v1

package
v0.0.1-alpha.100 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 25, 2025 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Default case. Should never be this.
	AuditLogConfigLogTypeLogTypeUnspecified = AuditLogConfigLogType("LOG_TYPE_UNSPECIFIED")
	// Admin reads. Example: CloudIAM getIamPolicy
	AuditLogConfigLogTypeAdminRead = AuditLogConfigLogType("ADMIN_READ")
	// Data writes. Example: CloudSQL Users create
	AuditLogConfigLogTypeDataWrite = AuditLogConfigLogType("DATA_WRITE")
	// Data reads. Example: CloudSQL Users list
	AuditLogConfigLogTypeDataRead = AuditLogConfigLogType("DATA_READ")
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AuditConfig 

type AuditConfig struct {
	// The configuration for logging of each type of permission.
	AuditLogConfigs []AuditLogConfig `pulumi:"auditLogConfigs"`
	// Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
	Service *string `pulumi:"service"`
}

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.

type AuditConfigArgs 

type AuditConfigArgs struct {
	// The configuration for logging of each type of permission.
	AuditLogConfigs AuditLogConfigArrayInput `pulumi:"auditLogConfigs"`
	// Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
	Service pulumi.StringPtrInput `pulumi:"service"`
}

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.

func (AuditConfigArgs) ElementType 

func (AuditConfigArgs) ElementType() reflect.Type

func (AuditConfigArgs) ToAuditConfigOutput 

func (i AuditConfigArgs) ToAuditConfigOutput() AuditConfigOutput

func (AuditConfigArgs) ToAuditConfigOutputWithContext 

func (i AuditConfigArgs) ToAuditConfigOutputWithContext(ctx context.Context) AuditConfigOutput

type AuditConfigArray 

type AuditConfigArray []AuditConfigInput

func (AuditConfigArray) ElementType 

func (AuditConfigArray) ElementType() reflect.Type

func (AuditConfigArray) ToAuditConfigArrayOutput 

func (i AuditConfigArray) ToAuditConfigArrayOutput() AuditConfigArrayOutput

func (AuditConfigArray) ToAuditConfigArrayOutputWithContext 

func (i AuditConfigArray) ToAuditConfigArrayOutputWithContext(ctx context.Context) AuditConfigArrayOutput

type AuditConfigArrayInput 

type AuditConfigArrayInput interface {
	pulumi.Input

	ToAuditConfigArrayOutput() AuditConfigArrayOutput
	ToAuditConfigArrayOutputWithContext(context.Context) AuditConfigArrayOutput
}

AuditConfigArrayInput is an input type that accepts AuditConfigArray and AuditConfigArrayOutput values. You can construct a concrete instance of `AuditConfigArrayInput` via: 

AuditConfigArray{ AuditConfigArgs{...} }

type AuditConfigArrayOutput 

type AuditConfigArrayOutput struct{ *pulumi.OutputState }

func (AuditConfigArrayOutput) ElementType 

func (AuditConfigArrayOutput) ElementType() reflect.Type

func (AuditConfigArrayOutput) Index 

func (o AuditConfigArrayOutput) Index(i pulumi.IntInput) AuditConfigOutput

func (AuditConfigArrayOutput) ToAuditConfigArrayOutput 

func (o AuditConfigArrayOutput) ToAuditConfigArrayOutput() AuditConfigArrayOutput

func (AuditConfigArrayOutput) ToAuditConfigArrayOutputWithContext 

func (o AuditConfigArrayOutput) ToAuditConfigArrayOutputWithContext(ctx context.Context) AuditConfigArrayOutput

type AuditConfigInput 

type AuditConfigInput interface {
	pulumi.Input

	ToAuditConfigOutput() AuditConfigOutput
	ToAuditConfigOutputWithContext(context.Context) AuditConfigOutput
}

AuditConfigInput is an input type that accepts AuditConfigArgs and AuditConfigOutput values. You can construct a concrete instance of `AuditConfigInput` via: 

AuditConfigArgs{...}

type AuditConfigOutput 

type AuditConfigOutput struct{ *pulumi.OutputState }

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.

func (AuditConfigOutput) AuditLogConfigs 

func (o AuditConfigOutput) AuditLogConfigs() AuditLogConfigArrayOutput

The configuration for logging of each type of permission.

func (AuditConfigOutput) ElementType 

func (AuditConfigOutput) ElementType() reflect.Type

func (AuditConfigOutput) Service 

func (o AuditConfigOutput) Service() pulumi.StringPtrOutput

Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.

func (AuditConfigOutput) ToAuditConfigOutput 

func (o AuditConfigOutput) ToAuditConfigOutput() AuditConfigOutput

func (AuditConfigOutput) ToAuditConfigOutputWithContext 

func (o AuditConfigOutput) ToAuditConfigOutputWithContext(ctx context.Context) AuditConfigOutput

type AuditConfigResponse 

type AuditConfigResponse struct {
	// The configuration for logging of each type of permission.
	AuditLogConfigs []AuditLogConfigResponse `pulumi:"auditLogConfigs"`
	// Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
	Service string `pulumi:"service"`
}

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.

type AuditConfigResponseArrayOutput 

type AuditConfigResponseArrayOutput struct{ *pulumi.OutputState }

func (AuditConfigResponseArrayOutput) ElementType 

func (AuditConfigResponseArrayOutput) ElementType() reflect.Type

func (AuditConfigResponseArrayOutput) Index 

func (o AuditConfigResponseArrayOutput) Index(i pulumi.IntInput) AuditConfigResponseOutput

func (AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutput 

func (o AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutput() AuditConfigResponseArrayOutput

func (AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutputWithContext 

func (o AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutputWithContext(ctx context.Context) AuditConfigResponseArrayOutput

type AuditConfigResponseOutput 

type AuditConfigResponseOutput struct{ *pulumi.OutputState }

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.

func (AuditConfigResponseOutput) AuditLogConfigs 

func (o AuditConfigResponseOutput) AuditLogConfigs() AuditLogConfigResponseArrayOutput

The configuration for logging of each type of permission.

func (AuditConfigResponseOutput) ElementType 

func (AuditConfigResponseOutput) ElementType() reflect.Type

func (AuditConfigResponseOutput) Service 

func (o AuditConfigResponseOutput) Service() pulumi.StringOutput

Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.

func (AuditConfigResponseOutput) ToAuditConfigResponseOutput 

func (o AuditConfigResponseOutput) ToAuditConfigResponseOutput() AuditConfigResponseOutput

func (AuditConfigResponseOutput) ToAuditConfigResponseOutputWithContext 

func (o AuditConfigResponseOutput) ToAuditConfigResponseOutputWithContext(ctx context.Context) AuditConfigResponseOutput

type AuditLogConfig 

type AuditLogConfig struct {
	// Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
	ExemptedMembers []string `pulumi:"exemptedMembers"`
	// The log type that this config enables.
	LogType *AuditLogConfigLogType `pulumi:"logType"`
}

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

type AuditLogConfigArgs 

type AuditLogConfigArgs struct {
	// Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
	ExemptedMembers pulumi.StringArrayInput `pulumi:"exemptedMembers"`
	// The log type that this config enables.
	LogType AuditLogConfigLogTypePtrInput `pulumi:"logType"`
}

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

func (AuditLogConfigArgs) ElementType 

func (AuditLogConfigArgs) ElementType() reflect.Type

func (AuditLogConfigArgs) ToAuditLogConfigOutput 

func (i AuditLogConfigArgs) ToAuditLogConfigOutput() AuditLogConfigOutput

func (AuditLogConfigArgs) ToAuditLogConfigOutputWithContext 

func (i AuditLogConfigArgs) ToAuditLogConfigOutputWithContext(ctx context.Context) AuditLogConfigOutput

type AuditLogConfigArray 

type AuditLogConfigArray []AuditLogConfigInput

func (AuditLogConfigArray) ElementType 

func (AuditLogConfigArray) ElementType() reflect.Type

func (AuditLogConfigArray) ToAuditLogConfigArrayOutput 

func (i AuditLogConfigArray) ToAuditLogConfigArrayOutput() AuditLogConfigArrayOutput

func (AuditLogConfigArray) ToAuditLogConfigArrayOutputWithContext 

func (i AuditLogConfigArray) ToAuditLogConfigArrayOutputWithContext(ctx context.Context) AuditLogConfigArrayOutput

type AuditLogConfigArrayInput 

type AuditLogConfigArrayInput interface {
	pulumi.Input

	ToAuditLogConfigArrayOutput() AuditLogConfigArrayOutput
	ToAuditLogConfigArrayOutputWithContext(context.Context) AuditLogConfigArrayOutput
}

AuditLogConfigArrayInput is an input type that accepts AuditLogConfigArray and AuditLogConfigArrayOutput values. You can construct a concrete instance of `AuditLogConfigArrayInput` via: 

AuditLogConfigArray{ AuditLogConfigArgs{...} }

type AuditLogConfigArrayOutput 

type AuditLogConfigArrayOutput struct{ *pulumi.OutputState }

func (AuditLogConfigArrayOutput) ElementType 

func (AuditLogConfigArrayOutput) ElementType() reflect.Type

func (AuditLogConfigArrayOutput) Index 

func (o AuditLogConfigArrayOutput) Index(i pulumi.IntInput) AuditLogConfigOutput

func (AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutput 

func (o AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutput() AuditLogConfigArrayOutput

func (AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutputWithContext 

func (o AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutputWithContext(ctx context.Context) AuditLogConfigArrayOutput

type AuditLogConfigInput 

type AuditLogConfigInput interface {
	pulumi.Input

	ToAuditLogConfigOutput() AuditLogConfigOutput
	ToAuditLogConfigOutputWithContext(context.Context) AuditLogConfigOutput
}

AuditLogConfigInput is an input type that accepts AuditLogConfigArgs and AuditLogConfigOutput values. You can construct a concrete instance of `AuditLogConfigInput` via: 

AuditLogConfigArgs{...}

type AuditLogConfigLogType added in v0.4.0 

type AuditLogConfigLogType string

The log type that this config enables.

func (AuditLogConfigLogType) ElementType added in v0.4.0 

func (AuditLogConfigLogType) ElementType() reflect.Type

func (AuditLogConfigLogType) ToAuditLogConfigLogTypeOutput added in v0.6.0 

func (e AuditLogConfigLogType) ToAuditLogConfigLogTypeOutput() AuditLogConfigLogTypeOutput

func (AuditLogConfigLogType) ToAuditLogConfigLogTypeOutputWithContext added in v0.6.0 

func (e AuditLogConfigLogType) ToAuditLogConfigLogTypeOutputWithContext(ctx context.Context) AuditLogConfigLogTypeOutput

func (AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutput added in v0.6.0 

func (e AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutputWithContext added in v0.6.0 

func (e AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutputWithContext(ctx context.Context) AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogType) ToStringOutput added in v0.4.0 

func (e AuditLogConfigLogType) ToStringOutput() pulumi.StringOutput

func (AuditLogConfigLogType) ToStringOutputWithContext added in v0.4.0 

func (e AuditLogConfigLogType) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (AuditLogConfigLogType) ToStringPtrOutput added in v0.4.0 

func (e AuditLogConfigLogType) ToStringPtrOutput() pulumi.StringPtrOutput

func (AuditLogConfigLogType) ToStringPtrOutputWithContext added in v0.4.0 

func (e AuditLogConfigLogType) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type AuditLogConfigLogTypeInput added in v0.6.0 

type AuditLogConfigLogTypeInput interface {
	pulumi.Input

	ToAuditLogConfigLogTypeOutput() AuditLogConfigLogTypeOutput
	ToAuditLogConfigLogTypeOutputWithContext(context.Context) AuditLogConfigLogTypeOutput
}

AuditLogConfigLogTypeInput is an input type that accepts values of the AuditLogConfigLogType enum A concrete instance of `AuditLogConfigLogTypeInput` can be one of the following: 

AuditLogConfigLogTypeLogTypeUnspecified
AuditLogConfigLogTypeAdminRead
AuditLogConfigLogTypeDataWrite
AuditLogConfigLogTypeDataRead

type AuditLogConfigLogTypeOutput added in v0.6.0 

type AuditLogConfigLogTypeOutput struct{ *pulumi.OutputState }

func (AuditLogConfigLogTypeOutput) ElementType added in v0.6.0 

func (AuditLogConfigLogTypeOutput) ElementType() reflect.Type

func (AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutput added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutput() AuditLogConfigLogTypeOutput

func (AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutputWithContext(ctx context.Context) AuditLogConfigLogTypeOutput

func (AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutput added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutputWithContext(ctx context.Context) AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogTypeOutput) ToStringOutput added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToStringOutput() pulumi.StringOutput

func (AuditLogConfigLogTypeOutput) ToStringOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (AuditLogConfigLogTypeOutput) ToStringPtrOutput added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (AuditLogConfigLogTypeOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type AuditLogConfigLogTypePtrInput added in v0.6.0 

type AuditLogConfigLogTypePtrInput interface {
	pulumi.Input

	ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput
	ToAuditLogConfigLogTypePtrOutputWithContext(context.Context) AuditLogConfigLogTypePtrOutput
}

func AuditLogConfigLogTypePtr added in v0.6.0 

func AuditLogConfigLogTypePtr(v string) AuditLogConfigLogTypePtrInput

type AuditLogConfigLogTypePtrOutput added in v0.6.0 

type AuditLogConfigLogTypePtrOutput struct{ *pulumi.OutputState }

func (AuditLogConfigLogTypePtrOutput) Elem added in v0.6.0 

func (o AuditLogConfigLogTypePtrOutput) Elem() AuditLogConfigLogTypeOutput

func (AuditLogConfigLogTypePtrOutput) ElementType added in v0.6.0 

func (AuditLogConfigLogTypePtrOutput) ElementType() reflect.Type

func (AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutput added in v0.6.0 

func (o AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutputWithContext(ctx context.Context) AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogTypePtrOutput) ToStringPtrOutput added in v0.6.0 

func (o AuditLogConfigLogTypePtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (AuditLogConfigLogTypePtrOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypePtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type AuditLogConfigOutput 

type AuditLogConfigOutput struct{ *pulumi.OutputState }

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

func (AuditLogConfigOutput) ElementType 

func (AuditLogConfigOutput) ElementType() reflect.Type

func (AuditLogConfigOutput) ExemptedMembers 

func (o AuditLogConfigOutput) ExemptedMembers() pulumi.StringArrayOutput

Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.

func (AuditLogConfigOutput) LogType 

func (o AuditLogConfigOutput) LogType() AuditLogConfigLogTypePtrOutput

The log type that this config enables.

func (AuditLogConfigOutput) ToAuditLogConfigOutput 

func (o AuditLogConfigOutput) ToAuditLogConfigOutput() AuditLogConfigOutput

func (AuditLogConfigOutput) ToAuditLogConfigOutputWithContext 

func (o AuditLogConfigOutput) ToAuditLogConfigOutputWithContext(ctx context.Context) AuditLogConfigOutput

type AuditLogConfigResponse 

type AuditLogConfigResponse struct {
	// Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
	ExemptedMembers []string `pulumi:"exemptedMembers"`
	// The log type that this config enables.
	LogType string `pulumi:"logType"`
}

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

type AuditLogConfigResponseArrayOutput 

type AuditLogConfigResponseArrayOutput struct{ *pulumi.OutputState }

func (AuditLogConfigResponseArrayOutput) ElementType 

func (AuditLogConfigResponseArrayOutput) ElementType() reflect.Type

func (AuditLogConfigResponseArrayOutput) Index 

func (o AuditLogConfigResponseArrayOutput) Index(i pulumi.IntInput) AuditLogConfigResponseOutput

func (AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutput 

func (o AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutput() AuditLogConfigResponseArrayOutput

func (AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutputWithContext 

func (o AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutputWithContext(ctx context.Context) AuditLogConfigResponseArrayOutput

type AuditLogConfigResponseOutput 

type AuditLogConfigResponseOutput struct{ *pulumi.OutputState }

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

func (AuditLogConfigResponseOutput) ElementType 

func (AuditLogConfigResponseOutput) ElementType() reflect.Type

func (AuditLogConfigResponseOutput) ExemptedMembers 

func (o AuditLogConfigResponseOutput) ExemptedMembers() pulumi.StringArrayOutput

Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.

func (AuditLogConfigResponseOutput) LogType 

func (o AuditLogConfigResponseOutput) LogType() pulumi.StringOutput

The log type that this config enables.

func (AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutput 

func (o AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutput() AuditLogConfigResponseOutput

func (AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutputWithContext 

func (o AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutputWithContext(ctx context.Context) AuditLogConfigResponseOutput

type Automatic 

type Automatic struct {
	// Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
	CustomerManagedEncryption *CustomerManagedEncryption `pulumi:"customerManagedEncryption"`
}

A replication policy that replicates the Secret payload without any restrictions.

type AutomaticArgs 

type AutomaticArgs struct {
	// Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
	CustomerManagedEncryption CustomerManagedEncryptionPtrInput `pulumi:"customerManagedEncryption"`
}

A replication policy that replicates the Secret payload without any restrictions.

func (AutomaticArgs) ElementType 

func (AutomaticArgs) ElementType() reflect.Type

func (AutomaticArgs) ToAutomaticOutput 

func (i AutomaticArgs) ToAutomaticOutput() AutomaticOutput

func (AutomaticArgs) ToAutomaticOutputWithContext 

func (i AutomaticArgs) ToAutomaticOutputWithContext(ctx context.Context) AutomaticOutput

func (AutomaticArgs) ToAutomaticPtrOutput 

func (i AutomaticArgs) ToAutomaticPtrOutput() AutomaticPtrOutput

func (AutomaticArgs) ToAutomaticPtrOutputWithContext 

func (i AutomaticArgs) ToAutomaticPtrOutputWithContext(ctx context.Context) AutomaticPtrOutput

type AutomaticInput 

type AutomaticInput interface {
	pulumi.Input

	ToAutomaticOutput() AutomaticOutput
	ToAutomaticOutputWithContext(context.Context) AutomaticOutput
}

AutomaticInput is an input type that accepts AutomaticArgs and AutomaticOutput values. You can construct a concrete instance of `AutomaticInput` via: 

AutomaticArgs{...}

type AutomaticOutput 

type AutomaticOutput struct{ *pulumi.OutputState }

A replication policy that replicates the Secret payload without any restrictions.

func (AutomaticOutput) CustomerManagedEncryption 

func (o AutomaticOutput) CustomerManagedEncryption() CustomerManagedEncryptionPtrOutput

Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.

func (AutomaticOutput) ElementType 

func (AutomaticOutput) ElementType() reflect.Type

func (AutomaticOutput) ToAutomaticOutput 

func (o AutomaticOutput) ToAutomaticOutput() AutomaticOutput

func (AutomaticOutput) ToAutomaticOutputWithContext 

func (o AutomaticOutput) ToAutomaticOutputWithContext(ctx context.Context) AutomaticOutput

func (AutomaticOutput) ToAutomaticPtrOutput 

func (o AutomaticOutput) ToAutomaticPtrOutput() AutomaticPtrOutput

func (AutomaticOutput) ToAutomaticPtrOutputWithContext 

func (o AutomaticOutput) ToAutomaticPtrOutputWithContext(ctx context.Context) AutomaticPtrOutput

type AutomaticPtrInput 

type AutomaticPtrInput interface {
	pulumi.Input

	ToAutomaticPtrOutput() AutomaticPtrOutput
	ToAutomaticPtrOutputWithContext(context.Context) AutomaticPtrOutput
}

AutomaticPtrInput is an input type that accepts AutomaticArgs, AutomaticPtr and AutomaticPtrOutput values. You can construct a concrete instance of `AutomaticPtrInput` via: 

        AutomaticArgs{...}

or:

        nil

func AutomaticPtr 

func AutomaticPtr(v *AutomaticArgs) AutomaticPtrInput

type AutomaticPtrOutput 

type AutomaticPtrOutput struct{ *pulumi.OutputState }

func (AutomaticPtrOutput) CustomerManagedEncryption 

func (o AutomaticPtrOutput) CustomerManagedEncryption() CustomerManagedEncryptionPtrOutput

Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.

func (AutomaticPtrOutput) Elem 

func (o AutomaticPtrOutput) Elem() AutomaticOutput

func (AutomaticPtrOutput) ElementType 

func (AutomaticPtrOutput) ElementType() reflect.Type

func (AutomaticPtrOutput) ToAutomaticPtrOutput 

func (o AutomaticPtrOutput) ToAutomaticPtrOutput() AutomaticPtrOutput

func (AutomaticPtrOutput) ToAutomaticPtrOutputWithContext 

func (o AutomaticPtrOutput) ToAutomaticPtrOutputWithContext(ctx context.Context) AutomaticPtrOutput

type AutomaticResponse 

type AutomaticResponse struct {
	// Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
	CustomerManagedEncryption CustomerManagedEncryptionResponse `pulumi:"customerManagedEncryption"`
}

A replication policy that replicates the Secret payload without any restrictions.

type AutomaticResponseOutput 

type AutomaticResponseOutput struct{ *pulumi.OutputState }

A replication policy that replicates the Secret payload without any restrictions.

func (AutomaticResponseOutput) CustomerManagedEncryption 

func (o AutomaticResponseOutput) CustomerManagedEncryption() CustomerManagedEncryptionResponseOutput

Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.

func (AutomaticResponseOutput) ElementType 

func (AutomaticResponseOutput) ElementType() reflect.Type

func (AutomaticResponseOutput) ToAutomaticResponseOutput 

func (o AutomaticResponseOutput) ToAutomaticResponseOutput() AutomaticResponseOutput

func (AutomaticResponseOutput) ToAutomaticResponseOutputWithContext 

func (o AutomaticResponseOutput) ToAutomaticResponseOutputWithContext(ctx context.Context) AutomaticResponseOutput

type Binding 

type Binding struct {
	// The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Condition *Expr `pulumi:"condition"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members []string `pulumi:"members"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role *string `pulumi:"role"`
}

Associates `members`, or principals, with a `role`.

type BindingArgs 

type BindingArgs struct {
	// The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Condition ExprPtrInput `pulumi:"condition"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members pulumi.StringArrayInput `pulumi:"members"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringPtrInput `pulumi:"role"`
}

Associates `members`, or principals, with a `role`.

func (BindingArgs) ElementType 

func (BindingArgs) ElementType() reflect.Type

func (BindingArgs) ToBindingOutput 

func (i BindingArgs) ToBindingOutput() BindingOutput

func (BindingArgs) ToBindingOutputWithContext 

func (i BindingArgs) ToBindingOutputWithContext(ctx context.Context) BindingOutput

type BindingArray 

type BindingArray []BindingInput

func (BindingArray) ElementType 

func (BindingArray) ElementType() reflect.Type

func (BindingArray) ToBindingArrayOutput 

func (i BindingArray) ToBindingArrayOutput() BindingArrayOutput

func (BindingArray) ToBindingArrayOutputWithContext 

func (i BindingArray) ToBindingArrayOutputWithContext(ctx context.Context) BindingArrayOutput

type BindingArrayInput 

type BindingArrayInput interface {
	pulumi.Input

	ToBindingArrayOutput() BindingArrayOutput
	ToBindingArrayOutputWithContext(context.Context) BindingArrayOutput
}

BindingArrayInput is an input type that accepts BindingArray and BindingArrayOutput values. You can construct a concrete instance of `BindingArrayInput` via: 

BindingArray{ BindingArgs{...} }

type BindingArrayOutput 

type BindingArrayOutput struct{ *pulumi.OutputState }

func (BindingArrayOutput) ElementType 

func (BindingArrayOutput) ElementType() reflect.Type

func (BindingArrayOutput) Index 

func (o BindingArrayOutput) Index(i pulumi.IntInput) BindingOutput

func (BindingArrayOutput) ToBindingArrayOutput 

func (o BindingArrayOutput) ToBindingArrayOutput() BindingArrayOutput

func (BindingArrayOutput) ToBindingArrayOutputWithContext 

func (o BindingArrayOutput) ToBindingArrayOutputWithContext(ctx context.Context) BindingArrayOutput

type BindingInput 

type BindingInput interface {
	pulumi.Input

	ToBindingOutput() BindingOutput
	ToBindingOutputWithContext(context.Context) BindingOutput
}

BindingInput is an input type that accepts BindingArgs and BindingOutput values. You can construct a concrete instance of `BindingInput` via: 

BindingArgs{...}

type BindingOutput 

type BindingOutput struct{ *pulumi.OutputState }

Associates `members`, or principals, with a `role`.

func (BindingOutput) Condition 

func (o BindingOutput) Condition() ExprPtrOutput

The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

func (BindingOutput) ElementType 

func (BindingOutput) ElementType() reflect.Type

func (BindingOutput) Members 

func (o BindingOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (BindingOutput) Role 

func (o BindingOutput) Role() pulumi.StringPtrOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (BindingOutput) ToBindingOutput 

func (o BindingOutput) ToBindingOutput() BindingOutput

func (BindingOutput) ToBindingOutputWithContext 

func (o BindingOutput) ToBindingOutputWithContext(ctx context.Context) BindingOutput

type BindingResponse 

type BindingResponse struct {
	// The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Condition ExprResponse `pulumi:"condition"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members []string `pulumi:"members"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role string `pulumi:"role"`
}

Associates `members`, or principals, with a `role`.

type BindingResponseArrayOutput 

type BindingResponseArrayOutput struct{ *pulumi.OutputState }

func (BindingResponseArrayOutput) ElementType 

func (BindingResponseArrayOutput) ElementType() reflect.Type

func (BindingResponseArrayOutput) Index 

func (o BindingResponseArrayOutput) Index(i pulumi.IntInput) BindingResponseOutput

func (BindingResponseArrayOutput) ToBindingResponseArrayOutput 

func (o BindingResponseArrayOutput) ToBindingResponseArrayOutput() BindingResponseArrayOutput

func (BindingResponseArrayOutput) ToBindingResponseArrayOutputWithContext 

func (o BindingResponseArrayOutput) ToBindingResponseArrayOutputWithContext(ctx context.Context) BindingResponseArrayOutput

type BindingResponseOutput 

type BindingResponseOutput struct{ *pulumi.OutputState }

Associates `members`, or principals, with a `role`.

func (BindingResponseOutput) Condition 

func (o BindingResponseOutput) Condition() ExprResponseOutput

The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

func (BindingResponseOutput) ElementType 

func (BindingResponseOutput) ElementType() reflect.Type

func (BindingResponseOutput) Members 

func (o BindingResponseOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (BindingResponseOutput) Role 

func (o BindingResponseOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (BindingResponseOutput) ToBindingResponseOutput 

func (o BindingResponseOutput) ToBindingResponseOutput() BindingResponseOutput

func (BindingResponseOutput) ToBindingResponseOutputWithContext 

func (o BindingResponseOutput) ToBindingResponseOutputWithContext(ctx context.Context) BindingResponseOutput

type CustomerManagedEncryption 

type CustomerManagedEncryption struct {
	// The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in `global`. The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
	KmsKeyName string `pulumi:"kmsKeyName"`
}

Configuration for encrypting secret payloads using customer-managed encryption keys (CMEK).

type CustomerManagedEncryptionArgs 

type CustomerManagedEncryptionArgs struct {
	// The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in `global`. The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
	KmsKeyName pulumi.StringInput `pulumi:"kmsKeyName"`
}

Configuration for encrypting secret payloads using customer-managed encryption keys (CMEK).

func (CustomerManagedEncryptionArgs) ElementType 

func (CustomerManagedEncryptionArgs) ElementType() reflect.Type

func (CustomerManagedEncryptionArgs) ToCustomerManagedEncryptionOutput 

func (i CustomerManagedEncryptionArgs) ToCustomerManagedEncryptionOutput() CustomerManagedEncryptionOutput

func (CustomerManagedEncryptionArgs) ToCustomerManagedEncryptionOutputWithContext 

func (i CustomerManagedEncryptionArgs) ToCustomerManagedEncryptionOutputWithContext(ctx context.Context) CustomerManagedEncryptionOutput

func (CustomerManagedEncryptionArgs) ToCustomerManagedEncryptionPtrOutput 

func (i CustomerManagedEncryptionArgs) ToCustomerManagedEncryptionPtrOutput() CustomerManagedEncryptionPtrOutput

func (CustomerManagedEncryptionArgs) ToCustomerManagedEncryptionPtrOutputWithContext 

func (i CustomerManagedEncryptionArgs) ToCustomerManagedEncryptionPtrOutputWithContext(ctx context.Context) CustomerManagedEncryptionPtrOutput

type CustomerManagedEncryptionInput 

type CustomerManagedEncryptionInput interface {
	pulumi.Input

	ToCustomerManagedEncryptionOutput() CustomerManagedEncryptionOutput
	ToCustomerManagedEncryptionOutputWithContext(context.Context) CustomerManagedEncryptionOutput
}

CustomerManagedEncryptionInput is an input type that accepts CustomerManagedEncryptionArgs and CustomerManagedEncryptionOutput values. You can construct a concrete instance of `CustomerManagedEncryptionInput` via: 

CustomerManagedEncryptionArgs{...}

type CustomerManagedEncryptionOutput 

type CustomerManagedEncryptionOutput struct{ *pulumi.OutputState }

Configuration for encrypting secret payloads using customer-managed encryption keys (CMEK).

func (CustomerManagedEncryptionOutput) ElementType 

func (CustomerManagedEncryptionOutput) ElementType() reflect.Type

func (CustomerManagedEncryptionOutput) KmsKeyName 

func (o CustomerManagedEncryptionOutput) KmsKeyName() pulumi.StringOutput

The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in `global`. The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*`.

func (CustomerManagedEncryptionOutput) ToCustomerManagedEncryptionOutput 

func (o CustomerManagedEncryptionOutput) ToCustomerManagedEncryptionOutput() CustomerManagedEncryptionOutput

func (CustomerManagedEncryptionOutput) ToCustomerManagedEncryptionOutputWithContext 

func (o CustomerManagedEncryptionOutput) ToCustomerManagedEncryptionOutputWithContext(ctx context.Context) CustomerManagedEncryptionOutput

func (CustomerManagedEncryptionOutput) ToCustomerManagedEncryptionPtrOutput 

func (o CustomerManagedEncryptionOutput) ToCustomerManagedEncryptionPtrOutput() CustomerManagedEncryptionPtrOutput

func (CustomerManagedEncryptionOutput) ToCustomerManagedEncryptionPtrOutputWithContext 

func (o CustomerManagedEncryptionOutput) ToCustomerManagedEncryptionPtrOutputWithContext(ctx context.Context) CustomerManagedEncryptionPtrOutput

type CustomerManagedEncryptionPtrInput 

type CustomerManagedEncryptionPtrInput interface {
	pulumi.Input

	ToCustomerManagedEncryptionPtrOutput() CustomerManagedEncryptionPtrOutput
	ToCustomerManagedEncryptionPtrOutputWithContext(context.Context) CustomerManagedEncryptionPtrOutput
}

CustomerManagedEncryptionPtrInput is an input type that accepts CustomerManagedEncryptionArgs, CustomerManagedEncryptionPtr and CustomerManagedEncryptionPtrOutput values. You can construct a concrete instance of `CustomerManagedEncryptionPtrInput` via: 

        CustomerManagedEncryptionArgs{...}

or:

        nil

func CustomerManagedEncryptionPtr 

func CustomerManagedEncryptionPtr(v *CustomerManagedEncryptionArgs) CustomerManagedEncryptionPtrInput

type CustomerManagedEncryptionPtrOutput 

type CustomerManagedEncryptionPtrOutput struct{ *pulumi.OutputState }

func (CustomerManagedEncryptionPtrOutput) Elem 

func (o CustomerManagedEncryptionPtrOutput) Elem() CustomerManagedEncryptionOutput

func (CustomerManagedEncryptionPtrOutput) ElementType 

func (CustomerManagedEncryptionPtrOutput) ElementType() reflect.Type

func (CustomerManagedEncryptionPtrOutput) KmsKeyName 

func (o CustomerManagedEncryptionPtrOutput) KmsKeyName() pulumi.StringPtrOutput

The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in `global`. The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*`.

func (CustomerManagedEncryptionPtrOutput) ToCustomerManagedEncryptionPtrOutput 

func (o CustomerManagedEncryptionPtrOutput) ToCustomerManagedEncryptionPtrOutput() CustomerManagedEncryptionPtrOutput

func (CustomerManagedEncryptionPtrOutput) ToCustomerManagedEncryptionPtrOutputWithContext 

func (o CustomerManagedEncryptionPtrOutput) ToCustomerManagedEncryptionPtrOutputWithContext(ctx context.Context) CustomerManagedEncryptionPtrOutput

type CustomerManagedEncryptionResponse 

type CustomerManagedEncryptionResponse struct {
	// The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in `global`. The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
	KmsKeyName string `pulumi:"kmsKeyName"`
}

Configuration for encrypting secret payloads using customer-managed encryption keys (CMEK).

type CustomerManagedEncryptionResponseOutput 

type CustomerManagedEncryptionResponseOutput struct{ *pulumi.OutputState }

Configuration for encrypting secret payloads using customer-managed encryption keys (CMEK).

func (CustomerManagedEncryptionResponseOutput) ElementType 

func (CustomerManagedEncryptionResponseOutput) ElementType() reflect.Type

func (CustomerManagedEncryptionResponseOutput) KmsKeyName 

func (o CustomerManagedEncryptionResponseOutput) KmsKeyName() pulumi.StringOutput

The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the replica location. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in `global`. The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*`.

func (CustomerManagedEncryptionResponseOutput) ToCustomerManagedEncryptionResponseOutput 

func (o CustomerManagedEncryptionResponseOutput) ToCustomerManagedEncryptionResponseOutput() CustomerManagedEncryptionResponseOutput

func (CustomerManagedEncryptionResponseOutput) ToCustomerManagedEncryptionResponseOutputWithContext 

func (o CustomerManagedEncryptionResponseOutput) ToCustomerManagedEncryptionResponseOutputWithContext(ctx context.Context) CustomerManagedEncryptionResponseOutput

type Expr 

type Expr struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression *string `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location *string `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title *string `pulumi:"title"`
}

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

type ExprArgs 

type ExprArgs struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringPtrInput `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location pulumi.StringPtrInput `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title pulumi.StringPtrInput `pulumi:"title"`
}

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

func (ExprArgs) ElementType 

func (ExprArgs) ElementType() reflect.Type

func (ExprArgs) ToExprOutput 

func (i ExprArgs) ToExprOutput() ExprOutput

func (ExprArgs) ToExprOutputWithContext 

func (i ExprArgs) ToExprOutputWithContext(ctx context.Context) ExprOutput

func (ExprArgs) ToExprPtrOutput 

func (i ExprArgs) ToExprPtrOutput() ExprPtrOutput

func (ExprArgs) ToExprPtrOutputWithContext 

func (i ExprArgs) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput

type ExprInput 

type ExprInput interface {
	pulumi.Input

	ToExprOutput() ExprOutput
	ToExprOutputWithContext(context.Context) ExprOutput
}

ExprInput is an input type that accepts ExprArgs and ExprOutput values. You can construct a concrete instance of `ExprInput` via: 

ExprArgs{...}

type ExprOutput 

type ExprOutput struct{ *pulumi.OutputState }

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

func (ExprOutput) Description 

func (o ExprOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (ExprOutput) ElementType 

func (ExprOutput) ElementType() reflect.Type

func (ExprOutput) Expression 

func (o ExprOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (ExprOutput) Location 

func (o ExprOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (ExprOutput) Title 

func (o ExprOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (ExprOutput) ToExprOutput 

func (o ExprOutput) ToExprOutput() ExprOutput

func (ExprOutput) ToExprOutputWithContext 

func (o ExprOutput) ToExprOutputWithContext(ctx context.Context) ExprOutput

func (ExprOutput) ToExprPtrOutput 

func (o ExprOutput) ToExprPtrOutput() ExprPtrOutput

func (ExprOutput) ToExprPtrOutputWithContext 

func (o ExprOutput) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput

type ExprPtrInput 

type ExprPtrInput interface {
	pulumi.Input

	ToExprPtrOutput() ExprPtrOutput
	ToExprPtrOutputWithContext(context.Context) ExprPtrOutput
}

ExprPtrInput is an input type that accepts ExprArgs, ExprPtr and ExprPtrOutput values. You can construct a concrete instance of `ExprPtrInput` via: 

        ExprArgs{...}

or:

        nil

func ExprPtr 

func ExprPtr(v *ExprArgs) ExprPtrInput

type ExprPtrOutput 

type ExprPtrOutput struct{ *pulumi.OutputState }

func (ExprPtrOutput) Description 

func (o ExprPtrOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (ExprPtrOutput) Elem 

func (o ExprPtrOutput) Elem() ExprOutput

func (ExprPtrOutput) ElementType 

func (ExprPtrOutput) ElementType() reflect.Type

func (ExprPtrOutput) Expression 

func (o ExprPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (ExprPtrOutput) Location 

func (o ExprPtrOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (ExprPtrOutput) Title 

func (o ExprPtrOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (ExprPtrOutput) ToExprPtrOutput 

func (o ExprPtrOutput) ToExprPtrOutput() ExprPtrOutput

func (ExprPtrOutput) ToExprPtrOutputWithContext 

func (o ExprPtrOutput) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput

type ExprResponse 

type ExprResponse struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location string `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title string `pulumi:"title"`
}

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

type ExprResponseOutput 

type ExprResponseOutput struct{ *pulumi.OutputState }

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

func (ExprResponseOutput) Description 

func (o ExprResponseOutput) Description() pulumi.StringOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (ExprResponseOutput) ElementType 

func (ExprResponseOutput) ElementType() reflect.Type

func (ExprResponseOutput) Expression 

func (o ExprResponseOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (ExprResponseOutput) Location 

func (o ExprResponseOutput) Location() pulumi.StringOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (ExprResponseOutput) Title 

func (o ExprResponseOutput) Title() pulumi.StringOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (ExprResponseOutput) ToExprResponseOutput 

func (o ExprResponseOutput) ToExprResponseOutput() ExprResponseOutput

func (ExprResponseOutput) ToExprResponseOutputWithContext 

func (o ExprResponseOutput) ToExprResponseOutputWithContext(ctx context.Context) ExprResponseOutput

type LookupSecretArgs added in v0.4.0 

type LookupSecretArgs struct {
	Project  *string `pulumi:"project"`
	SecretId string  `pulumi:"secretId"`
}

type LookupSecretIamPolicyArgs added in v0.4.0 

type LookupSecretIamPolicyArgs struct {
	OptionsRequestedPolicyVersion *int    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       *string `pulumi:"project"`
	SecretId                      string  `pulumi:"secretId"`
}

type LookupSecretIamPolicyOutputArgs added in v0.8.0 

type LookupSecretIamPolicyOutputArgs struct {
	OptionsRequestedPolicyVersion pulumi.IntPtrInput    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       pulumi.StringPtrInput `pulumi:"project"`
	SecretId                      pulumi.StringInput    `pulumi:"secretId"`
}

func (LookupSecretIamPolicyOutputArgs) ElementType added in v0.8.0 

func (LookupSecretIamPolicyOutputArgs) ElementType() reflect.Type

type LookupSecretIamPolicyResult added in v0.4.0 

type LookupSecretIamPolicyResult struct {
	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs []AuditConfigResponse `pulumi:"auditConfigs"`
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings []BindingResponse `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag string `pulumi:"etag"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version int `pulumi:"version"`
}

func LookupSecretIamPolicy added in v0.4.0 

func LookupSecretIamPolicy(ctx *pulumi.Context, args *LookupSecretIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupSecretIamPolicyResult, error)

Gets the access control policy for a secret. Returns empty policy if the secret exists and does not have a policy set.

type LookupSecretIamPolicyResultOutput added in v0.8.0 

type LookupSecretIamPolicyResultOutput struct{ *pulumi.OutputState }

func LookupSecretIamPolicyOutput added in v0.8.0 

func LookupSecretIamPolicyOutput(ctx *pulumi.Context, args LookupSecretIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupSecretIamPolicyResultOutput

func (LookupSecretIamPolicyResultOutput) AuditConfigs added in v0.8.0 

func (o LookupSecretIamPolicyResultOutput) AuditConfigs() AuditConfigResponseArrayOutput

Specifies cloud audit logging configuration for this policy.

func (LookupSecretIamPolicyResultOutput) Bindings added in v0.8.0 

func (o LookupSecretIamPolicyResultOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (LookupSecretIamPolicyResultOutput) ElementType added in v0.8.0 

func (LookupSecretIamPolicyResultOutput) ElementType() reflect.Type

func (LookupSecretIamPolicyResultOutput) Etag added in v0.8.0 

func (o LookupSecretIamPolicyResultOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (LookupSecretIamPolicyResultOutput) ToLookupSecretIamPolicyResultOutput added in v0.8.0 

func (o LookupSecretIamPolicyResultOutput) ToLookupSecretIamPolicyResultOutput() LookupSecretIamPolicyResultOutput

func (LookupSecretIamPolicyResultOutput) ToLookupSecretIamPolicyResultOutputWithContext added in v0.8.0 

func (o LookupSecretIamPolicyResultOutput) ToLookupSecretIamPolicyResultOutputWithContext(ctx context.Context) LookupSecretIamPolicyResultOutput

func (LookupSecretIamPolicyResultOutput) Version added in v0.8.0 

func (o LookupSecretIamPolicyResultOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type LookupSecretOutputArgs added in v0.8.0 

type LookupSecretOutputArgs struct {
	Project  pulumi.StringPtrInput `pulumi:"project"`
	SecretId pulumi.StringInput    `pulumi:"secretId"`
}

func (LookupSecretOutputArgs) ElementType added in v0.8.0 

func (LookupSecretOutputArgs) ElementType() reflect.Type

type LookupSecretResult added in v0.4.0 

type LookupSecretResult struct {
	// Optional. Custom metadata about the secret. Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database. Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols. The total size of annotation keys and values must be less than 16KiB.
	Annotations map[string]string `pulumi:"annotations"`
	// The time at which the Secret was created.
	CreateTime string `pulumi:"createTime"`
	// Optional. Etag of the currently stored Secret.
	Etag string `pulumi:"etag"`
	// Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.
	ExpireTime string `pulumi:"expireTime"`
	// The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `\p{Ll}\p{Lo}{0,62}` Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}` No more than 64 labels can be assigned to a given resource.
	Labels map[string]string `pulumi:"labels"`
	// The resource name of the Secret in the format `projects/*/secrets/*`.
	Name string `pulumi:"name"`
	// Immutable. The replication policy of the secret data attached to the Secret. The replication policy cannot be changed after the Secret has been created.
	Replication ReplicationResponse `pulumi:"replication"`
	// Optional. Rotation policy attached to the Secret. May be excluded if there is no rotation policy.
	Rotation RotationResponse `pulumi:"rotation"`
	// Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.
	Topics []TopicResponse `pulumi:"topics"`
	// Input only. The TTL for the Secret.
	Ttl string `pulumi:"ttl"`
	// Optional. Mapping from version alias to version name. A version alias is a string with a maximum length of 63 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and underscore ('_') characters. An alias string must start with a letter and cannot be the string 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. Version-Alias pairs will be viewable via GetSecret and modifiable via UpdateSecret. At launch Access by Allias will only be supported on GetSecretVersion and AccessSecretVersion.
	VersionAliases map[string]string `pulumi:"versionAliases"`
}

func LookupSecret added in v0.4.0 

func LookupSecret(ctx *pulumi.Context, args *LookupSecretArgs, opts ...pulumi.InvokeOption) (*LookupSecretResult, error)

Gets metadata for a given Secret.

type LookupSecretResultOutput added in v0.8.0 

type LookupSecretResultOutput struct{ *pulumi.OutputState }

func LookupSecretOutput added in v0.8.0 

func LookupSecretOutput(ctx *pulumi.Context, args LookupSecretOutputArgs, opts ...pulumi.InvokeOption) LookupSecretResultOutput

func (LookupSecretResultOutput) Annotations added in v0.24.0 

func (o LookupSecretResultOutput) Annotations() pulumi.StringMapOutput

Optional. Custom metadata about the secret. Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database. Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols. The total size of annotation keys and values must be less than 16KiB.

func (LookupSecretResultOutput) CreateTime added in v0.8.0 

func (o LookupSecretResultOutput) CreateTime() pulumi.StringOutput

The time at which the Secret was created.

func (LookupSecretResultOutput) ElementType added in v0.8.0 

func (LookupSecretResultOutput) ElementType() reflect.Type

func (LookupSecretResultOutput) Etag added in v0.8.0 

func (o LookupSecretResultOutput) Etag() pulumi.StringOutput

Optional. Etag of the currently stored Secret.

func (LookupSecretResultOutput) ExpireTime added in v0.8.0 

func (o LookupSecretResultOutput) ExpireTime() pulumi.StringOutput

Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.

func (LookupSecretResultOutput) Labels added in v0.8.0 

func (o LookupSecretResultOutput) Labels() pulumi.StringMapOutput

The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `\p{Ll}\p{Lo}{0,62}` Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}` No more than 64 labels can be assigned to a given resource.

func (LookupSecretResultOutput) Name added in v0.8.0 

func (o LookupSecretResultOutput) Name() pulumi.StringOutput

The resource name of the Secret in the format `projects/*/secrets/*`.

func (LookupSecretResultOutput) Replication added in v0.8.0 

func (o LookupSecretResultOutput) Replication() ReplicationResponseOutput

Immutable. The replication policy of the secret data attached to the Secret. The replication policy cannot be changed after the Secret has been created.

func (LookupSecretResultOutput) Rotation added in v0.8.0 

func (o LookupSecretResultOutput) Rotation() RotationResponseOutput

Optional. Rotation policy attached to the Secret. May be excluded if there is no rotation policy.

func (LookupSecretResultOutput) ToLookupSecretResultOutput added in v0.8.0 

func (o LookupSecretResultOutput) ToLookupSecretResultOutput() LookupSecretResultOutput

func (LookupSecretResultOutput) ToLookupSecretResultOutputWithContext added in v0.8.0 

func (o LookupSecretResultOutput) ToLookupSecretResultOutputWithContext(ctx context.Context) LookupSecretResultOutput

func (LookupSecretResultOutput) Topics added in v0.8.0 

func (o LookupSecretResultOutput) Topics() TopicResponseArrayOutput

Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.

func (LookupSecretResultOutput) Ttl added in v0.8.0 

func (o LookupSecretResultOutput) Ttl() pulumi.StringOutput

Input only. The TTL for the Secret.

func (LookupSecretResultOutput) VersionAliases added in v0.21.0 

func (o LookupSecretResultOutput) VersionAliases() pulumi.StringMapOutput

Optional. Mapping from version alias to version name. A version alias is a string with a maximum length of 63 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and underscore ('_') characters. An alias string must start with a letter and cannot be the string 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. Version-Alias pairs will be viewable via GetSecret and modifiable via UpdateSecret. At launch Access by Allias will only be supported on GetSecretVersion and AccessSecretVersion.

type Replica 

type Replica struct {
	// Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
	CustomerManagedEncryption *CustomerManagedEncryption `pulumi:"customerManagedEncryption"`
	// The canonical IDs of the location to replicate data. For example: `"us-east1"`.
	Location *string `pulumi:"location"`
}

Represents a Replica for this Secret.

type ReplicaArgs 

type ReplicaArgs struct {
	// Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
	CustomerManagedEncryption CustomerManagedEncryptionPtrInput `pulumi:"customerManagedEncryption"`
	// The canonical IDs of the location to replicate data. For example: `"us-east1"`.
	Location pulumi.StringPtrInput `pulumi:"location"`
}

Represents a Replica for this Secret.

func (ReplicaArgs) ElementType 

func (ReplicaArgs) ElementType() reflect.Type

func (ReplicaArgs) ToReplicaOutput 

func (i ReplicaArgs) ToReplicaOutput() ReplicaOutput

func (ReplicaArgs) ToReplicaOutputWithContext 

func (i ReplicaArgs) ToReplicaOutputWithContext(ctx context.Context) ReplicaOutput

type ReplicaArray 

type ReplicaArray []ReplicaInput

func (ReplicaArray) ElementType 

func (ReplicaArray) ElementType() reflect.Type

func (ReplicaArray) ToReplicaArrayOutput 

func (i ReplicaArray) ToReplicaArrayOutput() ReplicaArrayOutput

func (ReplicaArray) ToReplicaArrayOutputWithContext 

func (i ReplicaArray) ToReplicaArrayOutputWithContext(ctx context.Context) ReplicaArrayOutput

type ReplicaArrayInput 

type ReplicaArrayInput interface {
	pulumi.Input

	ToReplicaArrayOutput() ReplicaArrayOutput
	ToReplicaArrayOutputWithContext(context.Context) ReplicaArrayOutput
}

ReplicaArrayInput is an input type that accepts ReplicaArray and ReplicaArrayOutput values. You can construct a concrete instance of `ReplicaArrayInput` via: 

ReplicaArray{ ReplicaArgs{...} }

type ReplicaArrayOutput 

type ReplicaArrayOutput struct{ *pulumi.OutputState }

func (ReplicaArrayOutput) ElementType 

func (ReplicaArrayOutput) ElementType() reflect.Type

func (ReplicaArrayOutput) Index 

func (o ReplicaArrayOutput) Index(i pulumi.IntInput) ReplicaOutput

func (ReplicaArrayOutput) ToReplicaArrayOutput 

func (o ReplicaArrayOutput) ToReplicaArrayOutput() ReplicaArrayOutput

func (ReplicaArrayOutput) ToReplicaArrayOutputWithContext 

func (o ReplicaArrayOutput) ToReplicaArrayOutputWithContext(ctx context.Context) ReplicaArrayOutput

type ReplicaInput 

type ReplicaInput interface {
	pulumi.Input

	ToReplicaOutput() ReplicaOutput
	ToReplicaOutputWithContext(context.Context) ReplicaOutput
}

ReplicaInput is an input type that accepts ReplicaArgs and ReplicaOutput values. You can construct a concrete instance of `ReplicaInput` via: 

ReplicaArgs{...}

type ReplicaOutput 

type ReplicaOutput struct{ *pulumi.OutputState }

Represents a Replica for this Secret.

func (ReplicaOutput) CustomerManagedEncryption 

func (o ReplicaOutput) CustomerManagedEncryption() CustomerManagedEncryptionPtrOutput

Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.

func (ReplicaOutput) ElementType 

func (ReplicaOutput) ElementType() reflect.Type

func (ReplicaOutput) Location 

func (o ReplicaOutput) Location() pulumi.StringPtrOutput

The canonical IDs of the location to replicate data. For example: `"us-east1"`.

func (ReplicaOutput) ToReplicaOutput 

func (o ReplicaOutput) ToReplicaOutput() ReplicaOutput

func (ReplicaOutput) ToReplicaOutputWithContext 

func (o ReplicaOutput) ToReplicaOutputWithContext(ctx context.Context) ReplicaOutput

type ReplicaResponse 

type ReplicaResponse struct {
	// Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.
	CustomerManagedEncryption CustomerManagedEncryptionResponse `pulumi:"customerManagedEncryption"`
	// The canonical IDs of the location to replicate data. For example: `"us-east1"`.
	Location string `pulumi:"location"`
}

Represents a Replica for this Secret.

type ReplicaResponseArrayOutput 

type ReplicaResponseArrayOutput struct{ *pulumi.OutputState }

func (ReplicaResponseArrayOutput) ElementType 

func (ReplicaResponseArrayOutput) ElementType() reflect.Type

func (ReplicaResponseArrayOutput) Index 

func (o ReplicaResponseArrayOutput) Index(i pulumi.IntInput) ReplicaResponseOutput

func (ReplicaResponseArrayOutput) ToReplicaResponseArrayOutput 

func (o ReplicaResponseArrayOutput) ToReplicaResponseArrayOutput() ReplicaResponseArrayOutput

func (ReplicaResponseArrayOutput) ToReplicaResponseArrayOutputWithContext 

func (o ReplicaResponseArrayOutput) ToReplicaResponseArrayOutputWithContext(ctx context.Context) ReplicaResponseArrayOutput

type ReplicaResponseOutput 

type ReplicaResponseOutput struct{ *pulumi.OutputState }

Represents a Replica for this Secret.

func (ReplicaResponseOutput) CustomerManagedEncryption 

func (o ReplicaResponseOutput) CustomerManagedEncryption() CustomerManagedEncryptionResponseOutput

Optional. The customer-managed encryption configuration of the User-Managed Replica. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.

func (ReplicaResponseOutput) ElementType 

func (ReplicaResponseOutput) ElementType() reflect.Type

func (ReplicaResponseOutput) Location 

func (o ReplicaResponseOutput) Location() pulumi.StringOutput

The canonical IDs of the location to replicate data. For example: `"us-east1"`.

func (ReplicaResponseOutput) ToReplicaResponseOutput 

func (o ReplicaResponseOutput) ToReplicaResponseOutput() ReplicaResponseOutput

func (ReplicaResponseOutput) ToReplicaResponseOutputWithContext 

func (o ReplicaResponseOutput) ToReplicaResponseOutputWithContext(ctx context.Context) ReplicaResponseOutput

type Replication 

type Replication struct {
	// The Secret will automatically be replicated without any restrictions.
	Automatic *Automatic `pulumi:"automatic"`
	// The Secret will only be replicated into the locations specified.
	UserManaged *UserManaged `pulumi:"userManaged"`
}

A policy that defines the replication and encryption configuration of data.

type ReplicationArgs 

type ReplicationArgs struct {
	// The Secret will automatically be replicated without any restrictions.
	Automatic AutomaticPtrInput `pulumi:"automatic"`
	// The Secret will only be replicated into the locations specified.
	UserManaged UserManagedPtrInput `pulumi:"userManaged"`
}

A policy that defines the replication and encryption configuration of data.

func (ReplicationArgs) ElementType 

func (ReplicationArgs) ElementType() reflect.Type

func (ReplicationArgs) ToReplicationOutput 

func (i ReplicationArgs) ToReplicationOutput() ReplicationOutput

func (ReplicationArgs) ToReplicationOutputWithContext 

func (i ReplicationArgs) ToReplicationOutputWithContext(ctx context.Context) ReplicationOutput

type ReplicationInput 

type ReplicationInput interface {
	pulumi.Input

	ToReplicationOutput() ReplicationOutput
	ToReplicationOutputWithContext(context.Context) ReplicationOutput
}

ReplicationInput is an input type that accepts ReplicationArgs and ReplicationOutput values. You can construct a concrete instance of `ReplicationInput` via: 

ReplicationArgs{...}

type ReplicationOutput 

type ReplicationOutput struct{ *pulumi.OutputState }

A policy that defines the replication and encryption configuration of data.

func (ReplicationOutput) Automatic 

func (o ReplicationOutput) Automatic() AutomaticPtrOutput

The Secret will automatically be replicated without any restrictions.

func (ReplicationOutput) ElementType 

func (ReplicationOutput) ElementType() reflect.Type

func (ReplicationOutput) ToReplicationOutput 

func (o ReplicationOutput) ToReplicationOutput() ReplicationOutput

func (ReplicationOutput) ToReplicationOutputWithContext 

func (o ReplicationOutput) ToReplicationOutputWithContext(ctx context.Context) ReplicationOutput

func (ReplicationOutput) UserManaged 

func (o ReplicationOutput) UserManaged() UserManagedPtrOutput

The Secret will only be replicated into the locations specified.

type ReplicationResponse 

type ReplicationResponse struct {
	// The Secret will automatically be replicated without any restrictions.
	Automatic AutomaticResponse `pulumi:"automatic"`
	// The Secret will only be replicated into the locations specified.
	UserManaged UserManagedResponse `pulumi:"userManaged"`
}

A policy that defines the replication and encryption configuration of data.

type ReplicationResponseOutput 

type ReplicationResponseOutput struct{ *pulumi.OutputState }

A policy that defines the replication and encryption configuration of data.

func (ReplicationResponseOutput) Automatic 

func (o ReplicationResponseOutput) Automatic() AutomaticResponseOutput

The Secret will automatically be replicated without any restrictions.

func (ReplicationResponseOutput) ElementType 

func (ReplicationResponseOutput) ElementType() reflect.Type

func (ReplicationResponseOutput) ToReplicationResponseOutput 

func (o ReplicationResponseOutput) ToReplicationResponseOutput() ReplicationResponseOutput

func (ReplicationResponseOutput) ToReplicationResponseOutputWithContext 

func (o ReplicationResponseOutput) ToReplicationResponseOutputWithContext(ctx context.Context) ReplicationResponseOutput

func (ReplicationResponseOutput) UserManaged 

func (o ReplicationResponseOutput) UserManaged() UserManagedResponseOutput

The Secret will only be replicated into the locations specified.

type Rotation 

type Rotation struct {
	// Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
	NextRotationTime *string `pulumi:"nextRotationTime"`
	// Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
	RotationPeriod *string `pulumi:"rotationPeriod"`
}

The rotation time and period for a Secret. At next_rotation_time, Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. Secret.topics must be set to configure rotation.

type RotationArgs 

type RotationArgs struct {
	// Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
	NextRotationTime pulumi.StringPtrInput `pulumi:"nextRotationTime"`
	// Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
	RotationPeriod pulumi.StringPtrInput `pulumi:"rotationPeriod"`
}

The rotation time and period for a Secret. At next_rotation_time, Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. Secret.topics must be set to configure rotation.

func (RotationArgs) ElementType 

func (RotationArgs) ElementType() reflect.Type

func (RotationArgs) ToRotationOutput 

func (i RotationArgs) ToRotationOutput() RotationOutput

func (RotationArgs) ToRotationOutputWithContext 

func (i RotationArgs) ToRotationOutputWithContext(ctx context.Context) RotationOutput

func (RotationArgs) ToRotationPtrOutput 

func (i RotationArgs) ToRotationPtrOutput() RotationPtrOutput

func (RotationArgs) ToRotationPtrOutputWithContext 

func (i RotationArgs) ToRotationPtrOutputWithContext(ctx context.Context) RotationPtrOutput

type RotationInput 

type RotationInput interface {
	pulumi.Input

	ToRotationOutput() RotationOutput
	ToRotationOutputWithContext(context.Context) RotationOutput
}

RotationInput is an input type that accepts RotationArgs and RotationOutput values. You can construct a concrete instance of `RotationInput` via: 

RotationArgs{...}

type RotationOutput 

type RotationOutput struct{ *pulumi.OutputState }

The rotation time and period for a Secret. At next_rotation_time, Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. Secret.topics must be set to configure rotation.

func (RotationOutput) ElementType 

func (RotationOutput) ElementType() reflect.Type

func (RotationOutput) NextRotationTime 

func (o RotationOutput) NextRotationTime() pulumi.StringPtrOutput

Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.

func (RotationOutput) RotationPeriod 

func (o RotationOutput) RotationPeriod() pulumi.StringPtrOutput

Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.

func (RotationOutput) ToRotationOutput 

func (o RotationOutput) ToRotationOutput() RotationOutput

func (RotationOutput) ToRotationOutputWithContext 

func (o RotationOutput) ToRotationOutputWithContext(ctx context.Context) RotationOutput

func (RotationOutput) ToRotationPtrOutput 

func (o RotationOutput) ToRotationPtrOutput() RotationPtrOutput

func (RotationOutput) ToRotationPtrOutputWithContext 

func (o RotationOutput) ToRotationPtrOutputWithContext(ctx context.Context) RotationPtrOutput

type RotationPtrInput 

type RotationPtrInput interface {
	pulumi.Input

	ToRotationPtrOutput() RotationPtrOutput
	ToRotationPtrOutputWithContext(context.Context) RotationPtrOutput
}

RotationPtrInput is an input type that accepts RotationArgs, RotationPtr and RotationPtrOutput values. You can construct a concrete instance of `RotationPtrInput` via: 

        RotationArgs{...}

or:

        nil

func RotationPtr 

func RotationPtr(v *RotationArgs) RotationPtrInput

type RotationPtrOutput 

type RotationPtrOutput struct{ *pulumi.OutputState }

func (RotationPtrOutput) Elem 

func (o RotationPtrOutput) Elem() RotationOutput

func (RotationPtrOutput) ElementType 

func (RotationPtrOutput) ElementType() reflect.Type

func (RotationPtrOutput) NextRotationTime 

func (o RotationPtrOutput) NextRotationTime() pulumi.StringPtrOutput

Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.

func (RotationPtrOutput) RotationPeriod 

func (o RotationPtrOutput) RotationPeriod() pulumi.StringPtrOutput

Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.

func (RotationPtrOutput) ToRotationPtrOutput 

func (o RotationPtrOutput) ToRotationPtrOutput() RotationPtrOutput

func (RotationPtrOutput) ToRotationPtrOutputWithContext 

func (o RotationPtrOutput) ToRotationPtrOutputWithContext(ctx context.Context) RotationPtrOutput

type RotationResponse 

type RotationResponse struct {
	// Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.
	NextRotationTime string `pulumi:"nextRotationTime"`
	// Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.
	RotationPeriod string `pulumi:"rotationPeriod"`
}

The rotation time and period for a Secret. At next_rotation_time, Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. Secret.topics must be set to configure rotation.

type RotationResponseOutput 

type RotationResponseOutput struct{ *pulumi.OutputState }

The rotation time and period for a Secret. At next_rotation_time, Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. Secret.topics must be set to configure rotation.

func (RotationResponseOutput) ElementType 

func (RotationResponseOutput) ElementType() reflect.Type

func (RotationResponseOutput) NextRotationTime 

func (o RotationResponseOutput) NextRotationTime() pulumi.StringOutput

Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years). next_rotation_time MUST be set if rotation_period is set.

func (RotationResponseOutput) RotationPeriod 

func (o RotationResponseOutput) RotationPeriod() pulumi.StringOutput

Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotation_period is set, next_rotation_time must be set. next_rotation_time will be advanced by this period when the service automatically sends rotation notifications.

func (RotationResponseOutput) ToRotationResponseOutput 

func (o RotationResponseOutput) ToRotationResponseOutput() RotationResponseOutput

func (RotationResponseOutput) ToRotationResponseOutputWithContext 

func (o RotationResponseOutput) ToRotationResponseOutputWithContext(ctx context.Context) RotationResponseOutput

type Secret 

type Secret struct {
	pulumi.CustomResourceState

	// Optional. Custom metadata about the secret. Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database. Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols. The total size of annotation keys and values must be less than 16KiB.
	Annotations pulumi.StringMapOutput `pulumi:"annotations"`
	// The time at which the Secret was created.
	CreateTime pulumi.StringOutput `pulumi:"createTime"`
	// Optional. Etag of the currently stored Secret.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.
	ExpireTime pulumi.StringOutput `pulumi:"expireTime"`
	// The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `\p{Ll}\p{Lo}{0,62}` Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}` No more than 64 labels can be assigned to a given resource.
	Labels pulumi.StringMapOutput `pulumi:"labels"`
	// The resource name of the Secret in the format `projects/*/secrets/*`.
	Name    pulumi.StringOutput `pulumi:"name"`
	Project pulumi.StringOutput `pulumi:"project"`
	// Immutable. The replication policy of the secret data attached to the Secret. The replication policy cannot be changed after the Secret has been created.
	Replication ReplicationResponseOutput `pulumi:"replication"`
	// Optional. Rotation policy attached to the Secret. May be excluded if there is no rotation policy.
	Rotation RotationResponseOutput `pulumi:"rotation"`
	// Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and underscore (`_`) characters.
	SecretId pulumi.StringOutput `pulumi:"secretId"`
	// Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.
	Topics TopicResponseArrayOutput `pulumi:"topics"`
	// Input only. The TTL for the Secret.
	Ttl pulumi.StringOutput `pulumi:"ttl"`
	// Optional. Mapping from version alias to version name. A version alias is a string with a maximum length of 63 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and underscore ('_') characters. An alias string must start with a letter and cannot be the string 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. Version-Alias pairs will be viewable via GetSecret and modifiable via UpdateSecret. At launch Access by Allias will only be supported on GetSecretVersion and AccessSecretVersion.
	VersionAliases pulumi.StringMapOutput `pulumi:"versionAliases"`
}

Creates a new Secret containing no SecretVersions. Auto-naming is currently not supported for this resource.

func GetSecret 

func GetSecret(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretState, opts ...pulumi.ResourceOption) (*Secret, error)

GetSecret gets an existing Secret resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecret 

func NewSecret(ctx *pulumi.Context,
	name string, args *SecretArgs, opts ...pulumi.ResourceOption) (*Secret, error)

NewSecret registers a new resource with the given unique name, arguments, and options.

func (*Secret) ElementType 

func (*Secret) ElementType() reflect.Type

func (*Secret) ToSecretOutput 

func (i *Secret) ToSecretOutput() SecretOutput

func (*Secret) ToSecretOutputWithContext 

func (i *Secret) ToSecretOutputWithContext(ctx context.Context) SecretOutput

type SecretArgs 

type SecretArgs struct {
	// Optional. Custom metadata about the secret. Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database. Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols. The total size of annotation keys and values must be less than 16KiB.
	Annotations pulumi.StringMapInput
	// Optional. Etag of the currently stored Secret.
	Etag pulumi.StringPtrInput
	// Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.
	ExpireTime pulumi.StringPtrInput
	// The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `\p{Ll}\p{Lo}{0,62}` Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}` No more than 64 labels can be assigned to a given resource.
	Labels  pulumi.StringMapInput
	Project pulumi.StringPtrInput
	// Immutable. The replication policy of the secret data attached to the Secret. The replication policy cannot be changed after the Secret has been created.
	Replication ReplicationInput
	// Optional. Rotation policy attached to the Secret. May be excluded if there is no rotation policy.
	Rotation RotationPtrInput
	// Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and underscore (`_`) characters.
	SecretId pulumi.StringInput
	// Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.
	Topics TopicArrayInput
	// Input only. The TTL for the Secret.
	Ttl pulumi.StringPtrInput
	// Optional. Mapping from version alias to version name. A version alias is a string with a maximum length of 63 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and underscore ('_') characters. An alias string must start with a letter and cannot be the string 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. Version-Alias pairs will be viewable via GetSecret and modifiable via UpdateSecret. At launch Access by Allias will only be supported on GetSecretVersion and AccessSecretVersion.
	VersionAliases pulumi.StringMapInput
}

The set of arguments for constructing a Secret resource.

func (SecretArgs) ElementType 

func (SecretArgs) ElementType() reflect.Type

type SecretIamBinding added in v0.26.0 

type SecretIamBinding struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition iam.ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the access control policy on the specified secret. Replaces any existing policy. Permissions on SecretVersions are enforced according to the policy set on the associated Secret.

func GetSecretIamBinding added in v0.26.0 

func GetSecretIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretIamBindingState, opts ...pulumi.ResourceOption) (*SecretIamBinding, error)

GetSecretIamBinding gets an existing SecretIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretIamBinding added in v0.26.0 

func NewSecretIamBinding(ctx *pulumi.Context,
	name string, args *SecretIamBindingArgs, opts ...pulumi.ResourceOption) (*SecretIamBinding, error)

NewSecretIamBinding registers a new resource with the given unique name, arguments, and options.

func (*SecretIamBinding) ElementType added in v0.26.0 

func (*SecretIamBinding) ElementType() reflect.Type

func (*SecretIamBinding) ToSecretIamBindingOutput added in v0.26.0 

func (i *SecretIamBinding) ToSecretIamBindingOutput() SecretIamBindingOutput

func (*SecretIamBinding) ToSecretIamBindingOutputWithContext added in v0.26.0 

func (i *SecretIamBinding) ToSecretIamBindingOutputWithContext(ctx context.Context) SecretIamBindingOutput

type SecretIamBindingArgs added in v0.26.0 

type SecretIamBindingArgs struct {
	// An IAM Condition for a given binding.
	Condition iam.ConditionPtrInput
	// Identities that will be granted the privilege in role. Each entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied. Only one `IamBinding` can be used per role.
	Role pulumi.StringInput
}

The set of arguments for constructing a SecretIamBinding resource.

func (SecretIamBindingArgs) ElementType added in v0.26.0 

func (SecretIamBindingArgs) ElementType() reflect.Type

type SecretIamBindingInput added in v0.26.0 

type SecretIamBindingInput interface {
	pulumi.Input

	ToSecretIamBindingOutput() SecretIamBindingOutput
	ToSecretIamBindingOutputWithContext(ctx context.Context) SecretIamBindingOutput
}

type SecretIamBindingOutput added in v0.26.0 

type SecretIamBindingOutput struct{ *pulumi.OutputState }

func (SecretIamBindingOutput) Condition added in v0.26.0 

func (o SecretIamBindingOutput) Condition() iam.ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (SecretIamBindingOutput) ElementType added in v0.26.0 

func (SecretIamBindingOutput) ElementType() reflect.Type

func (SecretIamBindingOutput) Etag added in v0.26.0 

func (o SecretIamBindingOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (SecretIamBindingOutput) Members added in v0.26.0 

func (o SecretIamBindingOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (SecretIamBindingOutput) Name added in v0.26.0 

func (o SecretIamBindingOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (SecretIamBindingOutput) Project added in v0.26.0 

func (o SecretIamBindingOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (SecretIamBindingOutput) Role added in v0.26.0 

func (o SecretIamBindingOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (SecretIamBindingOutput) ToSecretIamBindingOutput added in v0.26.0 

func (o SecretIamBindingOutput) ToSecretIamBindingOutput() SecretIamBindingOutput

func (SecretIamBindingOutput) ToSecretIamBindingOutputWithContext added in v0.26.0 

func (o SecretIamBindingOutput) ToSecretIamBindingOutputWithContext(ctx context.Context) SecretIamBindingOutput

type SecretIamBindingState added in v0.26.0 

type SecretIamBindingState struct {
}

func (SecretIamBindingState) ElementType added in v0.26.0 

func (SecretIamBindingState) ElementType() reflect.Type

type SecretIamMember added in v0.26.0 

type SecretIamMember struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition iam.ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Member pulumi.StringOutput `pulumi:"member"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the access control policy on the specified secret. Replaces any existing policy. Permissions on SecretVersions are enforced according to the policy set on the associated Secret.

func GetSecretIamMember added in v0.26.0 

func GetSecretIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretIamMemberState, opts ...pulumi.ResourceOption) (*SecretIamMember, error)

GetSecretIamMember gets an existing SecretIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretIamMember added in v0.26.0 

func NewSecretIamMember(ctx *pulumi.Context,
	name string, args *SecretIamMemberArgs, opts ...pulumi.ResourceOption) (*SecretIamMember, error)

NewSecretIamMember registers a new resource with the given unique name, arguments, and options.

func (*SecretIamMember) ElementType added in v0.26.0 

func (*SecretIamMember) ElementType() reflect.Type

func (*SecretIamMember) ToSecretIamMemberOutput added in v0.26.0 

func (i *SecretIamMember) ToSecretIamMemberOutput() SecretIamMemberOutput

func (*SecretIamMember) ToSecretIamMemberOutputWithContext added in v0.26.0 

func (i *SecretIamMember) ToSecretIamMemberOutputWithContext(ctx context.Context) SecretIamMemberOutput

type SecretIamMemberArgs added in v0.26.0 

type SecretIamMemberArgs struct {
	// An IAM Condition for a given binding.
	Condition iam.ConditionPtrInput
	// Identity that will be granted the privilege in role. The entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied.
	Role pulumi.StringInput
}

The set of arguments for constructing a SecretIamMember resource.

func (SecretIamMemberArgs) ElementType added in v0.26.0 

func (SecretIamMemberArgs) ElementType() reflect.Type

type SecretIamMemberInput added in v0.26.0 

type SecretIamMemberInput interface {
	pulumi.Input

	ToSecretIamMemberOutput() SecretIamMemberOutput
	ToSecretIamMemberOutputWithContext(ctx context.Context) SecretIamMemberOutput
}

type SecretIamMemberOutput added in v0.26.0 

type SecretIamMemberOutput struct{ *pulumi.OutputState }

func (SecretIamMemberOutput) Condition added in v0.26.0 

func (o SecretIamMemberOutput) Condition() iam.ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (SecretIamMemberOutput) ElementType added in v0.26.0 

func (SecretIamMemberOutput) ElementType() reflect.Type

func (SecretIamMemberOutput) Etag added in v0.26.0 

func (o SecretIamMemberOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (SecretIamMemberOutput) Member added in v0.26.0 

func (o SecretIamMemberOutput) Member() pulumi.StringOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (SecretIamMemberOutput) Name added in v0.26.0 

func (o SecretIamMemberOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (SecretIamMemberOutput) Project added in v0.26.0 

func (o SecretIamMemberOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (SecretIamMemberOutput) Role added in v0.26.0 

func (o SecretIamMemberOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (SecretIamMemberOutput) ToSecretIamMemberOutput added in v0.26.0 

func (o SecretIamMemberOutput) ToSecretIamMemberOutput() SecretIamMemberOutput

func (SecretIamMemberOutput) ToSecretIamMemberOutputWithContext added in v0.26.0 

func (o SecretIamMemberOutput) ToSecretIamMemberOutputWithContext(ctx context.Context) SecretIamMemberOutput

type SecretIamMemberState added in v0.26.0 

type SecretIamMemberState struct {
}

func (SecretIamMemberState) ElementType added in v0.26.0 

func (SecretIamMemberState) ElementType() reflect.Type

type SecretIamPolicy 

type SecretIamPolicy struct {
	pulumi.CustomResourceState

	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs AuditConfigResponseArrayOutput `pulumi:"auditConfigs"`
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingResponseArrayOutput `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag     pulumi.StringOutput `pulumi:"etag"`
	Project  pulumi.StringOutput `pulumi:"project"`
	SecretId pulumi.StringOutput `pulumi:"secretId"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntOutput `pulumi:"version"`
}

Sets the access control policy on the specified secret. Replaces any existing policy. Permissions on SecretVersions are enforced according to the policy set on the associated Secret. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

func GetSecretIamPolicy 

func GetSecretIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretIamPolicyState, opts ...pulumi.ResourceOption) (*SecretIamPolicy, error)

GetSecretIamPolicy gets an existing SecretIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretIamPolicy 

func NewSecretIamPolicy(ctx *pulumi.Context,
	name string, args *SecretIamPolicyArgs, opts ...pulumi.ResourceOption) (*SecretIamPolicy, error)

NewSecretIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*SecretIamPolicy) ElementType 

func (*SecretIamPolicy) ElementType() reflect.Type

func (*SecretIamPolicy) ToSecretIamPolicyOutput 

func (i *SecretIamPolicy) ToSecretIamPolicyOutput() SecretIamPolicyOutput

func (*SecretIamPolicy) ToSecretIamPolicyOutputWithContext 

func (i *SecretIamPolicy) ToSecretIamPolicyOutputWithContext(ctx context.Context) SecretIamPolicyOutput

type SecretIamPolicyArgs 

type SecretIamPolicyArgs struct {
	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs AuditConfigArrayInput
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingArrayInput
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag     pulumi.StringPtrInput
	Project  pulumi.StringPtrInput
	SecretId pulumi.StringInput
	// OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: "bindings, etag"`
	UpdateMask pulumi.StringPtrInput
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntPtrInput
}

The set of arguments for constructing a SecretIamPolicy resource.

func (SecretIamPolicyArgs) ElementType 

func (SecretIamPolicyArgs) ElementType() reflect.Type

type SecretIamPolicyInput 

type SecretIamPolicyInput interface {
	pulumi.Input

	ToSecretIamPolicyOutput() SecretIamPolicyOutput
	ToSecretIamPolicyOutputWithContext(ctx context.Context) SecretIamPolicyOutput
}

type SecretIamPolicyOutput 

type SecretIamPolicyOutput struct{ *pulumi.OutputState }

func (SecretIamPolicyOutput) AuditConfigs added in v0.19.0 

func (o SecretIamPolicyOutput) AuditConfigs() AuditConfigResponseArrayOutput

Specifies cloud audit logging configuration for this policy.

func (SecretIamPolicyOutput) Bindings added in v0.19.0 

func (o SecretIamPolicyOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (SecretIamPolicyOutput) ElementType 

func (SecretIamPolicyOutput) ElementType() reflect.Type

func (SecretIamPolicyOutput) Etag added in v0.19.0 

func (o SecretIamPolicyOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (SecretIamPolicyOutput) Project added in v0.21.0 

func (o SecretIamPolicyOutput) Project() pulumi.StringOutput

func (SecretIamPolicyOutput) SecretId added in v0.21.0 

func (o SecretIamPolicyOutput) SecretId() pulumi.StringOutput

func (SecretIamPolicyOutput) ToSecretIamPolicyOutput 

func (o SecretIamPolicyOutput) ToSecretIamPolicyOutput() SecretIamPolicyOutput

func (SecretIamPolicyOutput) ToSecretIamPolicyOutputWithContext 

func (o SecretIamPolicyOutput) ToSecretIamPolicyOutputWithContext(ctx context.Context) SecretIamPolicyOutput

func (SecretIamPolicyOutput) Version added in v0.19.0 

func (o SecretIamPolicyOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type SecretIamPolicyState 

type SecretIamPolicyState struct {
}

func (SecretIamPolicyState) ElementType 

func (SecretIamPolicyState) ElementType() reflect.Type

type SecretInput 

type SecretInput interface {
	pulumi.Input

	ToSecretOutput() SecretOutput
	ToSecretOutputWithContext(ctx context.Context) SecretOutput
}

type SecretOutput 

type SecretOutput struct{ *pulumi.OutputState }

func (SecretOutput) Annotations added in v0.24.0 

func (o SecretOutput) Annotations() pulumi.StringMapOutput

Optional. Custom metadata about the secret. Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database. Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols. The total size of annotation keys and values must be less than 16KiB.

func (SecretOutput) CreateTime added in v0.19.0 

func (o SecretOutput) CreateTime() pulumi.StringOutput

The time at which the Secret was created.

func (SecretOutput) ElementType 

func (SecretOutput) ElementType() reflect.Type

func (SecretOutput) Etag added in v0.19.0 

func (o SecretOutput) Etag() pulumi.StringOutput

Optional. Etag of the currently stored Secret.

func (SecretOutput) ExpireTime added in v0.19.0 

func (o SecretOutput) ExpireTime() pulumi.StringOutput

Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.

func (SecretOutput) Labels added in v0.19.0 

func (o SecretOutput) Labels() pulumi.StringMapOutput

The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `\p{Ll}\p{Lo}{0,62}` Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}` No more than 64 labels can be assigned to a given resource.

func (SecretOutput) Name added in v0.19.0 

func (o SecretOutput) Name() pulumi.StringOutput

The resource name of the Secret in the format `projects/*/secrets/*`.

func (SecretOutput) Project added in v0.21.0 

func (o SecretOutput) Project() pulumi.StringOutput

func (SecretOutput) Replication added in v0.19.0 

func (o SecretOutput) Replication() ReplicationResponseOutput

Immutable. The replication policy of the secret data attached to the Secret. The replication policy cannot be changed after the Secret has been created.

func (SecretOutput) Rotation added in v0.19.0 

func (o SecretOutput) Rotation() RotationResponseOutput

Optional. Rotation policy attached to the Secret. May be excluded if there is no rotation policy.

func (SecretOutput) SecretId added in v0.21.0 

func (o SecretOutput) SecretId() pulumi.StringOutput

Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and underscore (`_`) characters.

func (SecretOutput) ToSecretOutput 

func (o SecretOutput) ToSecretOutput() SecretOutput

func (SecretOutput) ToSecretOutputWithContext 

func (o SecretOutput) ToSecretOutputWithContext(ctx context.Context) SecretOutput

func (SecretOutput) Topics added in v0.19.0 

func (o SecretOutput) Topics() TopicResponseArrayOutput

Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.

func (SecretOutput) Ttl added in v0.19.0 

func (o SecretOutput) Ttl() pulumi.StringOutput

Input only. The TTL for the Secret.

func (SecretOutput) VersionAliases added in v0.21.0 

func (o SecretOutput) VersionAliases() pulumi.StringMapOutput

Optional. Mapping from version alias to version name. A version alias is a string with a maximum length of 63 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and underscore ('_') characters. An alias string must start with a letter and cannot be the string 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. Version-Alias pairs will be viewable via GetSecret and modifiable via UpdateSecret. At launch Access by Allias will only be supported on GetSecretVersion and AccessSecretVersion.

type SecretState 

type SecretState struct {
}

func (SecretState) ElementType 

func (SecretState) ElementType() reflect.Type

type Topic 

type Topic struct {
	// The resource name of the Pub/Sub topic that will be published to, in the following format: `projects/*/topics/*`. For publication to succeed, the Secret Manager service agent must have the `pubsub.topic.publish` permission on the topic. The Pub/Sub Publisher role (`roles/pubsub.publisher`) includes this permission.
	Name string `pulumi:"name"`
}

A Pub/Sub topic which Secret Manager will publish to when control plane events occur on this secret.

type TopicArgs 

type TopicArgs struct {
	// The resource name of the Pub/Sub topic that will be published to, in the following format: `projects/*/topics/*`. For publication to succeed, the Secret Manager service agent must have the `pubsub.topic.publish` permission on the topic. The Pub/Sub Publisher role (`roles/pubsub.publisher`) includes this permission.
	Name pulumi.StringInput `pulumi:"name"`
}

A Pub/Sub topic which Secret Manager will publish to when control plane events occur on this secret.

func (TopicArgs) ElementType 

func (TopicArgs) ElementType() reflect.Type

func (TopicArgs) ToTopicOutput 

func (i TopicArgs) ToTopicOutput() TopicOutput

func (TopicArgs) ToTopicOutputWithContext 

func (i TopicArgs) ToTopicOutputWithContext(ctx context.Context) TopicOutput

type TopicArray 

type TopicArray []TopicInput

func (TopicArray) ElementType 

func (TopicArray) ElementType() reflect.Type

func (TopicArray) ToTopicArrayOutput 

func (i TopicArray) ToTopicArrayOutput() TopicArrayOutput

func (TopicArray) ToTopicArrayOutputWithContext 

func (i TopicArray) ToTopicArrayOutputWithContext(ctx context.Context) TopicArrayOutput

type TopicArrayInput 

type TopicArrayInput interface {
	pulumi.Input

	ToTopicArrayOutput() TopicArrayOutput
	ToTopicArrayOutputWithContext(context.Context) TopicArrayOutput
}

TopicArrayInput is an input type that accepts TopicArray and TopicArrayOutput values. You can construct a concrete instance of `TopicArrayInput` via: 

TopicArray{ TopicArgs{...} }

type TopicArrayOutput 

type TopicArrayOutput struct{ *pulumi.OutputState }

func (TopicArrayOutput) ElementType 

func (TopicArrayOutput) ElementType() reflect.Type

func (TopicArrayOutput) Index 

func (o TopicArrayOutput) Index(i pulumi.IntInput) TopicOutput

func (TopicArrayOutput) ToTopicArrayOutput 

func (o TopicArrayOutput) ToTopicArrayOutput() TopicArrayOutput

func (TopicArrayOutput) ToTopicArrayOutputWithContext 

func (o TopicArrayOutput) ToTopicArrayOutputWithContext(ctx context.Context) TopicArrayOutput

type TopicInput 

type TopicInput interface {
	pulumi.Input

	ToTopicOutput() TopicOutput
	ToTopicOutputWithContext(context.Context) TopicOutput
}

TopicInput is an input type that accepts TopicArgs and TopicOutput values. You can construct a concrete instance of `TopicInput` via: 

TopicArgs{...}

type TopicOutput 

type TopicOutput struct{ *pulumi.OutputState }

A Pub/Sub topic which Secret Manager will publish to when control plane events occur on this secret.

func (TopicOutput) ElementType 

func (TopicOutput) ElementType() reflect.Type

func (TopicOutput) Name 

func (o TopicOutput) Name() pulumi.StringOutput

The resource name of the Pub/Sub topic that will be published to, in the following format: `projects/*/topics/*`. For publication to succeed, the Secret Manager service agent must have the `pubsub.topic.publish` permission on the topic. The Pub/Sub Publisher role (`roles/pubsub.publisher`) includes this permission.

func (TopicOutput) ToTopicOutput 

func (o TopicOutput) ToTopicOutput() TopicOutput

func (TopicOutput) ToTopicOutputWithContext 

func (o TopicOutput) ToTopicOutputWithContext(ctx context.Context) TopicOutput

type TopicResponse 

type TopicResponse struct {
	// The resource name of the Pub/Sub topic that will be published to, in the following format: `projects/*/topics/*`. For publication to succeed, the Secret Manager service agent must have the `pubsub.topic.publish` permission on the topic. The Pub/Sub Publisher role (`roles/pubsub.publisher`) includes this permission.
	Name string `pulumi:"name"`
}

A Pub/Sub topic which Secret Manager will publish to when control plane events occur on this secret.

type TopicResponseArrayOutput 

type TopicResponseArrayOutput struct{ *pulumi.OutputState }

func (TopicResponseArrayOutput) ElementType 

func (TopicResponseArrayOutput) ElementType() reflect.Type

func (TopicResponseArrayOutput) Index 

func (o TopicResponseArrayOutput) Index(i pulumi.IntInput) TopicResponseOutput

func (TopicResponseArrayOutput) ToTopicResponseArrayOutput 

func (o TopicResponseArrayOutput) ToTopicResponseArrayOutput() TopicResponseArrayOutput

func (TopicResponseArrayOutput) ToTopicResponseArrayOutputWithContext 

func (o TopicResponseArrayOutput) ToTopicResponseArrayOutputWithContext(ctx context.Context) TopicResponseArrayOutput

type TopicResponseOutput 

type TopicResponseOutput struct{ *pulumi.OutputState }

A Pub/Sub topic which Secret Manager will publish to when control plane events occur on this secret.

func (TopicResponseOutput) ElementType 

func (TopicResponseOutput) ElementType() reflect.Type

func (TopicResponseOutput) Name 

func (o TopicResponseOutput) Name() pulumi.StringOutput

The resource name of the Pub/Sub topic that will be published to, in the following format: `projects/*/topics/*`. For publication to succeed, the Secret Manager service agent must have the `pubsub.topic.publish` permission on the topic. The Pub/Sub Publisher role (`roles/pubsub.publisher`) includes this permission.

func (TopicResponseOutput) ToTopicResponseOutput 

func (o TopicResponseOutput) ToTopicResponseOutput() TopicResponseOutput

func (TopicResponseOutput) ToTopicResponseOutputWithContext 

func (o TopicResponseOutput) ToTopicResponseOutputWithContext(ctx context.Context) TopicResponseOutput

type UserManaged 

type UserManaged struct {
	// The list of Replicas for this Secret. Cannot be empty.
	Replicas []Replica `pulumi:"replicas"`
}

A replication policy that replicates the Secret payload into the locations specified in Secret.replication.user_managed.replicas

type UserManagedArgs 

type UserManagedArgs struct {
	// The list of Replicas for this Secret. Cannot be empty.
	Replicas ReplicaArrayInput `pulumi:"replicas"`
}

A replication policy that replicates the Secret payload into the locations specified in Secret.replication.user_managed.replicas

func (UserManagedArgs) ElementType 

func (UserManagedArgs) ElementType() reflect.Type

func (UserManagedArgs) ToUserManagedOutput 

func (i UserManagedArgs) ToUserManagedOutput() UserManagedOutput

func (UserManagedArgs) ToUserManagedOutputWithContext 

func (i UserManagedArgs) ToUserManagedOutputWithContext(ctx context.Context) UserManagedOutput

func (UserManagedArgs) ToUserManagedPtrOutput 

func (i UserManagedArgs) ToUserManagedPtrOutput() UserManagedPtrOutput

func (UserManagedArgs) ToUserManagedPtrOutputWithContext 

func (i UserManagedArgs) ToUserManagedPtrOutputWithContext(ctx context.Context) UserManagedPtrOutput

type UserManagedInput 

type UserManagedInput interface {
	pulumi.Input

	ToUserManagedOutput() UserManagedOutput
	ToUserManagedOutputWithContext(context.Context) UserManagedOutput
}

UserManagedInput is an input type that accepts UserManagedArgs and UserManagedOutput values. You can construct a concrete instance of `UserManagedInput` via: 

UserManagedArgs{...}

type UserManagedOutput 

type UserManagedOutput struct{ *pulumi.OutputState }

A replication policy that replicates the Secret payload into the locations specified in Secret.replication.user_managed.replicas

func (UserManagedOutput) ElementType 

func (UserManagedOutput) ElementType() reflect.Type

func (UserManagedOutput) Replicas 

func (o UserManagedOutput) Replicas() ReplicaArrayOutput

The list of Replicas for this Secret. Cannot be empty.

func (UserManagedOutput) ToUserManagedOutput 

func (o UserManagedOutput) ToUserManagedOutput() UserManagedOutput

func (UserManagedOutput) ToUserManagedOutputWithContext 

func (o UserManagedOutput) ToUserManagedOutputWithContext(ctx context.Context) UserManagedOutput

func (UserManagedOutput) ToUserManagedPtrOutput 

func (o UserManagedOutput) ToUserManagedPtrOutput() UserManagedPtrOutput

func (UserManagedOutput) ToUserManagedPtrOutputWithContext 

func (o UserManagedOutput) ToUserManagedPtrOutputWithContext(ctx context.Context) UserManagedPtrOutput

type UserManagedPtrInput 

type UserManagedPtrInput interface {
	pulumi.Input

	ToUserManagedPtrOutput() UserManagedPtrOutput
	ToUserManagedPtrOutputWithContext(context.Context) UserManagedPtrOutput
}

UserManagedPtrInput is an input type that accepts UserManagedArgs, UserManagedPtr and UserManagedPtrOutput values. You can construct a concrete instance of `UserManagedPtrInput` via: 

        UserManagedArgs{...}

or:

        nil

func UserManagedPtr 

func UserManagedPtr(v *UserManagedArgs) UserManagedPtrInput

type UserManagedPtrOutput 

type UserManagedPtrOutput struct{ *pulumi.OutputState }

func (UserManagedPtrOutput) Elem 

func (o UserManagedPtrOutput) Elem() UserManagedOutput

func (UserManagedPtrOutput) ElementType 

func (UserManagedPtrOutput) ElementType() reflect.Type

func (UserManagedPtrOutput) Replicas 

func (o UserManagedPtrOutput) Replicas() ReplicaArrayOutput

The list of Replicas for this Secret. Cannot be empty.

func (UserManagedPtrOutput) ToUserManagedPtrOutput 

func (o UserManagedPtrOutput) ToUserManagedPtrOutput() UserManagedPtrOutput

func (UserManagedPtrOutput) ToUserManagedPtrOutputWithContext 

func (o UserManagedPtrOutput) ToUserManagedPtrOutputWithContext(ctx context.Context) UserManagedPtrOutput

type UserManagedResponse 

type UserManagedResponse struct {
	// The list of Replicas for this Secret. Cannot be empty.
	Replicas []ReplicaResponse `pulumi:"replicas"`
}

A replication policy that replicates the Secret payload into the locations specified in Secret.replication.user_managed.replicas

type UserManagedResponseOutput 

type UserManagedResponseOutput struct{ *pulumi.OutputState }

A replication policy that replicates the Secret payload into the locations specified in Secret.replication.user_managed.replicas

func (UserManagedResponseOutput) ElementType 

func (UserManagedResponseOutput) ElementType() reflect.Type

func (UserManagedResponseOutput) Replicas 

func (o UserManagedResponseOutput) Replicas() ReplicaResponseArrayOutput

The list of Replicas for this Secret. Cannot be empty.

func (UserManagedResponseOutput) ToUserManagedResponseOutput 

func (o UserManagedResponseOutput) ToUserManagedResponseOutput() UserManagedResponseOutput

func (UserManagedResponseOutput) ToUserManagedResponseOutputWithContext 

func (o UserManagedResponseOutput) ToUserManagedResponseOutputWithContext(ctx context.Context) UserManagedResponseOutput

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.