput() PolicyOutput

func (*Policy) ToPolicyOutputWithContext 

func (i *Policy) ToPolicyOutputWithContext(ctx context.Context) PolicyOutput

type PolicyArgs 

type PolicyArgs struct {
	// A boolean policy is a constraint that is either enforced or not. Structure is documented
	// below.
	BooleanPolicy PolicyBooleanPolicyPtrInput
	// The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).
	//
	// ***
	Constraint pulumi.StringInput
	// A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
	ListPolicy PolicyListPolicyPtrInput
	// The numeric ID of the organization to set the policy for.
	OrgId pulumi.StringInput
	// A restore policy is a constraint to restore the default policy. Structure is documented below.
	//
	// > **Note:** If none of [`booleanPolicy`, `listPolicy`, `restorePolicy`] are defined the policy for a given constraint will
	// effectively be unset. This is represented in the UI as the constraint being 'Inherited'.
	//
	// ***
	RestorePolicy PolicyRestorePolicyPtrInput
	// Version of the Policy. Default version is 0.
	Version pulumi.IntPtrInput
}

The set of arguments for constructing a Policy resource.

func (PolicyArgs) ElementType 

func (PolicyArgs) ElementType() reflect.Type

type PolicyArray 

type PolicyArray []PolicyInput

func (PolicyArray) ElementType 

func (PolicyArray) ElementType() reflect.Type

func (PolicyArray) ToPolicyArrayOutput 

func (i PolicyArray) ToPolicyArrayOutput() PolicyArrayOutput

func (PolicyArray) ToPolicyArrayOutputWithContext 

func (i PolicyArray) ToPolicyArrayOutputWithContext(ctx context.Context) PolicyArrayOutput

type PolicyArrayInput 

type PolicyArrayInput interface {
	pulumi.Input

	ToPolicyArrayOutput() PolicyArrayOutput
	ToPolicyArrayOutputWithContext(context.Context) PolicyArrayOutput
}

PolicyArrayInput is an input type that accepts PolicyArray and PolicyArrayOutput values. You can construct a concrete instance of `PolicyArrayInput` via: 

PolicyArray{ PolicyArgs{...} }

type PolicyArrayOutput 

type PolicyArrayOutput struct{ *pulumi.OutputState }

func (PolicyArrayOutput) ElementType 

func (PolicyArrayOutput) ElementType() reflect.Type

func (PolicyArrayOutput) Index 

func (o PolicyArrayOutput) Index(i pulumi.IntInput) PolicyOutput

func (PolicyArrayOutput) ToPolicyArrayOutput 

func (o PolicyArrayOutput) ToPolicyArrayOutput() PolicyArrayOutput

func (PolicyArrayOutput) ToPolicyArrayOutputWithContext 

func (o PolicyArrayOutput) ToPolicyArrayOutputWithContext(ctx context.Context) PolicyArrayOutput

type PolicyBooleanPolicy 

type PolicyBooleanPolicy struct {
	// If true, then the Policy is enforced. If false, then any configuration is acceptable.
	Enforced bool `pulumi:"enforced"`
}

type PolicyBooleanPolicyArgs 

type PolicyBooleanPolicyArgs struct {
	// If true, then the Policy is enforced. If false, then any configuration is acceptable.
	Enforced pulumi.BoolInput `pulumi:"enforced"`
}

func (PolicyBooleanPolicyArgs) ElementType 

func (PolicyBooleanPolicyArgs) ElementType() reflect.Type

func (PolicyBooleanPolicyArgs) ToPolicyBooleanPolicyOutput 

func (i PolicyBooleanPolicyArgs) ToPolicyBooleanPolicyOutput() PolicyBooleanPolicyOutput

func (PolicyBooleanPolicyArgs) ToPolicyBooleanPolicyOutputWithContext 

func (i PolicyBooleanPolicyArgs) ToPolicyBooleanPolicyOutputWithContext(ctx context.Context) PolicyBooleanPolicyOutput

func (PolicyBooleanPolicyArgs) ToPolicyBooleanPolicyPtrOutput 

func (i PolicyBooleanPolicyArgs) ToPolicyBooleanPolicyPtrOutput() PolicyBooleanPolicyPtrOutput

func (PolicyBooleanPolicyArgs) ToPolicyBooleanPolicyPtrOutputWithContext 

func (i PolicyBooleanPolicyArgs) ToPolicyBooleanPolicyPtrOutputWithContext(ctx context.Context) PolicyBooleanPolicyPtrOutput

type PolicyBooleanPolicyInput 

type PolicyBooleanPolicyInput interface {
	pulumi.Input

	ToPolicyBooleanPolicyOutput() PolicyBooleanPolicyOutput
	ToPolicyBooleanPolicyOutputWithContext(context.Context) PolicyBooleanPolicyOutput
}

PolicyBooleanPolicyInput is an input type that accepts PolicyBooleanPolicyArgs and PolicyBooleanPolicyOutput values. You can construct a concrete instance of `PolicyBooleanPolicyInput` via: 

PolicyBooleanPolicyArgs{...}

type PolicyBooleanPolicyOutput 

type PolicyBooleanPolicyOutput struct{ *pulumi.OutputState }

func (PolicyBooleanPolicyOutput) ElementType 

func (PolicyBooleanPolicyOutput) ElementType() reflect.Type

func (PolicyBooleanPolicyOutput) Enforced 

func (o PolicyBooleanPolicyOutput) Enforced() pulumi.BoolOutput

If true, then the Policy is enforced. If false, then any configuration is acceptable.

func (PolicyBooleanPolicyOutput) ToPolicyBooleanPolicyOutput 

func (o PolicyBooleanPolicyOutput) ToPolicyBooleanPolicyOutput() PolicyBooleanPolicyOutput

func (PolicyBooleanPolicyOutput) ToPolicyBooleanPolicyOutputWithContext 

func (o PolicyBooleanPolicyOutput) ToPolicyBooleanPolicyOutputWithContext(ctx context.Context) PolicyBooleanPolicyOutput

func (PolicyBooleanPolicyOutput) ToPolicyBooleanPolicyPtrOutput 

func (o PolicyBooleanPolicyOutput) ToPolicyBooleanPolicyPtrOutput() PolicyBooleanPolicyPtrOutput

func (PolicyBooleanPolicyOutput) ToPolicyBooleanPolicyPtrOutputWithContext 

func (o PolicyBooleanPolicyOutput) ToPolicyBooleanPolicyPtrOutputWithContext(ctx context.Context) PolicyBooleanPolicyPtrOutput

type PolicyBooleanPolicyPtrInput 

type PolicyBooleanPolicyPtrInput interface {
	pulumi.Input

	ToPolicyBooleanPolicyPtrOutput() PolicyBooleanPolicyPtrOutput
	ToPolicyBooleanPolicyPtrOutputWithContext(context.Context) PolicyBooleanPolicyPtrOutput
}

PolicyBooleanPolicyPtrInput is an input type that accepts PolicyBooleanPolicyArgs, PolicyBooleanPolicyPtr and PolicyBooleanPolicyPtrOutput values. You can construct a concrete instance of `PolicyBooleanPolicyPtrInput` via: 

        PolicyBooleanPolicyArgs{...}

or:

        nil

func PolicyBooleanPolicyPtr 

func PolicyBooleanPolicyPtr(v *PolicyBooleanPolicyArgs) PolicyBooleanPolicyPtrInput

type PolicyBooleanPolicyPtrOutput 

type PolicyBooleanPolicyPtrOutput struct{ *pulumi.OutputState }

func (PolicyBooleanPolicyPtrOutput) Elem 

func (o PolicyBooleanPolicyPtrOutput) Elem() PolicyBooleanPolicyOutput

func (PolicyBooleanPolicyPtrOutput) ElementType 

func (PolicyBooleanPolicyPtrOutput) ElementType() reflect.Type

func (PolicyBooleanPolicyPtrOutput) Enforced 

func (o PolicyBooleanPolicyPtrOutput) Enforced() pulumi.BoolPtrOutput

If true, then the Policy is enforced. If false, then any configuration is acceptable.

func (PolicyBooleanPolicyPtrOutput) ToPolicyBooleanPolicyPtrOutput 

func (o PolicyBooleanPolicyPtrOutput) ToPolicyBooleanPolicyPtrOutput() PolicyBooleanPolicyPtrOutput

func (PolicyBooleanPolicyPtrOutput) ToPolicyBooleanPolicyPtrOutputWithContext 

func (o PolicyBooleanPolicyPtrOutput) ToPolicyBooleanPolicyPtrOutputWithContext(ctx context.Context) PolicyBooleanPolicyPtrOutput

type PolicyInput 

type PolicyInput interface {
	pulumi.Input

	ToPolicyOutput() PolicyOutput
	ToPolicyOutputWithContext(ctx context.Context) PolicyOutput
}

type PolicyListPolicy 

type PolicyListPolicy struct {
	// or `deny` - (Optional) One or the other must be set.
	Allow *PolicyListPolicyAllow `pulumi:"allow"`
	// One or the other must be set.
	Deny *PolicyListPolicyDeny `pulumi:"deny"`
	// If set to true, the values from the effective Policy of the parent resource
	// are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
	//
	// The `allow` or `deny` blocks support:
	InheritFromParent *bool `pulumi:"inheritFromParent"`
	// The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
	SuggestedValue *string `pulumi:"suggestedValue"`
}

type PolicyListPolicyAllow 

type PolicyListPolicyAllow struct {
	// The policy allows or denies all values.
	All *bool `pulumi:"all"`
	// The policy can define specific values that are allowed or denied.
	Values []string `pulumi:"values"`
}

type PolicyListPolicyAllowArgs 

type PolicyListPolicyAllowArgs struct {
	// The policy allows or denies all values.
	All pulumi.BoolPtrInput `pulumi:"all"`
	// The policy can define specific values that are allowed or denied.
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (PolicyListPolicyAllowArgs) ElementType 

func (PolicyListPolicyAllowArgs) ElementType() reflect.Type

func (PolicyListPolicyAllowArgs) ToPolicyListPolicyAllowOutput 

func (i PolicyListPolicyAllowArgs) ToPolicyListPolicyAllowOutput() PolicyListPolicyAllowOutput

func (PolicyListPolicyAllowArgs) ToPolicyListPolicyAllowOutputWithContext 

func (i PolicyListPolicyAllowArgs) ToPolicyListPolicyAllowOutputWithContext(ctx context.Context) PolicyListPolicyAllowOutput

func (PolicyListPolicyAllowArgs) ToPolicyListPolicyAllowPtrOutput 

func (i PolicyListPolicyAllowArgs) ToPolicyListPolicyAllowPtrOutput() PolicyListPolicyAllowPtrOutput

func (PolicyListPolicyAllowArgs) ToPolicyListPolicyAllowPtrOutputWithContext 

func (i PolicyListPolicyAllowArgs) ToPolicyListPolicyAllowPtrOutputWithContext(ctx context.Context) PolicyListPolicyAllowPtrOutput

type PolicyListPolicyAllowInput 

type PolicyListPolicyAllowInput interface {
	pulumi.Input

	ToPolicyListPolicyAllowOutput() PolicyListPolicyAllowOutput
	ToPolicyListPolicyAllowOutputWithContext(context.Context) PolicyListPolicyAllowOutput
}

PolicyListPolicyAllowInput is an input type that accepts PolicyListPolicyAllowArgs and PolicyListPolicyAllowOutput values. You can construct a concrete instance of `PolicyListPolicyAllowInput` via: 

PolicyListPolicyAllowArgs{...}

type PolicyListPolicyAllowOutput 

type PolicyListPolicyAllowOutput struct{ *pulumi.OutputState }

func (PolicyListPolicyAllowOutput) All 

func (o PolicyListPolicyAllowOutput) All() pulumi.BoolPtrOutput

The policy allows or denies all values.

func (PolicyListPolicyAllowOutput) ElementType 

func (PolicyListPolicyAllowOutput) ElementType() reflect.Type

func (PolicyListPolicyAllowOutput) ToPolicyListPolicyAllowOutput 

func (o PolicyListPolicyAllowOutput) ToPolicyListPolicyAllowOutput() PolicyListPolicyAllowOutput

func (PolicyListPolicyAllowOutput) ToPolicyListPolicyAllowOutputWithContext 

func (o PolicyListPolicyAllowOutput) ToPolicyListPolicyAllowOutputWithContext(ctx context.Context) PolicyListPolicyAllowOutput

func (PolicyListPolicyAllowOutput) ToPolicyListPolicyAllowPtrOutput 

func (o PolicyListPolicyAllowOutput) ToPolicyListPolicyAllowPtrOutput() PolicyListPolicyAllowPtrOutput

func (PolicyListPolicyAllowOutput) ToPolicyListPolicyAllowPtrOutputWithContext 

func (o PolicyListPolicyAllowOutput) ToPolicyListPolicyAllowPtrOutputWithContext(ctx context.Context) PolicyListPolicyAllowPtrOutput

func (PolicyListPolicyAllowOutput) Values 

func (o PolicyListPolicyAllowOutput) Values() pulumi.StringArrayOutput

The policy can define specific values that are allowed or denied.

type PolicyListPolicyAllowPtrInput 

type PolicyListPolicyAllowPtrInput interface {
	pulumi.Input

	ToPolicyListPolicyAllowPtrOutput() PolicyListPolicyAllowPtrOutput
	ToPolicyListPolicyAllowPtrOutputWithContext(context.Context) PolicyListPolicyAllowPtrOutput
}

PolicyListPolicyAllowPtrInput is an input type that accepts PolicyListPolicyAllowArgs, PolicyListPolicyAllowPtr and PolicyListPolicyAllowPtrOutput values. You can construct a concrete instance of `PolicyListPolicyAllowPtrInput` via: 

        PolicyListPolicyAllowArgs{...}

or:

        nil

func PolicyListPolicyAllowPtr 

func PolicyListPolicyAllowPtr(v *PolicyListPolicyAllowArgs) PolicyListPolicyAllowPtrInput

type PolicyListPolicyAllowPtrOutput 

type PolicyListPolicyAllowPtrOutput struct{ *pulumi.OutputState }

func (PolicyListPolicyAllowPtrOutput) All 

func (o PolicyListPolicyAllowPtrOutput) All() pulumi.BoolPtrOutput

The policy allows or denies all values.

func (PolicyListPolicyAllowPtrOutput) Elem 

func (o PolicyListPolicyAllowPtrOutput) Elem() PolicyListPolicyAllowOutput

func (PolicyListPolicyAllowPtrOutput) ElementType 

func (PolicyListPolicyAllowPtrOutput) ElementType() reflect.Type

func (PolicyListPolicyAllowPtrOutput) ToPolicyListPolicyAllowPtrOutput 

func (o PolicyListPolicyAllowPtrOutput) ToPolicyListPolicyAllowPtrOutput() PolicyListPolicyAllowPtrOutput

func (PolicyListPolicyAllowPtrOutput) ToPolicyListPolicyAllowPtrOutputWithContext 

func (o PolicyListPolicyAllowPtrOutput) ToPolicyListPolicyAllowPtrOutputWithContext(ctx context.Context) PolicyListPolicyAllowPtrOutput

func (PolicyListPolicyAllowPtrOutput) Values 

func (o PolicyListPolicyAllowPtrOutput) Values() pulumi.StringArrayOutput

The policy can define specific values that are allowed or denied.

type PolicyListPolicyArgs 

type PolicyListPolicyArgs struct {
	// or `deny` - (Optional) One or the other must be set.
	Allow PolicyListPolicyAllowPtrInput `pulumi:"allow"`
	// One or the other must be set.
	Deny PolicyListPolicyDenyPtrInput `pulumi:"deny"`
	// If set to true, the values from the effective Policy of the parent resource
	// are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
	//
	// The `allow` or `deny` blocks support:
	InheritFromParent pulumi.BoolPtrInput `pulumi:"inheritFromParent"`
	// The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
	SuggestedValue pulumi.StringPtrInput `pulumi:"suggestedValue"`
}

func (PolicyListPolicyArgs) ElementType 

func (PolicyListPolicyArgs) ElementType() reflect.Type

func (PolicyListPolicyArgs) ToPolicyListPolicyOutput 

func (i PolicyListPolicyArgs) ToPolicyListPolicyOutput() PolicyListPolicyOutput

func (PolicyListPolicyArgs) ToPolicyListPolicyOutputWithContext 

func (i PolicyListPolicyArgs) ToPolicyListPolicyOutputWithContext(ctx context.Context) PolicyListPolicyOutput

func (PolicyListPolicyArgs) ToPolicyListPolicyPtrOutput 

func (i PolicyListPolicyArgs) ToPolicyListPolicyPtrOutput() PolicyListPolicyPtrOutput

func (PolicyListPolicyArgs) ToPolicyListPolicyPtrOutputWithContext 

func (i PolicyListPolicyArgs) ToPolicyListPolicyPtrOutputWithContext(ctx context.Context) PolicyListPolicyPtrOutput

type PolicyListPolicyDeny 

type PolicyListPolicyDeny struct {
	// The policy allows or denies all values.
	All *bool `pulumi:"all"`
	// The policy can define specific values that are allowed or denied.
	Values []string `pulumi:"values"`
}

type PolicyListPolicyDenyArgs 

type PolicyListPolicyDenyArgs struct {
	// The policy allows or denies all values.
	All pulumi.BoolPtrInput `pulumi:"all"`
	// The policy can define specific values that are allowed or denied.
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (PolicyListPolicyDenyArgs) ElementType 

func (PolicyListPolicyDenyArgs) ElementType() reflect.Type

func (PolicyListPolicyDenyArgs) ToPolicyListPolicyDenyOutput 

func (i PolicyListPolicyDenyArgs) ToPolicyListPolicyDenyOutput() PolicyListPolicyDenyOutput

func (PolicyListPolicyDenyArgs) ToPolicyListPolicyDenyOutputWithContext 

func (i PolicyListPolicyDenyArgs) ToPolicyListPolicyDenyOutputWithContext(ctx context.Context) PolicyListPolicyDenyOutput

func (PolicyListPolicyDenyArgs) ToPolicyListPolicyDenyPtrOutput 

func (i PolicyListPolicyDenyArgs) ToPolicyListPolicyDenyPtrOutput() PolicyListPolicyDenyPtrOutput

func (PolicyListPolicyDenyArgs) ToPolicyListPolicyDenyPtrOutputWithContext 

func (i PolicyListPolicyDenyArgs) ToPolicyListPolicyDenyPtrOutputWithContext(ctx context.Context) PolicyListPolicyDenyPtrOutput

type PolicyListPolicyDenyInput 

type PolicyListPolicyDenyInput interface {
	pulumi.Input

	ToPolicyListPolicyDenyOutput() PolicyListPolicyDenyOutput
	ToPolicyListPolicyDenyOutputWithContext(context.Context) PolicyListPolicyDenyOutput
}

PolicyListPolicyDenyInput is an input type that accepts PolicyListPolicyDenyArgs and PolicyListPolicyDenyOutput values. You can construct a concrete instance of `PolicyListPolicyDenyInput` via: 

PolicyListPolicyDenyArgs{...}

type PolicyListPolicyDenyOutput 

type PolicyListPolicyDenyOutput struct{ *pulumi.OutputState }

func (PolicyListPolicyDenyOutput) All 

func (o PolicyListPolicyDenyOutput) All() pulumi.BoolPtrOutput

The policy allows or denies all values.

func (PolicyListPolicyDenyOutput) ElementType 

func (PolicyListPolicyDenyOutput) ElementType() reflect.Type

func (PolicyListPolicyDenyOutput) ToPolicyListPolicyDenyOutput 

func (o PolicyListPolicyDenyOutput) ToPolicyListPolicyDenyOutput() PolicyListPolicyDenyOutput

func (PolicyListPolicyDenyOutput) ToPolicyListPolicyDenyOutputWithContext 

func (o PolicyListPolicyDenyOutput) ToPolicyListPolicyDenyOutputWithContext(ctx context.Context) PolicyListPolicyDenyOutput

func (PolicyListPolicyDenyOutput) ToPolicyListPolicyDenyPtrOutput 

func (o PolicyListPolicyDenyOutput) ToPolicyListPolicyDenyPtrOutput() PolicyListPolicyDenyPtrOutput

func (PolicyListPolicyDenyOutput) ToPolicyListPolicyDenyPtrOutputWithContext 

func (o PolicyListPolicyDenyOutput) ToPolicyListPolicyDenyPtrOutputWithContext(ctx context.Context) PolicyListPolicyDenyPtrOutput

func (PolicyListPolicyDenyOutput) Values 

func (o PolicyListPolicyDenyOutput) Values() pulumi.StringArrayOutput

The policy can define specific values that are allowed or denied.

type PolicyListPolicyDenyPtrInput 

type PolicyListPolicyDenyPtrInput interface {
	pulumi.Input

	ToPolicyListPolicyDenyPtrOutput() PolicyListPolicyDenyPtrOutput
	ToPolicyListPolicyDenyPtrOutputWithContext(context.Context) PolicyListPolicyDenyPtrOutput
}

PolicyListPolicyDenyPtrInput is an input type that accepts PolicyListPolicyDenyArgs, PolicyListPolicyDenyPtr and PolicyListPolicyDenyPtrOutput values. You can construct a concrete instance of `PolicyListPolicyDenyPtrInput` via: 

        PolicyListPolicyDenyArgs{...}

or:

        nil

func PolicyListPolicyDenyPtr 

func PolicyListPolicyDenyPtr(v *PolicyListPolicyDenyArgs) PolicyListPolicyDenyPtrInput

type PolicyListPolicyDenyPtrOutput 

type PolicyListPolicyDenyPtrOutput struct{ *pulumi.OutputState }

func (PolicyListPolicyDenyPtrOutput) All 

func (o PolicyListPolicyDenyPtrOutput) All() pulumi.BoolPtrOutput

The policy allows or denies all values.

func (PolicyListPolicyDenyPtrOutput) Elem 

func (o PolicyListPolicyDenyPtrOutput) Elem() PolicyListPolicyDenyOutput

func (PolicyListPolicyDenyPtrOutput) ElementType 

func (PolicyListPolicyDenyPtrOutput) ElementType() reflect.Type

func (PolicyListPolicyDenyPtrOutput) ToPolicyListPolicyDenyPtrOutput 

func (o PolicyListPolicyDenyPtrOutput) ToPolicyListPolicyDenyPtrOutput() PolicyListPolicyDenyPtrOutput

func (PolicyListPolicyDenyPtrOutput) ToPolicyListPolicyDenyPtrOutputWithContext 

func (o PolicyListPolicyDenyPtrOutput) ToPolicyListPolicyDenyPtrOutputWithContext(ctx context.Context) PolicyListPolicyDenyPtrOutput

func (PolicyListPolicyDenyPtrOutput) Values 

func (o PolicyListPolicyDenyPtrOutput) Values() pulumi.StringArrayOutput

The policy can define specific values that are allowed or denied.

type PolicyListPolicyInput 

type PolicyListPolicyInput interface {
	pulumi.Input

	ToPolicyListPolicyOutput() PolicyListPolicyOutput
	ToPolicyListPolicyOutputWithContext(context.Context) PolicyListPolicyOutput
}

PolicyListPolicyInput is an input type that accepts PolicyListPolicyArgs and PolicyListPolicyOutput values. You can construct a concrete instance of `PolicyListPolicyInput` via: 

PolicyListPolicyArgs{...}

type PolicyListPolicyOutput 

type PolicyListPolicyOutput struct{ *pulumi.OutputState }

func (PolicyListPolicyOutput) Allow 

func (o PolicyListPolicyOutput) Allow() PolicyListPolicyAllowPtrOutput

or `deny` - (Optional) One or the other must be set.

func (PolicyListPolicyOutput) Deny 

func (o PolicyListPolicyOutput) Deny() PolicyListPolicyDenyPtrOutput

One or the other must be set.

func (PolicyListPolicyOutput) ElementType 

func (PolicyListPolicyOutput) ElementType() reflect.Type

func (PolicyListPolicyOutput) InheritFromParent 

func (o PolicyListPolicyOutput) InheritFromParent() pulumi.BoolPtrOutput

If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.

The `allow` or `deny` blocks support:

func (PolicyListPolicyOutput) SuggestedValue 

func (o PolicyListPolicyOutput) SuggestedValue() pulumi.StringPtrOutput

The Google Cloud Console will try to default to a configuration that matches the value specified in this field.

func (PolicyListPolicyOutput) ToPolicyListPolicyOutput 

func (o PolicyListPolicyOutput) ToPolicyListPolicyOutput() PolicyListPolicyOutput

func (PolicyListPolicyOutput) ToPolicyListPolicyOutputWithContext 

func (o PolicyListPolicyOutput) ToPolicyListPolicyOutputWithContext(ctx context.Context) PolicyListPolicyOutput

func (PolicyListPolicyOutput) ToPolicyListPolicyPtrOutput 

func (o PolicyListPolicyOutput) ToPolicyListPolicyPtrOutput() PolicyListPolicyPtrOutput

func (PolicyListPolicyOutput) ToPolicyListPolicyPtrOutputWithContext 

func (o PolicyListPolicyOutput) ToPolicyListPolicyPtrOutputWithContext(ctx context.Context) PolicyListPolicyPtrOutput

type PolicyListPolicyPtrInput 

type PolicyListPolicyPtrInput interface {
	pulumi.Input

	ToPolicyListPolicyPtrOutput() PolicyListPolicyPtrOutput
	ToPolicyListPolicyPtrOutputWithContext(context.Context) PolicyListPolicyPtrOutput
}

PolicyListPolicyPtrInput is an input type that accepts PolicyListPolicyArgs, PolicyListPolicyPtr and PolicyListPolicyPtrOutput values. You can construct a concrete instance of `PolicyListPolicyPtrInput` via: 

        PolicyListPolicyArgs{...}

or:

        nil

func PolicyListPolicyPtr 

func PolicyListPolicyPtr(v *PolicyListPolicyArgs) PolicyListPolicyPtrInput

type PolicyListPolicyPtrOutput 

type PolicyListPolicyPtrOutput struct{ *pulumi.OutputState }

func (PolicyListPolicyPtrOutput) Allow 

func (o PolicyListPolicyPtrOutput) Allow() PolicyListPolicyAllowPtrOutput

or `deny` - (Optional) One or the other must be set.

func (PolicyListPolicyPtrOutput) Deny 

func (o PolicyListPolicyPtrOutput) Deny() PolicyListPolicyDenyPtrOutput

One or the other must be set.

func (PolicyListPolicyPtrOutput) Elem 

func (o PolicyListPolicyPtrOutput) Elem() PolicyListPolicyOutput

func (PolicyListPolicyPtrOutput) ElementType 

func (PolicyListPolicyPtrOutput) ElementType() reflect.Type

func (PolicyListPolicyPtrOutput) InheritFromParent 

func (o PolicyListPolicyPtrOutput) InheritFromParent() pulumi.BoolPtrOutput

If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.

The `allow` or `deny` blocks support:

func (PolicyListPolicyPtrOutput) SuggestedValue 

func (o PolicyListPolicyPtrOutput) SuggestedValue() pulumi.StringPtrOutput

The Google Cloud Console will try to default to a configuration that matches the value specified in this field.

func (PolicyListPolicyPtrOutput) ToPolicyListPolicyPtrOutput 

func (o PolicyListPolicyPtrOutput) ToPolicyListPolicyPtrOutput() PolicyListPolicyPtrOutput

func (PolicyListPolicyPtrOutput) ToPolicyListPolicyPtrOutputWithContext 

func (o PolicyListPolicyPtrOutput) ToPolicyListPolicyPtrOutputWithContext(ctx context.Context) PolicyListPolicyPtrOutput

type PolicyMap 

type PolicyMap map[string]PolicyInput

func (PolicyMap) ElementType 

func (PolicyMap) ElementType() reflect.Type

func (PolicyMap) ToPolicyMapOutput 

func (i PolicyMap) ToPolicyMapOutput() PolicyMapOutput

func (PolicyMap) ToPolicyMapOutputWithContext 

func (i PolicyMap) ToPolicyMapOutputWithContext(ctx context.Context) PolicyMapOutput

type PolicyMapInput 

type PolicyMapInput interface {
	pulumi.Input

	ToPolicyMapOutput() PolicyMapOutput
	ToPolicyMapOutputWithContext(context.Context) PolicyMapOutput
}

PolicyMapInput is an input type that accepts PolicyMap and PolicyMapOutput values. You can construct a concrete instance of `PolicyMapInput` via: 

PolicyMap{ "key": PolicyArgs{...} }

type PolicyMapOutput 

type PolicyMapOutput struct{ *pulumi.OutputState }

func (PolicyMapOutput) ElementType 

func (PolicyMapOutput) ElementType() reflect.Type

func (PolicyMapOutput) MapIndex 

func (o PolicyMapOutput) MapIndex(k pulumi.StringInput) PolicyOutput

func (PolicyMapOutput) ToPolicyMapOutput 

func (o PolicyMapOutput) ToPolicyMapOutput() PolicyMapOutput

func (PolicyMapOutput) ToPolicyMapOutputWithContext 

func (o PolicyMapOutput) ToPolicyMapOutputWithContext(ctx context.Context) PolicyMapOutput

type PolicyOutput 

type PolicyOutput struct{ *pulumi.OutputState }

func (PolicyOutput) BooleanPolicy 

func (o PolicyOutput) BooleanPolicy() PolicyBooleanPolicyPtrOutput

A boolean policy is a constraint that is either enforced or not. Structure is documented below.

func (PolicyOutput) Constraint 

func (o PolicyOutput) Constraint() pulumi.StringOutput

The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).

***

func (PolicyOutput) ElementType 

func (PolicyOutput) ElementType() reflect.Type

func (PolicyOutput) Etag 

func (o PolicyOutput) Etag() pulumi.StringOutput

(Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

func (PolicyOutput) ListPolicy 

func (o PolicyOutput) ListPolicy() PolicyListPolicyPtrOutput

A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.

func (PolicyOutput) OrgId 

func (o PolicyOutput) OrgId() pulumi.StringOutput

The numeric ID of the organization to set the policy for.

func (PolicyOutput) RestorePolicy 

func (o PolicyOutput) RestorePolicy() PolicyRestorePolicyPtrOutput

A restore policy is a constraint to restore the default policy. Structure is documented below.

> **Note:** If none of [`booleanPolicy`, `listPolicy`, `restorePolicy`] are defined the policy for a given constraint will effectively be unset. This is represented in the UI as the constraint being 'Inherited'.

***

func (PolicyOutput) ToPolicyOutput 

func (o PolicyOutput) ToPolicyOutput() PolicyOutput

func (PolicyOutput) ToPolicyOutputWithContext 

func (o PolicyOutput) ToPolicyOutputWithContext(ctx context.Context) PolicyOutput

func (PolicyOutput) UpdateTime 

func (o PolicyOutput) UpdateTime() pulumi.StringOutput

(Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".

func (PolicyOutput) Version 

func (o PolicyOutput) Version() pulumi.IntOutput

Version of the Policy. Default version is 0.

type PolicyRestorePolicy 

type PolicyRestorePolicy struct {
	// May only be set to true. If set, then the default Policy is restored.
	Default bool `pulumi:"default"`
}

type PolicyRestorePolicyArgs 

type PolicyRestorePolicyArgs struct {
	// May only be set to true. If set, then the default Policy is restored.
	Default pulumi.BoolInput `pulumi:"default"`
}

func (PolicyRestorePolicyArgs) ElementType 

func (PolicyRestorePolicyArgs) ElementType() reflect.Type

func (PolicyRestorePolicyArgs) ToPolicyRestorePolicyOutput 

func (i PolicyRestorePolicyArgs) ToPolicyRestorePolicyOutput() PolicyRestorePolicyOutput

func (PolicyRestorePolicyArgs) ToPolicyRestorePolicyOutputWithContext 

func (i PolicyRestorePolicyArgs) ToPolicyRestorePolicyOutputWithContext(ctx context.Context) PolicyRestorePolicyOutput

func (PolicyRestorePolicyArgs) ToPolicyRestorePolicyPtrOutput 

func (i PolicyRestorePolicyArgs) ToPolicyRestorePolicyPtrOutput() PolicyRestorePolicyPtrOutput

func (PolicyRestorePolicyArgs) ToPolicyRestorePolicyPtrOutputWithContext 

func (i PolicyRestorePolicyArgs) ToPolicyRestorePolicyPtrOutputWithContext(ctx context.Context) PolicyRestorePolicyPtrOutput

type PolicyRestorePolicyInput 

type PolicyRestorePolicyInput interface {
	pulumi.Input

	ToPolicyRestorePolicyOutput() PolicyRestorePolicyOutput
	ToPolicyRestorePolicyOutputWithContext(context.Context) PolicyRestorePolicyOutput
}

PolicyRestorePolicyInput is an input type that accepts PolicyRestorePolicyArgs and PolicyRestorePolicyOutput values. You can construct a concrete instance of `PolicyRestorePolicyInput` via: 

PolicyRestorePolicyArgs{...}

type PolicyRestorePolicyOutput 

type PolicyRestorePolicyOutput struct{ *pulumi.OutputState }

func (PolicyRestorePolicyOutput) Default 

func (o PolicyRestorePolicyOutput) Default() pulumi.BoolOutput

May only be set to true. If set, then the default Policy is restored.

func (PolicyRestorePolicyOutput) ElementType 

func (PolicyRestorePolicyOutput) ElementType() reflect.Type

func (PolicyRestorePolicyOutput) ToPolicyRestorePolicyOutput 

func (o PolicyRestorePolicyOutput) ToPolicyRestorePolicyOutput() PolicyRestorePolicyOutput

func (PolicyRestorePolicyOutput) ToPolicyRestorePolicyOutputWithContext 

func (o PolicyRestorePolicyOutput) ToPolicyRestorePolicyOutputWithContext(ctx context.Context) PolicyRestorePolicyOutput

func (PolicyRestorePolicyOutput) ToPolicyRestorePolicyPtrOutput 

func (o PolicyRestorePolicyOutput) ToPolicyRestorePolicyPtrOutput() PolicyRestorePolicyPtrOutput

func (PolicyRestorePolicyOutput) ToPolicyRestorePolicyPtrOutputWithContext 

func (o PolicyRestorePolicyOutput) ToPolicyRestorePolicyPtrOutputWithContext(ctx context.Context) PolicyRestorePolicyPtrOutput

type PolicyRestorePolicyPtrInput 

type PolicyRestorePolicyPtrInput interface {
	pulumi.Input

	ToPolicyRestorePolicyPtrOutput() PolicyRestorePolicyPtrOutput
	ToPolicyRestorePolicyPtrOutputWithContext(context.Context) PolicyRestorePolicyPtrOutput
}

PolicyRestorePolicyPtrInput is an input type that accepts PolicyRestorePolicyArgs, PolicyRestorePolicyPtr and PolicyRestorePolicyPtrOutput values. You can construct a concrete instance of `PolicyRestorePolicyPtrInput` via: 

        PolicyRestorePolicyArgs{...}

or:

        nil

func PolicyRestorePolicyPtr 

func PolicyRestorePolicyPtr(v *PolicyRestorePolicyArgs) PolicyRestorePolicyPtrInput

type PolicyRestorePolicyPtrOutput 

type PolicyRestorePolicyPtrOutput struct{ *pulumi.OutputState }

func (PolicyRestorePolicyPtrOutput) Default 

func (o PolicyRestorePolicyPtrOutput) Default() pulumi.BoolPtrOutput

May only be set to true. If set, then the default Policy is restored.

func (PolicyRestorePolicyPtrOutput) Elem 

func (o PolicyRestorePolicyPtrOutput) Elem() PolicyRestorePolicyOutput

func (PolicyRestorePolicyPtrOutput) ElementType 

func (PolicyRestorePolicyPtrOutput) ElementType() reflect.Type

func (PolicyRestorePolicyPtrOutput) ToPolicyRestorePolicyPtrOutput 

func (o PolicyRestorePolicyPtrOutput) ToPolicyRestorePolicyPtrOutput() PolicyRestorePolicyPtrOutput

func (PolicyRestorePolicyPtrOutput) ToPolicyRestorePolicyPtrOutputWithContext 

func (o PolicyRestorePolicyPtrOutput) ToPolicyRestorePolicyPtrOutputWithContext(ctx context.Context) PolicyRestorePolicyPtrOutput

type PolicyState 

type PolicyState struct {
	// A boolean policy is a constraint that is either enforced or not. Structure is documented
	// below.
	BooleanPolicy PolicyBooleanPolicyPtrInput
	// The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).
	//
	// ***
	Constraint pulumi.StringPtrInput
	// (Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
	Etag pulumi.StringPtrInput
	// A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
	ListPolicy PolicyListPolicyPtrInput
	// The numeric ID of the organization to set the policy for.
	OrgId pulumi.StringPtrInput
	// A restore policy is a constraint to restore the default policy. Structure is documented below.
	//
	// > **Note:** If none of [`booleanPolicy`, `listPolicy`, `restorePolicy`] are defined the policy for a given constraint will
	// effectively be unset. This is represented in the UI as the constraint being 'Inherited'.
	//
	// ***
	RestorePolicy PolicyRestorePolicyPtrInput
	// (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
	UpdateTime pulumi.StringPtrInput
	// Version of the Policy. Default version is 0.
	Version pulumi.IntPtrInput
}

func (PolicyState) ElementType 

func (PolicyState) ElementType() reflect.Type

type Project 

type Project struct {
	pulumi.CustomResourceState

	// Create the 'default' network automatically. Default true. If set to false, the default network will be deleted. Note
	// that, for quota purposes, you will still need to have 1 network slot available to create the project successfully, even
	// if you set autoCreateNetwork to false, since the network will exist momentarily.
	AutoCreateNetwork pulumi.BoolPtrOutput `pulumi:"autoCreateNetwork"`
	// The alphanumeric ID of the billing account this project
	// belongs to. The user or service account performing this operation with the provider
	// must have at mininum Billing Account User privileges (`roles/billing.user`) on the billing account.
	// See [Google Cloud Billing API Access Control](https://cloud.google.com/billing/docs/how-to/billing-access)
	// for more details.
	BillingAccount pulumi.StringPtrOutput `pulumi:"billingAccount"`
	DeletionPolicy pulumi.StringPtrOutput `pulumi:"deletionPolicy"`
	// All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
	EffectiveLabels pulumi.StringMapOutput `pulumi:"effectiveLabels"`
	// The numeric ID of the folder this project should be
	// created under. Only one of `orgId` or `folderId` may be
	// specified. If the `folderId` is specified, then the project is
	// created under the specified folder. Changing this forces the
	// project to be migrated to the newly specified folder.
	FolderId pulumi.StringPtrOutput `pulumi:"folderId"`
	// A set of key/value label pairs to assign to the project.
	// **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
	// Please refer to the field 'effective_labels' for all of the labels present on the resource.
	Labels pulumi.StringMapOutput `pulumi:"labels"`
	// The display name of the project.
	Name pulumi.StringOutput `pulumi:"name"`
	// The numeric identifier of the project.
	Number pulumi.StringOutput `pulumi:"number"`
	// The numeric ID of the organization this project belongs to.
	// Changing this forces a new project to be created.  Only one of
	// `orgId` or `folderId` may be specified. If the `orgId` is
	// specified then the project is created at the top level. Changing
	// this forces the project to be migrated to the newly specified
	// organization.
	OrgId pulumi.StringPtrOutput `pulumi:"orgId"`
	// The project ID. Changing this forces a new project to be created.
	ProjectId pulumi.StringOutput `pulumi:"projectId"`
	// The combination of labels configured directly on the resource and default labels configured on the provider.
	PulumiLabels pulumi.StringMapOutput `pulumi:"pulumiLabels"`
}

Allows creation and management of a Google Cloud Platform project.

Projects created with this resource must be associated with an Organization. See the [Organization documentation](https://cloud.google.com/resource-manager/docs/quickstarts) for more details.

The user or service account that is running this provider when creating a `organizations.Project` resource must have `roles/resourcemanager.projectCreator` on the specified organization. See the [Access Control for Organizations Using IAM](https://cloud.google.com/resource-manager/docs/access-control-org) doc for more information.

> This resource reads the specified billing account on every pulumi up and plan operation so you must have permissions on the specified billing account.

To get more information about projects, see:

* [API documentation](https://cloud.google.com/resource-manager/reference/rest/v1/projects) * How-to Guides

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.NewProject(ctx, "my_project", &organizations.ProjectArgs{
			Name:      pulumi.String("My Project"),
			ProjectId: pulumi.String("your-project-id"),
			OrgId:     pulumi.String("1234567"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

To create a project under a specific folder

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		department1, err := organizations.NewFolder(ctx, "department1", &organizations.FolderArgs{
			DisplayName: pulumi.String("Department 1"),
			Parent:      pulumi.String("organizations/1234567"),
		})
		if err != nil {
			return err
		}
		_, err = organizations.NewProject(ctx, "my_project-in-a-folder", &organizations.ProjectArgs{
			Name:      pulumi.String("My Project"),
			ProjectId: pulumi.String("your-project-id"),
			FolderId:  department1.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Projects can be imported using the `project_id`, e.g.

* `{{project_id}}`

When using the `pulumi import` command, Projects can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:organizations/project:Project default {{project_id}} ```

func GetProject 

func GetProject(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ProjectState, opts ...pulumi.ResourceOption) (*Project, error)

GetProject gets an existing Project resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewProject 

func NewProject(ctx *pulumi.Context,
	name string, args *ProjectArgs, opts ...pulumi.ResourceOption) (*Project, error)

NewProject registers a new resource with the given unique name, arguments, and options.

func (*Project) ElementType 

func (*Project) ElementType() reflect.Type

func (*Project) ToProjectOutput 

func (i *Project) ToProjectOutput() ProjectOutput

func (*Project) ToProjectOutputWithContext 

func (i *Project) ToProjectOutputWithContext(ctx context.Context) ProjectOutput

type ProjectArgs 

type ProjectArgs struct {
	// Create the 'default' network automatically. Default true. If set to false, the default network will be deleted. Note
	// that, for quota purposes, you will still need to have 1 network slot available to create the project successfully, even
	// if you set autoCreateNetwork to false, since the network will exist momentarily.
	AutoCreateNetwork pulumi.BoolPtrInput
	// The alphanumeric ID of the billing account this project
	// belongs to. The user or service account performing this operation with the provider
	// must have at mininum Billing Account User privileges (`roles/billing.user`) on the billing account.
	// See [Google Cloud Billing API Access Control](https://cloud.google.com/billing/docs/how-to/billing-access)
	// for more details.
	BillingAccount pulumi.StringPtrInput
	DeletionPolicy pulumi.StringPtrInput
	// The numeric ID of the folder this project should be
	// created under. Only one of `orgId` or `folderId` may be
	// specified. If the `folderId` is specified, then the project is
	// created under the specified folder. Changing this forces the
	// project to be migrated to the newly specified folder.
	FolderId pulumi.StringPtrInput
	// A set of key/value label pairs to assign to the project.
	// **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
	// Please refer to the field 'effective_labels' for all of the labels present on the resource.
	Labels pulumi.StringMapInput
	// The display name of the project.
	Name pulumi.StringPtrInput
	// The numeric ID of the organization this project belongs to.
	// Changing this forces a new project to be created.  Only one of
	// `orgId` or `folderId` may be specified. If the `orgId` is
	// specified then the project is created at the top level. Changing
	// this forces the project to be migrated to the newly specified
	// organization.
	OrgId pulumi.StringPtrInput
	// The project ID. Changing this forces a new project to be created.
	ProjectId pulumi.StringPtrInput
}

The set of arguments for constructing a Project resource.

func (ProjectArgs) ElementType 

func (ProjectArgs) ElementType() reflect.Type

type ProjectArray 

type ProjectArray []ProjectInput

func (ProjectArray) ElementType 

func (ProjectArray) ElementType() reflect.Type

func (ProjectArray) ToProjectArrayOutput 

func (i ProjectArray) ToProjectArrayOutput() ProjectArrayOutput

func (ProjectArray) ToProjectArrayOutputWithContext 

func (i ProjectArray) ToProjectArrayOutputWithContext(ctx context.Context) ProjectArrayOutput

type ProjectArrayInput 

type ProjectArrayInput interface {
	pulumi.Input

	ToProjectArrayOutput() ProjectArrayOutput
	ToProjectArrayOutputWithContext(context.Context) ProjectArrayOutput
}

ProjectArrayInput is an input type that accepts ProjectArray and ProjectArrayOutput values. You can construct a concrete instance of `ProjectArrayInput` via: 

ProjectArray{ ProjectArgs{...} }

type ProjectArrayOutput 

type ProjectArrayOutput struct{ *pulumi.OutputState }

func (ProjectArrayOutput) ElementType 

func (ProjectArrayOutput) ElementType() reflect.Type

func (ProjectArrayOutput) Index 

func (o ProjectArrayOutput) Index(i pulumi.IntInput) ProjectOutput

func (ProjectArrayOutput) ToProjectArrayOutput 

func (o ProjectArrayOutput) ToProjectArrayOutput() ProjectArrayOutput

func (ProjectArrayOutput) ToProjectArrayOutputWithContext 

func (o ProjectArrayOutput) ToProjectArrayOutputWithContext(ctx context.Context) ProjectArrayOutput

type ProjectInput 

type ProjectInput interface {
	pulumi.Input

	ToProjectOutput() ProjectOutput
	ToProjectOutputWithContext(ctx context.Context) ProjectOutput
}

type ProjectMap 

type ProjectMap map[string]ProjectInput

func (ProjectMap) ElementType 

func (ProjectMap) ElementType() reflect.Type

func (ProjectMap) ToProjectMapOutput 

func (i ProjectMap) ToProjectMapOutput() ProjectMapOutput

func (ProjectMap) ToProjectMapOutputWithContext 

func (i ProjectMap) ToProjectMapOutputWithContext(ctx context.Context) ProjectMapOutput

type ProjectMapInput 

type ProjectMapInput interface {
	pulumi.Input

	ToProjectMapOutput() ProjectMapOutput
	ToProjectMapOutputWithContext(context.Context) ProjectMapOutput
}

ProjectMapInput is an input type that accepts ProjectMap and ProjectMapOutput values. You can construct a concrete instance of `ProjectMapInput` via: 

ProjectMap{ "key": ProjectArgs{...} }

type ProjectMapOutput 

type ProjectMapOutput struct{ *pulumi.OutputState }

func (ProjectMapOutput) ElementType 

func (ProjectMapOutput) ElementType() reflect.Type

func (ProjectMapOutput) MapIndex 

func (o ProjectMapOutput) MapIndex(k pulumi.StringInput) ProjectOutput

func (ProjectMapOutput) ToProjectMapOutput 

func (o ProjectMapOutput) ToProjectMapOutput() ProjectMapOutput

func (ProjectMapOutput) ToProjectMapOutputWithContext 

func (o ProjectMapOutput) ToProjectMapOutputWithContext(ctx context.Context) ProjectMapOutput

type ProjectOutput 

type ProjectOutput struct{ *pulumi.OutputState }

func (ProjectOutput) AutoCreateNetwork 

func (o ProjectOutput) AutoCreateNetwork() pulumi.BoolPtrOutput

Create the 'default' network automatically. Default true. If set to false, the default network will be deleted. Note that, for quota purposes, you will still need to have 1 network slot available to create the project successfully, even if you set autoCreateNetwork to false, since the network will exist momentarily.

func (ProjectOutput) BillingAccount 

func (o ProjectOutput) BillingAccount() pulumi.StringPtrOutput

The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with the provider must have at mininum Billing Account User privileges (`roles/billing.user`) on the billing account. See [Google Cloud Billing API Access Control](https://cloud.google.com/billing/docs/how-to/billing-access) for more details.

func (ProjectOutput) DeletionPolicy 

func (o ProjectOutput) DeletionPolicy() pulumi.StringPtrOutput

func (ProjectOutput) EffectiveLabels 

func (o ProjectOutput) EffectiveLabels() pulumi.StringMapOutput

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

func (ProjectOutput) ElementType 

func (ProjectOutput) ElementType() reflect.Type

func (ProjectOutput) FolderId 

func (o ProjectOutput) FolderId() pulumi.StringPtrOutput

The numeric ID of the folder this project should be created under. Only one of `orgId` or `folderId` may be specified. If the `folderId` is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder.

func (ProjectOutput) Labels 

func (o ProjectOutput) Labels() pulumi.StringMapOutput

A set of key/value label pairs to assign to the project. **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

func (ProjectOutput) Name 

func (o ProjectOutput) Name() pulumi.StringOutput

The display name of the project.

func (ProjectOutput) Number 

func (o ProjectOutput) Number() pulumi.StringOutput

The numeric identifier of the project.

func (ProjectOutput) OrgId 

func (o ProjectOutput) OrgId() pulumi.StringPtrOutput

The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of `orgId` or `folderId` may be specified. If the `orgId` is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization.

func (ProjectOutput) ProjectId 

func (o ProjectOutput) ProjectId() pulumi.StringOutput

The project ID. Changing this forces a new project to be created.

func (ProjectOutput) PulumiLabels 

func (o ProjectOutput) PulumiLabels() pulumi.StringMapOutput

The combination of labels configured directly on the resource and default labels configured on the provider.

func (ProjectOutput) ToProjectOutput 

func (o ProjectOutput) ToProjectOutput() ProjectOutput

func (ProjectOutput) ToProjectOutputWithContext 

func (o ProjectOutput) ToProjectOutputWithContext(ctx context.Context) ProjectOutput

type ProjectState 

type ProjectState struct {
	// Create the 'default' network automatically. Default true. If set to false, the default network will be deleted. Note
	// that, for quota purposes, you will still need to have 1 network slot available to create the project successfully, even
	// if you set autoCreateNetwork to false, since the network will exist momentarily.
	AutoCreateNetwork pulumi.BoolPtrInput
	// The alphanumeric ID of the billing account this project
	// belongs to. The user or service account performing this operation with the provider
	// must have at mininum Billing Account User privileges (`roles/billing.user`) on the billing account.
	// See [Google Cloud Billing API Access Control](https://cloud.google.com/billing/docs/how-to/billing-access)
	// for more details.
	BillingAccount pulumi.StringPtrInput
	DeletionPolicy pulumi.StringPtrInput
	// All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
	EffectiveLabels pulumi.StringMapInput
	// The numeric ID of the folder this project should be
	// created under. Only one of `orgId` or `folderId` may be
	// specified. If the `folderId` is specified, then the project is
	// created under the specified folder. Changing this forces the
	// project to be migrated to the newly specified folder.
	FolderId pulumi.StringPtrInput
	// A set of key/value label pairs to assign to the project.
	// **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
	// Please refer to the field 'effective_labels' for all of the labels present on the resource.
	Labels pulumi.StringMapInput
	// The display name of the project.
	Name pulumi.StringPtrInput
	// The numeric identifier of the project.
	Number pulumi.StringPtrInput
	// The numeric ID of the organization this project belongs to.
	// Changing this forces a new project to be created.  Only one of
	// `orgId` or `folderId` may be specified. If the `orgId` is
	// specified then the project is created at the top level. Changing
	// this forces the project to be migrated to the newly specified
	// organization.
	OrgId pulumi.StringPtrInput
	// The project ID. Changing this forces a new project to be created.
	ProjectId pulumi.StringPtrInput
	// The combination of labels configured directly on the resource and default labels configured on the provider.
	PulumiLabels pulumi.StringMapInput
}

func (ProjectState) ElementType 

func (ProjectState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.