v1

package
v0.28.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 2, 2023 License: Apache-2.0 Imports: 7 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	// Default case. Should never be this.
	AuditLogConfigLogTypeLogTypeUnspecified = AuditLogConfigLogType("LOG_TYPE_UNSPECIFIED")
	// Admin reads. Example: CloudIAM getIamPolicy
	AuditLogConfigLogTypeAdminRead = AuditLogConfigLogType("ADMIN_READ")
	// Data writes. Example: CloudSQL Users create
	AuditLogConfigLogTypeDataWrite = AuditLogConfigLogType("DATA_WRITE")
	// Data reads. Example: CloudSQL Users list
	AuditLogConfigLogTypeDataRead = AuditLogConfigLogType("DATA_READ")
)
View Source 
const (
	// An unspecified key algorithm.
	KeyKeyAlgorithmKeyAlgUnspecified = KeyKeyAlgorithm("KEY_ALG_UNSPECIFIED")
	// 1k RSA Key.
	KeyKeyAlgorithmKeyAlgRsa1024 = KeyKeyAlgorithm("KEY_ALG_RSA_1024")
	// 2k RSA Key.
	KeyKeyAlgorithmKeyAlgRsa2048 = KeyKeyAlgorithm("KEY_ALG_RSA_2048")
)
View Source 
const (
	// Unspecified. Equivalent to `TYPE_GOOGLE_CREDENTIALS_FILE`.
	KeyPrivateKeyTypeTypeUnspecified = KeyPrivateKeyType("TYPE_UNSPECIFIED")
	// PKCS12 format. The password for the PKCS12 file is `notasecret`. For more information, see https://tools.ietf.org/html/rfc7292.
	KeyPrivateKeyTypeTypePkcs12File = KeyPrivateKeyType("TYPE_PKCS12_FILE")
	// Google Credentials File format.
	KeyPrivateKeyTypeTypeGoogleCredentialsFile = KeyPrivateKeyType("TYPE_GOOGLE_CREDENTIALS_FILE")
)
View Source 
const (
	// The user has indicated this role is currently in an Alpha phase. If this launch stage is selected, the `stage` field will not be included when requesting the definition for a given role.
	OrganizationRoleStageAlpha = OrganizationRoleStage("ALPHA")
	// The user has indicated this role is currently in a Beta phase.
	OrganizationRoleStageBeta = OrganizationRoleStage("BETA")
	// The user has indicated this role is generally available.
	OrganizationRoleStageGa = OrganizationRoleStage("GA")
	// The user has indicated this role is being deprecated.
	OrganizationRoleStageDeprecated = OrganizationRoleStage("DEPRECATED")
	// This role is disabled and will not contribute permissions to any principals it is granted to in policies.
	OrganizationRoleStageDisabled = OrganizationRoleStage("DISABLED")
	// The user has indicated this role is currently in an EAP phase.
	OrganizationRoleStageEap = OrganizationRoleStage("EAP")
)
View Source 
const (
	// The user has indicated this role is currently in an Alpha phase. If this launch stage is selected, the `stage` field will not be included when requesting the definition for a given role.
	RoleStageAlpha = RoleStage("ALPHA")
	// The user has indicated this role is currently in a Beta phase.
	RoleStageBeta = RoleStage("BETA")
	// The user has indicated this role is generally available.
	RoleStageGa = RoleStage("GA")
	// The user has indicated this role is being deprecated.
	RoleStageDeprecated = RoleStage("DEPRECATED")
	// This role is disabled and will not contribute permissions to any principals it is granted to in policies.
	RoleStageDisabled = RoleStage("DISABLED")
	// The user has indicated this role is currently in an EAP phase.
	RoleStageEap = RoleStage("EAP")
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AuditConfig 

type AuditConfig struct {
	// The configuration for logging of each type of permission.
	AuditLogConfigs []AuditLogConfig `pulumi:"auditLogConfigs"`
	// Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
	Service *string `pulumi:"service"`
}

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.

type AuditConfigArgs 

type AuditConfigArgs struct {
	// The configuration for logging of each type of permission.
	AuditLogConfigs AuditLogConfigArrayInput `pulumi:"auditLogConfigs"`
	// Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
	Service pulumi.StringPtrInput `pulumi:"service"`
}

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.

func (AuditConfigArgs) ElementType 

func (AuditConfigArgs) ElementType() reflect.Type

func (AuditConfigArgs) ToAuditConfigOutput 

func (i AuditConfigArgs) ToAuditConfigOutput() AuditConfigOutput

func (AuditConfigArgs) ToAuditConfigOutputWithContext 

func (i AuditConfigArgs) ToAuditConfigOutputWithContext(ctx context.Context) AuditConfigOutput

type AuditConfigArray 

type AuditConfigArray []AuditConfigInput

func (AuditConfigArray) ElementType 

func (AuditConfigArray) ElementType() reflect.Type

func (AuditConfigArray) ToAuditConfigArrayOutput 

func (i AuditConfigArray) ToAuditConfigArrayOutput() AuditConfigArrayOutput

func (AuditConfigArray) ToAuditConfigArrayOutputWithContext 

func (i AuditConfigArray) ToAuditConfigArrayOutputWithContext(ctx context.Context) AuditConfigArrayOutput

type AuditConfigArrayInput 

type AuditConfigArrayInput interface {
	pulumi.Input

	ToAuditConfigArrayOutput() AuditConfigArrayOutput
	ToAuditConfigArrayOutputWithContext(context.Context) AuditConfigArrayOutput
}

AuditConfigArrayInput is an input type that accepts AuditConfigArray and AuditConfigArrayOutput values. You can construct a concrete instance of `AuditConfigArrayInput` via: 

AuditConfigArray{ AuditConfigArgs{...} }

type AuditConfigArrayOutput 

type AuditConfigArrayOutput struct{ *pulumi.OutputState }

func (AuditConfigArrayOutput) ElementType 

func (AuditConfigArrayOutput) ElementType() reflect.Type

func (AuditConfigArrayOutput) Index 

func (o AuditConfigArrayOutput) Index(i pulumi.IntInput) AuditConfigOutput

func (AuditConfigArrayOutput) ToAuditConfigArrayOutput 

func (o AuditConfigArrayOutput) ToAuditConfigArrayOutput() AuditConfigArrayOutput

func (AuditConfigArrayOutput) ToAuditConfigArrayOutputWithContext 

func (o AuditConfigArrayOutput) ToAuditConfigArrayOutputWithContext(ctx context.Context) AuditConfigArrayOutput

type AuditConfigInput 

type AuditConfigInput interface {
	pulumi.Input

	ToAuditConfigOutput() AuditConfigOutput
	ToAuditConfigOutputWithContext(context.Context) AuditConfigOutput
}

AuditConfigInput is an input type that accepts AuditConfigArgs and AuditConfigOutput values. You can construct a concrete instance of `AuditConfigInput` via: 

AuditConfigArgs{...}

type AuditConfigOutput 

type AuditConfigOutput struct{ *pulumi.OutputState }

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.

func (AuditConfigOutput) AuditLogConfigs 

func (o AuditConfigOutput) AuditLogConfigs() AuditLogConfigArrayOutput

The configuration for logging of each type of permission.

func (AuditConfigOutput) ElementType 

func (AuditConfigOutput) ElementType() reflect.Type

func (AuditConfigOutput) Service 

func (o AuditConfigOutput) Service() pulumi.StringPtrOutput

Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.

func (AuditConfigOutput) ToAuditConfigOutput 

func (o AuditConfigOutput) ToAuditConfigOutput() AuditConfigOutput

func (AuditConfigOutput) ToAuditConfigOutputWithContext 

func (o AuditConfigOutput) ToAuditConfigOutputWithContext(ctx context.Context) AuditConfigOutput

type AuditConfigResponse 

type AuditConfigResponse struct {
	// The configuration for logging of each type of permission.
	AuditLogConfigs []AuditLogConfigResponse `pulumi:"auditLogConfigs"`
	// Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
	Service string `pulumi:"service"`
}

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.

type AuditConfigResponseArrayOutput 

type AuditConfigResponseArrayOutput struct{ *pulumi.OutputState }

func (AuditConfigResponseArrayOutput) ElementType 

func (AuditConfigResponseArrayOutput) ElementType() reflect.Type

func (AuditConfigResponseArrayOutput) Index 

func (o AuditConfigResponseArrayOutput) Index(i pulumi.IntInput) AuditConfigResponseOutput

func (AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutput 

func (o AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutput() AuditConfigResponseArrayOutput

func (AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutputWithContext 

func (o AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutputWithContext(ctx context.Context) AuditConfigResponseArrayOutput

type AuditConfigResponseOutput 

type AuditConfigResponseOutput struct{ *pulumi.OutputState }

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.

func (AuditConfigResponseOutput) AuditLogConfigs 

func (o AuditConfigResponseOutput) AuditLogConfigs() AuditLogConfigResponseArrayOutput

The configuration for logging of each type of permission.

func (AuditConfigResponseOutput) ElementType 

func (AuditConfigResponseOutput) ElementType() reflect.Type

func (AuditConfigResponseOutput) Service 

func (o AuditConfigResponseOutput) Service() pulumi.StringOutput

Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.

func (AuditConfigResponseOutput) ToAuditConfigResponseOutput 

func (o AuditConfigResponseOutput) ToAuditConfigResponseOutput() AuditConfigResponseOutput

func (AuditConfigResponseOutput) ToAuditConfigResponseOutputWithContext 

func (o AuditConfigResponseOutput) ToAuditConfigResponseOutputWithContext(ctx context.Context) AuditConfigResponseOutput

type AuditLogConfig 

type AuditLogConfig struct {
	// Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
	ExemptedMembers []string `pulumi:"exemptedMembers"`
	// The log type that this config enables.
	LogType *AuditLogConfigLogType `pulumi:"logType"`
}

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

type AuditLogConfigArgs 

type AuditLogConfigArgs struct {
	// Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
	ExemptedMembers pulumi.StringArrayInput `pulumi:"exemptedMembers"`
	// The log type that this config enables.
	LogType AuditLogConfigLogTypePtrInput `pulumi:"logType"`
}

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

func (AuditLogConfigArgs) ElementType 

func (AuditLogConfigArgs) ElementType() reflect.Type

func (AuditLogConfigArgs) ToAuditLogConfigOutput 

func (i AuditLogConfigArgs) ToAuditLogConfigOutput() AuditLogConfigOutput

func (AuditLogConfigArgs) ToAuditLogConfigOutputWithContext 

func (i AuditLogConfigArgs) ToAuditLogConfigOutputWithContext(ctx context.Context) AuditLogConfigOutput

type AuditLogConfigArray 

type AuditLogConfigArray []AuditLogConfigInput

func (AuditLogConfigArray) ElementType 

func (AuditLogConfigArray) ElementType() reflect.Type

func (AuditLogConfigArray) ToAuditLogConfigArrayOutput 

func (i AuditLogConfigArray) ToAuditLogConfigArrayOutput() AuditLogConfigArrayOutput

func (AuditLogConfigArray) ToAuditLogConfigArrayOutputWithContext 

func (i AuditLogConfigArray) ToAuditLogConfigArrayOutputWithContext(ctx context.Context) AuditLogConfigArrayOutput

type AuditLogConfigArrayInput 

type AuditLogConfigArrayInput interface {
	pulumi.Input

	ToAuditLogConfigArrayOutput() AuditLogConfigArrayOutput
	ToAuditLogConfigArrayOutputWithContext(context.Context) AuditLogConfigArrayOutput
}

AuditLogConfigArrayInput is an input type that accepts AuditLogConfigArray and AuditLogConfigArrayOutput values. You can construct a concrete instance of `AuditLogConfigArrayInput` via: 

AuditLogConfigArray{ AuditLogConfigArgs{...} }

type AuditLogConfigArrayOutput 

type AuditLogConfigArrayOutput struct{ *pulumi.OutputState }

func (AuditLogConfigArrayOutput) ElementType 

func (AuditLogConfigArrayOutput) ElementType() reflect.Type

func (AuditLogConfigArrayOutput) Index 

func (o AuditLogConfigArrayOutput) Index(i pulumi.IntInput) AuditLogConfigOutput

func (AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutput 

func (o AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutput() AuditLogConfigArrayOutput

func (AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutputWithContext 

func (o AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutputWithContext(ctx context.Context) AuditLogConfigArrayOutput

type AuditLogConfigInput 

type AuditLogConfigInput interface {
	pulumi.Input

	ToAuditLogConfigOutput() AuditLogConfigOutput
	ToAuditLogConfigOutputWithContext(context.Context) AuditLogConfigOutput
}

AuditLogConfigInput is an input type that accepts AuditLogConfigArgs and AuditLogConfigOutput values. You can construct a concrete instance of `AuditLogConfigInput` via: 

AuditLogConfigArgs{...}

type AuditLogConfigLogType added in v0.4.0 

type AuditLogConfigLogType string

The log type that this config enables.

func (AuditLogConfigLogType) ElementType added in v0.4.0 

func (AuditLogConfigLogType) ElementType() reflect.Type

func (AuditLogConfigLogType) ToAuditLogConfigLogTypeOutput added in v0.6.0 

func (e AuditLogConfigLogType) ToAuditLogConfigLogTypeOutput() AuditLogConfigLogTypeOutput

func (AuditLogConfigLogType) ToAuditLogConfigLogTypeOutputWithContext added in v0.6.0 

func (e AuditLogConfigLogType) ToAuditLogConfigLogTypeOutputWithContext(ctx context.Context) AuditLogConfigLogTypeOutput

func (AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutput added in v0.6.0 

func (e AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutputWithContext added in v0.6.0 

func (e AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutputWithContext(ctx context.Context) AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogType) ToStringOutput added in v0.4.0 

func (e AuditLogConfigLogType) ToStringOutput() pulumi.StringOutput

func (AuditLogConfigLogType) ToStringOutputWithContext added in v0.4.0 

func (e AuditLogConfigLogType) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (AuditLogConfigLogType) ToStringPtrOutput added in v0.4.0 

func (e AuditLogConfigLogType) ToStringPtrOutput() pulumi.StringPtrOutput

func (AuditLogConfigLogType) ToStringPtrOutputWithContext added in v0.4.0 

func (e AuditLogConfigLogType) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type AuditLogConfigLogTypeInput added in v0.6.0 

type AuditLogConfigLogTypeInput interface {
	pulumi.Input

	ToAuditLogConfigLogTypeOutput() AuditLogConfigLogTypeOutput
	ToAuditLogConfigLogTypeOutputWithContext(context.Context) AuditLogConfigLogTypeOutput
}

AuditLogConfigLogTypeInput is an input type that accepts AuditLogConfigLogTypeArgs and AuditLogConfigLogTypeOutput values. You can construct a concrete instance of `AuditLogConfigLogTypeInput` via: 

AuditLogConfigLogTypeArgs{...}

type AuditLogConfigLogTypeOutput added in v0.6.0 

type AuditLogConfigLogTypeOutput struct{ *pulumi.OutputState }

func (AuditLogConfigLogTypeOutput) ElementType added in v0.6.0 

func (AuditLogConfigLogTypeOutput) ElementType() reflect.Type

func (AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutput added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutput() AuditLogConfigLogTypeOutput

func (AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutputWithContext(ctx context.Context) AuditLogConfigLogTypeOutput

func (AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutput added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutputWithContext(ctx context.Context) AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogTypeOutput) ToStringOutput added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToStringOutput() pulumi.StringOutput

func (AuditLogConfigLogTypeOutput) ToStringOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (AuditLogConfigLogTypeOutput) ToStringPtrOutput added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (AuditLogConfigLogTypeOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type AuditLogConfigLogTypePtrInput added in v0.6.0 

type AuditLogConfigLogTypePtrInput interface {
	pulumi.Input

	ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput
	ToAuditLogConfigLogTypePtrOutputWithContext(context.Context) AuditLogConfigLogTypePtrOutput
}

func AuditLogConfigLogTypePtr added in v0.6.0 

func AuditLogConfigLogTypePtr(v string) AuditLogConfigLogTypePtrInput

type AuditLogConfigLogTypePtrOutput added in v0.6.0 

type AuditLogConfigLogTypePtrOutput struct{ *pulumi.OutputState }

func (AuditLogConfigLogTypePtrOutput) Elem added in v0.6.0 

func (o AuditLogConfigLogTypePtrOutput) Elem() AuditLogConfigLogTypeOutput

func (AuditLogConfigLogTypePtrOutput) ElementType added in v0.6.0 

func (AuditLogConfigLogTypePtrOutput) ElementType() reflect.Type

func (AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutput added in v0.6.0 

func (o AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutputWithContext(ctx context.Context) AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogTypePtrOutput) ToStringPtrOutput added in v0.6.0 

func (o AuditLogConfigLogTypePtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (AuditLogConfigLogTypePtrOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypePtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type AuditLogConfigOutput 

type AuditLogConfigOutput struct{ *pulumi.OutputState }

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

func (AuditLogConfigOutput) ElementType 

func (AuditLogConfigOutput) ElementType() reflect.Type

func (AuditLogConfigOutput) ExemptedMembers 

func (o AuditLogConfigOutput) ExemptedMembers() pulumi.StringArrayOutput

Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.

func (AuditLogConfigOutput) LogType 

func (o AuditLogConfigOutput) LogType() AuditLogConfigLogTypePtrOutput

The log type that this config enables.

func (AuditLogConfigOutput) ToAuditLogConfigOutput 

func (o AuditLogConfigOutput) ToAuditLogConfigOutput() AuditLogConfigOutput

func (AuditLogConfigOutput) ToAuditLogConfigOutputWithContext 

func (o AuditLogConfigOutput) ToAuditLogConfigOutputWithContext(ctx context.Context) AuditLogConfigOutput

type AuditLogConfigResponse 

type AuditLogConfigResponse struct {
	// Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
	ExemptedMembers []string `pulumi:"exemptedMembers"`
	// The log type that this config enables.
	LogType string `pulumi:"logType"`
}

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

type AuditLogConfigResponseArrayOutput 

type AuditLogConfigResponseArrayOutput struct{ *pulumi.OutputState }

func (AuditLogConfigResponseArrayOutput) ElementType 

func (AuditLogConfigResponseArrayOutput) ElementType() reflect.Type

func (AuditLogConfigResponseArrayOutput) Index 

func (o AuditLogConfigResponseArrayOutput) Index(i pulumi.IntInput) AuditLogConfigResponseOutput

func (AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutput 

func (o AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutput() AuditLogConfigResponseArrayOutput

func (AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutputWithContext 

func (o AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutputWithContext(ctx context.Context) AuditLogConfigResponseArrayOutput

type AuditLogConfigResponseOutput 

type AuditLogConfigResponseOutput struct{ *pulumi.OutputState }

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

func (AuditLogConfigResponseOutput) ElementType 

func (AuditLogConfigResponseOutput) ElementType() reflect.Type

func (AuditLogConfigResponseOutput) ExemptedMembers 

func (o AuditLogConfigResponseOutput) ExemptedMembers() pulumi.StringArrayOutput

Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.

func (AuditLogConfigResponseOutput) LogType 

func (o AuditLogConfigResponseOutput) LogType() pulumi.StringOutput

The log type that this config enables.

func (AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutput 

func (o AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutput() AuditLogConfigResponseOutput

func (AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutputWithContext 

func (o AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutputWithContext(ctx context.Context) AuditLogConfigResponseOutput

type Aws 

type Aws struct {
	// The AWS account ID.
	AccountId string `pulumi:"accountId"`
}

Represents an Amazon Web Services identity provider.

type AwsArgs 

type AwsArgs struct {
	// The AWS account ID.
	AccountId pulumi.StringInput `pulumi:"accountId"`
}

Represents an Amazon Web Services identity provider.

func (AwsArgs) ElementType 

func (AwsArgs) ElementType() reflect.Type

func (AwsArgs) ToAwsOutput 

func (i AwsArgs) ToAwsOutput() AwsOutput

func (AwsArgs) ToAwsOutputWithContext 

func (i AwsArgs) ToAwsOutputWithContext(ctx context.Context) AwsOutput

func (AwsArgs) ToAwsPtrOutput 

func (i AwsArgs) ToAwsPtrOutput() AwsPtrOutput

func (AwsArgs) ToAwsPtrOutputWithContext 

func (i AwsArgs) ToAwsPtrOutputWithContext(ctx context.Context) AwsPtrOutput

type AwsInput 

type AwsInput interface {
	pulumi.Input

	ToAwsOutput() AwsOutput
	ToAwsOutputWithContext(context.Context) AwsOutput
}

AwsInput is an input type that accepts AwsArgs and AwsOutput values. You can construct a concrete instance of `AwsInput` via: 

AwsArgs{...}

type AwsOutput 

type AwsOutput struct{ *pulumi.OutputState }

Represents an Amazon Web Services identity provider.

func (AwsOutput) AccountId 

func (o AwsOutput) AccountId() pulumi.StringOutput

The AWS account ID.

func (AwsOutput) ElementType 

func (AwsOutput) ElementType() reflect.Type

func (AwsOutput) ToAwsOutput 

func (o AwsOutput) ToAwsOutput() AwsOutput

func (AwsOutput) ToAwsOutputWithContext 

func (o AwsOutput) ToAwsOutputWithContext(ctx context.Context) AwsOutput

func (AwsOutput) ToAwsPtrOutput 

func (o AwsOutput) ToAwsPtrOutput() AwsPtrOutput

func (AwsOutput) ToAwsPtrOutputWithContext 

func (o AwsOutput) ToAwsPtrOutputWithContext(ctx context.Context) AwsPtrOutput

type AwsPtrInput 

type AwsPtrInput interface {
	pulumi.Input

	ToAwsPtrOutput() AwsPtrOutput
	ToAwsPtrOutputWithContext(context.Context) AwsPtrOutput
}

AwsPtrInput is an input type that accepts AwsArgs, AwsPtr and AwsPtrOutput values. You can construct a concrete instance of `AwsPtrInput` via: 

        AwsArgs{...}

or:

        nil

func AwsPtr 

func AwsPtr(v *AwsArgs) AwsPtrInput

type AwsPtrOutput 

type AwsPtrOutput struct{ *pulumi.OutputState }

func (AwsPtrOutput) AccountId 

func (o AwsPtrOutput) AccountId() pulumi.StringPtrOutput

The AWS account ID.

func (AwsPtrOutput) Elem 

func (o AwsPtrOutput) Elem() AwsOutput

func (AwsPtrOutput) ElementType 

func (AwsPtrOutput) ElementType() reflect.Type

func (AwsPtrOutput) ToAwsPtrOutput 

func (o AwsPtrOutput) ToAwsPtrOutput() AwsPtrOutput

func (AwsPtrOutput) ToAwsPtrOutputWithContext 

func (o AwsPtrOutput) ToAwsPtrOutputWithContext(ctx context.Context) AwsPtrOutput

type AwsResponse 

type AwsResponse struct {
	// The AWS account ID.
	AccountId string `pulumi:"accountId"`
}

Represents an Amazon Web Services identity provider.

type AwsResponseOutput 

type AwsResponseOutput struct{ *pulumi.OutputState }

Represents an Amazon Web Services identity provider.

func (AwsResponseOutput) AccountId 

func (o AwsResponseOutput) AccountId() pulumi.StringOutput

The AWS account ID.

func (AwsResponseOutput) ElementType 

func (AwsResponseOutput) ElementType() reflect.Type

func (AwsResponseOutput) ToAwsResponseOutput 

func (o AwsResponseOutput) ToAwsResponseOutput() AwsResponseOutput

func (AwsResponseOutput) ToAwsResponseOutputWithContext 

func (o AwsResponseOutput) ToAwsResponseOutputWithContext(ctx context.Context) AwsResponseOutput

type Binding 

type Binding struct {
	// The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Condition *Expr `pulumi:"condition"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
	Members []string `pulumi:"members"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role *string `pulumi:"role"`
}

Associates `members`, or principals, with a `role`.

type BindingArgs 

type BindingArgs struct {
	// The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Condition ExprPtrInput `pulumi:"condition"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
	Members pulumi.StringArrayInput `pulumi:"members"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringPtrInput `pulumi:"role"`
}

Associates `members`, or principals, with a `role`.

func (BindingArgs) ElementType 

func (BindingArgs) ElementType() reflect.Type

func (BindingArgs) ToBindingOutput 

func (i BindingArgs) ToBindingOutput() BindingOutput

func (BindingArgs) ToBindingOutputWithContext 

func (i BindingArgs) ToBindingOutputWithContext(ctx context.Context) BindingOutput

type BindingArray 

type BindingArray []BindingInput

func (BindingArray) ElementType 

func (BindingArray) ElementType() reflect.Type

func (BindingArray) ToBindingArrayOutput 

func (i BindingArray) ToBindingArrayOutput() BindingArrayOutput

func (BindingArray) ToBindingArrayOutputWithContext 

func (i BindingArray) ToBindingArrayOutputWithContext(ctx context.Context) BindingArrayOutput

type BindingArrayInput 

type BindingArrayInput interface {
	pulumi.Input

	ToBindingArrayOutput() BindingArrayOutput
	ToBindingArrayOutputWithContext(context.Context) BindingArrayOutput
}

BindingArrayInput is an input type that accepts BindingArray and BindingArrayOutput values. You can construct a concrete instance of `BindingArrayInput` via: 

BindingArray{ BindingArgs{...} }

type BindingArrayOutput 

type BindingArrayOutput struct{ *pulumi.OutputState }

func (BindingArrayOutput) ElementType 

func (BindingArrayOutput) ElementType() reflect.Type

func (BindingArrayOutput) Index 

func (o BindingArrayOutput) Index(i pulumi.IntInput) BindingOutput

func (BindingArrayOutput) ToBindingArrayOutput 

func (o BindingArrayOutput) ToBindingArrayOutput() BindingArrayOutput

func (BindingArrayOutput) ToBindingArrayOutputWithContext 

func (o BindingArrayOutput) ToBindingArrayOutputWithContext(ctx context.Context) BindingArrayOutput

type BindingInput 

type BindingInput interface {
	pulumi.Input

	ToBindingOutput() BindingOutput
	ToBindingOutputWithContext(context.Context) BindingOutput
}

BindingInput is an input type that accepts BindingArgs and BindingOutput values. You can construct a concrete instance of `BindingInput` via: 

BindingArgs{...}

type BindingOutput 

type BindingOutput struct{ *pulumi.OutputState }

Associates `members`, or principals, with a `role`.

func (BindingOutput) Condition 

func (o BindingOutput) Condition() ExprPtrOutput

The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

func (BindingOutput) ElementType 

func (BindingOutput) ElementType() reflect.Type

func (BindingOutput) Members 

func (o BindingOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.

func (BindingOutput) Role 

func (o BindingOutput) Role() pulumi.StringPtrOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (BindingOutput) ToBindingOutput 

func (o BindingOutput) ToBindingOutput() BindingOutput

func (BindingOutput) ToBindingOutputWithContext 

func (o BindingOutput) ToBindingOutputWithContext(ctx context.Context) BindingOutput

type BindingResponse 

type BindingResponse struct {
	// The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Condition ExprResponse `pulumi:"condition"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
	Members []string `pulumi:"members"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role string `pulumi:"role"`
}

Associates `members`, or principals, with a `role`.

type BindingResponseArrayOutput 

type BindingResponseArrayOutput struct{ *pulumi.OutputState }

func (BindingResponseArrayOutput) ElementType 

func (BindingResponseArrayOutput) ElementType() reflect.Type

func (BindingResponseArrayOutput) Index 

func (o BindingResponseArrayOutput) Index(i pulumi.IntInput) BindingResponseOutput

func (BindingResponseArrayOutput) ToBindingResponseArrayOutput 

func (o BindingResponseArrayOutput) ToBindingResponseArrayOutput() BindingResponseArrayOutput

func (BindingResponseArrayOutput) ToBindingResponseArrayOutputWithContext 

func (o BindingResponseArrayOutput) ToBindingResponseArrayOutputWithContext(ctx context.Context) BindingResponseArrayOutput

type BindingResponseOutput 

type BindingResponseOutput struct{ *pulumi.OutputState }

Associates `members`, or principals, with a `role`.

func (BindingResponseOutput) Condition 

func (o BindingResponseOutput) Condition() ExprResponseOutput

The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

func (BindingResponseOutput) ElementType 

func (BindingResponseOutput) ElementType() reflect.Type

func (BindingResponseOutput) Members 

func (o BindingResponseOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.

func (BindingResponseOutput) Role 

func (o BindingResponseOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (BindingResponseOutput) ToBindingResponseOutput 

func (o BindingResponseOutput) ToBindingResponseOutput() BindingResponseOutput

func (BindingResponseOutput) ToBindingResponseOutputWithContext 

func (o BindingResponseOutput) ToBindingResponseOutputWithContext(ctx context.Context) BindingResponseOutput

type Condition added in v0.26.0 

type Condition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g., when hovering over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

type ConditionArgs added in v0.26.0 

type ConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g., when hovering over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (ConditionArgs) ElementType added in v0.26.0 

func (ConditionArgs) ElementType() reflect.Type

func (ConditionArgs) ToConditionOutput added in v0.26.0 

func (i ConditionArgs) ToConditionOutput() ConditionOutput

func (ConditionArgs) ToConditionOutputWithContext added in v0.26.0 

func (i ConditionArgs) ToConditionOutputWithContext(ctx context.Context) ConditionOutput

func (ConditionArgs) ToConditionPtrOutput added in v0.26.0 

func (i ConditionArgs) ToConditionPtrOutput() ConditionPtrOutput

func (ConditionArgs) ToConditionPtrOutputWithContext added in v0.26.0 

func (i ConditionArgs) ToConditionPtrOutputWithContext(ctx context.Context) ConditionPtrOutput

type ConditionInput added in v0.26.0 

type ConditionInput interface {
	pulumi.Input

	ToConditionOutput() ConditionOutput
	ToConditionOutputWithContext(context.Context) ConditionOutput
}

ConditionInput is an input type that accepts ConditionArgs and ConditionOutput values. You can construct a concrete instance of `ConditionInput` via: 

ConditionArgs{...}

type ConditionOutput added in v0.26.0 

type ConditionOutput struct{ *pulumi.OutputState }

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (ConditionOutput) Description added in v0.26.0 

func (o ConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g., when hovering over it in a UI.

func (ConditionOutput) ElementType added in v0.26.0 

func (ConditionOutput) ElementType() reflect.Type

func (ConditionOutput) Expression added in v0.26.0 

func (o ConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (ConditionOutput) Title added in v0.26.0 

func (o ConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (ConditionOutput) ToConditionOutput added in v0.26.0 

func (o ConditionOutput) ToConditionOutput() ConditionOutput

func (ConditionOutput) ToConditionOutputWithContext added in v0.26.0 

func (o ConditionOutput) ToConditionOutputWithContext(ctx context.Context) ConditionOutput

func (ConditionOutput) ToConditionPtrOutput added in v0.26.0 

func (o ConditionOutput) ToConditionPtrOutput() ConditionPtrOutput

func (ConditionOutput) ToConditionPtrOutputWithContext added in v0.26.0 

func (o ConditionOutput) ToConditionPtrOutputWithContext(ctx context.Context) ConditionPtrOutput

type ConditionPtrInput added in v0.26.0 

type ConditionPtrInput interface {
	pulumi.Input

	ToConditionPtrOutput() ConditionPtrOutput
	ToConditionPtrOutputWithContext(context.Context) ConditionPtrOutput
}

ConditionPtrInput is an input type that accepts ConditionArgs, ConditionPtr and ConditionPtrOutput values. You can construct a concrete instance of `ConditionPtrInput` via: 

        ConditionArgs{...}

or:

        nil

func ConditionPtr added in v0.26.0 

func ConditionPtr(v *ConditionArgs) ConditionPtrInput

type ConditionPtrOutput added in v0.26.0 

type ConditionPtrOutput struct{ *pulumi.OutputState }

func (ConditionPtrOutput) Description added in v0.26.0 

func (o ConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g., when hovering over it in a UI.

func (ConditionPtrOutput) Elem added in v0.26.0 

func (o ConditionPtrOutput) Elem() ConditionOutput

func (ConditionPtrOutput) ElementType added in v0.26.0 

func (ConditionPtrOutput) ElementType() reflect.Type

func (ConditionPtrOutput) Expression added in v0.26.0 

func (o ConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (ConditionPtrOutput) Title added in v0.26.0 

func (o ConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (ConditionPtrOutput) ToConditionPtrOutput added in v0.26.0 

func (o ConditionPtrOutput) ToConditionPtrOutput() ConditionPtrOutput

func (ConditionPtrOutput) ToConditionPtrOutputWithContext added in v0.26.0 

func (o ConditionPtrOutput) ToConditionPtrOutputWithContext(ctx context.Context) ConditionPtrOutput

type Expr 

type Expr struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression *string `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location *string `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title *string `pulumi:"title"`
}

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

type ExprArgs 

type ExprArgs struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringPtrInput `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location pulumi.StringPtrInput `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title pulumi.StringPtrInput `pulumi:"title"`
}

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

func (ExprArgs) ElementType 

func (ExprArgs) ElementType() reflect.Type

func (ExprArgs) ToExprOutput 

func (i ExprArgs) ToExprOutput() ExprOutput

func (ExprArgs) ToExprOutputWithContext 

func (i ExprArgs) ToExprOutputWithContext(ctx context.Context) ExprOutput

func (ExprArgs) ToExprPtrOutput 

func (i ExprArgs) ToExprPtrOutput() ExprPtrOutput

func (ExprArgs) ToExprPtrOutputWithContext 

func (i ExprArgs) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput

type ExprInput 

type ExprInput interface {
	pulumi.Input

	ToExprOutput() ExprOutput
	ToExprOutputWithContext(context.Context) ExprOutput
}

ExprInput is an input type that accepts ExprArgs and ExprOutput values. You can construct a concrete instance of `ExprInput` via: 

ExprArgs{...}

type ExprOutput 

type ExprOutput struct{ *pulumi.OutputState }

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

func (ExprOutput) Description 

func (o ExprOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (ExprOutput) ElementType 

func (ExprOutput) ElementType() reflect.Type

func (ExprOutput) Expression 

func (o ExprOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (ExprOutput) Location 

func (o ExprOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (ExprOutput) Title 

func (o ExprOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (ExprOutput) ToExprOutput 

func (o ExprOutput) ToExprOutput() ExprOutput

func (ExprOutput) ToExprOutputWithContext 

func (o ExprOutput) ToExprOutputWithContext(ctx context.Context) ExprOutput

func (ExprOutput) ToExprPtrOutput 

func (o ExprOutput) ToExprPtrOutput() ExprPtrOutput

func (ExprOutput) ToExprPtrOutputWithContext 

func (o ExprOutput) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput

type ExprPtrInput 

type ExprPtrInput interface {
	pulumi.Input

	ToExprPtrOutput() ExprPtrOutput
	ToExprPtrOutputWithContext(context.Context) ExprPtrOutput
}

ExprPtrInput is an input type that accepts ExprArgs, ExprPtr and ExprPtrOutput values. You can construct a concrete instance of `ExprPtrInput` via: 

        ExprArgs{...}

or:

        nil

func ExprPtr 

func ExprPtr(v *ExprArgs) ExprPtrInput

type ExprPtrOutput 

type ExprPtrOutput struct{ *pulumi.OutputState }

func (ExprPtrOutput) Description 

func (o ExprPtrOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (ExprPtrOutput) Elem 

func (o ExprPtrOutput) Elem() ExprOutput

func (ExprPtrOutput) ElementType 

func (ExprPtrOutput) ElementType() reflect.Type

func (ExprPtrOutput) Expression 

func (o ExprPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (ExprPtrOutput) Location 

func (o ExprPtrOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (ExprPtrOutput) Title 

func (o ExprPtrOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (ExprPtrOutput) ToExprPtrOutput 

func (o ExprPtrOutput) ToExprPtrOutput() ExprPtrOutput

func (ExprPtrOutput) ToExprPtrOutputWithContext 

func (o ExprPtrOutput) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput

type ExprResponse 

type ExprResponse struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location string `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title string `pulumi:"title"`
}

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

type ExprResponseOutput 

type ExprResponseOutput struct{ *pulumi.OutputState }

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

func (ExprResponseOutput) Description 

func (o ExprResponseOutput) Description() pulumi.StringOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (ExprResponseOutput) ElementType 

func (ExprResponseOutput) ElementType() reflect.Type

func (ExprResponseOutput) Expression 

func (o ExprResponseOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (ExprResponseOutput) Location 

func (o ExprResponseOutput) Location() pulumi.StringOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (ExprResponseOutput) Title 

func (o ExprResponseOutput) Title() pulumi.StringOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (ExprResponseOutput) ToExprResponseOutput 

func (o ExprResponseOutput) ToExprResponseOutput() ExprResponseOutput

func (ExprResponseOutput) ToExprResponseOutputWithContext 

func (o ExprResponseOutput) ToExprResponseOutputWithContext(ctx context.Context) ExprResponseOutput

type Key added in v0.3.0 

type Key struct {
	pulumi.CustomResourceState

	// The key status.
	Disabled pulumi.BoolOutput `pulumi:"disabled"`
	// Specifies the algorithm (and possibly key size) for the key.
	KeyAlgorithm pulumi.StringOutput `pulumi:"keyAlgorithm"`
	// The key origin.
	KeyOrigin pulumi.StringOutput `pulumi:"keyOrigin"`
	// The key type.
	KeyType pulumi.StringOutput `pulumi:"keyType"`
	// The resource name of the service account key in the following format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
	Name pulumi.StringOutput `pulumi:"name"`
	// The private key data. Only provided in `CreateServiceAccountKey` responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account.
	PrivateKeyData pulumi.StringOutput `pulumi:"privateKeyData"`
	// The output format for the private key. Only provided in `CreateServiceAccountKey` responses, not in `GetServiceAccountKey` or `ListServiceAccountKey` responses. Google never exposes system-managed private keys, and never retains user-managed private keys.
	PrivateKeyType pulumi.StringOutput `pulumi:"privateKeyType"`
	Project        pulumi.StringOutput `pulumi:"project"`
	// The public key data. Only provided in `GetServiceAccountKey` responses.
	PublicKeyData    pulumi.StringOutput `pulumi:"publicKeyData"`
	ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"`
	// The key can be used after this timestamp.
	ValidAfterTime pulumi.StringOutput `pulumi:"validAfterTime"`
	// The key can be used before this timestamp. For system-managed key pairs, this timestamp is the end time for the private key signing operation. The public key could still be used for verification for a few hours after this time.
	ValidBeforeTime pulumi.StringOutput `pulumi:"validBeforeTime"`
}

Creates a ServiceAccountKey. Auto-naming is currently not supported for this resource.

func GetKey added in v0.3.0 

func GetKey(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyState, opts ...pulumi.ResourceOption) (*Key, error)

GetKey gets an existing Key resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKey added in v0.3.0 

func NewKey(ctx *pulumi.Context,
	name string, args *KeyArgs, opts ...pulumi.ResourceOption) (*Key, error)

NewKey registers a new resource with the given unique name, arguments, and options.

func (*Key) ElementType added in v0.3.0 

func (*Key) ElementType() reflect.Type

func (*Key) ToKeyOutput added in v0.3.0 

func (i *Key) ToKeyOutput() KeyOutput

func (*Key) ToKeyOutputWithContext added in v0.3.0 

func (i *Key) ToKeyOutputWithContext(ctx context.Context) KeyOutput

type KeyArgs added in v0.3.0 

type KeyArgs struct {
	// Which type of key and algorithm to use for the key. The default is currently a 2K RSA key. However this may change in the future.
	KeyAlgorithm KeyKeyAlgorithmPtrInput
	// The output format of the private key. The default value is `TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google Credentials File format.
	PrivateKeyType   KeyPrivateKeyTypePtrInput
	Project          pulumi.StringPtrInput
	ServiceAccountId pulumi.StringInput
}

The set of arguments for constructing a Key resource.

func (KeyArgs) ElementType added in v0.3.0 

func (KeyArgs) ElementType() reflect.Type

type KeyInput added in v0.3.0 

type KeyInput interface {
	pulumi.Input

	ToKeyOutput() KeyOutput
	ToKeyOutputWithContext(ctx context.Context) KeyOutput
}

type KeyKeyAlgorithm added in v0.4.0 

type KeyKeyAlgorithm string

Which type of key and algorithm to use for the key. The default is currently a 2K RSA key. However this may change in the future.

func (KeyKeyAlgorithm) ElementType added in v0.4.0 

func (KeyKeyAlgorithm) ElementType() reflect.Type

func (KeyKeyAlgorithm) ToKeyKeyAlgorithmOutput added in v0.6.0 

func (e KeyKeyAlgorithm) ToKeyKeyAlgorithmOutput() KeyKeyAlgorithmOutput

func (KeyKeyAlgorithm) ToKeyKeyAlgorithmOutputWithContext added in v0.6.0 

func (e KeyKeyAlgorithm) ToKeyKeyAlgorithmOutputWithContext(ctx context.Context) KeyKeyAlgorithmOutput

func (KeyKeyAlgorithm) ToKeyKeyAlgorithmPtrOutput added in v0.6.0 

func (e KeyKeyAlgorithm) ToKeyKeyAlgorithmPtrOutput() KeyKeyAlgorithmPtrOutput

func (KeyKeyAlgorithm) ToKeyKeyAlgorithmPtrOutputWithContext added in v0.6.0 

func (e KeyKeyAlgorithm) ToKeyKeyAlgorithmPtrOutputWithContext(ctx context.Context) KeyKeyAlgorithmPtrOutput

func (KeyKeyAlgorithm) ToStringOutput added in v0.4.0 

func (e KeyKeyAlgorithm) ToStringOutput() pulumi.StringOutput

func (KeyKeyAlgorithm) ToStringOutputWithContext added in v0.4.0 

func (e KeyKeyAlgorithm) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (KeyKeyAlgorithm) ToStringPtrOutput added in v0.4.0 

func (e KeyKeyAlgorithm) ToStringPtrOutput() pulumi.StringPtrOutput

func (KeyKeyAlgorithm) ToStringPtrOutputWithContext added in v0.4.0 

func (e KeyKeyAlgorithm) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type KeyKeyAlgorithmInput added in v0.6.0 

type KeyKeyAlgorithmInput interface {
	pulumi.Input

	ToKeyKeyAlgorithmOutput() KeyKeyAlgorithmOutput
	ToKeyKeyAlgorithmOutputWithContext(context.Context) KeyKeyAlgorithmOutput
}

KeyKeyAlgorithmInput is an input type that accepts KeyKeyAlgorithmArgs and KeyKeyAlgorithmOutput values. You can construct a concrete instance of `KeyKeyAlgorithmInput` via: 

KeyKeyAlgorithmArgs{...}

type KeyKeyAlgorithmOutput added in v0.6.0 

type KeyKeyAlgorithmOutput struct{ *pulumi.OutputState }

func (KeyKeyAlgorithmOutput) ElementType added in v0.6.0 

func (KeyKeyAlgorithmOutput) ElementType() reflect.Type

func (KeyKeyAlgorithmOutput) ToKeyKeyAlgorithmOutput added in v0.6.0 

func (o KeyKeyAlgorithmOutput) ToKeyKeyAlgorithmOutput() KeyKeyAlgorithmOutput

func (KeyKeyAlgorithmOutput) ToKeyKeyAlgorithmOutputWithContext added in v0.6.0 

func (o KeyKeyAlgorithmOutput) ToKeyKeyAlgorithmOutputWithContext(ctx context.Context) KeyKeyAlgorithmOutput

func (KeyKeyAlgorithmOutput) ToKeyKeyAlgorithmPtrOutput added in v0.6.0 

func (o KeyKeyAlgorithmOutput) ToKeyKeyAlgorithmPtrOutput() KeyKeyAlgorithmPtrOutput

func (KeyKeyAlgorithmOutput) ToKeyKeyAlgorithmPtrOutputWithContext added in v0.6.0 

func (o KeyKeyAlgorithmOutput) ToKeyKeyAlgorithmPtrOutputWithContext(ctx context.Context) KeyKeyAlgorithmPtrOutput

func (KeyKeyAlgorithmOutput) ToStringOutput added in v0.6.0 

func (o KeyKeyAlgorithmOutput) ToStringOutput() pulumi.StringOutput

func (KeyKeyAlgorithmOutput) ToStringOutputWithContext added in v0.6.0 

func (o KeyKeyAlgorithmOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (KeyKeyAlgorithmOutput) ToStringPtrOutput added in v0.6.0 

func (o KeyKeyAlgorithmOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (KeyKeyAlgorithmOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o KeyKeyAlgorithmOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type KeyKeyAlgorithmPtrInput added in v0.6.0 

type KeyKeyAlgorithmPtrInput interface {
	pulumi.Input

	ToKeyKeyAlgorithmPtrOutput() KeyKeyAlgorithmPtrOutput
	ToKeyKeyAlgorithmPtrOutputWithContext(context.Context) KeyKeyAlgorithmPtrOutput
}

func KeyKeyAlgorithmPtr added in v0.6.0 

func KeyKeyAlgorithmPtr(v string) KeyKeyAlgorithmPtrInput

type KeyKeyAlgorithmPtrOutput added in v0.6.0 

type KeyKeyAlgorithmPtrOutput struct{ *pulumi.OutputState }

func (KeyKeyAlgorithmPtrOutput) Elem added in v0.6.0 

func (o KeyKeyAlgorithmPtrOutput) Elem() KeyKeyAlgorithmOutput

func (KeyKeyAlgorithmPtrOutput) ElementType added in v0.6.0 

func (KeyKeyAlgorithmPtrOutput) ElementType() reflect.Type

func (KeyKeyAlgorithmPtrOutput) ToKeyKeyAlgorithmPtrOutput added in v0.6.0 

func (o KeyKeyAlgorithmPtrOutput) ToKeyKeyAlgorithmPtrOutput() KeyKeyAlgorithmPtrOutput

func (KeyKeyAlgorithmPtrOutput) ToKeyKeyAlgorithmPtrOutputWithContext added in v0.6.0 

func (o KeyKeyAlgorithmPtrOutput) ToKeyKeyAlgorithmPtrOutputWithContext(ctx context.Context) KeyKeyAlgorithmPtrOutput

func (KeyKeyAlgorithmPtrOutput) ToStringPtrOutput added in v0.6.0 

func (o KeyKeyAlgorithmPtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (KeyKeyAlgorithmPtrOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o KeyKeyAlgorithmPtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type KeyOutput added in v0.3.0 

type KeyOutput struct{ *pulumi.OutputState }

func (KeyOutput) Disabled added in v0.19.0 

func (o KeyOutput) Disabled() pulumi.BoolOutput

The key status.

func (KeyOutput) ElementType added in v0.3.0 

func (KeyOutput) ElementType() reflect.Type

func (KeyOutput) KeyAlgorithm added in v0.19.0 

func (o KeyOutput) KeyAlgorithm() pulumi.StringOutput

Specifies the algorithm (and possibly key size) for the key.

func (KeyOutput) KeyOrigin added in v0.19.0 

func (o KeyOutput) KeyOrigin() pulumi.StringOutput

The key origin.

func (KeyOutput) KeyType added in v0.19.0 

func (o KeyOutput) KeyType() pulumi.StringOutput

The key type.

func (KeyOutput) Name added in v0.19.0 

func (o KeyOutput) Name() pulumi.StringOutput

The resource name of the service account key in the following format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.

func (KeyOutput) PrivateKeyData added in v0.19.0 

func (o KeyOutput) PrivateKeyData() pulumi.StringOutput

The private key data. Only provided in `CreateServiceAccountKey` responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account.

func (KeyOutput) PrivateKeyType added in v0.19.0 

func (o KeyOutput) PrivateKeyType() pulumi.StringOutput

The output format for the private key. Only provided in `CreateServiceAccountKey` responses, not in `GetServiceAccountKey` or `ListServiceAccountKey` responses. Google never exposes system-managed private keys, and never retains user-managed private keys.

func (KeyOutput) Project added in v0.21.0 

func (o KeyOutput) Project() pulumi.StringOutput

func (KeyOutput) PublicKeyData added in v0.19.0 

func (o KeyOutput) PublicKeyData() pulumi.StringOutput

The public key data. Only provided in `GetServiceAccountKey` responses.

func (KeyOutput) ServiceAccountId added in v0.21.0 

func (o KeyOutput) ServiceAccountId() pulumi.StringOutput

func (KeyOutput) ToKeyOutput added in v0.3.0 

func (o KeyOutput) ToKeyOutput() KeyOutput

func (KeyOutput) ToKeyOutputWithContext added in v0.3.0 

func (o KeyOutput) ToKeyOutputWithContext(ctx context.Context) KeyOutput

func (KeyOutput) ValidAfterTime added in v0.19.0 

func (o KeyOutput) ValidAfterTime() pulumi.StringOutput

The key can be used after this timestamp.

func (KeyOutput) ValidBeforeTime added in v0.19.0 

func (o KeyOutput) ValidBeforeTime() pulumi.StringOutput

The key can be used before this timestamp. For system-managed key pairs, this timestamp is the end time for the private key signing operation. The public key could still be used for verification for a few hours after this time.

type KeyPrivateKeyType added in v0.4.0 

type KeyPrivateKeyType string

The output format of the private key. The default value is `TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google Credentials File format.

func (KeyPrivateKeyType) ElementType added in v0.4.0 

func (KeyPrivateKeyType) ElementType() reflect.Type

func (KeyPrivateKeyType) ToKeyPrivateKeyTypeOutput added in v0.6.0 

func (e KeyPrivateKeyType) ToKeyPrivateKeyTypeOutput() KeyPrivateKeyTypeOutput

func (KeyPrivateKeyType) ToKeyPrivateKeyTypeOutputWithContext added in v0.6.0 

func (e KeyPrivateKeyType) ToKeyPrivateKeyTypeOutputWithContext(ctx context.Context) KeyPrivateKeyTypeOutput

func (KeyPrivateKeyType) ToKeyPrivateKeyTypePtrOutput added in v0.6.0 

func (e KeyPrivateKeyType) ToKeyPrivateKeyTypePtrOutput() KeyPrivateKeyTypePtrOutput

func (KeyPrivateKeyType) ToKeyPrivateKeyTypePtrOutputWithContext added in v0.6.0 

func (e KeyPrivateKeyType) ToKeyPrivateKeyTypePtrOutputWithContext(ctx context.Context) KeyPrivateKeyTypePtrOutput

func (KeyPrivateKeyType) ToStringOutput added in v0.4.0 

func (e KeyPrivateKeyType) ToStringOutput() pulumi.StringOutput

func (KeyPrivateKeyType) ToStringOutputWithContext added in v0.4.0 

func (e KeyPrivateKeyType) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (KeyPrivateKeyType) ToStringPtrOutput added in v0.4.0 

func (e KeyPrivateKeyType) ToStringPtrOutput() pulumi.StringPtrOutput

func (KeyPrivateKeyType) ToStringPtrOutputWithContext added in v0.4.0 

func (e KeyPrivateKeyType) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type KeyPrivateKeyTypeInput added in v0.6.0 

type KeyPrivateKeyTypeInput interface {
	pulumi.Input

	ToKeyPrivateKeyTypeOutput() KeyPrivateKeyTypeOutput
	ToKeyPrivateKeyTypeOutputWithContext(context.Context) KeyPrivateKeyTypeOutput
}

KeyPrivateKeyTypeInput is an input type that accepts KeyPrivateKeyTypeArgs and KeyPrivateKeyTypeOutput values. You can construct a concrete instance of `KeyPrivateKeyTypeInput` via: 

KeyPrivateKeyTypeArgs{...}

type KeyPrivateKeyTypeOutput added in v0.6.0 

type KeyPrivateKeyTypeOutput struct{ *pulumi.OutputState }

func (KeyPrivateKeyTypeOutput) ElementType added in v0.6.0 

func (KeyPrivateKeyTypeOutput) ElementType() reflect.Type

func (KeyPrivateKeyTypeOutput) ToKeyPrivateKeyTypeOutput added in v0.6.0 

func (o KeyPrivateKeyTypeOutput) ToKeyPrivateKeyTypeOutput() KeyPrivateKeyTypeOutput

func (KeyPrivateKeyTypeOutput) ToKeyPrivateKeyTypeOutputWithContext added in v0.6.0 

func (o KeyPrivateKeyTypeOutput) ToKeyPrivateKeyTypeOutputWithContext(ctx context.Context) KeyPrivateKeyTypeOutput

func (KeyPrivateKeyTypeOutput) ToKeyPrivateKeyTypePtrOutput added in v0.6.0 

func (o KeyPrivateKeyTypeOutput) ToKeyPrivateKeyTypePtrOutput() KeyPrivateKeyTypePtrOutput

func (KeyPrivateKeyTypeOutput) ToKeyPrivateKeyTypePtrOutputWithContext added in v0.6.0 

func (o KeyPrivateKeyTypeOutput) ToKeyPrivateKeyTypePtrOutputWithContext(ctx context.Context) KeyPrivateKeyTypePtrOutput

func (KeyPrivateKeyTypeOutput) ToStringOutput added in v0.6.0 

func (o KeyPrivateKeyTypeOutput) ToStringOutput() pulumi.StringOutput

func (KeyPrivateKeyTypeOutput) ToStringOutputWithContext added in v0.6.0 

func (o KeyPrivateKeyTypeOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (KeyPrivateKeyTypeOutput) ToStringPtrOutput added in v0.6.0 

func (o KeyPrivateKeyTypeOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (KeyPrivateKeyTypeOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o KeyPrivateKeyTypeOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type KeyPrivateKeyTypePtrInput added in v0.6.0 

type KeyPrivateKeyTypePtrInput interface {
	pulumi.Input

	ToKeyPrivateKeyTypePtrOutput() KeyPrivateKeyTypePtrOutput
	ToKeyPrivateKeyTypePtrOutputWithContext(context.Context) KeyPrivateKeyTypePtrOutput
}

func KeyPrivateKeyTypePtr added in v0.6.0 

func KeyPrivateKeyTypePtr(v string) KeyPrivateKeyTypePtrInput

type KeyPrivateKeyTypePtrOutput added in v0.6.0 

type KeyPrivateKeyTypePtrOutput struct{ *pulumi.OutputState }

func (KeyPrivateKeyTypePtrOutput) Elem added in v0.6.0 

func (o KeyPrivateKeyTypePtrOutput) Elem() KeyPrivateKeyTypeOutput

func (KeyPrivateKeyTypePtrOutput) ElementType added in v0.6.0 

func (KeyPrivateKeyTypePtrOutput) ElementType() reflect.Type

func (KeyPrivateKeyTypePtrOutput) ToKeyPrivateKeyTypePtrOutput added in v0.6.0 

func (o KeyPrivateKeyTypePtrOutput) ToKeyPrivateKeyTypePtrOutput() KeyPrivateKeyTypePtrOutput

func (KeyPrivateKeyTypePtrOutput) ToKeyPrivateKeyTypePtrOutputWithContext added in v0.6.0 

func (o KeyPrivateKeyTypePtrOutput) ToKeyPrivateKeyTypePtrOutputWithContext(ctx context.Context) KeyPrivateKeyTypePtrOutput

func (KeyPrivateKeyTypePtrOutput) ToStringPtrOutput added in v0.6.0 

func (o KeyPrivateKeyTypePtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (KeyPrivateKeyTypePtrOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o KeyPrivateKeyTypePtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type KeyState added in v0.3.0 

type KeyState struct {
}

func (KeyState) ElementType added in v0.3.0 

func (KeyState) ElementType() reflect.Type

type LookupKeyArgs added in v0.4.0 

type LookupKeyArgs struct {
	KeyId            string  `pulumi:"keyId"`
	Project          *string `pulumi:"project"`
	PublicKeyType    *string `pulumi:"publicKeyType"`
	ServiceAccountId string  `pulumi:"serviceAccountId"`
}

type LookupKeyOutputArgs added in v0.8.0 

type LookupKeyOutputArgs struct {
	KeyId            pulumi.StringInput    `pulumi:"keyId"`
	Project          pulumi.StringPtrInput `pulumi:"project"`
	PublicKeyType    pulumi.StringPtrInput `pulumi:"publicKeyType"`
	ServiceAccountId pulumi.StringInput    `pulumi:"serviceAccountId"`
}

func (LookupKeyOutputArgs) ElementType added in v0.8.0 

func (LookupKeyOutputArgs) ElementType() reflect.Type

type LookupKeyResult added in v0.4.0 

type LookupKeyResult struct {
	// The key status.
	Disabled bool `pulumi:"disabled"`
	// Specifies the algorithm (and possibly key size) for the key.
	KeyAlgorithm string `pulumi:"keyAlgorithm"`
	// The key origin.
	KeyOrigin string `pulumi:"keyOrigin"`
	// The key type.
	KeyType string `pulumi:"keyType"`
	// The resource name of the service account key in the following format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
	Name string `pulumi:"name"`
	// The private key data. Only provided in `CreateServiceAccountKey` responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account.
	PrivateKeyData string `pulumi:"privateKeyData"`
	// The output format for the private key. Only provided in `CreateServiceAccountKey` responses, not in `GetServiceAccountKey` or `ListServiceAccountKey` responses. Google never exposes system-managed private keys, and never retains user-managed private keys.
	PrivateKeyType string `pulumi:"privateKeyType"`
	// The public key data. Only provided in `GetServiceAccountKey` responses.
	PublicKeyData string `pulumi:"publicKeyData"`
	// The key can be used after this timestamp.
	ValidAfterTime string `pulumi:"validAfterTime"`
	// The key can be used before this timestamp. For system-managed key pairs, this timestamp is the end time for the private key signing operation. The public key could still be used for verification for a few hours after this time.
	ValidBeforeTime string `pulumi:"validBeforeTime"`
}

func LookupKey added in v0.4.0 

func LookupKey(ctx *pulumi.Context, args *LookupKeyArgs, opts ...pulumi.InvokeOption) (*LookupKeyResult, error)

Gets a ServiceAccountKey.

type LookupKeyResultOutput added in v0.8.0 

type LookupKeyResultOutput struct{ *pulumi.OutputState }

func LookupKeyOutput added in v0.8.0 

func LookupKeyOutput(ctx *pulumi.Context, args LookupKeyOutputArgs, opts ...pulumi.InvokeOption) LookupKeyResultOutput

func (LookupKeyResultOutput) Disabled added in v0.8.0 

func (o LookupKeyResultOutput) Disabled() pulumi.BoolOutput

The key status.

func (LookupKeyResultOutput) ElementType added in v0.8.0 

func (LookupKeyResultOutput) ElementType() reflect.Type

func (LookupKeyResultOutput) KeyAlgorithm added in v0.8.0 

func (o LookupKeyResultOutput) KeyAlgorithm() pulumi.StringOutput

Specifies the algorithm (and possibly key size) for the key.

func (LookupKeyResultOutput) KeyOrigin added in v0.8.0 

func (o LookupKeyResultOutput) KeyOrigin() pulumi.StringOutput

The key origin.

func (LookupKeyResultOutput) KeyType added in v0.8.0 

func (o LookupKeyResultOutput) KeyType() pulumi.StringOutput

The key type.

func (LookupKeyResultOutput) Name added in v0.8.0 

func (o LookupKeyResultOutput) Name() pulumi.StringOutput

The resource name of the service account key in the following format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.

func (LookupKeyResultOutput) PrivateKeyData added in v0.8.0 

func (o LookupKeyResultOutput) PrivateKeyData() pulumi.StringOutput

The private key data. Only provided in `CreateServiceAccountKey` responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account.

func (LookupKeyResultOutput) PrivateKeyType added in v0.8.0 

func (o LookupKeyResultOutput) PrivateKeyType() pulumi.StringOutput

The output format for the private key. Only provided in `CreateServiceAccountKey` responses, not in `GetServiceAccountKey` or `ListServiceAccountKey` responses. Google never exposes system-managed private keys, and never retains user-managed private keys.

func (LookupKeyResultOutput) PublicKeyData added in v0.8.0 

func (o LookupKeyResultOutput) PublicKeyData() pulumi.StringOutput

The public key data. Only provided in `GetServiceAccountKey` responses.

func (LookupKeyResultOutput) ToLookupKeyResultOutput added in v0.8.0 

func (o LookupKeyResultOutput) ToLookupKeyResultOutput() LookupKeyResultOutput

func (LookupKeyResultOutput) ToLookupKeyResultOutputWithContext added in v0.8.0 

func (o LookupKeyResultOutput) ToLookupKeyResultOutputWithContext(ctx context.Context) LookupKeyResultOutput

func (LookupKeyResultOutput) ValidAfterTime added in v0.8.0 

func (o LookupKeyResultOutput) ValidAfterTime() pulumi.StringOutput

The key can be used after this timestamp.

func (LookupKeyResultOutput) ValidBeforeTime added in v0.8.0 

func (o LookupKeyResultOutput) ValidBeforeTime() pulumi.StringOutput

The key can be used before this timestamp. For system-managed key pairs, this timestamp is the end time for the private key signing operation. The public key could still be used for verification for a few hours after this time.

type LookupOrganizationRoleArgs added in v0.4.0 

type LookupOrganizationRoleArgs struct {
	OrganizationId string `pulumi:"organizationId"`
	RoleId         string `pulumi:"roleId"`
}

type LookupOrganizationRoleOutputArgs added in v0.8.0 

type LookupOrganizationRoleOutputArgs struct {
	OrganizationId pulumi.StringInput `pulumi:"organizationId"`
	RoleId         pulumi.StringInput `pulumi:"roleId"`
}

func (LookupOrganizationRoleOutputArgs) ElementType added in v0.8.0 

func (LookupOrganizationRoleOutputArgs) ElementType() reflect.Type

type LookupOrganizationRoleResult added in v0.4.0 

type LookupOrganizationRoleResult struct {
	// The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
	Deleted bool `pulumi:"deleted"`
	// Optional. A human-readable description for the role.
	Description string `pulumi:"description"`
	// Used to perform a consistent read-modify-write.
	Etag string `pulumi:"etag"`
	// The names of the permissions this role grants when bound in an IAM policy.
	IncludedPermissions []string `pulumi:"includedPermissions"`
	// The name of the role. When Role is used in CreateRole, the role name must not be set. When Role is used in output and other input such as UpdateRole, the role name is the complete path, e.g., roles/logging.viewer for predefined roles and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
	Name string `pulumi:"name"`
	// The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.
	Stage string `pulumi:"stage"`
	// Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
	Title string `pulumi:"title"`
}

func LookupOrganizationRole added in v0.4.0 

func LookupOrganizationRole(ctx *pulumi.Context, args *LookupOrganizationRoleArgs, opts ...pulumi.InvokeOption) (*LookupOrganizationRoleResult, error)

Gets the definition of a Role.

type LookupOrganizationRoleResultOutput added in v0.8.0 

type LookupOrganizationRoleResultOutput struct{ *pulumi.OutputState }

func LookupOrganizationRoleOutput added in v0.8.0 

func LookupOrganizationRoleOutput(ctx *pulumi.Context, args LookupOrganizationRoleOutputArgs, opts ...pulumi.InvokeOption) LookupOrganizationRoleResultOutput

func (LookupOrganizationRoleResultOutput) Deleted added in v0.8.0 

func (o LookupOrganizationRoleResultOutput) Deleted() pulumi.BoolOutput

The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.

func (LookupOrganizationRoleResultOutput) Description added in v0.8.0 

func (o LookupOrganizationRoleResultOutput) Description() pulumi.StringOutput

Optional. A human-readable description for the role.

func (LookupOrganizationRoleResultOutput) ElementType added in v0.8.0 

func (LookupOrganizationRoleResultOutput) ElementType() reflect.Type

func (LookupOrganizationRoleResultOutput) Etag added in v0.8.0 

func (o LookupOrganizationRoleResultOutput) Etag() pulumi.StringOutput

Used to perform a consistent read-modify-write.

func (LookupOrganizationRoleResultOutput) IncludedPermissions added in v0.8.0 

func (o LookupOrganizationRoleResultOutput) IncludedPermissions() pulumi.StringArrayOutput

The names of the permissions this role grants when bound in an IAM policy.

func (LookupOrganizationRoleResultOutput) Name added in v0.8.0 

func (o LookupOrganizationRoleResultOutput) Name() pulumi.StringOutput

The name of the role. When Role is used in CreateRole, the role name must not be set. When Role is used in output and other input such as UpdateRole, the role name is the complete path, e.g., roles/logging.viewer for predefined roles and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.

func (LookupOrganizationRoleResultOutput) Stage added in v0.8.0 

func (o LookupOrganizationRoleResultOutput) Stage() pulumi.StringOutput

The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.

func (LookupOrganizationRoleResultOutput) Title added in v0.8.0 

func (o LookupOrganizationRoleResultOutput) Title() pulumi.StringOutput

Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.

func (LookupOrganizationRoleResultOutput) ToLookupOrganizationRoleResultOutput added in v0.8.0 

func (o LookupOrganizationRoleResultOutput) ToLookupOrganizationRoleResultOutput() LookupOrganizationRoleResultOutput

func (LookupOrganizationRoleResultOutput) ToLookupOrganizationRoleResultOutputWithContext added in v0.8.0 

func (o LookupOrganizationRoleResultOutput) ToLookupOrganizationRoleResultOutputWithContext(ctx context.Context) LookupOrganizationRoleResultOutput

type LookupProviderArgs added in v0.4.0 

type LookupProviderArgs struct {
	Location               string  `pulumi:"location"`
	Project                *string `pulumi:"project"`
	ProviderId             string  `pulumi:"providerId"`
	WorkloadIdentityPoolId string  `pulumi:"workloadIdentityPoolId"`
}

type LookupProviderOutputArgs added in v0.8.0 

type LookupProviderOutputArgs struct {
	Location               pulumi.StringInput    `pulumi:"location"`
	Project                pulumi.StringPtrInput `pulumi:"project"`
	ProviderId             pulumi.StringInput    `pulumi:"providerId"`
	WorkloadIdentityPoolId pulumi.StringInput    `pulumi:"workloadIdentityPoolId"`
}

func (LookupProviderOutputArgs) ElementType added in v0.8.0 

func (LookupProviderOutputArgs) ElementType() reflect.Type

type LookupProviderResult added in v0.4.0 

type LookupProviderResult struct {
	// [A Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions: * `assertion`: JSON representing the authentication credential issued by the provider. * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credential are accepted. The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: “`"'admins' in google.groups"“`
	AttributeCondition string `pulumi:"attributeCondition"`
	// Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. Cannot exceed 127 bytes. * `google.groups`: Groups the external identity belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where `{custom_attribute}` is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workload to Google Cloud resources. For example: * `google.subject`: `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 8KB. For AWS providers, if no attribute mapping is defined, the following default mapping applies: “`{ "google.subject":"assertion.arn", "attribute.aws_role": "assertion.arn.contains('assumed-role')" " ? assertion.arn.extract('{account_arn}assumed-role/')" " + 'assumed-role/'" " + assertion.arn.extract('assumed-role/{role_name}/')" " : assertion.arn", }“` If any custom attribute mappings are defined, they must include a mapping to the `google.subject` attribute. For OIDC providers, you must supply a custom mapping, which must include the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token: “`{"google.subject": "assertion.sub"}“`
	AttributeMapping map[string]string `pulumi:"attributeMapping"`
	// An Amazon Web Services identity provider.
	Aws AwsResponse `pulumi:"aws"`
	// A description for the provider. Cannot exceed 256 characters.
	Description string `pulumi:"description"`
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.
	Disabled bool `pulumi:"disabled"`
	// A display name for the provider. Cannot exceed 32 characters.
	DisplayName string `pulumi:"displayName"`
	// The resource name of the provider.
	Name string `pulumi:"name"`
	// An OpenId Connect 1.0 identity provider.
	Oidc OidcResponse `pulumi:"oidc"`
	// An SAML 2.0 identity provider.
	Saml SamlResponse `pulumi:"saml"`
	// The state of the provider.
	State string `pulumi:"state"`
}

func LookupProvider added in v0.4.0 

func LookupProvider(ctx *pulumi.Context, args *LookupProviderArgs, opts ...pulumi.InvokeOption) (*LookupProviderResult, error)

Gets an individual WorkloadIdentityPoolProvider.

type LookupProviderResultOutput added in v0.8.0 

type LookupProviderResultOutput struct{ *pulumi.OutputState }

func LookupProviderOutput added in v0.8.0 

func LookupProviderOutput(ctx *pulumi.Context, args LookupProviderOutputArgs, opts ...pulumi.InvokeOption) LookupProviderResultOutput

func (LookupProviderResultOutput) AttributeCondition added in v0.8.0 

func (o LookupProviderResultOutput) AttributeCondition() pulumi.StringOutput

[A Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions: * `assertion`: JSON representing the authentication credential issued by the provider. * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credential are accepted. The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: ```"'admins' in google.groups"```

func (LookupProviderResultOutput) AttributeMapping added in v0.8.0 

func (o LookupProviderResultOutput) AttributeMapping() pulumi.StringMapOutput

Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. Cannot exceed 127 bytes. * `google.groups`: Groups the external identity belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where `{custom_attribute}` is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workload to Google Cloud resources. For example: * `google.subject`: `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 8KB. For AWS providers, if no attribute mapping is defined, the following default mapping applies: ```{ "google.subject":"assertion.arn", "attribute.aws_role": "assertion.arn.contains('assumed-role')" " ? assertion.arn.extract('{account_arn}assumed-role/')" " + 'assumed-role/'" " + assertion.arn.extract('assumed-role/{role_name}/')" " : assertion.arn", }``` If any custom attribute mappings are defined, they must include a mapping to the `google.subject` attribute. For OIDC providers, you must supply a custom mapping, which must include the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token: ```{"google.subject": "assertion.sub"}```

func (LookupProviderResultOutput) Aws added in v0.8.0 

func (o LookupProviderResultOutput) Aws() AwsResponseOutput

An Amazon Web Services identity provider.

func (LookupProviderResultOutput) Description added in v0.8.0 

func (o LookupProviderResultOutput) Description() pulumi.StringOutput

A description for the provider. Cannot exceed 256 characters.

func (LookupProviderResultOutput) Disabled added in v0.8.0 

func (o LookupProviderResultOutput) Disabled() pulumi.BoolOutput

Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.

func (LookupProviderResultOutput) DisplayName added in v0.8.0 

func (o LookupProviderResultOutput) DisplayName() pulumi.StringOutput

A display name for the provider. Cannot exceed 32 characters.

func (LookupProviderResultOutput) ElementType added in v0.8.0 

func (LookupProviderResultOutput) ElementType() reflect.Type

func (LookupProviderResultOutput) Name added in v0.8.0 

func (o LookupProviderResultOutput) Name() pulumi.StringOutput

The resource name of the provider.

func (LookupProviderResultOutput) Oidc added in v0.8.0 

func (o LookupProviderResultOutput) Oidc() OidcResponseOutput

An OpenId Connect 1.0 identity provider.

func (LookupProviderResultOutput) Saml added in v0.19.0 

func (o LookupProviderResultOutput) Saml() SamlResponseOutput

An SAML 2.0 identity provider.

func (LookupProviderResultOutput) State added in v0.8.0 

func (o LookupProviderResultOutput) State() pulumi.StringOutput

The state of the provider.

func (LookupProviderResultOutput) ToLookupProviderResultOutput added in v0.8.0 

func (o LookupProviderResultOutput) ToLookupProviderResultOutput() LookupProviderResultOutput

func (LookupProviderResultOutput) ToLookupProviderResultOutputWithContext added in v0.8.0 

func (o LookupProviderResultOutput) ToLookupProviderResultOutputWithContext(ctx context.Context) LookupProviderResultOutput

type LookupRoleArgs added in v0.4.0 

type LookupRoleArgs struct {
	Project *string `pulumi:"project"`
	RoleId  string  `pulumi:"roleId"`
}

type LookupRoleOutputArgs added in v0.8.0 

type LookupRoleOutputArgs struct {
	Project pulumi.StringPtrInput `pulumi:"project"`
	RoleId  pulumi.StringInput    `pulumi:"roleId"`
}

func (LookupRoleOutputArgs) ElementType added in v0.8.0 

func (LookupRoleOutputArgs) ElementType() reflect.Type

type LookupRoleResult added in v0.4.0 

type LookupRoleResult struct {
	// The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
	Deleted bool `pulumi:"deleted"`
	// Optional. A human-readable description for the role.
	Description string `pulumi:"description"`
	// Used to perform a consistent read-modify-write.
	Etag string `pulumi:"etag"`
	// The names of the permissions this role grants when bound in an IAM policy.
	IncludedPermissions []string `pulumi:"includedPermissions"`
	// The name of the role. When Role is used in CreateRole, the role name must not be set. When Role is used in output and other input such as UpdateRole, the role name is the complete path, e.g., roles/logging.viewer for predefined roles and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
	Name string `pulumi:"name"`
	// The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.
	Stage string `pulumi:"stage"`
	// Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
	Title string `pulumi:"title"`
}

func LookupRole added in v0.4.0 

func LookupRole(ctx *pulumi.Context, args *LookupRoleArgs, opts ...pulumi.InvokeOption) (*LookupRoleResult, error)

Gets the definition of a Role.

type LookupRoleResultOutput added in v0.8.0 

type LookupRoleResultOutput struct{ *pulumi.OutputState }

func LookupRoleOutput added in v0.8.0 

func LookupRoleOutput(ctx *pulumi.Context, args LookupRoleOutputArgs, opts ...pulumi.InvokeOption) LookupRoleResultOutput

func (LookupRoleResultOutput) Deleted added in v0.8.0 

func (o LookupRoleResultOutput) Deleted() pulumi.BoolOutput

The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.

func (LookupRoleResultOutput) Description added in v0.8.0 

func (o LookupRoleResultOutput) Description() pulumi.StringOutput

Optional. A human-readable description for the role.

func (LookupRoleResultOutput) ElementType added in v0.8.0 

func (LookupRoleResultOutput) ElementType() reflect.Type

func (LookupRoleResultOutput) Etag added in v0.8.0 

func (o LookupRoleResultOutput) Etag() pulumi.StringOutput

Used to perform a consistent read-modify-write.

func (LookupRoleResultOutput) IncludedPermissions added in v0.8.0 

func (o LookupRoleResultOutput) IncludedPermissions() pulumi.StringArrayOutput

The names of the permissions this role grants when bound in an IAM policy.

func (LookupRoleResultOutput) Name added in v0.8.0 

func (o LookupRoleResultOutput) Name() pulumi.StringOutput

The name of the role. When Role is used in CreateRole, the role name must not be set. When Role is used in output and other input such as UpdateRole, the role name is the complete path, e.g., roles/logging.viewer for predefined roles and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.

func (LookupRoleResultOutput) Stage added in v0.8.0 

func (o LookupRoleResultOutput) Stage() pulumi.StringOutput

The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.

func (LookupRoleResultOutput) Title added in v0.8.0 

func (o LookupRoleResultOutput) Title() pulumi.StringOutput

Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.

func (LookupRoleResultOutput) ToLookupRoleResultOutput added in v0.8.0 

func (o LookupRoleResultOutput) ToLookupRoleResultOutput() LookupRoleResultOutput

func (LookupRoleResultOutput) ToLookupRoleResultOutputWithContext added in v0.8.0 

func (o LookupRoleResultOutput) ToLookupRoleResultOutputWithContext(ctx context.Context) LookupRoleResultOutput

type LookupServiceAccountArgs added in v0.4.0 

type LookupServiceAccountArgs struct {
	Project          *string `pulumi:"project"`
	ServiceAccountId string  `pulumi:"serviceAccountId"`
}

type LookupServiceAccountIamPolicyArgs added in v0.4.0 

type LookupServiceAccountIamPolicyArgs struct {
	OptionsRequestedPolicyVersion *int    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       *string `pulumi:"project"`
	ServiceAccountId              string  `pulumi:"serviceAccountId"`
}

type LookupServiceAccountIamPolicyOutputArgs added in v0.8.0 

type LookupServiceAccountIamPolicyOutputArgs struct {
	OptionsRequestedPolicyVersion pulumi.IntPtrInput    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       pulumi.StringPtrInput `pulumi:"project"`
	ServiceAccountId              pulumi.StringInput    `pulumi:"serviceAccountId"`
}

func (LookupServiceAccountIamPolicyOutputArgs) ElementType added in v0.8.0 

func (LookupServiceAccountIamPolicyOutputArgs) ElementType() reflect.Type

type LookupServiceAccountIamPolicyResult added in v0.4.0 

type LookupServiceAccountIamPolicyResult struct {
	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs []AuditConfigResponse `pulumi:"auditConfigs"`
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings []BindingResponse `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag string `pulumi:"etag"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version int `pulumi:"version"`
}

func LookupServiceAccountIamPolicy added in v0.4.0 

func LookupServiceAccountIamPolicy(ctx *pulumi.Context, args *LookupServiceAccountIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupServiceAccountIamPolicyResult, error)

Gets the IAM policy that is attached to a ServiceAccount. This IAM policy specifies which principals have access to the service account. This method does not tell you whether the service account has been granted any roles on other resources. To check whether a service account has role grants on a resource, use the `getIamPolicy` method for that resource. For example, to view the role grants for a project, call the Resource Manager API's [`projects.getIamPolicy`](https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy) method.

type LookupServiceAccountIamPolicyResultOutput added in v0.8.0 

type LookupServiceAccountIamPolicyResultOutput struct{ *pulumi.OutputState }

func LookupServiceAccountIamPolicyOutput added in v0.8.0 

func LookupServiceAccountIamPolicyOutput(ctx *pulumi.Context, args LookupServiceAccountIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupServiceAccountIamPolicyResultOutput

func (LookupServiceAccountIamPolicyResultOutput) AuditConfigs added in v0.8.0 

func (o LookupServiceAccountIamPolicyResultOutput) AuditConfigs() AuditConfigResponseArrayOutput

Specifies cloud audit logging configuration for this policy.

func (LookupServiceAccountIamPolicyResultOutput) Bindings added in v0.8.0 

func (o LookupServiceAccountIamPolicyResultOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (LookupServiceAccountIamPolicyResultOutput) ElementType added in v0.8.0 

func (LookupServiceAccountIamPolicyResultOutput) ElementType() reflect.Type

func (LookupServiceAccountIamPolicyResultOutput) Etag added in v0.8.0 

func (o LookupServiceAccountIamPolicyResultOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (LookupServiceAccountIamPolicyResultOutput) ToLookupServiceAccountIamPolicyResultOutput added in v0.8.0 

func (o LookupServiceAccountIamPolicyResultOutput) ToLookupServiceAccountIamPolicyResultOutput() LookupServiceAccountIamPolicyResultOutput

func (LookupServiceAccountIamPolicyResultOutput) ToLookupServiceAccountIamPolicyResultOutputWithContext added in v0.8.0 

func (o LookupServiceAccountIamPolicyResultOutput) ToLookupServiceAccountIamPolicyResultOutputWithContext(ctx context.Context) LookupServiceAccountIamPolicyResultOutput

func (LookupServiceAccountIamPolicyResultOutput) Version added in v0.8.0 

func (o LookupServiceAccountIamPolicyResultOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type LookupServiceAccountOutputArgs added in v0.8.0 

type LookupServiceAccountOutputArgs struct {
	Project          pulumi.StringPtrInput `pulumi:"project"`
	ServiceAccountId pulumi.StringInput    `pulumi:"serviceAccountId"`
}

func (LookupServiceAccountOutputArgs) ElementType added in v0.8.0 

func (LookupServiceAccountOutputArgs) ElementType() reflect.Type

type LookupServiceAccountResult added in v0.4.0 

type LookupServiceAccountResult struct {
	// Optional. A user-specified, human-readable description of the service account. The maximum length is 256 UTF-8 bytes.
	Description string `pulumi:"description"`
	// Whether the service account is disabled.
	Disabled bool `pulumi:"disabled"`
	// Optional. A user-specified, human-readable name for the service account. The maximum length is 100 UTF-8 bytes.
	DisplayName string `pulumi:"displayName"`
	// The email address of the service account.
	Email string `pulumi:"email"`
	// Deprecated. Do not use.
	//
	// Deprecated: Deprecated. Do not use.
	Etag string `pulumi:"etag"`
	// The resource name of the service account. Use one of the following formats: * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an alternative, you can use the `-` wildcard character instead of the project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` * `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using the `-` wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account `projects/-/serviceAccounts/fake@example.com`, which does not exist, the response contains an HTTP `403 Forbidden` error instead of a `404 Not Found` error.
	Name string `pulumi:"name"`
	// The OAuth 2.0 client ID for the service account.
	Oauth2ClientId string `pulumi:"oauth2ClientId"`
	// The ID of the project that owns the service account.
	Project string `pulumi:"project"`
	// The unique, stable numeric ID for the service account. Each service account retains its unique ID even if you delete the service account. For example, if you delete a service account, then create a new service account with the same name, the new service account has a different unique ID than the deleted service account.
	UniqueId string `pulumi:"uniqueId"`
}

func LookupServiceAccount added in v0.4.0 

func LookupServiceAccount(ctx *pulumi.Context, args *LookupServiceAccountArgs, opts ...pulumi.InvokeOption) (*LookupServiceAccountResult, error)

Gets a ServiceAccount.

type LookupServiceAccountResultOutput added in v0.8.0 

type LookupServiceAccountResultOutput struct{ *pulumi.OutputState }

func LookupServiceAccountOutput added in v0.8.0 

func LookupServiceAccountOutput(ctx *pulumi.Context, args LookupServiceAccountOutputArgs, opts ...pulumi.InvokeOption) LookupServiceAccountResultOutput

func (LookupServiceAccountResultOutput) Description added in v0.8.0 

func (o LookupServiceAccountResultOutput) Description() pulumi.StringOutput

Optional. A user-specified, human-readable description of the service account. The maximum length is 256 UTF-8 bytes.

func (LookupServiceAccountResultOutput) Disabled added in v0.8.0 

func (o LookupServiceAccountResultOutput) Disabled() pulumi.BoolOutput

Whether the service account is disabled.

func (LookupServiceAccountResultOutput) DisplayName added in v0.8.0 

func (o LookupServiceAccountResultOutput) DisplayName() pulumi.StringOutput

Optional. A user-specified, human-readable name for the service account. The maximum length is 100 UTF-8 bytes.

func (LookupServiceAccountResultOutput) ElementType added in v0.8.0 

func (LookupServiceAccountResultOutput) ElementType() reflect.Type

func (LookupServiceAccountResultOutput) Email added in v0.8.0 

func (o LookupServiceAccountResultOutput) Email() pulumi.StringOutput

The email address of the service account.

func (LookupServiceAccountResultOutput) Etag deprecated added in v0.17.0 

func (o LookupServiceAccountResultOutput) Etag() pulumi.StringOutput

Deprecated. Do not use.

Deprecated: Deprecated. Do not use.

func (LookupServiceAccountResultOutput) Name added in v0.8.0 

func (o LookupServiceAccountResultOutput) Name() pulumi.StringOutput

The resource name of the service account. Use one of the following formats: * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an alternative, you can use the `-` wildcard character instead of the project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` * `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using the `-` wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account `projects/-/serviceAccounts/fake@example.com`, which does not exist, the response contains an HTTP `403 Forbidden` error instead of a `404 Not Found` error.

func (LookupServiceAccountResultOutput) Oauth2ClientId added in v0.8.0 

func (o LookupServiceAccountResultOutput) Oauth2ClientId() pulumi.StringOutput

The OAuth 2.0 client ID for the service account.

func (LookupServiceAccountResultOutput) Project added in v0.8.0 

func (o LookupServiceAccountResultOutput) Project() pulumi.StringOutput

The ID of the project that owns the service account.

func (LookupServiceAccountResultOutput) ToLookupServiceAccountResultOutput added in v0.8.0 

func (o LookupServiceAccountResultOutput) ToLookupServiceAccountResultOutput() LookupServiceAccountResultOutput

func (LookupServiceAccountResultOutput) ToLookupServiceAccountResultOutputWithContext added in v0.8.0 

func (o LookupServiceAccountResultOutput) ToLookupServiceAccountResultOutputWithContext(ctx context.Context) LookupServiceAccountResultOutput

func (LookupServiceAccountResultOutput) UniqueId added in v0.8.0 

func (o LookupServiceAccountResultOutput) UniqueId() pulumi.StringOutput

The unique, stable numeric ID for the service account. Each service account retains its unique ID even if you delete the service account. For example, if you delete a service account, then create a new service account with the same name, the new service account has a different unique ID than the deleted service account.

type LookupWorkloadIdentityPoolArgs added in v0.4.0 

type LookupWorkloadIdentityPoolArgs struct {
	Location               string  `pulumi:"location"`
	Project                *string `pulumi:"project"`
	WorkloadIdentityPoolId string  `pulumi:"workloadIdentityPoolId"`
}

type LookupWorkloadIdentityPoolOutputArgs added in v0.8.0 

type LookupWorkloadIdentityPoolOutputArgs struct {
	Location               pulumi.StringInput    `pulumi:"location"`
	Project                pulumi.StringPtrInput `pulumi:"project"`
	WorkloadIdentityPoolId pulumi.StringInput    `pulumi:"workloadIdentityPoolId"`
}

func (LookupWorkloadIdentityPoolOutputArgs) ElementType added in v0.8.0 

func (LookupWorkloadIdentityPoolOutputArgs) ElementType() reflect.Type

type LookupWorkloadIdentityPoolResult added in v0.4.0 

type LookupWorkloadIdentityPoolResult struct {
	// A description of the pool. Cannot exceed 256 characters.
	Description string `pulumi:"description"`
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
	Disabled bool `pulumi:"disabled"`
	// A display name for the pool. Cannot exceed 32 characters.
	DisplayName string `pulumi:"displayName"`
	// The resource name of the pool.
	Name string `pulumi:"name"`
	// The state of the pool.
	State string `pulumi:"state"`
}

func LookupWorkloadIdentityPool added in v0.4.0 

func LookupWorkloadIdentityPool(ctx *pulumi.Context, args *LookupWorkloadIdentityPoolArgs, opts ...pulumi.InvokeOption) (*LookupWorkloadIdentityPoolResult, error)

Gets an individual WorkloadIdentityPool.

type LookupWorkloadIdentityPoolResultOutput added in v0.8.0 

type LookupWorkloadIdentityPoolResultOutput struct{ *pulumi.OutputState }

func LookupWorkloadIdentityPoolOutput added in v0.8.0 

func LookupWorkloadIdentityPoolOutput(ctx *pulumi.Context, args LookupWorkloadIdentityPoolOutputArgs, opts ...pulumi.InvokeOption) LookupWorkloadIdentityPoolResultOutput

func (LookupWorkloadIdentityPoolResultOutput) Description added in v0.8.0 

func (o LookupWorkloadIdentityPoolResultOutput) Description() pulumi.StringOutput

A description of the pool. Cannot exceed 256 characters.

func (LookupWorkloadIdentityPoolResultOutput) Disabled added in v0.8.0 

func (o LookupWorkloadIdentityPoolResultOutput) Disabled() pulumi.BoolOutput

Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.

func (LookupWorkloadIdentityPoolResultOutput) DisplayName added in v0.8.0 

func (o LookupWorkloadIdentityPoolResultOutput) DisplayName() pulumi.StringOutput

A display name for the pool. Cannot exceed 32 characters.

func (LookupWorkloadIdentityPoolResultOutput) ElementType added in v0.8.0 

func (LookupWorkloadIdentityPoolResultOutput) ElementType() reflect.Type

func (LookupWorkloadIdentityPoolResultOutput) Name added in v0.8.0 

func (o LookupWorkloadIdentityPoolResultOutput) Name() pulumi.StringOutput

The resource name of the pool.

func (LookupWorkloadIdentityPoolResultOutput) State added in v0.8.0 

func (o LookupWorkloadIdentityPoolResultOutput) State() pulumi.StringOutput

The state of the pool.

func (LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutput added in v0.8.0 

func (o LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutput() LookupWorkloadIdentityPoolResultOutput

func (LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutputWithContext added in v0.8.0 

func (o LookupWorkloadIdentityPoolResultOutput) ToLookupWorkloadIdentityPoolResultOutputWithContext(ctx context.Context) LookupWorkloadIdentityPoolResultOutput

type Oidc 

type Oidc struct {
	// Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: “`//iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/“`
	AllowedAudiences []string `pulumi:"allowedAudiences"`
	// The OIDC issuer URL. Must be an HTTPS endpoint.
	IssuerUri string `pulumi:"issuerUri"`
}

Represents an OpenId Connect 1.0 identity provider.

type OidcArgs 

type OidcArgs struct {
	// Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: “`//iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/“`
	AllowedAudiences pulumi.StringArrayInput `pulumi:"allowedAudiences"`
	// The OIDC issuer URL. Must be an HTTPS endpoint.
	IssuerUri pulumi.StringInput `pulumi:"issuerUri"`
}

Represents an OpenId Connect 1.0 identity provider.

func (OidcArgs) ElementType 

func (OidcArgs) ElementType() reflect.Type

func (OidcArgs) ToOidcOutput 

func (i OidcArgs) ToOidcOutput() OidcOutput

func (OidcArgs) ToOidcOutputWithContext 

func (i OidcArgs) ToOidcOutputWithContext(ctx context.Context) OidcOutput

func (OidcArgs) ToOidcPtrOutput 

func (i OidcArgs) ToOidcPtrOutput() OidcPtrOutput

func (OidcArgs) ToOidcPtrOutputWithContext 

func (i OidcArgs) ToOidcPtrOutputWithContext(ctx context.Context) OidcPtrOutput

type OidcInput 

type OidcInput interface {
	pulumi.Input

	ToOidcOutput() OidcOutput
	ToOidcOutputWithContext(context.Context) OidcOutput
}

OidcInput is an input type that accepts OidcArgs and OidcOutput values. You can construct a concrete instance of `OidcInput` via: 

OidcArgs{...}

type OidcOutput 

type OidcOutput struct{ *pulumi.OutputState }

Represents an OpenId Connect 1.0 identity provider.

func (OidcOutput) AllowedAudiences 

func (o OidcOutput) AllowedAudiences() pulumi.StringArrayOutput

Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ```//iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/```

func (OidcOutput) ElementType 

func (OidcOutput) ElementType() reflect.Type

func (OidcOutput) IssuerUri 

func (o OidcOutput) IssuerUri() pulumi.StringOutput

The OIDC issuer URL. Must be an HTTPS endpoint.

func (OidcOutput) ToOidcOutput 

func (o OidcOutput) ToOidcOutput() OidcOutput

func (OidcOutput) ToOidcOutputWithContext 

func (o OidcOutput) ToOidcOutputWithContext(ctx context.Context) OidcOutput

func (OidcOutput) ToOidcPtrOutput 

func (o OidcOutput) ToOidcPtrOutput() OidcPtrOutput

func (OidcOutput) ToOidcPtrOutputWithContext 

func (o OidcOutput) ToOidcPtrOutputWithContext(ctx context.Context) OidcPtrOutput

type OidcPtrInput 

type OidcPtrInput interface {
	pulumi.Input

	ToOidcPtrOutput() OidcPtrOutput
	ToOidcPtrOutputWithContext(context.Context) OidcPtrOutput
}

OidcPtrInput is an input type that accepts OidcArgs, OidcPtr and OidcPtrOutput values. You can construct a concrete instance of `OidcPtrInput` via: 

        OidcArgs{...}

or:

        nil

func OidcPtr 

func OidcPtr(v *OidcArgs) OidcPtrInput

type OidcPtrOutput 

type OidcPtrOutput struct{ *pulumi.OutputState }

func (OidcPtrOutput) AllowedAudiences 

func (o OidcPtrOutput) AllowedAudiences() pulumi.StringArrayOutput

Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ```//iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/```

func (OidcPtrOutput) Elem 

func (o OidcPtrOutput) Elem() OidcOutput

func (OidcPtrOutput) ElementType 

func (OidcPtrOutput) ElementType() reflect.Type

func (OidcPtrOutput) IssuerUri 

func (o OidcPtrOutput) IssuerUri() pulumi.StringPtrOutput

The OIDC issuer URL. Must be an HTTPS endpoint.

func (OidcPtrOutput) ToOidcPtrOutput 

func (o OidcPtrOutput) ToOidcPtrOutput() OidcPtrOutput

func (OidcPtrOutput) ToOidcPtrOutputWithContext 

func (o OidcPtrOutput) ToOidcPtrOutputWithContext(ctx context.Context) OidcPtrOutput

type OidcResponse 

type OidcResponse struct {
	// Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: “`//iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/“`
	AllowedAudiences []string `pulumi:"allowedAudiences"`
	// The OIDC issuer URL. Must be an HTTPS endpoint.
	IssuerUri string `pulumi:"issuerUri"`
}

Represents an OpenId Connect 1.0 identity provider.

type OidcResponseOutput 

type OidcResponseOutput struct{ *pulumi.OutputState }

Represents an OpenId Connect 1.0 identity provider.

func (OidcResponseOutput) AllowedAudiences 

func (o OidcResponseOutput) AllowedAudiences() pulumi.StringArrayOutput

Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ```//iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/```

func (OidcResponseOutput) ElementType 

func (OidcResponseOutput) ElementType() reflect.Type

func (OidcResponseOutput) IssuerUri 

func (o OidcResponseOutput) IssuerUri() pulumi.StringOutput

The OIDC issuer URL. Must be an HTTPS endpoint.

func (OidcResponseOutput) ToOidcResponseOutput 

func (o OidcResponseOutput) ToOidcResponseOutput() OidcResponseOutput

func (OidcResponseOutput) ToOidcResponseOutputWithContext 

func (o OidcResponseOutput) ToOidcResponseOutputWithContext(ctx context.Context) OidcResponseOutput

type OrganizationRole 

type OrganizationRole struct {
	pulumi.CustomResourceState

	// The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
	Deleted pulumi.BoolOutput `pulumi:"deleted"`
	// Optional. A human-readable description for the role.
	Description pulumi.StringOutput `pulumi:"description"`
	// Used to perform a consistent read-modify-write.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The names of the permissions this role grants when bound in an IAM policy.
	IncludedPermissions pulumi.StringArrayOutput `pulumi:"includedPermissions"`
	// The name of the role. When Role is used in CreateRole, the role name must not be set. When Role is used in output and other input such as UpdateRole, the role name is the complete path, e.g., roles/logging.viewer for predefined roles and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
	Name           pulumi.StringOutput `pulumi:"name"`
	OrganizationId pulumi.StringOutput `pulumi:"organizationId"`
	// The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.
	Stage pulumi.StringOutput `pulumi:"stage"`
	// Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
	Title pulumi.StringOutput `pulumi:"title"`
}

Creates a new custom Role.

func GetOrganizationRole 

func GetOrganizationRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *OrganizationRoleState, opts ...pulumi.ResourceOption) (*OrganizationRole, error)

GetOrganizationRole gets an existing OrganizationRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewOrganizationRole 

func NewOrganizationRole(ctx *pulumi.Context,
	name string, args *OrganizationRoleArgs, opts ...pulumi.ResourceOption) (*OrganizationRole, error)

NewOrganizationRole registers a new resource with the given unique name, arguments, and options.

func (*OrganizationRole) ElementType 

func (*OrganizationRole) ElementType() reflect.Type

func (*OrganizationRole) ToOrganizationRoleOutput 

func (i *OrganizationRole) ToOrganizationRoleOutput() OrganizationRoleOutput

func (*OrganizationRole) ToOrganizationRoleOutputWithContext 

func (i *OrganizationRole) ToOrganizationRoleOutputWithContext(ctx context.Context) OrganizationRoleOutput

type OrganizationRoleArgs 

type OrganizationRoleArgs struct {
	// The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
	Deleted pulumi.BoolPtrInput
	// Optional. A human-readable description for the role.
	Description pulumi.StringPtrInput
	// Used to perform a consistent read-modify-write.
	Etag pulumi.StringPtrInput
	// The names of the permissions this role grants when bound in an IAM policy.
	IncludedPermissions pulumi.StringArrayInput
	// The name of the role. When Role is used in CreateRole, the role name must not be set. When Role is used in output and other input such as UpdateRole, the role name is the complete path, e.g., roles/logging.viewer for predefined roles and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
	Name           pulumi.StringPtrInput
	OrganizationId pulumi.StringInput
	// The role ID to use for this role. A role ID may contain alphanumeric characters, underscores (`_`), and periods (`.`). It must contain a minimum of 3 characters and a maximum of 64 characters.
	RoleId pulumi.StringPtrInput
	// The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.
	Stage OrganizationRoleStagePtrInput
	// Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
	Title pulumi.StringPtrInput
}

The set of arguments for constructing a OrganizationRole resource.

func (OrganizationRoleArgs) ElementType 

func (OrganizationRoleArgs) ElementType() reflect.Type

type OrganizationRoleInput 

type OrganizationRoleInput interface {
	pulumi.Input

	ToOrganizationRoleOutput() OrganizationRoleOutput
	ToOrganizationRoleOutputWithContext(ctx context.Context) OrganizationRoleOutput
}

type OrganizationRoleOutput 

type OrganizationRoleOutput struct{ *pulumi.OutputState }

func (OrganizationRoleOutput) Deleted added in v0.19.0 

func (o OrganizationRoleOutput) Deleted() pulumi.BoolOutput

The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.

func (OrganizationRoleOutput) Description added in v0.19.0 

func (o OrganizationRoleOutput) Description() pulumi.StringOutput

Optional. A human-readable description for the role.

func (OrganizationRoleOutput) ElementType 

func (OrganizationRoleOutput) ElementType() reflect.Type

func (OrganizationRoleOutput) Etag added in v0.19.0 

func (o OrganizationRoleOutput) Etag() pulumi.StringOutput

Used to perform a consistent read-modify-write.

func (OrganizationRoleOutput) IncludedPermissions added in v0.19.0 

func (o OrganizationRoleOutput) IncludedPermissions() pulumi.StringArrayOutput

The names of the permissions this role grants when bound in an IAM policy.

func (OrganizationRoleOutput) Name added in v0.19.0 

func (o OrganizationRoleOutput) Name() pulumi.StringOutput

The name of the role. When Role is used in CreateRole, the role name must not be set. When Role is used in output and other input such as UpdateRole, the role name is the complete path, e.g., roles/logging.viewer for predefined roles and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.

func (OrganizationRoleOutput) OrganizationId added in v0.21.0 

func (o OrganizationRoleOutput) OrganizationId() pulumi.StringOutput

func (OrganizationRoleOutput) Stage added in v0.19.0 

func (o OrganizationRoleOutput) Stage() pulumi.StringOutput

The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.

func (OrganizationRoleOutput) Title added in v0.19.0 

func (o OrganizationRoleOutput) Title() pulumi.StringOutput

Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.

func (OrganizationRoleOutput) ToOrganizationRoleOutput 

func (o OrganizationRoleOutput) ToOrganizationRoleOutput() OrganizationRoleOutput

func (OrganizationRoleOutput) ToOrganizationRoleOutputWithContext 

func (o OrganizationRoleOutput) ToOrganizationRoleOutputWithContext(ctx context.Context) OrganizationRoleOutput

type OrganizationRoleStage added in v0.4.0 

type OrganizationRoleStage string

The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.

func (OrganizationRoleStage) ElementType added in v0.4.0 

func (OrganizationRoleStage) ElementType() reflect.Type

func (OrganizationRoleStage) ToOrganizationRoleStageOutput added in v0.6.0 

func (e OrganizationRoleStage) ToOrganizationRoleStageOutput() OrganizationRoleStageOutput

func (OrganizationRoleStage) ToOrganizationRoleStageOutputWithContext added in v0.6.0 

func (e OrganizationRoleStage) ToOrganizationRoleStageOutputWithContext(ctx context.Context) OrganizationRoleStageOutput

func (OrganizationRoleStage) ToOrganizationRoleStagePtrOutput added in v0.6.0 

func (e OrganizationRoleStage) ToOrganizationRoleStagePtrOutput() OrganizationRoleStagePtrOutput

func (OrganizationRoleStage) ToOrganizationRoleStagePtrOutputWithContext added in v0.6.0 

func (e OrganizationRoleStage) ToOrganizationRoleStagePtrOutputWithContext(ctx context.Context) OrganizationRoleStagePtrOutput

func (OrganizationRoleStage) ToStringOutput added in v0.4.0 

func (e OrganizationRoleStage) ToStringOutput() pulumi.StringOutput

func (OrganizationRoleStage) ToStringOutputWithContext added in v0.4.0 

func (e OrganizationRoleStage) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (OrganizationRoleStage) ToStringPtrOutput added in v0.4.0 

func (e OrganizationRoleStage) ToStringPtrOutput() pulumi.StringPtrOutput

func (OrganizationRoleStage) ToStringPtrOutputWithContext added in v0.4.0 

func (e OrganizationRoleStage) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type OrganizationRoleStageInput added in v0.6.0 

type OrganizationRoleStageInput interface {
	pulumi.Input

	ToOrganizationRoleStageOutput() OrganizationRoleStageOutput
	ToOrganizationRoleStageOutputWithContext(context.Context) OrganizationRoleStageOutput
}

OrganizationRoleStageInput is an input type that accepts OrganizationRoleStageArgs and OrganizationRoleStageOutput values. You can construct a concrete instance of `OrganizationRoleStageInput` via: 

OrganizationRoleStageArgs{...}

type OrganizationRoleStageOutput added in v0.6.0 

type OrganizationRoleStageOutput struct{ *pulumi.OutputState }

func (OrganizationRoleStageOutput) ElementType added in v0.6.0 

func (OrganizationRoleStageOutput) ElementType() reflect.Type

func (OrganizationRoleStageOutput) ToOrganizationRoleStageOutput added in v0.6.0 

func (o OrganizationRoleStageOutput) ToOrganizationRoleStageOutput() OrganizationRoleStageOutput

func (OrganizationRoleStageOutput) ToOrganizationRoleStageOutputWithContext added in v0.6.0 

func (o OrganizationRoleStageOutput) ToOrganizationRoleStageOutputWithContext(ctx context.Context) OrganizationRoleStageOutput

func (OrganizationRoleStageOutput) ToOrganizationRoleStagePtrOutput added in v0.6.0 

func (o OrganizationRoleStageOutput) ToOrganizationRoleStagePtrOutput() OrganizationRoleStagePtrOutput

func (OrganizationRoleStageOutput) ToOrganizationRoleStagePtrOutputWithContext added in v0.6.0 

func (o OrganizationRoleStageOutput) ToOrganizationRoleStagePtrOutputWithContext(ctx context.Context) OrganizationRoleStagePtrOutput

func (OrganizationRoleStageOutput) ToStringOutput added in v0.6.0 

func (o OrganizationRoleStageOutput) ToStringOutput() pulumi.StringOutput

func (OrganizationRoleStageOutput) ToStringOutputWithContext added in v0.6.0 

func (o OrganizationRoleStageOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (OrganizationRoleStageOutput) ToStringPtrOutput added in v0.6.0 

func (o OrganizationRoleStageOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (OrganizationRoleStageOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o OrganizationRoleStageOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type OrganizationRoleStagePtrInput added in v0.6.0 

type OrganizationRoleStagePtrInput interface {
	pulumi.Input

	ToOrganizationRoleStagePtrOutput() OrganizationRoleStagePtrOutput
	ToOrganizationRoleStagePtrOutputWithContext(context.Context) OrganizationRoleStagePtrOutput
}

func OrganizationRoleStagePtr added in v0.6.0 

func OrganizationRoleStagePtr(v string) OrganizationRoleStagePtrInput

type OrganizationRoleStagePtrOutput added in v0.6.0 

type OrganizationRoleStagePtrOutput struct{ *pulumi.OutputState }

func (OrganizationRoleStagePtrOutput) Elem added in v0.6.0 

func (o OrganizationRoleStagePtrOutput) Elem() OrganizationRoleStageOutput

func (OrganizationRoleStagePtrOutput) ElementType added in v0.6.0 

func (OrganizationRoleStagePtrOutput) ElementType() reflect.Type

func (OrganizationRoleStagePtrOutput) ToOrganizationRoleStagePtrOutput added in v0.6.0 

func (o OrganizationRoleStagePtrOutput) ToOrganizationRoleStagePtrOutput() OrganizationRoleStagePtrOutput

func (OrganizationRoleStagePtrOutput) ToOrganizationRoleStagePtrOutputWithContext added in v0.6.0 

func (o OrganizationRoleStagePtrOutput) ToOrganizationRoleStagePtrOutputWithContext(ctx context.Context) OrganizationRoleStagePtrOutput

func (OrganizationRoleStagePtrOutput) ToStringPtrOutput added in v0.6.0 

func (o OrganizationRoleStagePtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (OrganizationRoleStagePtrOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o OrganizationRoleStagePtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type OrganizationRoleState 

type OrganizationRoleState struct {
}

func (OrganizationRoleState) ElementType 

func (OrganizationRoleState) ElementType() reflect.Type

type Provider added in v0.3.0 

type Provider struct {
	pulumi.CustomResourceState

	// [A Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions: * `assertion`: JSON representing the authentication credential issued by the provider. * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credential are accepted. The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: “`"'admins' in google.groups"“`
	AttributeCondition pulumi.StringOutput `pulumi:"attributeCondition"`
	// Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. Cannot exceed 127 bytes. * `google.groups`: Groups the external identity belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where `{custom_attribute}` is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workload to Google Cloud resources. For example: * `google.subject`: `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 8KB. For AWS providers, if no attribute mapping is defined, the following default mapping applies: “`{ "google.subject":"assertion.arn", "attribute.aws_role": "assertion.arn.contains('assumed-role')" " ? assertion.arn.extract('{account_arn}assumed-role/')" " + 'assumed-role/'" " + assertion.arn.extract('assumed-role/{role_name}/')" " : assertion.arn", }“` If any custom attribute mappings are defined, they must include a mapping to the `google.subject` attribute. For OIDC providers, you must supply a custom mapping, which must include the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token: “`{"google.subject": "assertion.sub"}“`
	AttributeMapping pulumi.StringMapOutput `pulumi:"attributeMapping"`
	// An Amazon Web Services identity provider.
	Aws AwsResponseOutput `pulumi:"aws"`
	// A description for the provider. Cannot exceed 256 characters.
	Description pulumi.StringOutput `pulumi:"description"`
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.
	Disabled pulumi.BoolOutput `pulumi:"disabled"`
	// A display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	Location    pulumi.StringOutput `pulumi:"location"`
	// The resource name of the provider.
	Name pulumi.StringOutput `pulumi:"name"`
	// An OpenId Connect 1.0 identity provider.
	Oidc    OidcResponseOutput  `pulumi:"oidc"`
	Project pulumi.StringOutput `pulumi:"project"`
	// An SAML 2.0 identity provider.
	Saml SamlResponseOutput `pulumi:"saml"`
	// The state of the provider.
	State                  pulumi.StringOutput `pulumi:"state"`
	WorkloadIdentityPoolId pulumi.StringOutput `pulumi:"workloadIdentityPoolId"`
	// Required. The ID for the provider, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolProviderId pulumi.StringOutput `pulumi:"workloadIdentityPoolProviderId"`
}

Creates a new WorkloadIdentityPoolProvider in a WorkloadIdentityPool. You cannot reuse the name of a deleted provider until 30 days after deletion. Auto-naming is currently not supported for this resource.

func GetProvider added in v0.3.0 

func GetProvider(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ProviderState, opts ...pulumi.ResourceOption) (*Provider, error)

GetProvider gets an existing Provider resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewProvider added in v0.3.0 

func NewProvider(ctx *pulumi.Context,
	name string, args *ProviderArgs, opts ...pulumi.ResourceOption) (*Provider, error)

NewProvider registers a new resource with the given unique name, arguments, and options.

func (*Provider) ElementType added in v0.3.0 

func (*Provider) ElementType() reflect.Type

func (*Provider) ToProviderOutput added in v0.3.0 

func (i *Provider) ToProviderOutput() ProviderOutput

func (*Provider) ToProviderOutputWithContext added in v0.3.0 

func (i *Provider) ToProviderOutputWithContext(ctx context.Context) ProviderOutput

type ProviderArgs added in v0.3.0 

type ProviderArgs struct {
	// [A Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions: * `assertion`: JSON representing the authentication credential issued by the provider. * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credential are accepted. The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: “`"'admins' in google.groups"“`
	AttributeCondition pulumi.StringPtrInput
	// Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. Cannot exceed 127 bytes. * `google.groups`: Groups the external identity belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where `{custom_attribute}` is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workload to Google Cloud resources. For example: * `google.subject`: `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 8KB. For AWS providers, if no attribute mapping is defined, the following default mapping applies: “`{ "google.subject":"assertion.arn", "attribute.aws_role": "assertion.arn.contains('assumed-role')" " ? assertion.arn.extract('{account_arn}assumed-role/')" " + 'assumed-role/'" " + assertion.arn.extract('assumed-role/{role_name}/')" " : assertion.arn", }“` If any custom attribute mappings are defined, they must include a mapping to the `google.subject` attribute. For OIDC providers, you must supply a custom mapping, which must include the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token: “`{"google.subject": "assertion.sub"}“`
	AttributeMapping pulumi.StringMapInput
	// An Amazon Web Services identity provider.
	Aws AwsPtrInput
	// A description for the provider. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.
	Disabled pulumi.BoolPtrInput
	// A display name for the provider. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	Location    pulumi.StringPtrInput
	// An OpenId Connect 1.0 identity provider.
	Oidc    OidcPtrInput
	Project pulumi.StringPtrInput
	// An SAML 2.0 identity provider.
	Saml                   SamlPtrInput
	WorkloadIdentityPoolId pulumi.StringInput
	// Required. The ID for the provider, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolProviderId pulumi.StringInput
}

The set of arguments for constructing a Provider resource.

func (ProviderArgs) ElementType added in v0.3.0 

func (ProviderArgs) ElementType() reflect.Type

type ProviderInput added in v0.3.0 

type ProviderInput interface {
	pulumi.Input

	ToProviderOutput() ProviderOutput
	ToProviderOutputWithContext(ctx context.Context) ProviderOutput
}

type ProviderOutput added in v0.3.0 

type ProviderOutput struct{ *pulumi.OutputState }

func (ProviderOutput) AttributeCondition added in v0.19.0 

func (o ProviderOutput) AttributeCondition() pulumi.StringOutput

[A Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions: * `assertion`: JSON representing the authentication credential issued by the provider. * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credential are accepted. The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: ```"'admins' in google.groups"```

func (ProviderOutput) AttributeMapping added in v0.19.0 

func (o ProviderOutput) AttributeMapping() pulumi.StringMapOutput

Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. Cannot exceed 127 bytes. * `google.groups`: Groups the external identity belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where `{custom_attribute}` is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workload to Google Cloud resources. For example: * `google.subject`: `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 8KB. For AWS providers, if no attribute mapping is defined, the following default mapping applies: ```{ "google.subject":"assertion.arn", "attribute.aws_role": "assertion.arn.contains('assumed-role')" " ? assertion.arn.extract('{account_arn}assumed-role/')" " + 'assumed-role/'" " + assertion.arn.extract('assumed-role/{role_name}/')" " : assertion.arn", }``` If any custom attribute mappings are defined, they must include a mapping to the `google.subject` attribute. For OIDC providers, you must supply a custom mapping, which must include the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token: ```{"google.subject": "assertion.sub"}```

func (ProviderOutput) Aws added in v0.19.0 

func (o ProviderOutput) Aws() AwsResponseOutput

An Amazon Web Services identity provider.

func (ProviderOutput) Description added in v0.19.0 

func (o ProviderOutput) Description() pulumi.StringOutput

A description for the provider. Cannot exceed 256 characters.

func (ProviderOutput) Disabled added in v0.19.0 

func (o ProviderOutput) Disabled() pulumi.BoolOutput

Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.

func (ProviderOutput) DisplayName added in v0.19.0 

func (o ProviderOutput) DisplayName() pulumi.StringOutput

A display name for the provider. Cannot exceed 32 characters.

func (ProviderOutput) ElementType added in v0.3.0 

func (ProviderOutput) ElementType() reflect.Type

func (ProviderOutput) Location added in v0.21.0 

func (o ProviderOutput) Location() pulumi.StringOutput

func (ProviderOutput) Name added in v0.19.0 

func (o ProviderOutput) Name() pulumi.StringOutput

The resource name of the provider.

func (ProviderOutput) Oidc added in v0.19.0 

func (o ProviderOutput) Oidc() OidcResponseOutput

An OpenId Connect 1.0 identity provider.

func (ProviderOutput) Project added in v0.21.0 

func (o ProviderOutput) Project() pulumi.StringOutput

func (ProviderOutput) Saml added in v0.19.0 

func (o ProviderOutput) Saml() SamlResponseOutput

An SAML 2.0 identity provider.

func (ProviderOutput) State added in v0.19.0 

func (o ProviderOutput) State() pulumi.StringOutput

The state of the provider.

func (ProviderOutput) ToProviderOutput added in v0.3.0 

func (o ProviderOutput) ToProviderOutput() ProviderOutput

func (ProviderOutput) ToProviderOutputWithContext added in v0.3.0 

func (o ProviderOutput) ToProviderOutputWithContext(ctx context.Context) ProviderOutput

func (ProviderOutput) WorkloadIdentityPoolId added in v0.21.0 

func (o ProviderOutput) WorkloadIdentityPoolId() pulumi.StringOutput

func (ProviderOutput) WorkloadIdentityPoolProviderId added in v0.21.0 

func (o ProviderOutput) WorkloadIdentityPoolProviderId() pulumi.StringOutput

Required. The ID for the provider, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.

type ProviderState added in v0.3.0 

type ProviderState struct {
}

func (ProviderState) ElementType added in v0.3.0 

func (ProviderState) ElementType() reflect.Type

type Role 

type Role struct {
	pulumi.CustomResourceState

	// The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
	Deleted pulumi.BoolOutput `pulumi:"deleted"`
	// Optional. A human-readable description for the role.
	Description pulumi.StringOutput `pulumi:"description"`
	// Used to perform a consistent read-modify-write.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The names of the permissions this role grants when bound in an IAM policy.
	IncludedPermissions pulumi.StringArrayOutput `pulumi:"includedPermissions"`
	// The name of the role. When Role is used in CreateRole, the role name must not be set. When Role is used in output and other input such as UpdateRole, the role name is the complete path, e.g., roles/logging.viewer for predefined roles and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
	Name    pulumi.StringOutput `pulumi:"name"`
	Project pulumi.StringOutput `pulumi:"project"`
	// The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.
	Stage pulumi.StringOutput `pulumi:"stage"`
	// Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
	Title pulumi.StringOutput `pulumi:"title"`
}

Creates a new custom Role.

func GetRole 

func GetRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *RoleState, opts ...pulumi.ResourceOption) (*Role, error)

GetRole gets an existing Role resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewRole 

func NewRole(ctx *pulumi.Context,
	name string, args *RoleArgs, opts ...pulumi.ResourceOption) (*Role, error)

NewRole registers a new resource with the given unique name, arguments, and options.

func (*Role) ElementType 

func (*Role) ElementType() reflect.Type

func (*Role) ToRoleOutput 

func (i *Role) ToRoleOutput() RoleOutput

func (*Role) ToRoleOutputWithContext 

func (i *Role) ToRoleOutputWithContext(ctx context.Context) RoleOutput

type RoleArgs 

type RoleArgs struct {
	// The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
	Deleted pulumi.BoolPtrInput
	// Optional. A human-readable description for the role.
	Description pulumi.StringPtrInput
	// Used to perform a consistent read-modify-write.
	Etag pulumi.StringPtrInput
	// The names of the permissions this role grants when bound in an IAM policy.
	IncludedPermissions pulumi.StringArrayInput
	// The name of the role. When Role is used in CreateRole, the role name must not be set. When Role is used in output and other input such as UpdateRole, the role name is the complete path, e.g., roles/logging.viewer for predefined roles and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
	Name    pulumi.StringPtrInput
	Project pulumi.StringPtrInput
	// The role ID to use for this role. A role ID may contain alphanumeric characters, underscores (`_`), and periods (`.`). It must contain a minimum of 3 characters and a maximum of 64 characters.
	RoleId pulumi.StringPtrInput
	// The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.
	Stage RoleStagePtrInput
	// Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
	Title pulumi.StringPtrInput
}

The set of arguments for constructing a Role resource.

func (RoleArgs) ElementType 

func (RoleArgs) ElementType() reflect.Type

type RoleInput 

type RoleInput interface {
	pulumi.Input

	ToRoleOutput() RoleOutput
	ToRoleOutputWithContext(ctx context.Context) RoleOutput
}

type RoleOutput 

type RoleOutput struct{ *pulumi.OutputState }

func (RoleOutput) Deleted added in v0.19.0 

func (o RoleOutput) Deleted() pulumi.BoolOutput

The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.

func (RoleOutput) Description added in v0.19.0 

func (o RoleOutput) Description() pulumi.StringOutput

Optional. A human-readable description for the role.

func (RoleOutput) ElementType 

func (RoleOutput) ElementType() reflect.Type

func (RoleOutput) Etag added in v0.19.0 

func (o RoleOutput) Etag() pulumi.StringOutput

Used to perform a consistent read-modify-write.

func (RoleOutput) IncludedPermissions added in v0.19.0 

func (o RoleOutput) IncludedPermissions() pulumi.StringArrayOutput

The names of the permissions this role grants when bound in an IAM policy.

func (RoleOutput) Name added in v0.19.0 

func (o RoleOutput) Name() pulumi.StringOutput

The name of the role. When Role is used in CreateRole, the role name must not be set. When Role is used in output and other input such as UpdateRole, the role name is the complete path, e.g., roles/logging.viewer for predefined roles and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.

func (RoleOutput) Project added in v0.21.0 

func (o RoleOutput) Project() pulumi.StringOutput

func (RoleOutput) Stage added in v0.19.0 

func (o RoleOutput) Stage() pulumi.StringOutput

The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.

func (RoleOutput) Title added in v0.19.0 

func (o RoleOutput) Title() pulumi.StringOutput

Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.

func (RoleOutput) ToRoleOutput 

func (o RoleOutput) ToRoleOutput() RoleOutput

func (RoleOutput) ToRoleOutputWithContext 

func (o RoleOutput) ToRoleOutputWithContext(ctx context.Context) RoleOutput

type RoleStage added in v0.4.0 

type RoleStage string

The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.

func (RoleStage) ElementType added in v0.4.0 

func (RoleStage) ElementType() reflect.Type

func (RoleStage) ToRoleStageOutput added in v0.6.0 

func (e RoleStage) ToRoleStageOutput() RoleStageOutput

func (RoleStage) ToRoleStageOutputWithContext added in v0.6.0 

func (e RoleStage) ToRoleStageOutputWithContext(ctx context.Context) RoleStageOutput

func (RoleStage) ToRoleStagePtrOutput added in v0.6.0 

func (e RoleStage) ToRoleStagePtrOutput() RoleStagePtrOutput

func (RoleStage) ToRoleStagePtrOutputWithContext added in v0.6.0 

func (e RoleStage) ToRoleStagePtrOutputWithContext(ctx context.Context) RoleStagePtrOutput

func (RoleStage) ToStringOutput added in v0.4.0 

func (e RoleStage) ToStringOutput() pulumi.StringOutput

func (RoleStage) ToStringOutputWithContext added in v0.4.0 

func (e RoleStage) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (RoleStage) ToStringPtrOutput added in v0.4.0 

func (e RoleStage) ToStringPtrOutput() pulumi.StringPtrOutput

func (RoleStage) ToStringPtrOutputWithContext added in v0.4.0 

func (e RoleStage) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type RoleStageInput added in v0.6.0 

type RoleStageInput interface {
	pulumi.Input

	ToRoleStageOutput() RoleStageOutput
	ToRoleStageOutputWithContext(context.Context) RoleStageOutput
}

RoleStageInput is an input type that accepts RoleStageArgs and RoleStageOutput values. You can construct a concrete instance of `RoleStageInput` via: 

RoleStageArgs{...}

type RoleStageOutput added in v0.6.0 

type RoleStageOutput struct{ *pulumi.OutputState }

func (RoleStageOutput) ElementType added in v0.6.0 

func (RoleStageOutput) ElementType() reflect.Type

func (RoleStageOutput) ToRoleStageOutput added in v0.6.0 

func (o RoleStageOutput) ToRoleStageOutput() RoleStageOutput

func (RoleStageOutput) ToRoleStageOutputWithContext added in v0.6.0 

func (o RoleStageOutput) ToRoleStageOutputWithContext(ctx context.Context) RoleStageOutput

func (RoleStageOutput) ToRoleStagePtrOutput added in v0.6.0 

func (o RoleStageOutput) ToRoleStagePtrOutput() RoleStagePtrOutput

func (RoleStageOutput) ToRoleStagePtrOutputWithContext added in v0.6.0 

func (o RoleStageOutput) ToRoleStagePtrOutputWithContext(ctx context.Context) RoleStagePtrOutput

func (RoleStageOutput) ToStringOutput added in v0.6.0 

func (o RoleStageOutput) ToStringOutput() pulumi.StringOutput

func (RoleStageOutput) ToStringOutputWithContext added in v0.6.0 

func (o RoleStageOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (RoleStageOutput) ToStringPtrOutput added in v0.6.0 

func (o RoleStageOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (RoleStageOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o RoleStageOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type RoleStagePtrInput added in v0.6.0 

type RoleStagePtrInput interface {
	pulumi.Input

	ToRoleStagePtrOutput() RoleStagePtrOutput
	ToRoleStagePtrOutputWithContext(context.Context) RoleStagePtrOutput
}

func RoleStagePtr added in v0.6.0 

func RoleStagePtr(v string) RoleStagePtrInput

type RoleStagePtrOutput added in v0.6.0 

type RoleStagePtrOutput struct{ *pulumi.OutputState }

func (RoleStagePtrOutput) Elem added in v0.6.0 

func (o RoleStagePtrOutput) Elem() RoleStageOutput

func (RoleStagePtrOutput) ElementType added in v0.6.0 

func (RoleStagePtrOutput) ElementType() reflect.Type

func (RoleStagePtrOutput) ToRoleStagePtrOutput added in v0.6.0 

func (o RoleStagePtrOutput) ToRoleStagePtrOutput() RoleStagePtrOutput

func (RoleStagePtrOutput) ToRoleStagePtrOutputWithContext added in v0.6.0 

func (o RoleStagePtrOutput) ToRoleStagePtrOutputWithContext(ctx context.Context) RoleStagePtrOutput

func (RoleStagePtrOutput) ToStringPtrOutput added in v0.6.0 

func (o RoleStagePtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (RoleStagePtrOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o RoleStagePtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type RoleState 

type RoleState struct {
}

func (RoleState) ElementType 

func (RoleState) ElementType() reflect.Type

type Saml added in v0.19.0 

type Saml struct {
	// SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://www.oasis-open.org/committees/download.php/56785/sstc-saml-metadata-errata-2.0-wd-05.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 14 years in the future. 4) Upto 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at lease one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata
	IdpMetadataXml string `pulumi:"idpMetadataXml"`
}

Represents an SAML 2.0 identity provider.

type SamlArgs added in v0.19.0 

type SamlArgs struct {
	// SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://www.oasis-open.org/committees/download.php/56785/sstc-saml-metadata-errata-2.0-wd-05.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 14 years in the future. 4) Upto 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at lease one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata
	IdpMetadataXml pulumi.StringInput `pulumi:"idpMetadataXml"`
}

Represents an SAML 2.0 identity provider.

func (SamlArgs) ElementType added in v0.19.0 

func (SamlArgs) ElementType() reflect.Type

func (SamlArgs) ToSamlOutput added in v0.19.0 

func (i SamlArgs) ToSamlOutput() SamlOutput

func (SamlArgs) ToSamlOutputWithContext added in v0.19.0 

func (i SamlArgs) ToSamlOutputWithContext(ctx context.Context) SamlOutput

func (SamlArgs) ToSamlPtrOutput added in v0.19.0 

func (i SamlArgs) ToSamlPtrOutput() SamlPtrOutput

func (SamlArgs) ToSamlPtrOutputWithContext added in v0.19.0 

func (i SamlArgs) ToSamlPtrOutputWithContext(ctx context.Context) SamlPtrOutput

type SamlInput added in v0.19.0 

type SamlInput interface {
	pulumi.Input

	ToSamlOutput() SamlOutput
	ToSamlOutputWithContext(context.Context) SamlOutput
}

SamlInput is an input type that accepts SamlArgs and SamlOutput values. You can construct a concrete instance of `SamlInput` via: 

SamlArgs{...}

type SamlOutput added in v0.19.0 

type SamlOutput struct{ *pulumi.OutputState }

Represents an SAML 2.0 identity provider.

func (SamlOutput) ElementType added in v0.19.0 

func (SamlOutput) ElementType() reflect.Type

func (SamlOutput) IdpMetadataXml added in v0.19.0 

func (o SamlOutput) IdpMetadataXml() pulumi.StringOutput

SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://www.oasis-open.org/committees/download.php/56785/sstc-saml-metadata-errata-2.0-wd-05.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 14 years in the future. 4) Upto 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at lease one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata

func (SamlOutput) ToSamlOutput added in v0.19.0 

func (o SamlOutput) ToSamlOutput() SamlOutput

func (SamlOutput) ToSamlOutputWithContext added in v0.19.0 

func (o SamlOutput) ToSamlOutputWithContext(ctx context.Context) SamlOutput

func (SamlOutput) ToSamlPtrOutput added in v0.19.0 

func (o SamlOutput) ToSamlPtrOutput() SamlPtrOutput

func (SamlOutput) ToSamlPtrOutputWithContext added in v0.19.0 

func (o SamlOutput) ToSamlPtrOutputWithContext(ctx context.Context) SamlPtrOutput

type SamlPtrInput added in v0.19.0 

type SamlPtrInput interface {
	pulumi.Input

	ToSamlPtrOutput() SamlPtrOutput
	ToSamlPtrOutputWithContext(context.Context) SamlPtrOutput
}

SamlPtrInput is an input type that accepts SamlArgs, SamlPtr and SamlPtrOutput values. You can construct a concrete instance of `SamlPtrInput` via: 

        SamlArgs{...}

or:

        nil

func SamlPtr added in v0.19.0 

func SamlPtr(v *SamlArgs) SamlPtrInput

type SamlPtrOutput added in v0.19.0 

type SamlPtrOutput struct{ *pulumi.OutputState }

func (SamlPtrOutput) Elem added in v0.19.0 

func (o SamlPtrOutput) Elem() SamlOutput

func (SamlPtrOutput) ElementType added in v0.19.0 

func (SamlPtrOutput) ElementType() reflect.Type

func (SamlPtrOutput) IdpMetadataXml added in v0.19.0 

func (o SamlPtrOutput) IdpMetadataXml() pulumi.StringPtrOutput

SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://www.oasis-open.org/committees/download.php/56785/sstc-saml-metadata-errata-2.0-wd-05.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 14 years in the future. 4) Upto 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at lease one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata

func (SamlPtrOutput) ToSamlPtrOutput added in v0.19.0 

func (o SamlPtrOutput) ToSamlPtrOutput() SamlPtrOutput

func (SamlPtrOutput) ToSamlPtrOutputWithContext added in v0.19.0 

func (o SamlPtrOutput) ToSamlPtrOutputWithContext(ctx context.Context) SamlPtrOutput

type SamlResponse added in v0.19.0 

type SamlResponse struct {
	// SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://www.oasis-open.org/committees/download.php/56785/sstc-saml-metadata-errata-2.0-wd-05.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 14 years in the future. 4) Upto 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at lease one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata
	IdpMetadataXml string `pulumi:"idpMetadataXml"`
}

Represents an SAML 2.0 identity provider.

type SamlResponseOutput added in v0.19.0 

type SamlResponseOutput struct{ *pulumi.OutputState }

Represents an SAML 2.0 identity provider.

func (SamlResponseOutput) ElementType added in v0.19.0 

func (SamlResponseOutput) ElementType() reflect.Type

func (SamlResponseOutput) IdpMetadataXml added in v0.19.0 

func (o SamlResponseOutput) IdpMetadataXml() pulumi.StringOutput

SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://www.oasis-open.org/committees/download.php/56785/sstc-saml-metadata-errata-2.0-wd-05.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 14 years in the future. 4) Upto 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at lease one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata

func (SamlResponseOutput) ToSamlResponseOutput added in v0.19.0 

func (o SamlResponseOutput) ToSamlResponseOutput() SamlResponseOutput

func (SamlResponseOutput) ToSamlResponseOutputWithContext added in v0.19.0 

func (o SamlResponseOutput) ToSamlResponseOutputWithContext(ctx context.Context) SamlResponseOutput

type ServiceAccount 

type ServiceAccount struct {
	pulumi.CustomResourceState

	// Optional. A user-specified, human-readable description of the service account. The maximum length is 256 UTF-8 bytes.
	Description pulumi.StringOutput `pulumi:"description"`
	// Whether the service account is disabled.
	Disabled pulumi.BoolOutput `pulumi:"disabled"`
	// Optional. A user-specified, human-readable name for the service account. The maximum length is 100 UTF-8 bytes.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// The email address of the service account.
	Email pulumi.StringOutput `pulumi:"email"`
	// Deprecated. Do not use.
	//
	// Deprecated: Deprecated. Do not use.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The resource name of the service account. Use one of the following formats: * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an alternative, you can use the `-` wildcard character instead of the project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` * `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using the `-` wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account `projects/-/serviceAccounts/fake@example.com`, which does not exist, the response contains an HTTP `403 Forbidden` error instead of a `404 Not Found` error.
	Name pulumi.StringOutput `pulumi:"name"`
	// The OAuth 2.0 client ID for the service account.
	Oauth2ClientId pulumi.StringOutput `pulumi:"oauth2ClientId"`
	Project        pulumi.StringOutput `pulumi:"project"`
	// The unique, stable numeric ID for the service account. Each service account retains its unique ID even if you delete the service account. For example, if you delete a service account, then create a new service account with the same name, the new service account has a different unique ID than the deleted service account.
	UniqueId pulumi.StringOutput `pulumi:"uniqueId"`
}

Creates a ServiceAccount. Auto-naming is currently not supported for this resource.

func GetServiceAccount 

func GetServiceAccount(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ServiceAccountState, opts ...pulumi.ResourceOption) (*ServiceAccount, error)

GetServiceAccount gets an existing ServiceAccount resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewServiceAccount 

func NewServiceAccount(ctx *pulumi.Context,
	name string, args *ServiceAccountArgs, opts ...pulumi.ResourceOption) (*ServiceAccount, error)

NewServiceAccount registers a new resource with the given unique name, arguments, and options.

func (*ServiceAccount) ElementType 

func (*ServiceAccount) ElementType() reflect.Type

func (*ServiceAccount) ToServiceAccountOutput 

func (i *ServiceAccount) ToServiceAccountOutput() ServiceAccountOutput

func (*ServiceAccount) ToServiceAccountOutputWithContext 

func (i *ServiceAccount) ToServiceAccountOutputWithContext(ctx context.Context) ServiceAccountOutput

type ServiceAccountArgs 

type ServiceAccountArgs struct {
	// The account id that is used to generate the service account email address and a stable unique id. It is unique within a project, must be 6-30 characters long, and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035.
	AccountId pulumi.StringInput
	// Optional. A user-specified, human-readable description of the service account. The maximum length is 256 UTF-8 bytes.
	Description pulumi.StringPtrInput
	// Optional. A user-specified, human-readable name for the service account. The maximum length is 100 UTF-8 bytes.
	DisplayName pulumi.StringPtrInput
	// Deprecated. Do not use.
	//
	// Deprecated: Deprecated. Do not use.
	Etag pulumi.StringPtrInput
	// The resource name of the service account. Use one of the following formats: * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an alternative, you can use the `-` wildcard character instead of the project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` * `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using the `-` wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account `projects/-/serviceAccounts/fake@example.com`, which does not exist, the response contains an HTTP `403 Forbidden` error instead of a `404 Not Found` error.
	Name    pulumi.StringPtrInput
	Project pulumi.StringPtrInput
}

The set of arguments for constructing a ServiceAccount resource.

func (ServiceAccountArgs) ElementType 

func (ServiceAccountArgs) ElementType() reflect.Type

type ServiceAccountIamBinding added in v0.26.0 

type ServiceAccountIamBinding struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the IAM policy that is attached to a ServiceAccount. Use this method to grant or revoke access to the service account. For example, you could grant a principal the ability to impersonate the service account. This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps: 1. Call the resource's `getIamPolicy` method to get its current IAM policy. 2. Edit the policy so that it binds the service account to an IAM role for the resource. 3. Call the resource's `setIamPolicy` method to update its IAM policy. For detailed instructions, see [Manage access to project, folders, and organizations](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts) or [Manage access to other resources](https://cloud.google.com/iam/help/access/manage-other-resources).

func GetServiceAccountIamBinding added in v0.26.0 

func GetServiceAccountIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ServiceAccountIamBindingState, opts ...pulumi.ResourceOption) (*ServiceAccountIamBinding, error)

GetServiceAccountIamBinding gets an existing ServiceAccountIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewServiceAccountIamBinding added in v0.26.0 

func NewServiceAccountIamBinding(ctx *pulumi.Context,
	name string, args *ServiceAccountIamBindingArgs, opts ...pulumi.ResourceOption) (*ServiceAccountIamBinding, error)

NewServiceAccountIamBinding registers a new resource with the given unique name, arguments, and options.

func (*ServiceAccountIamBinding) ElementType added in v0.26.0 

func (*ServiceAccountIamBinding) ElementType() reflect.Type

func (*ServiceAccountIamBinding) ToServiceAccountIamBindingOutput added in v0.26.0 

func (i *ServiceAccountIamBinding) ToServiceAccountIamBindingOutput() ServiceAccountIamBindingOutput

func (*ServiceAccountIamBinding) ToServiceAccountIamBindingOutputWithContext added in v0.26.0 

func (i *ServiceAccountIamBinding) ToServiceAccountIamBindingOutputWithContext(ctx context.Context) ServiceAccountIamBindingOutput

type ServiceAccountIamBindingArgs added in v0.26.0 

type ServiceAccountIamBindingArgs struct {
	// An IAM Condition for a given binding.
	Condition ConditionPtrInput
	// Identities that will be granted the privilege in role. Each entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied. Only one `IamBinding` can be used per role.
	Role pulumi.StringInput
}

The set of arguments for constructing a ServiceAccountIamBinding resource.

func (ServiceAccountIamBindingArgs) ElementType added in v0.26.0 

func (ServiceAccountIamBindingArgs) ElementType() reflect.Type

type ServiceAccountIamBindingInput added in v0.26.0 

type ServiceAccountIamBindingInput interface {
	pulumi.Input

	ToServiceAccountIamBindingOutput() ServiceAccountIamBindingOutput
	ToServiceAccountIamBindingOutputWithContext(ctx context.Context) ServiceAccountIamBindingOutput
}

type ServiceAccountIamBindingOutput added in v0.26.0 

type ServiceAccountIamBindingOutput struct{ *pulumi.OutputState }

func (ServiceAccountIamBindingOutput) Condition added in v0.26.0 

func (o ServiceAccountIamBindingOutput) Condition() ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (ServiceAccountIamBindingOutput) ElementType added in v0.26.0 

func (ServiceAccountIamBindingOutput) ElementType() reflect.Type

func (ServiceAccountIamBindingOutput) Etag added in v0.26.0 

func (o ServiceAccountIamBindingOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (ServiceAccountIamBindingOutput) Members added in v0.26.0 

func (o ServiceAccountIamBindingOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.

func (ServiceAccountIamBindingOutput) Name added in v0.26.0 

func (o ServiceAccountIamBindingOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (ServiceAccountIamBindingOutput) Project added in v0.26.0 

func (o ServiceAccountIamBindingOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (ServiceAccountIamBindingOutput) Role added in v0.26.0 

func (o ServiceAccountIamBindingOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (ServiceAccountIamBindingOutput) ToServiceAccountIamBindingOutput added in v0.26.0 

func (o ServiceAccountIamBindingOutput) ToServiceAccountIamBindingOutput() ServiceAccountIamBindingOutput

func (ServiceAccountIamBindingOutput) ToServiceAccountIamBindingOutputWithContext added in v0.26.0 

func (o ServiceAccountIamBindingOutput) ToServiceAccountIamBindingOutputWithContext(ctx context.Context) ServiceAccountIamBindingOutput

type ServiceAccountIamBindingState added in v0.26.0 

type ServiceAccountIamBindingState struct {
}

func (ServiceAccountIamBindingState) ElementType added in v0.26.0 

func (ServiceAccountIamBindingState) ElementType() reflect.Type

type ServiceAccountIamMember added in v0.26.0 

type ServiceAccountIamMember struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
	Member pulumi.StringOutput `pulumi:"member"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the IAM policy that is attached to a ServiceAccount. Use this method to grant or revoke access to the service account. For example, you could grant a principal the ability to impersonate the service account. This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps: 1. Call the resource's `getIamPolicy` method to get its current IAM policy. 2. Edit the policy so that it binds the service account to an IAM role for the resource. 3. Call the resource's `setIamPolicy` method to update its IAM policy. For detailed instructions, see [Manage access to project, folders, and organizations](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts) or [Manage access to other resources](https://cloud.google.com/iam/help/access/manage-other-resources).

func GetServiceAccountIamMember added in v0.26.0 

func GetServiceAccountIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ServiceAccountIamMemberState, opts ...pulumi.ResourceOption) (*ServiceAccountIamMember, error)

GetServiceAccountIamMember gets an existing ServiceAccountIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewServiceAccountIamMember added in v0.26.0 

func NewServiceAccountIamMember(ctx *pulumi.Context,
	name string, args *ServiceAccountIamMemberArgs, opts ...pulumi.ResourceOption) (*ServiceAccountIamMember, error)

NewServiceAccountIamMember registers a new resource with the given unique name, arguments, and options.

func (*ServiceAccountIamMember) ElementType added in v0.26.0 

func (*ServiceAccountIamMember) ElementType() reflect.Type

func (*ServiceAccountIamMember) ToServiceAccountIamMemberOutput added in v0.26.0 

func (i *ServiceAccountIamMember) ToServiceAccountIamMemberOutput() ServiceAccountIamMemberOutput

func (*ServiceAccountIamMember) ToServiceAccountIamMemberOutputWithContext added in v0.26.0 

func (i *ServiceAccountIamMember) ToServiceAccountIamMemberOutputWithContext(ctx context.Context) ServiceAccountIamMemberOutput

type ServiceAccountIamMemberArgs added in v0.26.0 

type ServiceAccountIamMemberArgs struct {
	// An IAM Condition for a given binding.
	Condition ConditionPtrInput
	// Identity that will be granted the privilege in role. The entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied.
	Role pulumi.StringInput
}

The set of arguments for constructing a ServiceAccountIamMember resource.

func (ServiceAccountIamMemberArgs) ElementType added in v0.26.0 

func (ServiceAccountIamMemberArgs) ElementType() reflect.Type

type ServiceAccountIamMemberInput added in v0.26.0 

type ServiceAccountIamMemberInput interface {
	pulumi.Input

	ToServiceAccountIamMemberOutput() ServiceAccountIamMemberOutput
	ToServiceAccountIamMemberOutputWithContext(ctx context.Context) ServiceAccountIamMemberOutput
}

type ServiceAccountIamMemberOutput added in v0.26.0 

type ServiceAccountIamMemberOutput struct{ *pulumi.OutputState }

func (ServiceAccountIamMemberOutput) Condition added in v0.26.0 

func (o ServiceAccountIamMemberOutput) Condition() ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (ServiceAccountIamMemberOutput) ElementType added in v0.26.0 

func (ServiceAccountIamMemberOutput) ElementType() reflect.Type

func (ServiceAccountIamMemberOutput) Etag added in v0.26.0 

func (o ServiceAccountIamMemberOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (ServiceAccountIamMemberOutput) Member added in v0.26.0 

func (o ServiceAccountIamMemberOutput) Member() pulumi.StringOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.

func (ServiceAccountIamMemberOutput) Name added in v0.26.0 

func (o ServiceAccountIamMemberOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (ServiceAccountIamMemberOutput) Project added in v0.26.0 

func (o ServiceAccountIamMemberOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (ServiceAccountIamMemberOutput) Role added in v0.26.0 

func (o ServiceAccountIamMemberOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (ServiceAccountIamMemberOutput) ToServiceAccountIamMemberOutput added in v0.26.0 

func (o ServiceAccountIamMemberOutput) ToServiceAccountIamMemberOutput() ServiceAccountIamMemberOutput

func (ServiceAccountIamMemberOutput) ToServiceAccountIamMemberOutputWithContext added in v0.26.0 

func (o ServiceAccountIamMemberOutput) ToServiceAccountIamMemberOutputWithContext(ctx context.Context) ServiceAccountIamMemberOutput

type ServiceAccountIamMemberState added in v0.26.0 

type ServiceAccountIamMemberState struct {
}

func (ServiceAccountIamMemberState) ElementType added in v0.26.0 

func (ServiceAccountIamMemberState) ElementType() reflect.Type

type ServiceAccountIamPolicy 

type ServiceAccountIamPolicy struct {
	pulumi.CustomResourceState

	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs AuditConfigResponseArrayOutput `pulumi:"auditConfigs"`
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingResponseArrayOutput `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag             pulumi.StringOutput `pulumi:"etag"`
	Project          pulumi.StringOutput `pulumi:"project"`
	ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntOutput `pulumi:"version"`
}

Sets the IAM policy that is attached to a ServiceAccount. Use this method to grant or revoke access to the service account. For example, you could grant a principal the ability to impersonate the service account. This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps: 1. Call the resource's `getIamPolicy` method to get its current IAM policy. 2. Edit the policy so that it binds the service account to an IAM role for the resource. 3. Call the resource's `setIamPolicy` method to update its IAM policy. For detailed instructions, see [Manage access to project, folders, and organizations](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts) or [Manage access to other resources](https://cloud.google.com/iam/help/access/manage-other-resources). Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

func GetServiceAccountIamPolicy 

func GetServiceAccountIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ServiceAccountIamPolicyState, opts ...pulumi.ResourceOption) (*ServiceAccountIamPolicy, error)

GetServiceAccountIamPolicy gets an existing ServiceAccountIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewServiceAccountIamPolicy 

func NewServiceAccountIamPolicy(ctx *pulumi.Context,
	name string, args *ServiceAccountIamPolicyArgs, opts ...pulumi.ResourceOption) (*ServiceAccountIamPolicy, error)

NewServiceAccountIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*ServiceAccountIamPolicy) ElementType 

func (*ServiceAccountIamPolicy) ElementType() reflect.Type

func (*ServiceAccountIamPolicy) ToServiceAccountIamPolicyOutput 

func (i *ServiceAccountIamPolicy) ToServiceAccountIamPolicyOutput() ServiceAccountIamPolicyOutput

func (*ServiceAccountIamPolicy) ToServiceAccountIamPolicyOutputWithContext 

func (i *ServiceAccountIamPolicy) ToServiceAccountIamPolicyOutputWithContext(ctx context.Context) ServiceAccountIamPolicyOutput

type ServiceAccountIamPolicyArgs 

type ServiceAccountIamPolicyArgs struct {
	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs AuditConfigArrayInput
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingArrayInput
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag             pulumi.StringPtrInput
	Project          pulumi.StringPtrInput
	ServiceAccountId pulumi.StringInput
	// OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: "bindings, etag"`
	UpdateMask pulumi.StringPtrInput
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntPtrInput
}

The set of arguments for constructing a ServiceAccountIamPolicy resource.

func (ServiceAccountIamPolicyArgs) ElementType 

func (ServiceAccountIamPolicyArgs) ElementType() reflect.Type

type ServiceAccountIamPolicyInput 

type ServiceAccountIamPolicyInput interface {
	pulumi.Input

	ToServiceAccountIamPolicyOutput() ServiceAccountIamPolicyOutput
	ToServiceAccountIamPolicyOutputWithContext(ctx context.Context) ServiceAccountIamPolicyOutput
}

type ServiceAccountIamPolicyOutput 

type ServiceAccountIamPolicyOutput struct{ *pulumi.OutputState }

func (ServiceAccountIamPolicyOutput) AuditConfigs added in v0.19.0 

func (o ServiceAccountIamPolicyOutput) AuditConfigs() AuditConfigResponseArrayOutput

Specifies cloud audit logging configuration for this policy.

func (ServiceAccountIamPolicyOutput) Bindings added in v0.19.0 

func (o ServiceAccountIamPolicyOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (ServiceAccountIamPolicyOutput) ElementType 

func (ServiceAccountIamPolicyOutput) ElementType() reflect.Type

func (ServiceAccountIamPolicyOutput) Etag added in v0.19.0 

func (o ServiceAccountIamPolicyOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (ServiceAccountIamPolicyOutput) Project added in v0.21.0 

func (o ServiceAccountIamPolicyOutput) Project() pulumi.StringOutput

func (ServiceAccountIamPolicyOutput) ServiceAccountId added in v0.21.0 

func (o ServiceAccountIamPolicyOutput) ServiceAccountId() pulumi.StringOutput

func (ServiceAccountIamPolicyOutput) ToServiceAccountIamPolicyOutput 

func (o ServiceAccountIamPolicyOutput) ToServiceAccountIamPolicyOutput() ServiceAccountIamPolicyOutput

func (ServiceAccountIamPolicyOutput) ToServiceAccountIamPolicyOutputWithContext 

func (o ServiceAccountIamPolicyOutput) ToServiceAccountIamPolicyOutputWithContext(ctx context.Context) ServiceAccountIamPolicyOutput

func (ServiceAccountIamPolicyOutput) Version added in v0.19.0 

func (o ServiceAccountIamPolicyOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type ServiceAccountIamPolicyState 

type ServiceAccountIamPolicyState struct {
}

func (ServiceAccountIamPolicyState) ElementType 

func (ServiceAccountIamPolicyState) ElementType() reflect.Type

type ServiceAccountInput 

type ServiceAccountInput interface {
	pulumi.Input

	ToServiceAccountOutput() ServiceAccountOutput
	ToServiceAccountOutputWithContext(ctx context.Context) ServiceAccountOutput
}

type ServiceAccountOutput 

type ServiceAccountOutput struct{ *pulumi.OutputState }

func (ServiceAccountOutput) Description added in v0.19.0 

func (o ServiceAccountOutput) Description() pulumi.StringOutput

Optional. A user-specified, human-readable description of the service account. The maximum length is 256 UTF-8 bytes.

func (ServiceAccountOutput) Disabled added in v0.19.0 

func (o ServiceAccountOutput) Disabled() pulumi.BoolOutput

Whether the service account is disabled.

func (ServiceAccountOutput) DisplayName added in v0.19.0 

func (o ServiceAccountOutput) DisplayName() pulumi.StringOutput

Optional. A user-specified, human-readable name for the service account. The maximum length is 100 UTF-8 bytes.

func (ServiceAccountOutput) ElementType 

func (ServiceAccountOutput) ElementType() reflect.Type

func (ServiceAccountOutput) Email added in v0.19.0 

func (o ServiceAccountOutput) Email() pulumi.StringOutput

The email address of the service account.

func (ServiceAccountOutput) Etag deprecated added in v0.19.0 

func (o ServiceAccountOutput) Etag() pulumi.StringOutput

Deprecated. Do not use.

Deprecated: Deprecated. Do not use.

func (ServiceAccountOutput) Name added in v0.19.0 

func (o ServiceAccountOutput) Name() pulumi.StringOutput

The resource name of the service account. Use one of the following formats: * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an alternative, you can use the `-` wildcard character instead of the project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` * `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using the `-` wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account `projects/-/serviceAccounts/fake@example.com`, which does not exist, the response contains an HTTP `403 Forbidden` error instead of a `404 Not Found` error.

func (ServiceAccountOutput) Oauth2ClientId added in v0.19.0 

func (o ServiceAccountOutput) Oauth2ClientId() pulumi.StringOutput

The OAuth 2.0 client ID for the service account.

func (ServiceAccountOutput) Project added in v0.19.0 

func (o ServiceAccountOutput) Project() pulumi.StringOutput

func (ServiceAccountOutput) ToServiceAccountOutput 

func (o ServiceAccountOutput) ToServiceAccountOutput() ServiceAccountOutput

func (ServiceAccountOutput) ToServiceAccountOutputWithContext 

func (o ServiceAccountOutput) ToServiceAccountOutputWithContext(ctx context.Context) ServiceAccountOutput

func (ServiceAccountOutput) UniqueId added in v0.19.0 

func (o ServiceAccountOutput) UniqueId() pulumi.StringOutput

The unique, stable numeric ID for the service account. Each service account retains its unique ID even if you delete the service account. For example, if you delete a service account, then create a new service account with the same name, the new service account has a different unique ID than the deleted service account.

type ServiceAccountState 

type ServiceAccountState struct {
}

func (ServiceAccountState) ElementType 

func (ServiceAccountState) ElementType() reflect.Type

type WorkloadIdentityPool 

type WorkloadIdentityPool struct {
	pulumi.CustomResourceState

	// A description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringOutput `pulumi:"description"`
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
	Disabled pulumi.BoolOutput `pulumi:"disabled"`
	// A display name for the pool. Cannot exceed 32 characters.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	Location    pulumi.StringOutput `pulumi:"location"`
	// The resource name of the pool.
	Name    pulumi.StringOutput `pulumi:"name"`
	Project pulumi.StringOutput `pulumi:"project"`
	// The state of the pool.
	State pulumi.StringOutput `pulumi:"state"`
	// Required. The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolId pulumi.StringOutput `pulumi:"workloadIdentityPoolId"`
}

Creates a new WorkloadIdentityPool. You cannot reuse the name of a deleted pool until 30 days after deletion. Auto-naming is currently not supported for this resource.

func GetWorkloadIdentityPool 

func GetWorkloadIdentityPool(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WorkloadIdentityPoolState, opts ...pulumi.ResourceOption) (*WorkloadIdentityPool, error)

GetWorkloadIdentityPool gets an existing WorkloadIdentityPool resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWorkloadIdentityPool 

func NewWorkloadIdentityPool(ctx *pulumi.Context,
	name string, args *WorkloadIdentityPoolArgs, opts ...pulumi.ResourceOption) (*WorkloadIdentityPool, error)

NewWorkloadIdentityPool registers a new resource with the given unique name, arguments, and options.

func (*WorkloadIdentityPool) ElementType 

func (*WorkloadIdentityPool) ElementType() reflect.Type

func (*WorkloadIdentityPool) ToWorkloadIdentityPoolOutput 

func (i *WorkloadIdentityPool) ToWorkloadIdentityPoolOutput() WorkloadIdentityPoolOutput

func (*WorkloadIdentityPool) ToWorkloadIdentityPoolOutputWithContext 

func (i *WorkloadIdentityPool) ToWorkloadIdentityPoolOutputWithContext(ctx context.Context) WorkloadIdentityPoolOutput

type WorkloadIdentityPoolArgs 

type WorkloadIdentityPoolArgs struct {
	// A description of the pool. Cannot exceed 256 characters.
	Description pulumi.StringPtrInput
	// Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
	Disabled pulumi.BoolPtrInput
	// A display name for the pool. Cannot exceed 32 characters.
	DisplayName pulumi.StringPtrInput
	Location    pulumi.StringPtrInput
	Project     pulumi.StringPtrInput
	// Required. The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolId pulumi.StringInput
}

The set of arguments for constructing a WorkloadIdentityPool resource.

func (WorkloadIdentityPoolArgs) ElementType 

func (WorkloadIdentityPoolArgs) ElementType() reflect.Type

type WorkloadIdentityPoolInput 

type WorkloadIdentityPoolInput interface {
	pulumi.Input

	ToWorkloadIdentityPoolOutput() WorkloadIdentityPoolOutput
	ToWorkloadIdentityPoolOutputWithContext(ctx context.Context) WorkloadIdentityPoolOutput
}

type WorkloadIdentityPoolOutput 

type WorkloadIdentityPoolOutput struct{ *pulumi.OutputState }

func (WorkloadIdentityPoolOutput) Description added in v0.19.0 

func (o WorkloadIdentityPoolOutput) Description() pulumi.StringOutput

A description of the pool. Cannot exceed 256 characters.

func (WorkloadIdentityPoolOutput) Disabled added in v0.19.0 

func (o WorkloadIdentityPoolOutput) Disabled() pulumi.BoolOutput

Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.

func (WorkloadIdentityPoolOutput) DisplayName added in v0.19.0 

func (o WorkloadIdentityPoolOutput) DisplayName() pulumi.StringOutput

A display name for the pool. Cannot exceed 32 characters.

func (WorkloadIdentityPoolOutput) ElementType 

func (WorkloadIdentityPoolOutput) ElementType() reflect.Type

func (WorkloadIdentityPoolOutput) Location added in v0.21.0 

func (o WorkloadIdentityPoolOutput) Location() pulumi.StringOutput

func (WorkloadIdentityPoolOutput) Name added in v0.19.0 

func (o WorkloadIdentityPoolOutput) Name() pulumi.StringOutput

The resource name of the pool.

func (WorkloadIdentityPoolOutput) Project added in v0.21.0 

func (o WorkloadIdentityPoolOutput) Project() pulumi.StringOutput

func (WorkloadIdentityPoolOutput) State added in v0.19.0 

func (o WorkloadIdentityPoolOutput) State() pulumi.StringOutput

The state of the pool.

func (WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutput 

func (o WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutput() WorkloadIdentityPoolOutput

func (WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutputWithContext 

func (o WorkloadIdentityPoolOutput) ToWorkloadIdentityPoolOutputWithContext(ctx context.Context) WorkloadIdentityPoolOutput

func (WorkloadIdentityPoolOutput) WorkloadIdentityPoolId added in v0.21.0 

func (o WorkloadIdentityPoolOutput) WorkloadIdentityPoolId() pulumi.StringOutput

Required. The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.

type WorkloadIdentityPoolState 

type WorkloadIdentityPoolState struct {
}

func (WorkloadIdentityPoolState) ElementType 

func (WorkloadIdentityPoolState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.