iap

package
v4.21.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 13, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AppEngineServiceIamBinding 

type AppEngineServiceIamBinding struct {
	pulumi.CustomResourceState

	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringOutput `pulumi:"appId"`
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition AppEngineServiceIamBindingConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag    pulumi.StringOutput      `pulumi:"etag"`
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
	// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
	Service pulumi.StringOutput `pulumi:"service"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:

* `iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached. * `iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved. * `iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.

> **Note:** `iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `iap.AppEngineServiceIamBinding` and `iap.AppEngineServiceIamMember` or they will fight over what your policy should be.

> **Note:** `iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_app\_engine\_service\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{
			Project:    pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			AppId:      pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Service:    pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{
			Project:    pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			AppId:      pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Service:    pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_app\_engine\_service\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{
			AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{
			AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Condition: &iap.AppEngineServiceIamBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_app\_engine\_service\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{
			AppId:   pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Member:  pulumi.String("user:jane@example.com"),
			Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{
			AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Condition: &iap.AppEngineServiceIamMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Member:  pulumi.String("user:jane@example.com"),
			Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} * {{project}}/{{appId}}/{{service}} * {{appId}}/{{service}} * {{service}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetAppEngineServiceIamBinding 

func GetAppEngineServiceIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AppEngineServiceIamBindingState, opts ...pulumi.ResourceOption) (*AppEngineServiceIamBinding, error)

GetAppEngineServiceIamBinding gets an existing AppEngineServiceIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAppEngineServiceIamBinding 

func NewAppEngineServiceIamBinding(ctx *pulumi.Context,
	name string, args *AppEngineServiceIamBindingArgs, opts ...pulumi.ResourceOption) (*AppEngineServiceIamBinding, error)

NewAppEngineServiceIamBinding registers a new resource with the given unique name, arguments, and options.

func (*AppEngineServiceIamBinding) ElementType added in v4.4.0 

func (*AppEngineServiceIamBinding) ElementType() reflect.Type

func (*AppEngineServiceIamBinding) ToAppEngineServiceIamBindingOutput added in v4.4.0 

func (i *AppEngineServiceIamBinding) ToAppEngineServiceIamBindingOutput() AppEngineServiceIamBindingOutput

func (*AppEngineServiceIamBinding) ToAppEngineServiceIamBindingOutputWithContext added in v4.4.0 

func (i *AppEngineServiceIamBinding) ToAppEngineServiceIamBindingOutputWithContext(ctx context.Context) AppEngineServiceIamBindingOutput

func (*AppEngineServiceIamBinding) ToAppEngineServiceIamBindingPtrOutput added in v4.11.1 

func (i *AppEngineServiceIamBinding) ToAppEngineServiceIamBindingPtrOutput() AppEngineServiceIamBindingPtrOutput

func (*AppEngineServiceIamBinding) ToAppEngineServiceIamBindingPtrOutputWithContext added in v4.11.1 

func (i *AppEngineServiceIamBinding) ToAppEngineServiceIamBindingPtrOutputWithContext(ctx context.Context) AppEngineServiceIamBindingPtrOutput

type AppEngineServiceIamBindingArgs 

type AppEngineServiceIamBindingArgs struct {
	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringInput
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition AppEngineServiceIamBindingConditionPtrInput
	Members   pulumi.StringArrayInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
	// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
	Service pulumi.StringInput
}

The set of arguments for constructing a AppEngineServiceIamBinding resource.

func (AppEngineServiceIamBindingArgs) ElementType 

func (AppEngineServiceIamBindingArgs) ElementType() reflect.Type

type AppEngineServiceIamBindingArray added in v4.11.1 

type AppEngineServiceIamBindingArray []AppEngineServiceIamBindingInput

func (AppEngineServiceIamBindingArray) ElementType added in v4.11.1 

func (AppEngineServiceIamBindingArray) ElementType() reflect.Type

func (AppEngineServiceIamBindingArray) ToAppEngineServiceIamBindingArrayOutput added in v4.11.1 

func (i AppEngineServiceIamBindingArray) ToAppEngineServiceIamBindingArrayOutput() AppEngineServiceIamBindingArrayOutput

func (AppEngineServiceIamBindingArray) ToAppEngineServiceIamBindingArrayOutputWithContext added in v4.11.1 

func (i AppEngineServiceIamBindingArray) ToAppEngineServiceIamBindingArrayOutputWithContext(ctx context.Context) AppEngineServiceIamBindingArrayOutput

type AppEngineServiceIamBindingArrayInput added in v4.11.1 

type AppEngineServiceIamBindingArrayInput interface {
	pulumi.Input

	ToAppEngineServiceIamBindingArrayOutput() AppEngineServiceIamBindingArrayOutput
	ToAppEngineServiceIamBindingArrayOutputWithContext(context.Context) AppEngineServiceIamBindingArrayOutput
}

AppEngineServiceIamBindingArrayInput is an input type that accepts AppEngineServiceIamBindingArray and AppEngineServiceIamBindingArrayOutput values. You can construct a concrete instance of `AppEngineServiceIamBindingArrayInput` via: 

AppEngineServiceIamBindingArray{ AppEngineServiceIamBindingArgs{...} }

type AppEngineServiceIamBindingArrayOutput added in v4.11.1 

type AppEngineServiceIamBindingArrayOutput struct{ *pulumi.OutputState }

func (AppEngineServiceIamBindingArrayOutput) ElementType added in v4.11.1 

func (AppEngineServiceIamBindingArrayOutput) ElementType() reflect.Type

func (AppEngineServiceIamBindingArrayOutput) Index added in v4.11.1 

func (o AppEngineServiceIamBindingArrayOutput) Index(i pulumi.IntInput) AppEngineServiceIamBindingOutput

func (AppEngineServiceIamBindingArrayOutput) ToAppEngineServiceIamBindingArrayOutput added in v4.11.1 

func (o AppEngineServiceIamBindingArrayOutput) ToAppEngineServiceIamBindingArrayOutput() AppEngineServiceIamBindingArrayOutput

func (AppEngineServiceIamBindingArrayOutput) ToAppEngineServiceIamBindingArrayOutputWithContext added in v4.11.1 

func (o AppEngineServiceIamBindingArrayOutput) ToAppEngineServiceIamBindingArrayOutputWithContext(ctx context.Context) AppEngineServiceIamBindingArrayOutput

type AppEngineServiceIamBindingCondition 

type AppEngineServiceIamBindingCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type AppEngineServiceIamBindingConditionArgs 

type AppEngineServiceIamBindingConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (AppEngineServiceIamBindingConditionArgs) ElementType 

func (AppEngineServiceIamBindingConditionArgs) ElementType() reflect.Type

func (AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionOutput 

func (i AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionOutput() AppEngineServiceIamBindingConditionOutput

func (AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionOutputWithContext 

func (i AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionOutput

func (AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionPtrOutput 

func (i AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionPtrOutput() AppEngineServiceIamBindingConditionPtrOutput

func (AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionPtrOutputWithContext 

func (i AppEngineServiceIamBindingConditionArgs) ToAppEngineServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionPtrOutput

type AppEngineServiceIamBindingConditionInput 

type AppEngineServiceIamBindingConditionInput interface {
	pulumi.Input

	ToAppEngineServiceIamBindingConditionOutput() AppEngineServiceIamBindingConditionOutput
	ToAppEngineServiceIamBindingConditionOutputWithContext(context.Context) AppEngineServiceIamBindingConditionOutput
}

AppEngineServiceIamBindingConditionInput is an input type that accepts AppEngineServiceIamBindingConditionArgs and AppEngineServiceIamBindingConditionOutput values. You can construct a concrete instance of `AppEngineServiceIamBindingConditionInput` via: 

AppEngineServiceIamBindingConditionArgs{...}

type AppEngineServiceIamBindingConditionOutput 

type AppEngineServiceIamBindingConditionOutput struct{ *pulumi.OutputState }

func (AppEngineServiceIamBindingConditionOutput) Description 

func (o AppEngineServiceIamBindingConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (AppEngineServiceIamBindingConditionOutput) ElementType 

func (AppEngineServiceIamBindingConditionOutput) ElementType() reflect.Type

func (AppEngineServiceIamBindingConditionOutput) Expression 

func (o AppEngineServiceIamBindingConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (AppEngineServiceIamBindingConditionOutput) Title 

func (o AppEngineServiceIamBindingConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionOutput 

func (o AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionOutput() AppEngineServiceIamBindingConditionOutput

func (AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionOutputWithContext 

func (o AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionOutput

func (AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionPtrOutput 

func (o AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionPtrOutput() AppEngineServiceIamBindingConditionPtrOutput

func (AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionPtrOutputWithContext 

func (o AppEngineServiceIamBindingConditionOutput) ToAppEngineServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionPtrOutput

type AppEngineServiceIamBindingConditionPtrInput 

type AppEngineServiceIamBindingConditionPtrInput interface {
	pulumi.Input

	ToAppEngineServiceIamBindingConditionPtrOutput() AppEngineServiceIamBindingConditionPtrOutput
	ToAppEngineServiceIamBindingConditionPtrOutputWithContext(context.Context) AppEngineServiceIamBindingConditionPtrOutput
}

AppEngineServiceIamBindingConditionPtrInput is an input type that accepts AppEngineServiceIamBindingConditionArgs, AppEngineServiceIamBindingConditionPtr and AppEngineServiceIamBindingConditionPtrOutput values. You can construct a concrete instance of `AppEngineServiceIamBindingConditionPtrInput` via: 

        AppEngineServiceIamBindingConditionArgs{...}

or:

        nil

func AppEngineServiceIamBindingConditionPtr 

func AppEngineServiceIamBindingConditionPtr(v *AppEngineServiceIamBindingConditionArgs) AppEngineServiceIamBindingConditionPtrInput

type AppEngineServiceIamBindingConditionPtrOutput 

type AppEngineServiceIamBindingConditionPtrOutput struct{ *pulumi.OutputState }

func (AppEngineServiceIamBindingConditionPtrOutput) Description 

func (o AppEngineServiceIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (AppEngineServiceIamBindingConditionPtrOutput) Elem 

func (o AppEngineServiceIamBindingConditionPtrOutput) Elem() AppEngineServiceIamBindingConditionOutput

func (AppEngineServiceIamBindingConditionPtrOutput) ElementType 

func (AppEngineServiceIamBindingConditionPtrOutput) ElementType() reflect.Type

func (AppEngineServiceIamBindingConditionPtrOutput) Expression 

func (o AppEngineServiceIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (AppEngineServiceIamBindingConditionPtrOutput) Title 

func (o AppEngineServiceIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (AppEngineServiceIamBindingConditionPtrOutput) ToAppEngineServiceIamBindingConditionPtrOutput 

func (o AppEngineServiceIamBindingConditionPtrOutput) ToAppEngineServiceIamBindingConditionPtrOutput() AppEngineServiceIamBindingConditionPtrOutput

func (AppEngineServiceIamBindingConditionPtrOutput) ToAppEngineServiceIamBindingConditionPtrOutputWithContext 

func (o AppEngineServiceIamBindingConditionPtrOutput) ToAppEngineServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamBindingConditionPtrOutput

type AppEngineServiceIamBindingInput added in v4.4.0 

type AppEngineServiceIamBindingInput interface {
	pulumi.Input

	ToAppEngineServiceIamBindingOutput() AppEngineServiceIamBindingOutput
	ToAppEngineServiceIamBindingOutputWithContext(ctx context.Context) AppEngineServiceIamBindingOutput
}

type AppEngineServiceIamBindingMap added in v4.11.1 

type AppEngineServiceIamBindingMap map[string]AppEngineServiceIamBindingInput

func (AppEngineServiceIamBindingMap) ElementType added in v4.11.1 

func (AppEngineServiceIamBindingMap) ElementType() reflect.Type

func (AppEngineServiceIamBindingMap) ToAppEngineServiceIamBindingMapOutput added in v4.11.1 

func (i AppEngineServiceIamBindingMap) ToAppEngineServiceIamBindingMapOutput() AppEngineServiceIamBindingMapOutput

func (AppEngineServiceIamBindingMap) ToAppEngineServiceIamBindingMapOutputWithContext added in v4.11.1 

func (i AppEngineServiceIamBindingMap) ToAppEngineServiceIamBindingMapOutputWithContext(ctx context.Context) AppEngineServiceIamBindingMapOutput

type AppEngineServiceIamBindingMapInput added in v4.11.1 

type AppEngineServiceIamBindingMapInput interface {
	pulumi.Input

	ToAppEngineServiceIamBindingMapOutput() AppEngineServiceIamBindingMapOutput
	ToAppEngineServiceIamBindingMapOutputWithContext(context.Context) AppEngineServiceIamBindingMapOutput
}

AppEngineServiceIamBindingMapInput is an input type that accepts AppEngineServiceIamBindingMap and AppEngineServiceIamBindingMapOutput values. You can construct a concrete instance of `AppEngineServiceIamBindingMapInput` via: 

AppEngineServiceIamBindingMap{ "key": AppEngineServiceIamBindingArgs{...} }

type AppEngineServiceIamBindingMapOutput added in v4.11.1 

type AppEngineServiceIamBindingMapOutput struct{ *pulumi.OutputState }

func (AppEngineServiceIamBindingMapOutput) ElementType added in v4.11.1 

func (AppEngineServiceIamBindingMapOutput) ElementType() reflect.Type

func (AppEngineServiceIamBindingMapOutput) MapIndex added in v4.11.1 

func (o AppEngineServiceIamBindingMapOutput) MapIndex(k pulumi.StringInput) AppEngineServiceIamBindingOutput

func (AppEngineServiceIamBindingMapOutput) ToAppEngineServiceIamBindingMapOutput added in v4.11.1 

func (o AppEngineServiceIamBindingMapOutput) ToAppEngineServiceIamBindingMapOutput() AppEngineServiceIamBindingMapOutput

func (AppEngineServiceIamBindingMapOutput) ToAppEngineServiceIamBindingMapOutputWithContext added in v4.11.1 

func (o AppEngineServiceIamBindingMapOutput) ToAppEngineServiceIamBindingMapOutputWithContext(ctx context.Context) AppEngineServiceIamBindingMapOutput

type AppEngineServiceIamBindingOutput added in v4.4.0 

type AppEngineServiceIamBindingOutput struct {
	*pulumi.OutputState
}

func (AppEngineServiceIamBindingOutput) ElementType added in v4.4.0 

func (AppEngineServiceIamBindingOutput) ElementType() reflect.Type

func (AppEngineServiceIamBindingOutput) ToAppEngineServiceIamBindingOutput added in v4.4.0 

func (o AppEngineServiceIamBindingOutput) ToAppEngineServiceIamBindingOutput() AppEngineServiceIamBindingOutput

func (AppEngineServiceIamBindingOutput) ToAppEngineServiceIamBindingOutputWithContext added in v4.4.0 

func (o AppEngineServiceIamBindingOutput) ToAppEngineServiceIamBindingOutputWithContext(ctx context.Context) AppEngineServiceIamBindingOutput

func (AppEngineServiceIamBindingOutput) ToAppEngineServiceIamBindingPtrOutput added in v4.11.1 

func (o AppEngineServiceIamBindingOutput) ToAppEngineServiceIamBindingPtrOutput() AppEngineServiceIamBindingPtrOutput

func (AppEngineServiceIamBindingOutput) ToAppEngineServiceIamBindingPtrOutputWithContext added in v4.11.1 

func (o AppEngineServiceIamBindingOutput) ToAppEngineServiceIamBindingPtrOutputWithContext(ctx context.Context) AppEngineServiceIamBindingPtrOutput

type AppEngineServiceIamBindingPtrInput added in v4.11.1 

type AppEngineServiceIamBindingPtrInput interface {
	pulumi.Input

	ToAppEngineServiceIamBindingPtrOutput() AppEngineServiceIamBindingPtrOutput
	ToAppEngineServiceIamBindingPtrOutputWithContext(ctx context.Context) AppEngineServiceIamBindingPtrOutput
}

type AppEngineServiceIamBindingPtrOutput added in v4.11.1 

type AppEngineServiceIamBindingPtrOutput struct {
	*pulumi.OutputState
}

func (AppEngineServiceIamBindingPtrOutput) ElementType added in v4.11.1 

func (AppEngineServiceIamBindingPtrOutput) ElementType() reflect.Type

func (AppEngineServiceIamBindingPtrOutput) ToAppEngineServiceIamBindingPtrOutput added in v4.11.1 

func (o AppEngineServiceIamBindingPtrOutput) ToAppEngineServiceIamBindingPtrOutput() AppEngineServiceIamBindingPtrOutput

func (AppEngineServiceIamBindingPtrOutput) ToAppEngineServiceIamBindingPtrOutputWithContext added in v4.11.1 

func (o AppEngineServiceIamBindingPtrOutput) ToAppEngineServiceIamBindingPtrOutputWithContext(ctx context.Context) AppEngineServiceIamBindingPtrOutput

type AppEngineServiceIamBindingState 

type AppEngineServiceIamBindingState struct {
	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringPtrInput
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition AppEngineServiceIamBindingConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag    pulumi.StringPtrInput
	Members pulumi.StringArrayInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
	// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
	Service pulumi.StringPtrInput
}

func (AppEngineServiceIamBindingState) ElementType 

func (AppEngineServiceIamBindingState) ElementType() reflect.Type

type AppEngineServiceIamMember 

type AppEngineServiceIamMember struct {
	pulumi.CustomResourceState

	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringOutput `pulumi:"appId"`
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition AppEngineServiceIamMemberConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag   pulumi.StringOutput `pulumi:"etag"`
	Member pulumi.StringOutput `pulumi:"member"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
	// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
	Service pulumi.StringOutput `pulumi:"service"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:

* `iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached. * `iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved. * `iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.

> **Note:** `iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `iap.AppEngineServiceIamBinding` and `iap.AppEngineServiceIamMember` or they will fight over what your policy should be.

> **Note:** `iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_app\_engine\_service\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{
			Project:    pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			AppId:      pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Service:    pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{
			Project:    pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			AppId:      pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Service:    pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_app\_engine\_service\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{
			AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{
			AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Condition: &iap.AppEngineServiceIamBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_app\_engine\_service\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{
			AppId:   pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Member:  pulumi.String("user:jane@example.com"),
			Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{
			AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Condition: &iap.AppEngineServiceIamMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Member:  pulumi.String("user:jane@example.com"),
			Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} * {{project}}/{{appId}}/{{service}} * {{appId}}/{{service}} * {{service}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetAppEngineServiceIamMember 

func GetAppEngineServiceIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AppEngineServiceIamMemberState, opts ...pulumi.ResourceOption) (*AppEngineServiceIamMember, error)

GetAppEngineServiceIamMember gets an existing AppEngineServiceIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAppEngineServiceIamMember 

func NewAppEngineServiceIamMember(ctx *pulumi.Context,
	name string, args *AppEngineServiceIamMemberArgs, opts ...pulumi.ResourceOption) (*AppEngineServiceIamMember, error)

NewAppEngineServiceIamMember registers a new resource with the given unique name, arguments, and options.

func (*AppEngineServiceIamMember) ElementType added in v4.4.0 

func (*AppEngineServiceIamMember) ElementType() reflect.Type

func (*AppEngineServiceIamMember) ToAppEngineServiceIamMemberOutput added in v4.4.0 

func (i *AppEngineServiceIamMember) ToAppEngineServiceIamMemberOutput() AppEngineServiceIamMemberOutput

func (*AppEngineServiceIamMember) ToAppEngineServiceIamMemberOutputWithContext added in v4.4.0 

func (i *AppEngineServiceIamMember) ToAppEngineServiceIamMemberOutputWithContext(ctx context.Context) AppEngineServiceIamMemberOutput

func (*AppEngineServiceIamMember) ToAppEngineServiceIamMemberPtrOutput added in v4.11.1 

func (i *AppEngineServiceIamMember) ToAppEngineServiceIamMemberPtrOutput() AppEngineServiceIamMemberPtrOutput

func (*AppEngineServiceIamMember) ToAppEngineServiceIamMemberPtrOutputWithContext added in v4.11.1 

func (i *AppEngineServiceIamMember) ToAppEngineServiceIamMemberPtrOutputWithContext(ctx context.Context) AppEngineServiceIamMemberPtrOutput

type AppEngineServiceIamMemberArgs 

type AppEngineServiceIamMemberArgs struct {
	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringInput
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition AppEngineServiceIamMemberConditionPtrInput
	Member    pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
	// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
	Service pulumi.StringInput
}

The set of arguments for constructing a AppEngineServiceIamMember resource.

func (AppEngineServiceIamMemberArgs) ElementType 

func (AppEngineServiceIamMemberArgs) ElementType() reflect.Type

type AppEngineServiceIamMemberArray added in v4.11.1 

type AppEngineServiceIamMemberArray []AppEngineServiceIamMemberInput

func (AppEngineServiceIamMemberArray) ElementType added in v4.11.1 

func (AppEngineServiceIamMemberArray) ElementType() reflect.Type

func (AppEngineServiceIamMemberArray) ToAppEngineServiceIamMemberArrayOutput added in v4.11.1 

func (i AppEngineServiceIamMemberArray) ToAppEngineServiceIamMemberArrayOutput() AppEngineServiceIamMemberArrayOutput

func (AppEngineServiceIamMemberArray) ToAppEngineServiceIamMemberArrayOutputWithContext added in v4.11.1 

func (i AppEngineServiceIamMemberArray) ToAppEngineServiceIamMemberArrayOutputWithContext(ctx context.Context) AppEngineServiceIamMemberArrayOutput

type AppEngineServiceIamMemberArrayInput added in v4.11.1 

type AppEngineServiceIamMemberArrayInput interface {
	pulumi.Input

	ToAppEngineServiceIamMemberArrayOutput() AppEngineServiceIamMemberArrayOutput
	ToAppEngineServiceIamMemberArrayOutputWithContext(context.Context) AppEngineServiceIamMemberArrayOutput
}

AppEngineServiceIamMemberArrayInput is an input type that accepts AppEngineServiceIamMemberArray and AppEngineServiceIamMemberArrayOutput values. You can construct a concrete instance of `AppEngineServiceIamMemberArrayInput` via: 

AppEngineServiceIamMemberArray{ AppEngineServiceIamMemberArgs{...} }

type AppEngineServiceIamMemberArrayOutput added in v4.11.1 

type AppEngineServiceIamMemberArrayOutput struct{ *pulumi.OutputState }

func (AppEngineServiceIamMemberArrayOutput) ElementType added in v4.11.1 

func (AppEngineServiceIamMemberArrayOutput) ElementType() reflect.Type

func (AppEngineServiceIamMemberArrayOutput) Index added in v4.11.1 

func (o AppEngineServiceIamMemberArrayOutput) Index(i pulumi.IntInput) AppEngineServiceIamMemberOutput

func (AppEngineServiceIamMemberArrayOutput) ToAppEngineServiceIamMemberArrayOutput added in v4.11.1 

func (o AppEngineServiceIamMemberArrayOutput) ToAppEngineServiceIamMemberArrayOutput() AppEngineServiceIamMemberArrayOutput

func (AppEngineServiceIamMemberArrayOutput) ToAppEngineServiceIamMemberArrayOutputWithContext added in v4.11.1 

func (o AppEngineServiceIamMemberArrayOutput) ToAppEngineServiceIamMemberArrayOutputWithContext(ctx context.Context) AppEngineServiceIamMemberArrayOutput

type AppEngineServiceIamMemberCondition 

type AppEngineServiceIamMemberCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type AppEngineServiceIamMemberConditionArgs 

type AppEngineServiceIamMemberConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (AppEngineServiceIamMemberConditionArgs) ElementType 

func (AppEngineServiceIamMemberConditionArgs) ElementType() reflect.Type

func (AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionOutput 

func (i AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionOutput() AppEngineServiceIamMemberConditionOutput

func (AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionOutputWithContext 

func (i AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionOutput

func (AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionPtrOutput 

func (i AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionPtrOutput() AppEngineServiceIamMemberConditionPtrOutput

func (AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionPtrOutputWithContext 

func (i AppEngineServiceIamMemberConditionArgs) ToAppEngineServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionPtrOutput

type AppEngineServiceIamMemberConditionInput 

type AppEngineServiceIamMemberConditionInput interface {
	pulumi.Input

	ToAppEngineServiceIamMemberConditionOutput() AppEngineServiceIamMemberConditionOutput
	ToAppEngineServiceIamMemberConditionOutputWithContext(context.Context) AppEngineServiceIamMemberConditionOutput
}

AppEngineServiceIamMemberConditionInput is an input type that accepts AppEngineServiceIamMemberConditionArgs and AppEngineServiceIamMemberConditionOutput values. You can construct a concrete instance of `AppEngineServiceIamMemberConditionInput` via: 

AppEngineServiceIamMemberConditionArgs{...}

type AppEngineServiceIamMemberConditionOutput 

type AppEngineServiceIamMemberConditionOutput struct{ *pulumi.OutputState }

func (AppEngineServiceIamMemberConditionOutput) Description 

func (o AppEngineServiceIamMemberConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (AppEngineServiceIamMemberConditionOutput) ElementType 

func (AppEngineServiceIamMemberConditionOutput) ElementType() reflect.Type

func (AppEngineServiceIamMemberConditionOutput) Expression 

func (o AppEngineServiceIamMemberConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (AppEngineServiceIamMemberConditionOutput) Title 

func (o AppEngineServiceIamMemberConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionOutput 

func (o AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionOutput() AppEngineServiceIamMemberConditionOutput

func (AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionOutputWithContext 

func (o AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionOutput

func (AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionPtrOutput 

func (o AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionPtrOutput() AppEngineServiceIamMemberConditionPtrOutput

func (AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionPtrOutputWithContext 

func (o AppEngineServiceIamMemberConditionOutput) ToAppEngineServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionPtrOutput

type AppEngineServiceIamMemberConditionPtrInput 

type AppEngineServiceIamMemberConditionPtrInput interface {
	pulumi.Input

	ToAppEngineServiceIamMemberConditionPtrOutput() AppEngineServiceIamMemberConditionPtrOutput
	ToAppEngineServiceIamMemberConditionPtrOutputWithContext(context.Context) AppEngineServiceIamMemberConditionPtrOutput
}

AppEngineServiceIamMemberConditionPtrInput is an input type that accepts AppEngineServiceIamMemberConditionArgs, AppEngineServiceIamMemberConditionPtr and AppEngineServiceIamMemberConditionPtrOutput values. You can construct a concrete instance of `AppEngineServiceIamMemberConditionPtrInput` via: 

        AppEngineServiceIamMemberConditionArgs{...}

or:

        nil

func AppEngineServiceIamMemberConditionPtr 

func AppEngineServiceIamMemberConditionPtr(v *AppEngineServiceIamMemberConditionArgs) AppEngineServiceIamMemberConditionPtrInput

type AppEngineServiceIamMemberConditionPtrOutput 

type AppEngineServiceIamMemberConditionPtrOutput struct{ *pulumi.OutputState }

func (AppEngineServiceIamMemberConditionPtrOutput) Description 

func (o AppEngineServiceIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (AppEngineServiceIamMemberConditionPtrOutput) Elem 

func (o AppEngineServiceIamMemberConditionPtrOutput) Elem() AppEngineServiceIamMemberConditionOutput

func (AppEngineServiceIamMemberConditionPtrOutput) ElementType 

func (AppEngineServiceIamMemberConditionPtrOutput) ElementType() reflect.Type

func (AppEngineServiceIamMemberConditionPtrOutput) Expression 

func (o AppEngineServiceIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (AppEngineServiceIamMemberConditionPtrOutput) Title 

func (o AppEngineServiceIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (AppEngineServiceIamMemberConditionPtrOutput) ToAppEngineServiceIamMemberConditionPtrOutput 

func (o AppEngineServiceIamMemberConditionPtrOutput) ToAppEngineServiceIamMemberConditionPtrOutput() AppEngineServiceIamMemberConditionPtrOutput

func (AppEngineServiceIamMemberConditionPtrOutput) ToAppEngineServiceIamMemberConditionPtrOutputWithContext 

func (o AppEngineServiceIamMemberConditionPtrOutput) ToAppEngineServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineServiceIamMemberConditionPtrOutput

type AppEngineServiceIamMemberInput added in v4.4.0 

type AppEngineServiceIamMemberInput interface {
	pulumi.Input

	ToAppEngineServiceIamMemberOutput() AppEngineServiceIamMemberOutput
	ToAppEngineServiceIamMemberOutputWithContext(ctx context.Context) AppEngineServiceIamMemberOutput
}

type AppEngineServiceIamMemberMap added in v4.11.1 

type AppEngineServiceIamMemberMap map[string]AppEngineServiceIamMemberInput

func (AppEngineServiceIamMemberMap) ElementType added in v4.11.1 

func (AppEngineServiceIamMemberMap) ElementType() reflect.Type

func (AppEngineServiceIamMemberMap) ToAppEngineServiceIamMemberMapOutput added in v4.11.1 

func (i AppEngineServiceIamMemberMap) ToAppEngineServiceIamMemberMapOutput() AppEngineServiceIamMemberMapOutput

func (AppEngineServiceIamMemberMap) ToAppEngineServiceIamMemberMapOutputWithContext added in v4.11.1 

func (i AppEngineServiceIamMemberMap) ToAppEngineServiceIamMemberMapOutputWithContext(ctx context.Context) AppEngineServiceIamMemberMapOutput

type AppEngineServiceIamMemberMapInput added in v4.11.1 

type AppEngineServiceIamMemberMapInput interface {
	pulumi.Input

	ToAppEngineServiceIamMemberMapOutput() AppEngineServiceIamMemberMapOutput
	ToAppEngineServiceIamMemberMapOutputWithContext(context.Context) AppEngineServiceIamMemberMapOutput
}

AppEngineServiceIamMemberMapInput is an input type that accepts AppEngineServiceIamMemberMap and AppEngineServiceIamMemberMapOutput values. You can construct a concrete instance of `AppEngineServiceIamMemberMapInput` via: 

AppEngineServiceIamMemberMap{ "key": AppEngineServiceIamMemberArgs{...} }

type AppEngineServiceIamMemberMapOutput added in v4.11.1 

type AppEngineServiceIamMemberMapOutput struct{ *pulumi.OutputState }

func (AppEngineServiceIamMemberMapOutput) ElementType added in v4.11.1 

func (AppEngineServiceIamMemberMapOutput) ElementType() reflect.Type

func (AppEngineServiceIamMemberMapOutput) MapIndex added in v4.11.1 

func (o AppEngineServiceIamMemberMapOutput) MapIndex(k pulumi.StringInput) AppEngineServiceIamMemberOutput

func (AppEngineServiceIamMemberMapOutput) ToAppEngineServiceIamMemberMapOutput added in v4.11.1 

func (o AppEngineServiceIamMemberMapOutput) ToAppEngineServiceIamMemberMapOutput() AppEngineServiceIamMemberMapOutput

func (AppEngineServiceIamMemberMapOutput) ToAppEngineServiceIamMemberMapOutputWithContext added in v4.11.1 

func (o AppEngineServiceIamMemberMapOutput) ToAppEngineServiceIamMemberMapOutputWithContext(ctx context.Context) AppEngineServiceIamMemberMapOutput

type AppEngineServiceIamMemberOutput added in v4.4.0 

type AppEngineServiceIamMemberOutput struct {
	*pulumi.OutputState
}

func (AppEngineServiceIamMemberOutput) ElementType added in v4.4.0 

func (AppEngineServiceIamMemberOutput) ElementType() reflect.Type

func (AppEngineServiceIamMemberOutput) ToAppEngineServiceIamMemberOutput added in v4.4.0 

func (o AppEngineServiceIamMemberOutput) ToAppEngineServiceIamMemberOutput() AppEngineServiceIamMemberOutput

func (AppEngineServiceIamMemberOutput) ToAppEngineServiceIamMemberOutputWithContext added in v4.4.0 

func (o AppEngineServiceIamMemberOutput) ToAppEngineServiceIamMemberOutputWithContext(ctx context.Context) AppEngineServiceIamMemberOutput

func (AppEngineServiceIamMemberOutput) ToAppEngineServiceIamMemberPtrOutput added in v4.11.1 

func (o AppEngineServiceIamMemberOutput) ToAppEngineServiceIamMemberPtrOutput() AppEngineServiceIamMemberPtrOutput

func (AppEngineServiceIamMemberOutput) ToAppEngineServiceIamMemberPtrOutputWithContext added in v4.11.1 

func (o AppEngineServiceIamMemberOutput) ToAppEngineServiceIamMemberPtrOutputWithContext(ctx context.Context) AppEngineServiceIamMemberPtrOutput

type AppEngineServiceIamMemberPtrInput added in v4.11.1 

type AppEngineServiceIamMemberPtrInput interface {
	pulumi.Input

	ToAppEngineServiceIamMemberPtrOutput() AppEngineServiceIamMemberPtrOutput
	ToAppEngineServiceIamMemberPtrOutputWithContext(ctx context.Context) AppEngineServiceIamMemberPtrOutput
}

type AppEngineServiceIamMemberPtrOutput added in v4.11.1 

type AppEngineServiceIamMemberPtrOutput struct {
	*pulumi.OutputState
}

func (AppEngineServiceIamMemberPtrOutput) ElementType added in v4.11.1 

func (AppEngineServiceIamMemberPtrOutput) ElementType() reflect.Type

func (AppEngineServiceIamMemberPtrOutput) ToAppEngineServiceIamMemberPtrOutput added in v4.11.1 

func (o AppEngineServiceIamMemberPtrOutput) ToAppEngineServiceIamMemberPtrOutput() AppEngineServiceIamMemberPtrOutput

func (AppEngineServiceIamMemberPtrOutput) ToAppEngineServiceIamMemberPtrOutputWithContext added in v4.11.1 

func (o AppEngineServiceIamMemberPtrOutput) ToAppEngineServiceIamMemberPtrOutputWithContext(ctx context.Context) AppEngineServiceIamMemberPtrOutput

type AppEngineServiceIamMemberState 

type AppEngineServiceIamMemberState struct {
	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringPtrInput
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition AppEngineServiceIamMemberConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag   pulumi.StringPtrInput
	Member pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
	// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
	Service pulumi.StringPtrInput
}

func (AppEngineServiceIamMemberState) ElementType 

func (AppEngineServiceIamMemberState) ElementType() reflect.Type

type AppEngineServiceIamPolicy 

type AppEngineServiceIamPolicy struct {
	pulumi.CustomResourceState

	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringOutput `pulumi:"appId"`
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringOutput `pulumi:"policyData"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
	Service pulumi.StringOutput `pulumi:"service"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:

* `iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached. * `iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved. * `iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.

> **Note:** `iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `iap.AppEngineServiceIamBinding` and `iap.AppEngineServiceIamMember` or they will fight over what your policy should be.

> **Note:** `iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_app\_engine\_service\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{
			Project:    pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			AppId:      pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Service:    pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{
			Project:    pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			AppId:      pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Service:    pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_app\_engine\_service\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{
			AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{
			AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Condition: &iap.AppEngineServiceIamBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_app\_engine\_service\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{
			AppId:   pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Member:  pulumi.String("user:jane@example.com"),
			Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{
			AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Condition: &iap.AppEngineServiceIamMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Member:  pulumi.String("user:jane@example.com"),
			Project: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Service: pulumi.Any(google_app_engine_standard_app_version.Version.Service),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} * {{project}}/{{appId}}/{{service}} * {{appId}}/{{service}} * {{service}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetAppEngineServiceIamPolicy 

func GetAppEngineServiceIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AppEngineServiceIamPolicyState, opts ...pulumi.ResourceOption) (*AppEngineServiceIamPolicy, error)

GetAppEngineServiceIamPolicy gets an existing AppEngineServiceIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAppEngineServiceIamPolicy 

func NewAppEngineServiceIamPolicy(ctx *pulumi.Context,
	name string, args *AppEngineServiceIamPolicyArgs, opts ...pulumi.ResourceOption) (*AppEngineServiceIamPolicy, error)

NewAppEngineServiceIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*AppEngineServiceIamPolicy) ElementType added in v4.4.0 

func (*AppEngineServiceIamPolicy) ElementType() reflect.Type

func (*AppEngineServiceIamPolicy) ToAppEngineServiceIamPolicyOutput added in v4.4.0 

func (i *AppEngineServiceIamPolicy) ToAppEngineServiceIamPolicyOutput() AppEngineServiceIamPolicyOutput

func (*AppEngineServiceIamPolicy) ToAppEngineServiceIamPolicyOutputWithContext added in v4.4.0 

func (i *AppEngineServiceIamPolicy) ToAppEngineServiceIamPolicyOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyOutput

func (*AppEngineServiceIamPolicy) ToAppEngineServiceIamPolicyPtrOutput added in v4.11.1 

func (i *AppEngineServiceIamPolicy) ToAppEngineServiceIamPolicyPtrOutput() AppEngineServiceIamPolicyPtrOutput

func (*AppEngineServiceIamPolicy) ToAppEngineServiceIamPolicyPtrOutputWithContext added in v4.11.1 

func (i *AppEngineServiceIamPolicy) ToAppEngineServiceIamPolicyPtrOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyPtrOutput

type AppEngineServiceIamPolicyArgs 

type AppEngineServiceIamPolicyArgs struct {
	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
	Service pulumi.StringInput
}

The set of arguments for constructing a AppEngineServiceIamPolicy resource.

func (AppEngineServiceIamPolicyArgs) ElementType 

func (AppEngineServiceIamPolicyArgs) ElementType() reflect.Type

type AppEngineServiceIamPolicyArray added in v4.11.1 

type AppEngineServiceIamPolicyArray []AppEngineServiceIamPolicyInput

func (AppEngineServiceIamPolicyArray) ElementType added in v4.11.1 

func (AppEngineServiceIamPolicyArray) ElementType() reflect.Type

func (AppEngineServiceIamPolicyArray) ToAppEngineServiceIamPolicyArrayOutput added in v4.11.1 

func (i AppEngineServiceIamPolicyArray) ToAppEngineServiceIamPolicyArrayOutput() AppEngineServiceIamPolicyArrayOutput

func (AppEngineServiceIamPolicyArray) ToAppEngineServiceIamPolicyArrayOutputWithContext added in v4.11.1 

func (i AppEngineServiceIamPolicyArray) ToAppEngineServiceIamPolicyArrayOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyArrayOutput

type AppEngineServiceIamPolicyArrayInput added in v4.11.1 

type AppEngineServiceIamPolicyArrayInput interface {
	pulumi.Input

	ToAppEngineServiceIamPolicyArrayOutput() AppEngineServiceIamPolicyArrayOutput
	ToAppEngineServiceIamPolicyArrayOutputWithContext(context.Context) AppEngineServiceIamPolicyArrayOutput
}

AppEngineServiceIamPolicyArrayInput is an input type that accepts AppEngineServiceIamPolicyArray and AppEngineServiceIamPolicyArrayOutput values. You can construct a concrete instance of `AppEngineServiceIamPolicyArrayInput` via: 

AppEngineServiceIamPolicyArray{ AppEngineServiceIamPolicyArgs{...} }

type AppEngineServiceIamPolicyArrayOutput added in v4.11.1 

type AppEngineServiceIamPolicyArrayOutput struct{ *pulumi.OutputState }

func (AppEngineServiceIamPolicyArrayOutput) ElementType added in v4.11.1 

func (AppEngineServiceIamPolicyArrayOutput) ElementType() reflect.Type

func (AppEngineServiceIamPolicyArrayOutput) Index added in v4.11.1 

func (o AppEngineServiceIamPolicyArrayOutput) Index(i pulumi.IntInput) AppEngineServiceIamPolicyOutput

func (AppEngineServiceIamPolicyArrayOutput) ToAppEngineServiceIamPolicyArrayOutput added in v4.11.1 

func (o AppEngineServiceIamPolicyArrayOutput) ToAppEngineServiceIamPolicyArrayOutput() AppEngineServiceIamPolicyArrayOutput

func (AppEngineServiceIamPolicyArrayOutput) ToAppEngineServiceIamPolicyArrayOutputWithContext added in v4.11.1 

func (o AppEngineServiceIamPolicyArrayOutput) ToAppEngineServiceIamPolicyArrayOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyArrayOutput

type AppEngineServiceIamPolicyInput added in v4.4.0 

type AppEngineServiceIamPolicyInput interface {
	pulumi.Input

	ToAppEngineServiceIamPolicyOutput() AppEngineServiceIamPolicyOutput
	ToAppEngineServiceIamPolicyOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyOutput
}

type AppEngineServiceIamPolicyMap added in v4.11.1 

type AppEngineServiceIamPolicyMap map[string]AppEngineServiceIamPolicyInput

func (AppEngineServiceIamPolicyMap) ElementType added in v4.11.1 

func (AppEngineServiceIamPolicyMap) ElementType() reflect.Type

func (AppEngineServiceIamPolicyMap) ToAppEngineServiceIamPolicyMapOutput added in v4.11.1 

func (i AppEngineServiceIamPolicyMap) ToAppEngineServiceIamPolicyMapOutput() AppEngineServiceIamPolicyMapOutput

func (AppEngineServiceIamPolicyMap) ToAppEngineServiceIamPolicyMapOutputWithContext added in v4.11.1 

func (i AppEngineServiceIamPolicyMap) ToAppEngineServiceIamPolicyMapOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyMapOutput

type AppEngineServiceIamPolicyMapInput added in v4.11.1 

type AppEngineServiceIamPolicyMapInput interface {
	pulumi.Input

	ToAppEngineServiceIamPolicyMapOutput() AppEngineServiceIamPolicyMapOutput
	ToAppEngineServiceIamPolicyMapOutputWithContext(context.Context) AppEngineServiceIamPolicyMapOutput
}

AppEngineServiceIamPolicyMapInput is an input type that accepts AppEngineServiceIamPolicyMap and AppEngineServiceIamPolicyMapOutput values. You can construct a concrete instance of `AppEngineServiceIamPolicyMapInput` via: 

AppEngineServiceIamPolicyMap{ "key": AppEngineServiceIamPolicyArgs{...} }

type AppEngineServiceIamPolicyMapOutput added in v4.11.1 

type AppEngineServiceIamPolicyMapOutput struct{ *pulumi.OutputState }

func (AppEngineServiceIamPolicyMapOutput) ElementType added in v4.11.1 

func (AppEngineServiceIamPolicyMapOutput) ElementType() reflect.Type

func (AppEngineServiceIamPolicyMapOutput) MapIndex added in v4.11.1 

func (o AppEngineServiceIamPolicyMapOutput) MapIndex(k pulumi.StringInput) AppEngineServiceIamPolicyOutput

func (AppEngineServiceIamPolicyMapOutput) ToAppEngineServiceIamPolicyMapOutput added in v4.11.1 

func (o AppEngineServiceIamPolicyMapOutput) ToAppEngineServiceIamPolicyMapOutput() AppEngineServiceIamPolicyMapOutput

func (AppEngineServiceIamPolicyMapOutput) ToAppEngineServiceIamPolicyMapOutputWithContext added in v4.11.1 

func (o AppEngineServiceIamPolicyMapOutput) ToAppEngineServiceIamPolicyMapOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyMapOutput

type AppEngineServiceIamPolicyOutput added in v4.4.0 

type AppEngineServiceIamPolicyOutput struct {
	*pulumi.OutputState
}

func (AppEngineServiceIamPolicyOutput) ElementType added in v4.4.0 

func (AppEngineServiceIamPolicyOutput) ElementType() reflect.Type

func (AppEngineServiceIamPolicyOutput) ToAppEngineServiceIamPolicyOutput added in v4.4.0 

func (o AppEngineServiceIamPolicyOutput) ToAppEngineServiceIamPolicyOutput() AppEngineServiceIamPolicyOutput

func (AppEngineServiceIamPolicyOutput) ToAppEngineServiceIamPolicyOutputWithContext added in v4.4.0 

func (o AppEngineServiceIamPolicyOutput) ToAppEngineServiceIamPolicyOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyOutput

func (AppEngineServiceIamPolicyOutput) ToAppEngineServiceIamPolicyPtrOutput added in v4.11.1 

func (o AppEngineServiceIamPolicyOutput) ToAppEngineServiceIamPolicyPtrOutput() AppEngineServiceIamPolicyPtrOutput

func (AppEngineServiceIamPolicyOutput) ToAppEngineServiceIamPolicyPtrOutputWithContext added in v4.11.1 

func (o AppEngineServiceIamPolicyOutput) ToAppEngineServiceIamPolicyPtrOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyPtrOutput

type AppEngineServiceIamPolicyPtrInput added in v4.11.1 

type AppEngineServiceIamPolicyPtrInput interface {
	pulumi.Input

	ToAppEngineServiceIamPolicyPtrOutput() AppEngineServiceIamPolicyPtrOutput
	ToAppEngineServiceIamPolicyPtrOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyPtrOutput
}

type AppEngineServiceIamPolicyPtrOutput added in v4.11.1 

type AppEngineServiceIamPolicyPtrOutput struct {
	*pulumi.OutputState
}

func (AppEngineServiceIamPolicyPtrOutput) ElementType added in v4.11.1 

func (AppEngineServiceIamPolicyPtrOutput) ElementType() reflect.Type

func (AppEngineServiceIamPolicyPtrOutput) ToAppEngineServiceIamPolicyPtrOutput added in v4.11.1 

func (o AppEngineServiceIamPolicyPtrOutput) ToAppEngineServiceIamPolicyPtrOutput() AppEngineServiceIamPolicyPtrOutput

func (AppEngineServiceIamPolicyPtrOutput) ToAppEngineServiceIamPolicyPtrOutputWithContext added in v4.11.1 

func (o AppEngineServiceIamPolicyPtrOutput) ToAppEngineServiceIamPolicyPtrOutputWithContext(ctx context.Context) AppEngineServiceIamPolicyPtrOutput

type AppEngineServiceIamPolicyState 

type AppEngineServiceIamPolicyState struct {
	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringPtrInput
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringPtrInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
	Service pulumi.StringPtrInput
}

func (AppEngineServiceIamPolicyState) ElementType 

func (AppEngineServiceIamPolicyState) ElementType() reflect.Type

type AppEngineVersionIamBinding 

type AppEngineVersionIamBinding struct {
	pulumi.CustomResourceState

	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringOutput `pulumi:"appId"`
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition AppEngineVersionIamBindingConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag    pulumi.StringOutput      `pulumi:"etag"`
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
	// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
	Service pulumi.StringOutput `pulumi:"service"`
	// Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
	VersionId pulumi.StringOutput `pulumi:"versionId"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:

* `iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached. * `iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved. * `iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.

> **Note:** `iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `iap.AppEngineVersionIamBinding` and `iap.AppEngineVersionIamMember` or they will fight over what your policy should be.

> **Note:** `iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_app\_engine\_version\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{
			Project:    pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			AppId:      pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Service:    pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			VersionId:  pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{
			Project:    pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			AppId:      pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Service:    pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			VersionId:  pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_app\_engine\_version\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{
			AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Project:   pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:      pulumi.String("roles/iap.httpsResourceAccessor"),
			Service:   pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{
			AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Condition: &iap.AppEngineVersionIamBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Project:   pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:      pulumi.String("roles/iap.httpsResourceAccessor"),
			Service:   pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_app\_engine\_version\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{
			AppId:     pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Member:    pulumi.String("user:jane@example.com"),
			Project:   pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:      pulumi.String("roles/iap.httpsResourceAccessor"),
			Service:   pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{
			AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Condition: &iap.AppEngineVersionIamMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Member:    pulumi.String("user:jane@example.com"),
			Project:   pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:      pulumi.String("roles/iap.httpsResourceAccessor"),
			Service:   pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} * {{project}}/{{appId}}/{{service}}/{{versionId}} * {{appId}}/{{service}}/{{versionId}} * {{version}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetAppEngineVersionIamBinding 

func GetAppEngineVersionIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AppEngineVersionIamBindingState, opts ...pulumi.ResourceOption) (*AppEngineVersionIamBinding, error)

GetAppEngineVersionIamBinding gets an existing AppEngineVersionIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAppEngineVersionIamBinding 

func NewAppEngineVersionIamBinding(ctx *pulumi.Context,
	name string, args *AppEngineVersionIamBindingArgs, opts ...pulumi.ResourceOption) (*AppEngineVersionIamBinding, error)

NewAppEngineVersionIamBinding registers a new resource with the given unique name, arguments, and options.

func (*AppEngineVersionIamBinding) ElementType added in v4.4.0 

func (*AppEngineVersionIamBinding) ElementType() reflect.Type

func (*AppEngineVersionIamBinding) ToAppEngineVersionIamBindingOutput added in v4.4.0 

func (i *AppEngineVersionIamBinding) ToAppEngineVersionIamBindingOutput() AppEngineVersionIamBindingOutput

func (*AppEngineVersionIamBinding) ToAppEngineVersionIamBindingOutputWithContext added in v4.4.0 

func (i *AppEngineVersionIamBinding) ToAppEngineVersionIamBindingOutputWithContext(ctx context.Context) AppEngineVersionIamBindingOutput

func (*AppEngineVersionIamBinding) ToAppEngineVersionIamBindingPtrOutput added in v4.11.1 

func (i *AppEngineVersionIamBinding) ToAppEngineVersionIamBindingPtrOutput() AppEngineVersionIamBindingPtrOutput

func (*AppEngineVersionIamBinding) ToAppEngineVersionIamBindingPtrOutputWithContext added in v4.11.1 

func (i *AppEngineVersionIamBinding) ToAppEngineVersionIamBindingPtrOutputWithContext(ctx context.Context) AppEngineVersionIamBindingPtrOutput

type AppEngineVersionIamBindingArgs 

type AppEngineVersionIamBindingArgs struct {
	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringInput
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition AppEngineVersionIamBindingConditionPtrInput
	Members   pulumi.StringArrayInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
	// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
	Service pulumi.StringInput
	// Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
	VersionId pulumi.StringInput
}

The set of arguments for constructing a AppEngineVersionIamBinding resource.

func (AppEngineVersionIamBindingArgs) ElementType 

func (AppEngineVersionIamBindingArgs) ElementType() reflect.Type

type AppEngineVersionIamBindingArray added in v4.11.1 

type AppEngineVersionIamBindingArray []AppEngineVersionIamBindingInput

func (AppEngineVersionIamBindingArray) ElementType added in v4.11.1 

func (AppEngineVersionIamBindingArray) ElementType() reflect.Type

func (AppEngineVersionIamBindingArray) ToAppEngineVersionIamBindingArrayOutput added in v4.11.1 

func (i AppEngineVersionIamBindingArray) ToAppEngineVersionIamBindingArrayOutput() AppEngineVersionIamBindingArrayOutput

func (AppEngineVersionIamBindingArray) ToAppEngineVersionIamBindingArrayOutputWithContext added in v4.11.1 

func (i AppEngineVersionIamBindingArray) ToAppEngineVersionIamBindingArrayOutputWithContext(ctx context.Context) AppEngineVersionIamBindingArrayOutput

type AppEngineVersionIamBindingArrayInput added in v4.11.1 

type AppEngineVersionIamBindingArrayInput interface {
	pulumi.Input

	ToAppEngineVersionIamBindingArrayOutput() AppEngineVersionIamBindingArrayOutput
	ToAppEngineVersionIamBindingArrayOutputWithContext(context.Context) AppEngineVersionIamBindingArrayOutput
}

AppEngineVersionIamBindingArrayInput is an input type that accepts AppEngineVersionIamBindingArray and AppEngineVersionIamBindingArrayOutput values. You can construct a concrete instance of `AppEngineVersionIamBindingArrayInput` via: 

AppEngineVersionIamBindingArray{ AppEngineVersionIamBindingArgs{...} }

type AppEngineVersionIamBindingArrayOutput added in v4.11.1 

type AppEngineVersionIamBindingArrayOutput struct{ *pulumi.OutputState }

func (AppEngineVersionIamBindingArrayOutput) ElementType added in v4.11.1 

func (AppEngineVersionIamBindingArrayOutput) ElementType() reflect.Type

func (AppEngineVersionIamBindingArrayOutput) Index added in v4.11.1 

func (o AppEngineVersionIamBindingArrayOutput) Index(i pulumi.IntInput) AppEngineVersionIamBindingOutput

func (AppEngineVersionIamBindingArrayOutput) ToAppEngineVersionIamBindingArrayOutput added in v4.11.1 

func (o AppEngineVersionIamBindingArrayOutput) ToAppEngineVersionIamBindingArrayOutput() AppEngineVersionIamBindingArrayOutput

func (AppEngineVersionIamBindingArrayOutput) ToAppEngineVersionIamBindingArrayOutputWithContext added in v4.11.1 

func (o AppEngineVersionIamBindingArrayOutput) ToAppEngineVersionIamBindingArrayOutputWithContext(ctx context.Context) AppEngineVersionIamBindingArrayOutput

type AppEngineVersionIamBindingCondition 

type AppEngineVersionIamBindingCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type AppEngineVersionIamBindingConditionArgs 

type AppEngineVersionIamBindingConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (AppEngineVersionIamBindingConditionArgs) ElementType 

func (AppEngineVersionIamBindingConditionArgs) ElementType() reflect.Type

func (AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionOutput 

func (i AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionOutput() AppEngineVersionIamBindingConditionOutput

func (AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionOutputWithContext 

func (i AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionOutput

func (AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionPtrOutput 

func (i AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionPtrOutput() AppEngineVersionIamBindingConditionPtrOutput

func (AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionPtrOutputWithContext 

func (i AppEngineVersionIamBindingConditionArgs) ToAppEngineVersionIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionPtrOutput

type AppEngineVersionIamBindingConditionInput 

type AppEngineVersionIamBindingConditionInput interface {
	pulumi.Input

	ToAppEngineVersionIamBindingConditionOutput() AppEngineVersionIamBindingConditionOutput
	ToAppEngineVersionIamBindingConditionOutputWithContext(context.Context) AppEngineVersionIamBindingConditionOutput
}

AppEngineVersionIamBindingConditionInput is an input type that accepts AppEngineVersionIamBindingConditionArgs and AppEngineVersionIamBindingConditionOutput values. You can construct a concrete instance of `AppEngineVersionIamBindingConditionInput` via: 

AppEngineVersionIamBindingConditionArgs{...}

type AppEngineVersionIamBindingConditionOutput 

type AppEngineVersionIamBindingConditionOutput struct{ *pulumi.OutputState }

func (AppEngineVersionIamBindingConditionOutput) Description 

func (o AppEngineVersionIamBindingConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (AppEngineVersionIamBindingConditionOutput) ElementType 

func (AppEngineVersionIamBindingConditionOutput) ElementType() reflect.Type

func (AppEngineVersionIamBindingConditionOutput) Expression 

func (o AppEngineVersionIamBindingConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (AppEngineVersionIamBindingConditionOutput) Title 

func (o AppEngineVersionIamBindingConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionOutput 

func (o AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionOutput() AppEngineVersionIamBindingConditionOutput

func (AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionOutputWithContext 

func (o AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionOutput

func (AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionPtrOutput 

func (o AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionPtrOutput() AppEngineVersionIamBindingConditionPtrOutput

func (AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionPtrOutputWithContext 

func (o AppEngineVersionIamBindingConditionOutput) ToAppEngineVersionIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionPtrOutput

type AppEngineVersionIamBindingConditionPtrInput 

type AppEngineVersionIamBindingConditionPtrInput interface {
	pulumi.Input

	ToAppEngineVersionIamBindingConditionPtrOutput() AppEngineVersionIamBindingConditionPtrOutput
	ToAppEngineVersionIamBindingConditionPtrOutputWithContext(context.Context) AppEngineVersionIamBindingConditionPtrOutput
}

AppEngineVersionIamBindingConditionPtrInput is an input type that accepts AppEngineVersionIamBindingConditionArgs, AppEngineVersionIamBindingConditionPtr and AppEngineVersionIamBindingConditionPtrOutput values. You can construct a concrete instance of `AppEngineVersionIamBindingConditionPtrInput` via: 

        AppEngineVersionIamBindingConditionArgs{...}

or:

        nil

func AppEngineVersionIamBindingConditionPtr 

func AppEngineVersionIamBindingConditionPtr(v *AppEngineVersionIamBindingConditionArgs) AppEngineVersionIamBindingConditionPtrInput

type AppEngineVersionIamBindingConditionPtrOutput 

type AppEngineVersionIamBindingConditionPtrOutput struct{ *pulumi.OutputState }

func (AppEngineVersionIamBindingConditionPtrOutput) Description 

func (o AppEngineVersionIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (AppEngineVersionIamBindingConditionPtrOutput) Elem 

func (o AppEngineVersionIamBindingConditionPtrOutput) Elem() AppEngineVersionIamBindingConditionOutput

func (AppEngineVersionIamBindingConditionPtrOutput) ElementType 

func (AppEngineVersionIamBindingConditionPtrOutput) ElementType() reflect.Type

func (AppEngineVersionIamBindingConditionPtrOutput) Expression 

func (o AppEngineVersionIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (AppEngineVersionIamBindingConditionPtrOutput) Title 

func (o AppEngineVersionIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (AppEngineVersionIamBindingConditionPtrOutput) ToAppEngineVersionIamBindingConditionPtrOutput 

func (o AppEngineVersionIamBindingConditionPtrOutput) ToAppEngineVersionIamBindingConditionPtrOutput() AppEngineVersionIamBindingConditionPtrOutput

func (AppEngineVersionIamBindingConditionPtrOutput) ToAppEngineVersionIamBindingConditionPtrOutputWithContext 

func (o AppEngineVersionIamBindingConditionPtrOutput) ToAppEngineVersionIamBindingConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamBindingConditionPtrOutput

type AppEngineVersionIamBindingInput added in v4.4.0 

type AppEngineVersionIamBindingInput interface {
	pulumi.Input

	ToAppEngineVersionIamBindingOutput() AppEngineVersionIamBindingOutput
	ToAppEngineVersionIamBindingOutputWithContext(ctx context.Context) AppEngineVersionIamBindingOutput
}

type AppEngineVersionIamBindingMap added in v4.11.1 

type AppEngineVersionIamBindingMap map[string]AppEngineVersionIamBindingInput

func (AppEngineVersionIamBindingMap) ElementType added in v4.11.1 

func (AppEngineVersionIamBindingMap) ElementType() reflect.Type

func (AppEngineVersionIamBindingMap) ToAppEngineVersionIamBindingMapOutput added in v4.11.1 

func (i AppEngineVersionIamBindingMap) ToAppEngineVersionIamBindingMapOutput() AppEngineVersionIamBindingMapOutput

func (AppEngineVersionIamBindingMap) ToAppEngineVersionIamBindingMapOutputWithContext added in v4.11.1 

func (i AppEngineVersionIamBindingMap) ToAppEngineVersionIamBindingMapOutputWithContext(ctx context.Context) AppEngineVersionIamBindingMapOutput

type AppEngineVersionIamBindingMapInput added in v4.11.1 

type AppEngineVersionIamBindingMapInput interface {
	pulumi.Input

	ToAppEngineVersionIamBindingMapOutput() AppEngineVersionIamBindingMapOutput
	ToAppEngineVersionIamBindingMapOutputWithContext(context.Context) AppEngineVersionIamBindingMapOutput
}

AppEngineVersionIamBindingMapInput is an input type that accepts AppEngineVersionIamBindingMap and AppEngineVersionIamBindingMapOutput values. You can construct a concrete instance of `AppEngineVersionIamBindingMapInput` via: 

AppEngineVersionIamBindingMap{ "key": AppEngineVersionIamBindingArgs{...} }

type AppEngineVersionIamBindingMapOutput added in v4.11.1 

type AppEngineVersionIamBindingMapOutput struct{ *pulumi.OutputState }

func (AppEngineVersionIamBindingMapOutput) ElementType added in v4.11.1 

func (AppEngineVersionIamBindingMapOutput) ElementType() reflect.Type

func (AppEngineVersionIamBindingMapOutput) MapIndex added in v4.11.1 

func (o AppEngineVersionIamBindingMapOutput) MapIndex(k pulumi.StringInput) AppEngineVersionIamBindingOutput

func (AppEngineVersionIamBindingMapOutput) ToAppEngineVersionIamBindingMapOutput added in v4.11.1 

func (o AppEngineVersionIamBindingMapOutput) ToAppEngineVersionIamBindingMapOutput() AppEngineVersionIamBindingMapOutput

func (AppEngineVersionIamBindingMapOutput) ToAppEngineVersionIamBindingMapOutputWithContext added in v4.11.1 

func (o AppEngineVersionIamBindingMapOutput) ToAppEngineVersionIamBindingMapOutputWithContext(ctx context.Context) AppEngineVersionIamBindingMapOutput

type AppEngineVersionIamBindingOutput added in v4.4.0 

type AppEngineVersionIamBindingOutput struct {
	*pulumi.OutputState
}

func (AppEngineVersionIamBindingOutput) ElementType added in v4.4.0 

func (AppEngineVersionIamBindingOutput) ElementType() reflect.Type

func (AppEngineVersionIamBindingOutput) ToAppEngineVersionIamBindingOutput added in v4.4.0 

func (o AppEngineVersionIamBindingOutput) ToAppEngineVersionIamBindingOutput() AppEngineVersionIamBindingOutput

func (AppEngineVersionIamBindingOutput) ToAppEngineVersionIamBindingOutputWithContext added in v4.4.0 

func (o AppEngineVersionIamBindingOutput) ToAppEngineVersionIamBindingOutputWithContext(ctx context.Context) AppEngineVersionIamBindingOutput

func (AppEngineVersionIamBindingOutput) ToAppEngineVersionIamBindingPtrOutput added in v4.11.1 

func (o AppEngineVersionIamBindingOutput) ToAppEngineVersionIamBindingPtrOutput() AppEngineVersionIamBindingPtrOutput

func (AppEngineVersionIamBindingOutput) ToAppEngineVersionIamBindingPtrOutputWithContext added in v4.11.1 

func (o AppEngineVersionIamBindingOutput) ToAppEngineVersionIamBindingPtrOutputWithContext(ctx context.Context) AppEngineVersionIamBindingPtrOutput

type AppEngineVersionIamBindingPtrInput added in v4.11.1 

type AppEngineVersionIamBindingPtrInput interface {
	pulumi.Input

	ToAppEngineVersionIamBindingPtrOutput() AppEngineVersionIamBindingPtrOutput
	ToAppEngineVersionIamBindingPtrOutputWithContext(ctx context.Context) AppEngineVersionIamBindingPtrOutput
}

type AppEngineVersionIamBindingPtrOutput added in v4.11.1 

type AppEngineVersionIamBindingPtrOutput struct {
	*pulumi.OutputState
}

func (AppEngineVersionIamBindingPtrOutput) ElementType added in v4.11.1 

func (AppEngineVersionIamBindingPtrOutput) ElementType() reflect.Type

func (AppEngineVersionIamBindingPtrOutput) ToAppEngineVersionIamBindingPtrOutput added in v4.11.1 

func (o AppEngineVersionIamBindingPtrOutput) ToAppEngineVersionIamBindingPtrOutput() AppEngineVersionIamBindingPtrOutput

func (AppEngineVersionIamBindingPtrOutput) ToAppEngineVersionIamBindingPtrOutputWithContext added in v4.11.1 

func (o AppEngineVersionIamBindingPtrOutput) ToAppEngineVersionIamBindingPtrOutputWithContext(ctx context.Context) AppEngineVersionIamBindingPtrOutput

type AppEngineVersionIamBindingState 

type AppEngineVersionIamBindingState struct {
	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringPtrInput
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition AppEngineVersionIamBindingConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag    pulumi.StringPtrInput
	Members pulumi.StringArrayInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
	// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
	Service pulumi.StringPtrInput
	// Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
	VersionId pulumi.StringPtrInput
}

func (AppEngineVersionIamBindingState) ElementType 

func (AppEngineVersionIamBindingState) ElementType() reflect.Type

type AppEngineVersionIamMember 

type AppEngineVersionIamMember struct {
	pulumi.CustomResourceState

	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringOutput `pulumi:"appId"`
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition AppEngineVersionIamMemberConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag   pulumi.StringOutput `pulumi:"etag"`
	Member pulumi.StringOutput `pulumi:"member"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
	// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
	Service pulumi.StringOutput `pulumi:"service"`
	// Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
	VersionId pulumi.StringOutput `pulumi:"versionId"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:

* `iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached. * `iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved. * `iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.

> **Note:** `iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `iap.AppEngineVersionIamBinding` and `iap.AppEngineVersionIamMember` or they will fight over what your policy should be.

> **Note:** `iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_app\_engine\_version\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{
			Project:    pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			AppId:      pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Service:    pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			VersionId:  pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{
			Project:    pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			AppId:      pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Service:    pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			VersionId:  pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_app\_engine\_version\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{
			AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Project:   pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:      pulumi.String("roles/iap.httpsResourceAccessor"),
			Service:   pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{
			AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Condition: &iap.AppEngineVersionIamBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Project:   pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:      pulumi.String("roles/iap.httpsResourceAccessor"),
			Service:   pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_app\_engine\_version\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{
			AppId:     pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Member:    pulumi.String("user:jane@example.com"),
			Project:   pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:      pulumi.String("roles/iap.httpsResourceAccessor"),
			Service:   pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{
			AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Condition: &iap.AppEngineVersionIamMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Member:    pulumi.String("user:jane@example.com"),
			Project:   pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:      pulumi.String("roles/iap.httpsResourceAccessor"),
			Service:   pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} * {{project}}/{{appId}}/{{service}}/{{versionId}} * {{appId}}/{{service}}/{{versionId}} * {{version}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetAppEngineVersionIamMember 

func GetAppEngineVersionIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AppEngineVersionIamMemberState, opts ...pulumi.ResourceOption) (*AppEngineVersionIamMember, error)

GetAppEngineVersionIamMember gets an existing AppEngineVersionIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAppEngineVersionIamMember 

func NewAppEngineVersionIamMember(ctx *pulumi.Context,
	name string, args *AppEngineVersionIamMemberArgs, opts ...pulumi.ResourceOption) (*AppEngineVersionIamMember, error)

NewAppEngineVersionIamMember registers a new resource with the given unique name, arguments, and options.

func (*AppEngineVersionIamMember) ElementType added in v4.4.0 

func (*AppEngineVersionIamMember) ElementType() reflect.Type

func (*AppEngineVersionIamMember) ToAppEngineVersionIamMemberOutput added in v4.4.0 

func (i *AppEngineVersionIamMember) ToAppEngineVersionIamMemberOutput() AppEngineVersionIamMemberOutput

func (*AppEngineVersionIamMember) ToAppEngineVersionIamMemberOutputWithContext added in v4.4.0 

func (i *AppEngineVersionIamMember) ToAppEngineVersionIamMemberOutputWithContext(ctx context.Context) AppEngineVersionIamMemberOutput

func (*AppEngineVersionIamMember) ToAppEngineVersionIamMemberPtrOutput added in v4.11.1 

func (i *AppEngineVersionIamMember) ToAppEngineVersionIamMemberPtrOutput() AppEngineVersionIamMemberPtrOutput

func (*AppEngineVersionIamMember) ToAppEngineVersionIamMemberPtrOutputWithContext added in v4.11.1 

func (i *AppEngineVersionIamMember) ToAppEngineVersionIamMemberPtrOutputWithContext(ctx context.Context) AppEngineVersionIamMemberPtrOutput

type AppEngineVersionIamMemberArgs 

type AppEngineVersionIamMemberArgs struct {
	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringInput
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition AppEngineVersionIamMemberConditionPtrInput
	Member    pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
	// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
	Service pulumi.StringInput
	// Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
	VersionId pulumi.StringInput
}

The set of arguments for constructing a AppEngineVersionIamMember resource.

func (AppEngineVersionIamMemberArgs) ElementType 

func (AppEngineVersionIamMemberArgs) ElementType() reflect.Type

type AppEngineVersionIamMemberArray added in v4.11.1 

type AppEngineVersionIamMemberArray []AppEngineVersionIamMemberInput

func (AppEngineVersionIamMemberArray) ElementType added in v4.11.1 

func (AppEngineVersionIamMemberArray) ElementType() reflect.Type

func (AppEngineVersionIamMemberArray) ToAppEngineVersionIamMemberArrayOutput added in v4.11.1 

func (i AppEngineVersionIamMemberArray) ToAppEngineVersionIamMemberArrayOutput() AppEngineVersionIamMemberArrayOutput

func (AppEngineVersionIamMemberArray) ToAppEngineVersionIamMemberArrayOutputWithContext added in v4.11.1 

func (i AppEngineVersionIamMemberArray) ToAppEngineVersionIamMemberArrayOutputWithContext(ctx context.Context) AppEngineVersionIamMemberArrayOutput

type AppEngineVersionIamMemberArrayInput added in v4.11.1 

type AppEngineVersionIamMemberArrayInput interface {
	pulumi.Input

	ToAppEngineVersionIamMemberArrayOutput() AppEngineVersionIamMemberArrayOutput
	ToAppEngineVersionIamMemberArrayOutputWithContext(context.Context) AppEngineVersionIamMemberArrayOutput
}

AppEngineVersionIamMemberArrayInput is an input type that accepts AppEngineVersionIamMemberArray and AppEngineVersionIamMemberArrayOutput values. You can construct a concrete instance of `AppEngineVersionIamMemberArrayInput` via: 

AppEngineVersionIamMemberArray{ AppEngineVersionIamMemberArgs{...} }

type AppEngineVersionIamMemberArrayOutput added in v4.11.1 

type AppEngineVersionIamMemberArrayOutput struct{ *pulumi.OutputState }

func (AppEngineVersionIamMemberArrayOutput) ElementType added in v4.11.1 

func (AppEngineVersionIamMemberArrayOutput) ElementType() reflect.Type

func (AppEngineVersionIamMemberArrayOutput) Index added in v4.11.1 

func (o AppEngineVersionIamMemberArrayOutput) Index(i pulumi.IntInput) AppEngineVersionIamMemberOutput

func (AppEngineVersionIamMemberArrayOutput) ToAppEngineVersionIamMemberArrayOutput added in v4.11.1 

func (o AppEngineVersionIamMemberArrayOutput) ToAppEngineVersionIamMemberArrayOutput() AppEngineVersionIamMemberArrayOutput

func (AppEngineVersionIamMemberArrayOutput) ToAppEngineVersionIamMemberArrayOutputWithContext added in v4.11.1 

func (o AppEngineVersionIamMemberArrayOutput) ToAppEngineVersionIamMemberArrayOutputWithContext(ctx context.Context) AppEngineVersionIamMemberArrayOutput

type AppEngineVersionIamMemberCondition 

type AppEngineVersionIamMemberCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type AppEngineVersionIamMemberConditionArgs 

type AppEngineVersionIamMemberConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (AppEngineVersionIamMemberConditionArgs) ElementType 

func (AppEngineVersionIamMemberConditionArgs) ElementType() reflect.Type

func (AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionOutput 

func (i AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionOutput() AppEngineVersionIamMemberConditionOutput

func (AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionOutputWithContext 

func (i AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionOutput

func (AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionPtrOutput 

func (i AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionPtrOutput() AppEngineVersionIamMemberConditionPtrOutput

func (AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionPtrOutputWithContext 

func (i AppEngineVersionIamMemberConditionArgs) ToAppEngineVersionIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionPtrOutput

type AppEngineVersionIamMemberConditionInput 

type AppEngineVersionIamMemberConditionInput interface {
	pulumi.Input

	ToAppEngineVersionIamMemberConditionOutput() AppEngineVersionIamMemberConditionOutput
	ToAppEngineVersionIamMemberConditionOutputWithContext(context.Context) AppEngineVersionIamMemberConditionOutput
}

AppEngineVersionIamMemberConditionInput is an input type that accepts AppEngineVersionIamMemberConditionArgs and AppEngineVersionIamMemberConditionOutput values. You can construct a concrete instance of `AppEngineVersionIamMemberConditionInput` via: 

AppEngineVersionIamMemberConditionArgs{...}

type AppEngineVersionIamMemberConditionOutput 

type AppEngineVersionIamMemberConditionOutput struct{ *pulumi.OutputState }

func (AppEngineVersionIamMemberConditionOutput) Description 

func (o AppEngineVersionIamMemberConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (AppEngineVersionIamMemberConditionOutput) ElementType 

func (AppEngineVersionIamMemberConditionOutput) ElementType() reflect.Type

func (AppEngineVersionIamMemberConditionOutput) Expression 

func (o AppEngineVersionIamMemberConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (AppEngineVersionIamMemberConditionOutput) Title 

func (o AppEngineVersionIamMemberConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionOutput 

func (o AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionOutput() AppEngineVersionIamMemberConditionOutput

func (AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionOutputWithContext 

func (o AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionOutput

func (AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionPtrOutput 

func (o AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionPtrOutput() AppEngineVersionIamMemberConditionPtrOutput

func (AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionPtrOutputWithContext 

func (o AppEngineVersionIamMemberConditionOutput) ToAppEngineVersionIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionPtrOutput

type AppEngineVersionIamMemberConditionPtrInput 

type AppEngineVersionIamMemberConditionPtrInput interface {
	pulumi.Input

	ToAppEngineVersionIamMemberConditionPtrOutput() AppEngineVersionIamMemberConditionPtrOutput
	ToAppEngineVersionIamMemberConditionPtrOutputWithContext(context.Context) AppEngineVersionIamMemberConditionPtrOutput
}

AppEngineVersionIamMemberConditionPtrInput is an input type that accepts AppEngineVersionIamMemberConditionArgs, AppEngineVersionIamMemberConditionPtr and AppEngineVersionIamMemberConditionPtrOutput values. You can construct a concrete instance of `AppEngineVersionIamMemberConditionPtrInput` via: 

        AppEngineVersionIamMemberConditionArgs{...}

or:

        nil

func AppEngineVersionIamMemberConditionPtr 

func AppEngineVersionIamMemberConditionPtr(v *AppEngineVersionIamMemberConditionArgs) AppEngineVersionIamMemberConditionPtrInput

type AppEngineVersionIamMemberConditionPtrOutput 

type AppEngineVersionIamMemberConditionPtrOutput struct{ *pulumi.OutputState }

func (AppEngineVersionIamMemberConditionPtrOutput) Description 

func (o AppEngineVersionIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (AppEngineVersionIamMemberConditionPtrOutput) Elem 

func (o AppEngineVersionIamMemberConditionPtrOutput) Elem() AppEngineVersionIamMemberConditionOutput

func (AppEngineVersionIamMemberConditionPtrOutput) ElementType 

func (AppEngineVersionIamMemberConditionPtrOutput) ElementType() reflect.Type

func (AppEngineVersionIamMemberConditionPtrOutput) Expression 

func (o AppEngineVersionIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (AppEngineVersionIamMemberConditionPtrOutput) Title 

func (o AppEngineVersionIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (AppEngineVersionIamMemberConditionPtrOutput) ToAppEngineVersionIamMemberConditionPtrOutput 

func (o AppEngineVersionIamMemberConditionPtrOutput) ToAppEngineVersionIamMemberConditionPtrOutput() AppEngineVersionIamMemberConditionPtrOutput

func (AppEngineVersionIamMemberConditionPtrOutput) ToAppEngineVersionIamMemberConditionPtrOutputWithContext 

func (o AppEngineVersionIamMemberConditionPtrOutput) ToAppEngineVersionIamMemberConditionPtrOutputWithContext(ctx context.Context) AppEngineVersionIamMemberConditionPtrOutput

type AppEngineVersionIamMemberInput added in v4.4.0 

type AppEngineVersionIamMemberInput interface {
	pulumi.Input

	ToAppEngineVersionIamMemberOutput() AppEngineVersionIamMemberOutput
	ToAppEngineVersionIamMemberOutputWithContext(ctx context.Context) AppEngineVersionIamMemberOutput
}

type AppEngineVersionIamMemberMap added in v4.11.1 

type AppEngineVersionIamMemberMap map[string]AppEngineVersionIamMemberInput

func (AppEngineVersionIamMemberMap) ElementType added in v4.11.1 

func (AppEngineVersionIamMemberMap) ElementType() reflect.Type

func (AppEngineVersionIamMemberMap) ToAppEngineVersionIamMemberMapOutput added in v4.11.1 

func (i AppEngineVersionIamMemberMap) ToAppEngineVersionIamMemberMapOutput() AppEngineVersionIamMemberMapOutput

func (AppEngineVersionIamMemberMap) ToAppEngineVersionIamMemberMapOutputWithContext added in v4.11.1 

func (i AppEngineVersionIamMemberMap) ToAppEngineVersionIamMemberMapOutputWithContext(ctx context.Context) AppEngineVersionIamMemberMapOutput

type AppEngineVersionIamMemberMapInput added in v4.11.1 

type AppEngineVersionIamMemberMapInput interface {
	pulumi.Input

	ToAppEngineVersionIamMemberMapOutput() AppEngineVersionIamMemberMapOutput
	ToAppEngineVersionIamMemberMapOutputWithContext(context.Context) AppEngineVersionIamMemberMapOutput
}

AppEngineVersionIamMemberMapInput is an input type that accepts AppEngineVersionIamMemberMap and AppEngineVersionIamMemberMapOutput values. You can construct a concrete instance of `AppEngineVersionIamMemberMapInput` via: 

AppEngineVersionIamMemberMap{ "key": AppEngineVersionIamMemberArgs{...} }

type AppEngineVersionIamMemberMapOutput added in v4.11.1 

type AppEngineVersionIamMemberMapOutput struct{ *pulumi.OutputState }

func (AppEngineVersionIamMemberMapOutput) ElementType added in v4.11.1 

func (AppEngineVersionIamMemberMapOutput) ElementType() reflect.Type

func (AppEngineVersionIamMemberMapOutput) MapIndex added in v4.11.1 

func (o AppEngineVersionIamMemberMapOutput) MapIndex(k pulumi.StringInput) AppEngineVersionIamMemberOutput

func (AppEngineVersionIamMemberMapOutput) ToAppEngineVersionIamMemberMapOutput added in v4.11.1 

func (o AppEngineVersionIamMemberMapOutput) ToAppEngineVersionIamMemberMapOutput() AppEngineVersionIamMemberMapOutput

func (AppEngineVersionIamMemberMapOutput) ToAppEngineVersionIamMemberMapOutputWithContext added in v4.11.1 

func (o AppEngineVersionIamMemberMapOutput) ToAppEngineVersionIamMemberMapOutputWithContext(ctx context.Context) AppEngineVersionIamMemberMapOutput

type AppEngineVersionIamMemberOutput added in v4.4.0 

type AppEngineVersionIamMemberOutput struct {
	*pulumi.OutputState
}

func (AppEngineVersionIamMemberOutput) ElementType added in v4.4.0 

func (AppEngineVersionIamMemberOutput) ElementType() reflect.Type

func (AppEngineVersionIamMemberOutput) ToAppEngineVersionIamMemberOutput added in v4.4.0 

func (o AppEngineVersionIamMemberOutput) ToAppEngineVersionIamMemberOutput() AppEngineVersionIamMemberOutput

func (AppEngineVersionIamMemberOutput) ToAppEngineVersionIamMemberOutputWithContext added in v4.4.0 

func (o AppEngineVersionIamMemberOutput) ToAppEngineVersionIamMemberOutputWithContext(ctx context.Context) AppEngineVersionIamMemberOutput

func (AppEngineVersionIamMemberOutput) ToAppEngineVersionIamMemberPtrOutput added in v4.11.1 

func (o AppEngineVersionIamMemberOutput) ToAppEngineVersionIamMemberPtrOutput() AppEngineVersionIamMemberPtrOutput

func (AppEngineVersionIamMemberOutput) ToAppEngineVersionIamMemberPtrOutputWithContext added in v4.11.1 

func (o AppEngineVersionIamMemberOutput) ToAppEngineVersionIamMemberPtrOutputWithContext(ctx context.Context) AppEngineVersionIamMemberPtrOutput

type AppEngineVersionIamMemberPtrInput added in v4.11.1 

type AppEngineVersionIamMemberPtrInput interface {
	pulumi.Input

	ToAppEngineVersionIamMemberPtrOutput() AppEngineVersionIamMemberPtrOutput
	ToAppEngineVersionIamMemberPtrOutputWithContext(ctx context.Context) AppEngineVersionIamMemberPtrOutput
}

type AppEngineVersionIamMemberPtrOutput added in v4.11.1 

type AppEngineVersionIamMemberPtrOutput struct {
	*pulumi.OutputState
}

func (AppEngineVersionIamMemberPtrOutput) ElementType added in v4.11.1 

func (AppEngineVersionIamMemberPtrOutput) ElementType() reflect.Type

func (AppEngineVersionIamMemberPtrOutput) ToAppEngineVersionIamMemberPtrOutput added in v4.11.1 

func (o AppEngineVersionIamMemberPtrOutput) ToAppEngineVersionIamMemberPtrOutput() AppEngineVersionIamMemberPtrOutput

func (AppEngineVersionIamMemberPtrOutput) ToAppEngineVersionIamMemberPtrOutputWithContext added in v4.11.1 

func (o AppEngineVersionIamMemberPtrOutput) ToAppEngineVersionIamMemberPtrOutputWithContext(ctx context.Context) AppEngineVersionIamMemberPtrOutput

type AppEngineVersionIamMemberState 

type AppEngineVersionIamMemberState struct {
	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringPtrInput
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition AppEngineVersionIamMemberConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag   pulumi.StringPtrInput
	Member pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
	// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
	Service pulumi.StringPtrInput
	// Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
	VersionId pulumi.StringPtrInput
}

func (AppEngineVersionIamMemberState) ElementType 

func (AppEngineVersionIamMemberState) ElementType() reflect.Type

type AppEngineVersionIamPolicy 

type AppEngineVersionIamPolicy struct {
	pulumi.CustomResourceState

	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringOutput `pulumi:"appId"`
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringOutput `pulumi:"policyData"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
	Service pulumi.StringOutput `pulumi:"service"`
	// Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
	VersionId pulumi.StringOutput `pulumi:"versionId"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:

* `iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached. * `iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved. * `iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.

> **Note:** `iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `iap.AppEngineVersionIamBinding` and `iap.AppEngineVersionIamMember` or they will fight over what your policy should be.

> **Note:** `iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_app\_engine\_version\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{
			Project:    pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			AppId:      pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Service:    pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			VersionId:  pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{
			Project:    pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			AppId:      pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Service:    pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			VersionId:  pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_app\_engine\_version\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{
			AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Project:   pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:      pulumi.String("roles/iap.httpsResourceAccessor"),
			Service:   pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{
			AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Condition: &iap.AppEngineVersionIamBindingConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Project:   pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:      pulumi.String("roles/iap.httpsResourceAccessor"),
			Service:   pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_app\_engine\_version\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{
			AppId:     pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Member:    pulumi.String("user:jane@example.com"),
			Project:   pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:      pulumi.String("roles/iap.httpsResourceAccessor"),
			Service:   pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{
			AppId: pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Condition: &iap.AppEngineVersionIamMemberConditionArgs{
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
				Title:       pulumi.String("expires_after_2019_12_31"),
			},
			Member:    pulumi.String("user:jane@example.com"),
			Project:   pulumi.Any(google_app_engine_standard_app_version.Version.Project),
			Role:      pulumi.String("roles/iap.httpsResourceAccessor"),
			Service:   pulumi.Any(google_app_engine_standard_app_version.Version.Service),
			VersionId: pulumi.Any(google_app_engine_standard_app_version.Version.Version_id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} * {{project}}/{{appId}}/{{service}}/{{versionId}} * {{appId}}/{{service}}/{{versionId}} * {{version}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetAppEngineVersionIamPolicy 

func GetAppEngineVersionIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AppEngineVersionIamPolicyState, opts ...pulumi.ResourceOption) (*AppEngineVersionIamPolicy, error)

GetAppEngineVersionIamPolicy gets an existing AppEngineVersionIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAppEngineVersionIamPolicy 

func NewAppEngineVersionIamPolicy(ctx *pulumi.Context,
	name string, args *AppEngineVersionIamPolicyArgs, opts ...pulumi.ResourceOption) (*AppEngineVersionIamPolicy, error)

NewAppEngineVersionIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*AppEngineVersionIamPolicy) ElementType added in v4.4.0 

func (*AppEngineVersionIamPolicy) ElementType() reflect.Type

func (*AppEngineVersionIamPolicy) ToAppEngineVersionIamPolicyOutput added in v4.4.0 

func (i *AppEngineVersionIamPolicy) ToAppEngineVersionIamPolicyOutput() AppEngineVersionIamPolicyOutput

func (*AppEngineVersionIamPolicy) ToAppEngineVersionIamPolicyOutputWithContext added in v4.4.0 

func (i *AppEngineVersionIamPolicy) ToAppEngineVersionIamPolicyOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyOutput

func (*AppEngineVersionIamPolicy) ToAppEngineVersionIamPolicyPtrOutput added in v4.11.1 

func (i *AppEngineVersionIamPolicy) ToAppEngineVersionIamPolicyPtrOutput() AppEngineVersionIamPolicyPtrOutput

func (*AppEngineVersionIamPolicy) ToAppEngineVersionIamPolicyPtrOutputWithContext added in v4.11.1 

func (i *AppEngineVersionIamPolicy) ToAppEngineVersionIamPolicyPtrOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyPtrOutput

type AppEngineVersionIamPolicyArgs 

type AppEngineVersionIamPolicyArgs struct {
	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
	Service pulumi.StringInput
	// Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
	VersionId pulumi.StringInput
}

The set of arguments for constructing a AppEngineVersionIamPolicy resource.

func (AppEngineVersionIamPolicyArgs) ElementType 

func (AppEngineVersionIamPolicyArgs) ElementType() reflect.Type

type AppEngineVersionIamPolicyArray added in v4.11.1 

type AppEngineVersionIamPolicyArray []AppEngineVersionIamPolicyInput

func (AppEngineVersionIamPolicyArray) ElementType added in v4.11.1 

func (AppEngineVersionIamPolicyArray) ElementType() reflect.Type

func (AppEngineVersionIamPolicyArray) ToAppEngineVersionIamPolicyArrayOutput added in v4.11.1 

func (i AppEngineVersionIamPolicyArray) ToAppEngineVersionIamPolicyArrayOutput() AppEngineVersionIamPolicyArrayOutput

func (AppEngineVersionIamPolicyArray) ToAppEngineVersionIamPolicyArrayOutputWithContext added in v4.11.1 

func (i AppEngineVersionIamPolicyArray) ToAppEngineVersionIamPolicyArrayOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyArrayOutput

type AppEngineVersionIamPolicyArrayInput added in v4.11.1 

type AppEngineVersionIamPolicyArrayInput interface {
	pulumi.Input

	ToAppEngineVersionIamPolicyArrayOutput() AppEngineVersionIamPolicyArrayOutput
	ToAppEngineVersionIamPolicyArrayOutputWithContext(context.Context) AppEngineVersionIamPolicyArrayOutput
}

AppEngineVersionIamPolicyArrayInput is an input type that accepts AppEngineVersionIamPolicyArray and AppEngineVersionIamPolicyArrayOutput values. You can construct a concrete instance of `AppEngineVersionIamPolicyArrayInput` via: 

AppEngineVersionIamPolicyArray{ AppEngineVersionIamPolicyArgs{...} }

type AppEngineVersionIamPolicyArrayOutput added in v4.11.1 

type AppEngineVersionIamPolicyArrayOutput struct{ *pulumi.OutputState }

func (AppEngineVersionIamPolicyArrayOutput) ElementType added in v4.11.1 

func (AppEngineVersionIamPolicyArrayOutput) ElementType() reflect.Type

func (AppEngineVersionIamPolicyArrayOutput) Index added in v4.11.1 

func (o AppEngineVersionIamPolicyArrayOutput) Index(i pulumi.IntInput) AppEngineVersionIamPolicyOutput

func (AppEngineVersionIamPolicyArrayOutput) ToAppEngineVersionIamPolicyArrayOutput added in v4.11.1 

func (o AppEngineVersionIamPolicyArrayOutput) ToAppEngineVersionIamPolicyArrayOutput() AppEngineVersionIamPolicyArrayOutput

func (AppEngineVersionIamPolicyArrayOutput) ToAppEngineVersionIamPolicyArrayOutputWithContext added in v4.11.1 

func (o AppEngineVersionIamPolicyArrayOutput) ToAppEngineVersionIamPolicyArrayOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyArrayOutput

type AppEngineVersionIamPolicyInput added in v4.4.0 

type AppEngineVersionIamPolicyInput interface {
	pulumi.Input

	ToAppEngineVersionIamPolicyOutput() AppEngineVersionIamPolicyOutput
	ToAppEngineVersionIamPolicyOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyOutput
}

type AppEngineVersionIamPolicyMap added in v4.11.1 

type AppEngineVersionIamPolicyMap map[string]AppEngineVersionIamPolicyInput

func (AppEngineVersionIamPolicyMap) ElementType added in v4.11.1 

func (AppEngineVersionIamPolicyMap) ElementType() reflect.Type

func (AppEngineVersionIamPolicyMap) ToAppEngineVersionIamPolicyMapOutput added in v4.11.1 

func (i AppEngineVersionIamPolicyMap) ToAppEngineVersionIamPolicyMapOutput() AppEngineVersionIamPolicyMapOutput

func (AppEngineVersionIamPolicyMap) ToAppEngineVersionIamPolicyMapOutputWithContext added in v4.11.1 

func (i AppEngineVersionIamPolicyMap) ToAppEngineVersionIamPolicyMapOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyMapOutput

type AppEngineVersionIamPolicyMapInput added in v4.11.1 

type AppEngineVersionIamPolicyMapInput interface {
	pulumi.Input

	ToAppEngineVersionIamPolicyMapOutput() AppEngineVersionIamPolicyMapOutput
	ToAppEngineVersionIamPolicyMapOutputWithContext(context.Context) AppEngineVersionIamPolicyMapOutput
}

AppEngineVersionIamPolicyMapInput is an input type that accepts AppEngineVersionIamPolicyMap and AppEngineVersionIamPolicyMapOutput values. You can construct a concrete instance of `AppEngineVersionIamPolicyMapInput` via: 

AppEngineVersionIamPolicyMap{ "key": AppEngineVersionIamPolicyArgs{...} }

type AppEngineVersionIamPolicyMapOutput added in v4.11.1 

type AppEngineVersionIamPolicyMapOutput struct{ *pulumi.OutputState }

func (AppEngineVersionIamPolicyMapOutput) ElementType added in v4.11.1 

func (AppEngineVersionIamPolicyMapOutput) ElementType() reflect.Type

func (AppEngineVersionIamPolicyMapOutput) MapIndex added in v4.11.1 

func (o AppEngineVersionIamPolicyMapOutput) MapIndex(k pulumi.StringInput) AppEngineVersionIamPolicyOutput

func (AppEngineVersionIamPolicyMapOutput) ToAppEngineVersionIamPolicyMapOutput added in v4.11.1 

func (o AppEngineVersionIamPolicyMapOutput) ToAppEngineVersionIamPolicyMapOutput() AppEngineVersionIamPolicyMapOutput

func (AppEngineVersionIamPolicyMapOutput) ToAppEngineVersionIamPolicyMapOutputWithContext added in v4.11.1 

func (o AppEngineVersionIamPolicyMapOutput) ToAppEngineVersionIamPolicyMapOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyMapOutput

type AppEngineVersionIamPolicyOutput added in v4.4.0 

type AppEngineVersionIamPolicyOutput struct {
	*pulumi.OutputState
}

func (AppEngineVersionIamPolicyOutput) ElementType added in v4.4.0 

func (AppEngineVersionIamPolicyOutput) ElementType() reflect.Type

func (AppEngineVersionIamPolicyOutput) ToAppEngineVersionIamPolicyOutput added in v4.4.0 

func (o AppEngineVersionIamPolicyOutput) ToAppEngineVersionIamPolicyOutput() AppEngineVersionIamPolicyOutput

func (AppEngineVersionIamPolicyOutput) ToAppEngineVersionIamPolicyOutputWithContext added in v4.4.0 

func (o AppEngineVersionIamPolicyOutput) ToAppEngineVersionIamPolicyOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyOutput

func (AppEngineVersionIamPolicyOutput) ToAppEngineVersionIamPolicyPtrOutput added in v4.11.1 

func (o AppEngineVersionIamPolicyOutput) ToAppEngineVersionIamPolicyPtrOutput() AppEngineVersionIamPolicyPtrOutput

func (AppEngineVersionIamPolicyOutput) ToAppEngineVersionIamPolicyPtrOutputWithContext added in v4.11.1 

func (o AppEngineVersionIamPolicyOutput) ToAppEngineVersionIamPolicyPtrOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyPtrOutput

type AppEngineVersionIamPolicyPtrInput added in v4.11.1 

type AppEngineVersionIamPolicyPtrInput interface {
	pulumi.Input

	ToAppEngineVersionIamPolicyPtrOutput() AppEngineVersionIamPolicyPtrOutput
	ToAppEngineVersionIamPolicyPtrOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyPtrOutput
}

type AppEngineVersionIamPolicyPtrOutput added in v4.11.1 

type AppEngineVersionIamPolicyPtrOutput struct {
	*pulumi.OutputState
}

func (AppEngineVersionIamPolicyPtrOutput) ElementType added in v4.11.1 

func (AppEngineVersionIamPolicyPtrOutput) ElementType() reflect.Type

func (AppEngineVersionIamPolicyPtrOutput) ToAppEngineVersionIamPolicyPtrOutput added in v4.11.1 

func (o AppEngineVersionIamPolicyPtrOutput) ToAppEngineVersionIamPolicyPtrOutput() AppEngineVersionIamPolicyPtrOutput

func (AppEngineVersionIamPolicyPtrOutput) ToAppEngineVersionIamPolicyPtrOutputWithContext added in v4.11.1 

func (o AppEngineVersionIamPolicyPtrOutput) ToAppEngineVersionIamPolicyPtrOutputWithContext(ctx context.Context) AppEngineVersionIamPolicyPtrOutput

type AppEngineVersionIamPolicyState 

type AppEngineVersionIamPolicyState struct {
	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringPtrInput
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringPtrInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// Service id of the App Engine application Used to find the parent resource to bind the IAM policy to
	Service pulumi.StringPtrInput
	// Version id of the App Engine application Used to find the parent resource to bind the IAM policy to
	VersionId pulumi.StringPtrInput
}

func (AppEngineVersionIamPolicyState) ElementType 

func (AppEngineVersionIamPolicyState) ElementType() reflect.Type

type Brand 

type Brand struct {
	pulumi.CustomResourceState

	// Application name displayed on OAuth consent screen.
	ApplicationTitle pulumi.StringOutput `pulumi:"applicationTitle"`
	// Output only. Identifier of the brand, in the format 'projects/{project_number}/brands/{brand_id}'. NOTE: The brand
	// identification corresponds to the project number as only one brand per project can be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// Whether the brand is only intended for usage inside the GSuite organization only.
	OrgInternalOnly pulumi.BoolOutput `pulumi:"orgInternalOnly"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// Support email displayed on the OAuth consent screen. Can be either a
	// user or group email. When a user email is specified, the caller must
	// be the user with the associated email address. When a group email is
	// specified, the caller can be either a user or a service account which
	// is an owner of the specified group in Cloud Identity.
	SupportEmail pulumi.StringOutput `pulumi:"supportEmail"`
}

OAuth brand data. Only "Organization Internal" brands can be created programmatically via API. To convert it into an external brands please use the GCP Console.

> **Note:** Brands can only be created once for a Google Cloud project and the underlying Google API doesn't not support DELETE or PATCH methods. Destroying a provider-managed Brand will remove it from state but *will not delete it from Google Cloud.*

To get more information about Brand, see:

* [API documentation](https://cloud.google.com/iap/docs/reference/rest/v1/projects.brands) * How-to Guides

## Example Usage

## Import

Brand can be imported using any of these accepted formats

```sh 

$ pulumi import gcp:iap/brand:Brand default {{name}}

```

func GetBrand 

func GetBrand(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *BrandState, opts ...pulumi.ResourceOption) (*Brand, error)

GetBrand gets an existing Brand resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewBrand 

func NewBrand(ctx *pulumi.Context,
	name string, args *BrandArgs, opts ...pulumi.ResourceOption) (*Brand, error)

NewBrand registers a new resource with the given unique name, arguments, and options.

func (*Brand) ElementType added in v4.4.0 

func (*Brand) ElementType() reflect.Type

func (*Brand) ToBrandOutput added in v4.4.0 

func (i *Brand) ToBrandOutput() BrandOutput

func (*Brand) ToBrandOutputWithContext added in v4.4.0 

func (i *Brand) ToBrandOutputWithContext(ctx context.Context) BrandOutput

func (*Brand) ToBrandPtrOutput added in v4.11.1 

func (i *Brand) ToBrandPtrOutput() BrandPtrOutput

func (*Brand) ToBrandPtrOutputWithContext added in v4.11.1 

func (i *Brand) ToBrandPtrOutputWithContext(ctx context.Context) BrandPtrOutput

type BrandArgs 

type BrandArgs struct {
	// Application name displayed on OAuth consent screen.
	ApplicationTitle pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// Support email displayed on the OAuth consent screen. Can be either a
	// user or group email. When a user email is specified, the caller must
	// be the user with the associated email address. When a group email is
	// specified, the caller can be either a user or a service account which
	// is an owner of the specified group in Cloud Identity.
	SupportEmail pulumi.StringInput
}

The set of arguments for constructing a Brand resource.

func (BrandArgs) ElementType 

func (BrandArgs) ElementType() reflect.Type

type BrandArray added in v4.11.1 

type BrandArray []BrandInput

func (BrandArray) ElementType added in v4.11.1 

func (BrandArray) ElementType() reflect.Type

func (BrandArray) ToBrandArrayOutput added in v4.11.1 

func (i BrandArray) ToBrandArrayOutput() BrandArrayOutput

func (BrandArray) ToBrandArrayOutputWithContext added in v4.11.1 

func (i BrandArray) ToBrandArrayOutputWithContext(ctx context.Context) BrandArrayOutput

type BrandArrayInput added in v4.11.1 

type BrandArrayInput interface {
	pulumi.Input

	ToBrandArrayOutput() BrandArrayOutput
	ToBrandArrayOutputWithContext(context.Context) BrandArrayOutput
}

BrandArrayInput is an input type that accepts BrandArray and BrandArrayOutput values. You can construct a concrete instance of `BrandArrayInput` via: 

BrandArray{ BrandArgs{...} }

type BrandArrayOutput added in v4.11.1 

type BrandArrayOutput struct{ *pulumi.OutputState }

func (BrandArrayOutput) ElementType added in v4.11.1 

func (BrandArrayOutput) ElementType() reflect.Type

func (BrandArrayOutput) Index added in v4.11.1 

func (o BrandArrayOutput) Index(i pulumi.IntInput) BrandOutput

func (BrandArrayOutput) ToBrandArrayOutput added in v4.11.1 

func (o BrandArrayOutput) ToBrandArrayOutput() BrandArrayOutput

func (BrandArrayOutput) ToBrandArrayOutputWithContext added in v4.11.1 

func (o BrandArrayOutput) ToBrandArrayOutputWithContext(ctx context.Context) BrandArrayOutput

type BrandInput added in v4.4.0 

type BrandInput interface {
	pulumi.Input

	ToBrandOutput() BrandOutput
	ToBrandOutputWithContext(ctx context.Context) BrandOutput
}

type BrandMap added in v4.11.1 

type BrandMap map[string]BrandInput

func (BrandMap) ElementType added in v4.11.1 

func (BrandMap) ElementType() reflect.Type

func (BrandMap) ToBrandMapOutput added in v4.11.1 

func (i BrandMap) ToBrandMapOutput() BrandMapOutput

func (BrandMap) ToBrandMapOutputWithContext added in v4.11.1 

func (i BrandMap) ToBrandMapOutputWithContext(ctx context.Context) BrandMapOutput

type BrandMapInput added in v4.11.1 

type BrandMapInput interface {
	pulumi.Input

	ToBrandMapOutput() BrandMapOutput
	ToBrandMapOutputWithContext(context.Context) BrandMapOutput
}

BrandMapInput is an input type that accepts BrandMap and BrandMapOutput values. You can construct a concrete instance of `BrandMapInput` via: 

BrandMap{ "key": BrandArgs{...} }

type BrandMapOutput added in v4.11.1 

type BrandMapOutput struct{ *pulumi.OutputState }

func (BrandMapOutput) ElementType added in v4.11.1 

func (BrandMapOutput) ElementType() reflect.Type

func (BrandMapOutput) MapIndex added in v4.11.1 

func (o BrandMapOutput) MapIndex(k pulumi.StringInput) BrandOutput

func (BrandMapOutput) ToBrandMapOutput added in v4.11.1 

func (o BrandMapOutput) ToBrandMapOutput() BrandMapOutput

func (BrandMapOutput) ToBrandMapOutputWithContext added in v4.11.1 

func (o BrandMapOutput) ToBrandMapOutputWithContext(ctx context.Context) BrandMapOutput

type BrandOutput added in v4.4.0 

type BrandOutput struct {
	*pulumi.OutputState
}

func (BrandOutput) ElementType added in v4.4.0 

func (BrandOutput) ElementType() reflect.Type

func (BrandOutput) ToBrandOutput added in v4.4.0 

func (o BrandOutput) ToBrandOutput() BrandOutput

func (BrandOutput) ToBrandOutputWithContext added in v4.4.0 

func (o BrandOutput) ToBrandOutputWithContext(ctx context.Context) BrandOutput

func (BrandOutput) ToBrandPtrOutput added in v4.11.1 

func (o BrandOutput) ToBrandPtrOutput() BrandPtrOutput

func (BrandOutput) ToBrandPtrOutputWithContext added in v4.11.1 

func (o BrandOutput) ToBrandPtrOutputWithContext(ctx context.Context) BrandPtrOutput

type BrandPtrInput added in v4.11.1 

type BrandPtrInput interface {
	pulumi.Input

	ToBrandPtrOutput() BrandPtrOutput
	ToBrandPtrOutputWithContext(ctx context.Context) BrandPtrOutput
}

type BrandPtrOutput added in v4.11.1 

type BrandPtrOutput struct {
	*pulumi.OutputState
}

func (BrandPtrOutput) ElementType added in v4.11.1 

func (BrandPtrOutput) ElementType() reflect.Type

func (BrandPtrOutput) ToBrandPtrOutput added in v4.11.1 

func (o BrandPtrOutput) ToBrandPtrOutput() BrandPtrOutput

func (BrandPtrOutput) ToBrandPtrOutputWithContext added in v4.11.1 

func (o BrandPtrOutput) ToBrandPtrOutputWithContext(ctx context.Context) BrandPtrOutput

type BrandState 

type BrandState struct {
	// Application name displayed on OAuth consent screen.
	ApplicationTitle pulumi.StringPtrInput
	// Output only. Identifier of the brand, in the format 'projects/{project_number}/brands/{brand_id}'. NOTE: The brand
	// identification corresponds to the project number as only one brand per project can be created.
	Name pulumi.StringPtrInput
	// Whether the brand is only intended for usage inside the GSuite organization only.
	OrgInternalOnly pulumi.BoolPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// Support email displayed on the OAuth consent screen. Can be either a
	// user or group email. When a user email is specified, the caller must
	// be the user with the associated email address. When a group email is
	// specified, the caller can be either a user or a service account which
	// is an owner of the specified group in Cloud Identity.
	SupportEmail pulumi.StringPtrInput
}

func (BrandState) ElementType 

func (BrandState) ElementType() reflect.Type

type Client 

type Client struct {
	pulumi.CustomResourceState

	// Identifier of the brand to which this client
	// is attached to. The format is
	// `projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}`.
	Brand pulumi.StringOutput `pulumi:"brand"`
	// Output only. Unique identifier of the OAuth client.
	ClientId pulumi.StringOutput `pulumi:"clientId"`
	// Human-friendly name given to the OAuth client.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Output only. Client secret of the OAuth client.
	Secret pulumi.StringOutput `pulumi:"secret"`
}

Contains the data that describes an Identity Aware Proxy owned client.

> **Note:** Only internal org clients can be created via declarative tools. External clients must be manually created via the GCP console. This restriction is due to the existing APIs and not lack of support in this tool.

To get more information about Client, see:

* [API documentation](https://cloud.google.com/iap/docs/reference/rest/v1/projects.brands.identityAwareProxyClients) * How-to Guides

> **Warning:** All arguments including `secret` will be stored in the raw state as plain-text. [Read more about secrets in state](https://www.pulumi.com/docs/intro/concepts/programming-model/#secrets).

## Example Usage

## Import

Client can be imported using any of these accepted formats

```sh 

$ pulumi import gcp:iap/client:Client default {{brand}}/identityAwareProxyClients/{{client_id}}

```

```sh 

$ pulumi import gcp:iap/client:Client default {{brand}}/{{client_id}}

```

func GetClient 

func GetClient(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ClientState, opts ...pulumi.ResourceOption) (*Client, error)

GetClient gets an existing Client resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewClient 

func NewClient(ctx *pulumi.Context,
	name string, args *ClientArgs, opts ...pulumi.ResourceOption) (*Client, error)

NewClient registers a new resource with the given unique name, arguments, and options.

func (*Client) ElementType added in v4.4.0 

func (*Client) ElementType() reflect.Type

func (*Client) ToClientOutput added in v4.4.0 

func (i *Client) ToClientOutput() ClientOutput

func (*Client) ToClientOutputWithContext added in v4.4.0 

func (i *Client) ToClientOutputWithContext(ctx context.Context) ClientOutput

func (*Client) ToClientPtrOutput added in v4.11.1 

func (i *Client) ToClientPtrOutput() ClientPtrOutput

func (*Client) ToClientPtrOutputWithContext added in v4.11.1 

func (i *Client) ToClientPtrOutputWithContext(ctx context.Context) ClientPtrOutput

type ClientArgs 

type ClientArgs struct {
	// Identifier of the brand to which this client
	// is attached to. The format is
	// `projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}`.
	Brand pulumi.StringInput
	// Human-friendly name given to the OAuth client.
	DisplayName pulumi.StringInput
}

The set of arguments for constructing a Client resource.

func (ClientArgs) ElementType 

func (ClientArgs) ElementType() reflect.Type

type ClientArray added in v4.11.1 

type ClientArray []ClientInput

func (ClientArray) ElementType added in v4.11.1 

func (ClientArray) ElementType() reflect.Type

func (ClientArray) ToClientArrayOutput added in v4.11.1 

func (i ClientArray) ToClientArrayOutput() ClientArrayOutput

func (ClientArray) ToClientArrayOutputWithContext added in v4.11.1 

func (i ClientArray) ToClientArrayOutputWithContext(ctx context.Context) ClientArrayOutput

type ClientArrayInput added in v4.11.1 

type ClientArrayInput interface {
	pulumi.Input

	ToClientArrayOutput() ClientArrayOutput
	ToClientArrayOutputWithContext(context.Context) ClientArrayOutput
}

ClientArrayInput is an input type that accepts ClientArray and ClientArrayOutput values. You can construct a concrete instance of `ClientArrayInput` via: 

ClientArray{ ClientArgs{...} }

type ClientArrayOutput added in v4.11.1 

type ClientArrayOutput struct{ *pulumi.OutputState }

func (ClientArrayOutput) ElementType added in v4.11.1 

func (ClientArrayOutput) ElementType() reflect.Type

func (ClientArrayOutput) Index added in v4.11.1 

func (o ClientArrayOutput) Index(i pulumi.IntInput) ClientOutput

func (ClientArrayOutput) ToClientArrayOutput added in v4.11.1 

func (o ClientArrayOutput) ToClientArrayOutput() ClientArrayOutput

func (ClientArrayOutput) ToClientArrayOutputWithContext added in v4.11.1 

func (o ClientArrayOutput) ToClientArrayOutputWithContext(ctx context.Context) ClientArrayOutput

type ClientInput added in v4.4.0 

type ClientInput interface {
	pulumi.Input

	ToClientOutput() ClientOutput
	ToClientOutputWithContext(ctx context.Context) ClientOutput
}

type ClientMap added in v4.11.1 

type ClientMap map[string]ClientInput

func (ClientMap) ElementType added in v4.11.1 

func (ClientMap) ElementType() reflect.Type

func (ClientMap) ToClientMapOutput added in v4.11.1 

func (i ClientMap) ToClientMapOutput() ClientMapOutput

func (ClientMap) ToClientMapOutputWithContext added in v4.11.1 

func (i ClientMap) ToClientMapOutputWithContext(ctx context.Context) ClientMapOutput

type ClientMapInput added in v4.11.1 

type ClientMapInput interface {
	pulumi.Input

	ToClientMapOutput() ClientMapOutput
	ToClientMapOutputWithContext(context.Context) ClientMapOutput
}

ClientMapInput is an input type that accepts ClientMap and ClientMapOutput values. You can construct a concrete instance of `ClientMapInput` via: 

ClientMap{ "key": ClientArgs{...} }

type ClientMapOutput added in v4.11.1 

type ClientMapOutput struct{ *pulumi.OutputState }

func (ClientMapOutput) ElementType added in v4.11.1 

func (ClientMapOutput) ElementType() reflect.Type

func (ClientMapOutput) MapIndex added in v4.11.1 

func (o ClientMapOutput) MapIndex(k pulumi.StringInput) ClientOutput

func (ClientMapOutput) ToClientMapOutput added in v4.11.1 

func (o ClientMapOutput) ToClientMapOutput() ClientMapOutput

func (ClientMapOutput) ToClientMapOutputWithContext added in v4.11.1 

func (o ClientMapOutput) ToClientMapOutputWithContext(ctx context.Context) ClientMapOutput

type ClientOutput added in v4.4.0 

type ClientOutput struct {
	*pulumi.OutputState
}

func (ClientOutput) ElementType added in v4.4.0 

func (ClientOutput) ElementType() reflect.Type

func (ClientOutput) ToClientOutput added in v4.4.0 

func (o ClientOutput) ToClientOutput() ClientOutput

func (ClientOutput) ToClientOutputWithContext added in v4.4.0 

func (o ClientOutput) ToClientOutputWithContext(ctx context.Context) ClientOutput

func (ClientOutput) ToClientPtrOutput added in v4.11.1 

func (o ClientOutput) ToClientPtrOutput() ClientPtrOutput

func (ClientOutput) ToClientPtrOutputWithContext added in v4.11.1 

func (o ClientOutput) ToClientPtrOutputWithContext(ctx context.Context) ClientPtrOutput

type ClientPtrInput added in v4.11.1 

type ClientPtrInput interface {
	pulumi.Input

	ToClientPtrOutput() ClientPtrOutput
	ToClientPtrOutputWithContext(ctx context.Context) ClientPtrOutput
}

type ClientPtrOutput added in v4.11.1 

type ClientPtrOutput struct {
	*pulumi.OutputState
}

func (ClientPtrOutput) ElementType added in v4.11.1 

func (ClientPtrOutput) ElementType() reflect.Type

func (ClientPtrOutput) ToClientPtrOutput added in v4.11.1 

func (o ClientPtrOutput) ToClientPtrOutput() ClientPtrOutput

func (ClientPtrOutput) ToClientPtrOutputWithContext added in v4.11.1 

func (o ClientPtrOutput) ToClientPtrOutputWithContext(ctx context.Context) ClientPtrOutput

type ClientState 

type ClientState struct {
	// Identifier of the brand to which this client
	// is attached to. The format is
	// `projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}`.
	Brand pulumi.StringPtrInput
	// Output only. Unique identifier of the OAuth client.
	ClientId pulumi.StringPtrInput
	// Human-friendly name given to the OAuth client.
	DisplayName pulumi.StringPtrInput
	// Output only. Client secret of the OAuth client.
	Secret pulumi.StringPtrInput
}

func (ClientState) ElementType 

func (ClientState) ElementType() reflect.Type

type LookupClientArgs added in v4.13.0 

type LookupClientArgs struct {
	// The name of the brand.
	Brand string `pulumi:"brand"`
	// The clientId of the brand.
	ClientId string `pulumi:"clientId"`
}

A collection of arguments for invoking getClient.

type LookupClientResult added in v4.13.0 

type LookupClientResult struct {
	Brand       string `pulumi:"brand"`
	ClientId    string `pulumi:"clientId"`
	DisplayName string `pulumi:"displayName"`
	// The provider-assigned unique ID for this managed resource.
	Id     string `pulumi:"id"`
	Secret string `pulumi:"secret"`
}

A collection of values returned by getClient.

func LookupClient added in v4.13.0 

func LookupClient(ctx *pulumi.Context, args *LookupClientArgs, opts ...pulumi.InvokeOption) (*LookupClientResult, error)

Get info about a Google Cloud IAP Client.

## Example Usage

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		opt0 := "foobar"
		project, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{
			ProjectId: &opt0,
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.LookupClient(ctx, &iap.LookupClientArgs{
			Brand:    fmt.Sprintf("%v%v%v", "projects/", project.Number, "/brands/[BRAND_NUMBER]"),
			ClientId: FOO.Apps.Googleusercontent.Com,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type TunnelIamBinding added in v4.2.0 

type TunnelIamBinding struct {
	pulumi.CustomResourceState

	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition TunnelIamBindingConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag    pulumi.StringOutput      `pulumi:"etag"`
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:

* `iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached. * `iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved. * `iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.

> **Note:** `iap.TunnelIamPolicy` **cannot** be used in conjunction with `iap.TunnelIamBinding` and `iap.TunnelIamMember` or they will fight over what your policy should be.

> **Note:** `iap.TunnelIamBinding` resources **can be** used in conjunction with `iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_tunnel\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.tunnelResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewTunnelIamPolicy(ctx, "policy", &iap.TunnelIamPolicyArgs{
			Project:    pulumi.Any(google_project_service.Project_service.Project),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.tunnelResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewTunnelIamPolicy(ctx, "policy", &iap.TunnelIamPolicyArgs{
			Project:    pulumi.Any(google_project_service.Project_service.Project),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_tunnel\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelIamBinding(ctx, "binding", &iap.TunnelIamBindingArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.tunnelResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelIamBinding(ctx, "binding", &iap.TunnelIamBindingArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.tunnelResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &iap.TunnelIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_tunnel\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelIamMember(ctx, "member", &iap.TunnelIamMemberArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.tunnelResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelIamMember(ctx, "member", &iap.TunnelIamMemberArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.tunnelResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
			Condition: &iap.TunnelIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_tunnel * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor "projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor "projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor projects/{{project}}/iap_tunnel

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetTunnelIamBinding added in v4.2.0 

func GetTunnelIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *TunnelIamBindingState, opts ...pulumi.ResourceOption) (*TunnelIamBinding, error)

GetTunnelIamBinding gets an existing TunnelIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewTunnelIamBinding added in v4.2.0 

func NewTunnelIamBinding(ctx *pulumi.Context,
	name string, args *TunnelIamBindingArgs, opts ...pulumi.ResourceOption) (*TunnelIamBinding, error)

NewTunnelIamBinding registers a new resource with the given unique name, arguments, and options.

func (*TunnelIamBinding) ElementType added in v4.4.0 

func (*TunnelIamBinding) ElementType() reflect.Type

func (*TunnelIamBinding) ToTunnelIamBindingOutput added in v4.4.0 

func (i *TunnelIamBinding) ToTunnelIamBindingOutput() TunnelIamBindingOutput

func (*TunnelIamBinding) ToTunnelIamBindingOutputWithContext added in v4.4.0 

func (i *TunnelIamBinding) ToTunnelIamBindingOutputWithContext(ctx context.Context) TunnelIamBindingOutput

func (*TunnelIamBinding) ToTunnelIamBindingPtrOutput added in v4.11.1 

func (i *TunnelIamBinding) ToTunnelIamBindingPtrOutput() TunnelIamBindingPtrOutput

func (*TunnelIamBinding) ToTunnelIamBindingPtrOutputWithContext added in v4.11.1 

func (i *TunnelIamBinding) ToTunnelIamBindingPtrOutputWithContext(ctx context.Context) TunnelIamBindingPtrOutput

type TunnelIamBindingArgs added in v4.2.0 

type TunnelIamBindingArgs struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition TunnelIamBindingConditionPtrInput
	Members   pulumi.StringArrayInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a TunnelIamBinding resource.

func (TunnelIamBindingArgs) ElementType added in v4.2.0 

func (TunnelIamBindingArgs) ElementType() reflect.Type

type TunnelIamBindingArray added in v4.11.1 

type TunnelIamBindingArray []TunnelIamBindingInput

func (TunnelIamBindingArray) ElementType added in v4.11.1 

func (TunnelIamBindingArray) ElementType() reflect.Type

func (TunnelIamBindingArray) ToTunnelIamBindingArrayOutput added in v4.11.1 

func (i TunnelIamBindingArray) ToTunnelIamBindingArrayOutput() TunnelIamBindingArrayOutput

func (TunnelIamBindingArray) ToTunnelIamBindingArrayOutputWithContext added in v4.11.1 

func (i TunnelIamBindingArray) ToTunnelIamBindingArrayOutputWithContext(ctx context.Context) TunnelIamBindingArrayOutput

type TunnelIamBindingArrayInput added in v4.11.1 

type TunnelIamBindingArrayInput interface {
	pulumi.Input

	ToTunnelIamBindingArrayOutput() TunnelIamBindingArrayOutput
	ToTunnelIamBindingArrayOutputWithContext(context.Context) TunnelIamBindingArrayOutput
}

TunnelIamBindingArrayInput is an input type that accepts TunnelIamBindingArray and TunnelIamBindingArrayOutput values. You can construct a concrete instance of `TunnelIamBindingArrayInput` via: 

TunnelIamBindingArray{ TunnelIamBindingArgs{...} }

type TunnelIamBindingArrayOutput added in v4.11.1 

type TunnelIamBindingArrayOutput struct{ *pulumi.OutputState }

func (TunnelIamBindingArrayOutput) ElementType added in v4.11.1 

func (TunnelIamBindingArrayOutput) ElementType() reflect.Type

func (TunnelIamBindingArrayOutput) Index added in v4.11.1 

func (o TunnelIamBindingArrayOutput) Index(i pulumi.IntInput) TunnelIamBindingOutput

func (TunnelIamBindingArrayOutput) ToTunnelIamBindingArrayOutput added in v4.11.1 

func (o TunnelIamBindingArrayOutput) ToTunnelIamBindingArrayOutput() TunnelIamBindingArrayOutput

func (TunnelIamBindingArrayOutput) ToTunnelIamBindingArrayOutputWithContext added in v4.11.1 

func (o TunnelIamBindingArrayOutput) ToTunnelIamBindingArrayOutputWithContext(ctx context.Context) TunnelIamBindingArrayOutput

type TunnelIamBindingCondition added in v4.2.0 

type TunnelIamBindingCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type TunnelIamBindingConditionArgs added in v4.2.0 

type TunnelIamBindingConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (TunnelIamBindingConditionArgs) ElementType added in v4.2.0 

func (TunnelIamBindingConditionArgs) ElementType() reflect.Type

func (TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionOutput added in v4.2.0 

func (i TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionOutput() TunnelIamBindingConditionOutput

func (TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionOutputWithContext added in v4.2.0 

func (i TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionOutputWithContext(ctx context.Context) TunnelIamBindingConditionOutput

func (TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionPtrOutput added in v4.2.0 

func (i TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionPtrOutput() TunnelIamBindingConditionPtrOutput

func (TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionPtrOutputWithContext added in v4.2.0 

func (i TunnelIamBindingConditionArgs) ToTunnelIamBindingConditionPtrOutputWithContext(ctx context.Context) TunnelIamBindingConditionPtrOutput

type TunnelIamBindingConditionInput added in v4.2.0 

type TunnelIamBindingConditionInput interface {
	pulumi.Input

	ToTunnelIamBindingConditionOutput() TunnelIamBindingConditionOutput
	ToTunnelIamBindingConditionOutputWithContext(context.Context) TunnelIamBindingConditionOutput
}

TunnelIamBindingConditionInput is an input type that accepts TunnelIamBindingConditionArgs and TunnelIamBindingConditionOutput values. You can construct a concrete instance of `TunnelIamBindingConditionInput` via: 

TunnelIamBindingConditionArgs{...}

type TunnelIamBindingConditionOutput added in v4.2.0 

type TunnelIamBindingConditionOutput struct{ *pulumi.OutputState }

func (TunnelIamBindingConditionOutput) Description added in v4.2.0 

func (o TunnelIamBindingConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (TunnelIamBindingConditionOutput) ElementType added in v4.2.0 

func (TunnelIamBindingConditionOutput) ElementType() reflect.Type

func (TunnelIamBindingConditionOutput) Expression added in v4.2.0 

func (o TunnelIamBindingConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (TunnelIamBindingConditionOutput) Title added in v4.2.0 

func (o TunnelIamBindingConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionOutput added in v4.2.0 

func (o TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionOutput() TunnelIamBindingConditionOutput

func (TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionOutputWithContext added in v4.2.0 

func (o TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionOutputWithContext(ctx context.Context) TunnelIamBindingConditionOutput

func (TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionPtrOutput added in v4.2.0 

func (o TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionPtrOutput() TunnelIamBindingConditionPtrOutput

func (TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionPtrOutputWithContext added in v4.2.0 

func (o TunnelIamBindingConditionOutput) ToTunnelIamBindingConditionPtrOutputWithContext(ctx context.Context) TunnelIamBindingConditionPtrOutput

type TunnelIamBindingConditionPtrInput added in v4.2.0 

type TunnelIamBindingConditionPtrInput interface {
	pulumi.Input

	ToTunnelIamBindingConditionPtrOutput() TunnelIamBindingConditionPtrOutput
	ToTunnelIamBindingConditionPtrOutputWithContext(context.Context) TunnelIamBindingConditionPtrOutput
}

TunnelIamBindingConditionPtrInput is an input type that accepts TunnelIamBindingConditionArgs, TunnelIamBindingConditionPtr and TunnelIamBindingConditionPtrOutput values. You can construct a concrete instance of `TunnelIamBindingConditionPtrInput` via: 

        TunnelIamBindingConditionArgs{...}

or:

        nil

func TunnelIamBindingConditionPtr added in v4.2.0 

func TunnelIamBindingConditionPtr(v *TunnelIamBindingConditionArgs) TunnelIamBindingConditionPtrInput

type TunnelIamBindingConditionPtrOutput added in v4.2.0 

type TunnelIamBindingConditionPtrOutput struct{ *pulumi.OutputState }

func (TunnelIamBindingConditionPtrOutput) Description added in v4.2.0 

func (o TunnelIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (TunnelIamBindingConditionPtrOutput) Elem added in v4.2.0 

func (o TunnelIamBindingConditionPtrOutput) Elem() TunnelIamBindingConditionOutput

func (TunnelIamBindingConditionPtrOutput) ElementType added in v4.2.0 

func (TunnelIamBindingConditionPtrOutput) ElementType() reflect.Type

func (TunnelIamBindingConditionPtrOutput) Expression added in v4.2.0 

func (o TunnelIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (TunnelIamBindingConditionPtrOutput) Title added in v4.2.0 

func (o TunnelIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (TunnelIamBindingConditionPtrOutput) ToTunnelIamBindingConditionPtrOutput added in v4.2.0 

func (o TunnelIamBindingConditionPtrOutput) ToTunnelIamBindingConditionPtrOutput() TunnelIamBindingConditionPtrOutput

func (TunnelIamBindingConditionPtrOutput) ToTunnelIamBindingConditionPtrOutputWithContext added in v4.2.0 

func (o TunnelIamBindingConditionPtrOutput) ToTunnelIamBindingConditionPtrOutputWithContext(ctx context.Context) TunnelIamBindingConditionPtrOutput

type TunnelIamBindingInput added in v4.4.0 

type TunnelIamBindingInput interface {
	pulumi.Input

	ToTunnelIamBindingOutput() TunnelIamBindingOutput
	ToTunnelIamBindingOutputWithContext(ctx context.Context) TunnelIamBindingOutput
}

type TunnelIamBindingMap added in v4.11.1 

type TunnelIamBindingMap map[string]TunnelIamBindingInput

func (TunnelIamBindingMap) ElementType added in v4.11.1 

func (TunnelIamBindingMap) ElementType() reflect.Type

func (TunnelIamBindingMap) ToTunnelIamBindingMapOutput added in v4.11.1 

func (i TunnelIamBindingMap) ToTunnelIamBindingMapOutput() TunnelIamBindingMapOutput

func (TunnelIamBindingMap) ToTunnelIamBindingMapOutputWithContext added in v4.11.1 

func (i TunnelIamBindingMap) ToTunnelIamBindingMapOutputWithContext(ctx context.Context) TunnelIamBindingMapOutput

type TunnelIamBindingMapInput added in v4.11.1 

type TunnelIamBindingMapInput interface {
	pulumi.Input

	ToTunnelIamBindingMapOutput() TunnelIamBindingMapOutput
	ToTunnelIamBindingMapOutputWithContext(context.Context) TunnelIamBindingMapOutput
}

TunnelIamBindingMapInput is an input type that accepts TunnelIamBindingMap and TunnelIamBindingMapOutput values. You can construct a concrete instance of `TunnelIamBindingMapInput` via: 

TunnelIamBindingMap{ "key": TunnelIamBindingArgs{...} }

type TunnelIamBindingMapOutput added in v4.11.1 

type TunnelIamBindingMapOutput struct{ *pulumi.OutputState }

func (TunnelIamBindingMapOutput) ElementType added in v4.11.1 

func (TunnelIamBindingMapOutput) ElementType() reflect.Type

func (TunnelIamBindingMapOutput) MapIndex added in v4.11.1 

func (o TunnelIamBindingMapOutput) MapIndex(k pulumi.StringInput) TunnelIamBindingOutput

func (TunnelIamBindingMapOutput) ToTunnelIamBindingMapOutput added in v4.11.1 

func (o TunnelIamBindingMapOutput) ToTunnelIamBindingMapOutput() TunnelIamBindingMapOutput

func (TunnelIamBindingMapOutput) ToTunnelIamBindingMapOutputWithContext added in v4.11.1 

func (o TunnelIamBindingMapOutput) ToTunnelIamBindingMapOutputWithContext(ctx context.Context) TunnelIamBindingMapOutput

type TunnelIamBindingOutput added in v4.4.0 

type TunnelIamBindingOutput struct {
	*pulumi.OutputState
}

func (TunnelIamBindingOutput) ElementType added in v4.4.0 

func (TunnelIamBindingOutput) ElementType() reflect.Type

func (TunnelIamBindingOutput) ToTunnelIamBindingOutput added in v4.4.0 

func (o TunnelIamBindingOutput) ToTunnelIamBindingOutput() TunnelIamBindingOutput

func (TunnelIamBindingOutput) ToTunnelIamBindingOutputWithContext added in v4.4.0 

func (o TunnelIamBindingOutput) ToTunnelIamBindingOutputWithContext(ctx context.Context) TunnelIamBindingOutput

func (TunnelIamBindingOutput) ToTunnelIamBindingPtrOutput added in v4.11.1 

func (o TunnelIamBindingOutput) ToTunnelIamBindingPtrOutput() TunnelIamBindingPtrOutput

func (TunnelIamBindingOutput) ToTunnelIamBindingPtrOutputWithContext added in v4.11.1 

func (o TunnelIamBindingOutput) ToTunnelIamBindingPtrOutputWithContext(ctx context.Context) TunnelIamBindingPtrOutput

type TunnelIamBindingPtrInput added in v4.11.1 

type TunnelIamBindingPtrInput interface {
	pulumi.Input

	ToTunnelIamBindingPtrOutput() TunnelIamBindingPtrOutput
	ToTunnelIamBindingPtrOutputWithContext(ctx context.Context) TunnelIamBindingPtrOutput
}

type TunnelIamBindingPtrOutput added in v4.11.1 

type TunnelIamBindingPtrOutput struct {
	*pulumi.OutputState
}

func (TunnelIamBindingPtrOutput) ElementType added in v4.11.1 

func (TunnelIamBindingPtrOutput) ElementType() reflect.Type

func (TunnelIamBindingPtrOutput) ToTunnelIamBindingPtrOutput added in v4.11.1 

func (o TunnelIamBindingPtrOutput) ToTunnelIamBindingPtrOutput() TunnelIamBindingPtrOutput

func (TunnelIamBindingPtrOutput) ToTunnelIamBindingPtrOutputWithContext added in v4.11.1 

func (o TunnelIamBindingPtrOutput) ToTunnelIamBindingPtrOutputWithContext(ctx context.Context) TunnelIamBindingPtrOutput

type TunnelIamBindingState added in v4.2.0 

type TunnelIamBindingState struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition TunnelIamBindingConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag    pulumi.StringPtrInput
	Members pulumi.StringArrayInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (TunnelIamBindingState) ElementType added in v4.2.0 

func (TunnelIamBindingState) ElementType() reflect.Type

type TunnelIamMember added in v4.2.0 

type TunnelIamMember struct {
	pulumi.CustomResourceState

	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition TunnelIamMemberConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag   pulumi.StringOutput `pulumi:"etag"`
	Member pulumi.StringOutput `pulumi:"member"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:

* `iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached. * `iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved. * `iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.

> **Note:** `iap.TunnelIamPolicy` **cannot** be used in conjunction with `iap.TunnelIamBinding` and `iap.TunnelIamMember` or they will fight over what your policy should be.

> **Note:** `iap.TunnelIamBinding` resources **can be** used in conjunction with `iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_tunnel\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.tunnelResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewTunnelIamPolicy(ctx, "policy", &iap.TunnelIamPolicyArgs{
			Project:    pulumi.Any(google_project_service.Project_service.Project),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.tunnelResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewTunnelIamPolicy(ctx, "policy", &iap.TunnelIamPolicyArgs{
			Project:    pulumi.Any(google_project_service.Project_service.Project),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_tunnel\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelIamBinding(ctx, "binding", &iap.TunnelIamBindingArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.tunnelResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelIamBinding(ctx, "binding", &iap.TunnelIamBindingArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.tunnelResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &iap.TunnelIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_tunnel\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelIamMember(ctx, "member", &iap.TunnelIamMemberArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.tunnelResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelIamMember(ctx, "member", &iap.TunnelIamMemberArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.tunnelResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
			Condition: &iap.TunnelIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_tunnel * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor "projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor "projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor projects/{{project}}/iap_tunnel

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetTunnelIamMember added in v4.2.0 

func GetTunnelIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *TunnelIamMemberState, opts ...pulumi.ResourceOption) (*TunnelIamMember, error)

GetTunnelIamMember gets an existing TunnelIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewTunnelIamMember added in v4.2.0 

func NewTunnelIamMember(ctx *pulumi.Context,
	name string, args *TunnelIamMemberArgs, opts ...pulumi.ResourceOption) (*TunnelIamMember, error)

NewTunnelIamMember registers a new resource with the given unique name, arguments, and options.

func (*TunnelIamMember) ElementType added in v4.4.0 

func (*TunnelIamMember) ElementType() reflect.Type

func (*TunnelIamMember) ToTunnelIamMemberOutput added in v4.4.0 

func (i *TunnelIamMember) ToTunnelIamMemberOutput() TunnelIamMemberOutput

func (*TunnelIamMember) ToTunnelIamMemberOutputWithContext added in v4.4.0 

func (i *TunnelIamMember) ToTunnelIamMemberOutputWithContext(ctx context.Context) TunnelIamMemberOutput

func (*TunnelIamMember) ToTunnelIamMemberPtrOutput added in v4.11.1 

func (i *TunnelIamMember) ToTunnelIamMemberPtrOutput() TunnelIamMemberPtrOutput

func (*TunnelIamMember) ToTunnelIamMemberPtrOutputWithContext added in v4.11.1 

func (i *TunnelIamMember) ToTunnelIamMemberPtrOutputWithContext(ctx context.Context) TunnelIamMemberPtrOutput

type TunnelIamMemberArgs added in v4.2.0 

type TunnelIamMemberArgs struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition TunnelIamMemberConditionPtrInput
	Member    pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a TunnelIamMember resource.

func (TunnelIamMemberArgs) ElementType added in v4.2.0 

func (TunnelIamMemberArgs) ElementType() reflect.Type

type TunnelIamMemberArray added in v4.11.1 

type TunnelIamMemberArray []TunnelIamMemberInput

func (TunnelIamMemberArray) ElementType added in v4.11.1 

func (TunnelIamMemberArray) ElementType() reflect.Type

func (TunnelIamMemberArray) ToTunnelIamMemberArrayOutput added in v4.11.1 

func (i TunnelIamMemberArray) ToTunnelIamMemberArrayOutput() TunnelIamMemberArrayOutput

func (TunnelIamMemberArray) ToTunnelIamMemberArrayOutputWithContext added in v4.11.1 

func (i TunnelIamMemberArray) ToTunnelIamMemberArrayOutputWithContext(ctx context.Context) TunnelIamMemberArrayOutput

type TunnelIamMemberArrayInput added in v4.11.1 

type TunnelIamMemberArrayInput interface {
	pulumi.Input

	ToTunnelIamMemberArrayOutput() TunnelIamMemberArrayOutput
	ToTunnelIamMemberArrayOutputWithContext(context.Context) TunnelIamMemberArrayOutput
}

TunnelIamMemberArrayInput is an input type that accepts TunnelIamMemberArray and TunnelIamMemberArrayOutput values. You can construct a concrete instance of `TunnelIamMemberArrayInput` via: 

TunnelIamMemberArray{ TunnelIamMemberArgs{...} }

type TunnelIamMemberArrayOutput added in v4.11.1 

type TunnelIamMemberArrayOutput struct{ *pulumi.OutputState }

func (TunnelIamMemberArrayOutput) ElementType added in v4.11.1 

func (TunnelIamMemberArrayOutput) ElementType() reflect.Type

func (TunnelIamMemberArrayOutput) Index added in v4.11.1 

func (o TunnelIamMemberArrayOutput) Index(i pulumi.IntInput) TunnelIamMemberOutput

func (TunnelIamMemberArrayOutput) ToTunnelIamMemberArrayOutput added in v4.11.1 

func (o TunnelIamMemberArrayOutput) ToTunnelIamMemberArrayOutput() TunnelIamMemberArrayOutput

func (TunnelIamMemberArrayOutput) ToTunnelIamMemberArrayOutputWithContext added in v4.11.1 

func (o TunnelIamMemberArrayOutput) ToTunnelIamMemberArrayOutputWithContext(ctx context.Context) TunnelIamMemberArrayOutput

type TunnelIamMemberCondition added in v4.2.0 

type TunnelIamMemberCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type TunnelIamMemberConditionArgs added in v4.2.0 

type TunnelIamMemberConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (TunnelIamMemberConditionArgs) ElementType added in v4.2.0 

func (TunnelIamMemberConditionArgs) ElementType() reflect.Type

func (TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionOutput added in v4.2.0 

func (i TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionOutput() TunnelIamMemberConditionOutput

func (TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionOutputWithContext added in v4.2.0 

func (i TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionOutputWithContext(ctx context.Context) TunnelIamMemberConditionOutput

func (TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionPtrOutput added in v4.2.0 

func (i TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionPtrOutput() TunnelIamMemberConditionPtrOutput

func (TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionPtrOutputWithContext added in v4.2.0 

func (i TunnelIamMemberConditionArgs) ToTunnelIamMemberConditionPtrOutputWithContext(ctx context.Context) TunnelIamMemberConditionPtrOutput

type TunnelIamMemberConditionInput added in v4.2.0 

type TunnelIamMemberConditionInput interface {
	pulumi.Input

	ToTunnelIamMemberConditionOutput() TunnelIamMemberConditionOutput
	ToTunnelIamMemberConditionOutputWithContext(context.Context) TunnelIamMemberConditionOutput
}

TunnelIamMemberConditionInput is an input type that accepts TunnelIamMemberConditionArgs and TunnelIamMemberConditionOutput values. You can construct a concrete instance of `TunnelIamMemberConditionInput` via: 

TunnelIamMemberConditionArgs{...}

type TunnelIamMemberConditionOutput added in v4.2.0 

type TunnelIamMemberConditionOutput struct{ *pulumi.OutputState }

func (TunnelIamMemberConditionOutput) Description added in v4.2.0 

func (o TunnelIamMemberConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (TunnelIamMemberConditionOutput) ElementType added in v4.2.0 

func (TunnelIamMemberConditionOutput) ElementType() reflect.Type

func (TunnelIamMemberConditionOutput) Expression added in v4.2.0 

func (o TunnelIamMemberConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (TunnelIamMemberConditionOutput) Title added in v4.2.0 

func (o TunnelIamMemberConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionOutput added in v4.2.0 

func (o TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionOutput() TunnelIamMemberConditionOutput

func (TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionOutputWithContext added in v4.2.0 

func (o TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionOutputWithContext(ctx context.Context) TunnelIamMemberConditionOutput

func (TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionPtrOutput added in v4.2.0 

func (o TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionPtrOutput() TunnelIamMemberConditionPtrOutput

func (TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionPtrOutputWithContext added in v4.2.0 

func (o TunnelIamMemberConditionOutput) ToTunnelIamMemberConditionPtrOutputWithContext(ctx context.Context) TunnelIamMemberConditionPtrOutput

type TunnelIamMemberConditionPtrInput added in v4.2.0 

type TunnelIamMemberConditionPtrInput interface {
	pulumi.Input

	ToTunnelIamMemberConditionPtrOutput() TunnelIamMemberConditionPtrOutput
	ToTunnelIamMemberConditionPtrOutputWithContext(context.Context) TunnelIamMemberConditionPtrOutput
}

TunnelIamMemberConditionPtrInput is an input type that accepts TunnelIamMemberConditionArgs, TunnelIamMemberConditionPtr and TunnelIamMemberConditionPtrOutput values. You can construct a concrete instance of `TunnelIamMemberConditionPtrInput` via: 

        TunnelIamMemberConditionArgs{...}

or:

        nil

func TunnelIamMemberConditionPtr added in v4.2.0 

func TunnelIamMemberConditionPtr(v *TunnelIamMemberConditionArgs) TunnelIamMemberConditionPtrInput

type TunnelIamMemberConditionPtrOutput added in v4.2.0 

type TunnelIamMemberConditionPtrOutput struct{ *pulumi.OutputState }

func (TunnelIamMemberConditionPtrOutput) Description added in v4.2.0 

func (o TunnelIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (TunnelIamMemberConditionPtrOutput) Elem added in v4.2.0 

func (o TunnelIamMemberConditionPtrOutput) Elem() TunnelIamMemberConditionOutput

func (TunnelIamMemberConditionPtrOutput) ElementType added in v4.2.0 

func (TunnelIamMemberConditionPtrOutput) ElementType() reflect.Type

func (TunnelIamMemberConditionPtrOutput) Expression added in v4.2.0 

func (o TunnelIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (TunnelIamMemberConditionPtrOutput) Title added in v4.2.0 

func (o TunnelIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (TunnelIamMemberConditionPtrOutput) ToTunnelIamMemberConditionPtrOutput added in v4.2.0 

func (o TunnelIamMemberConditionPtrOutput) ToTunnelIamMemberConditionPtrOutput() TunnelIamMemberConditionPtrOutput

func (TunnelIamMemberConditionPtrOutput) ToTunnelIamMemberConditionPtrOutputWithContext added in v4.2.0 

func (o TunnelIamMemberConditionPtrOutput) ToTunnelIamMemberConditionPtrOutputWithContext(ctx context.Context) TunnelIamMemberConditionPtrOutput

type TunnelIamMemberInput added in v4.4.0 

type TunnelIamMemberInput interface {
	pulumi.Input

	ToTunnelIamMemberOutput() TunnelIamMemberOutput
	ToTunnelIamMemberOutputWithContext(ctx context.Context) TunnelIamMemberOutput
}

type TunnelIamMemberMap added in v4.11.1 

type TunnelIamMemberMap map[string]TunnelIamMemberInput

func (TunnelIamMemberMap) ElementType added in v4.11.1 

func (TunnelIamMemberMap) ElementType() reflect.Type

func (TunnelIamMemberMap) ToTunnelIamMemberMapOutput added in v4.11.1 

func (i TunnelIamMemberMap) ToTunnelIamMemberMapOutput() TunnelIamMemberMapOutput

func (TunnelIamMemberMap) ToTunnelIamMemberMapOutputWithContext added in v4.11.1 

func (i TunnelIamMemberMap) ToTunnelIamMemberMapOutputWithContext(ctx context.Context) TunnelIamMemberMapOutput

type TunnelIamMemberMapInput added in v4.11.1 

type TunnelIamMemberMapInput interface {
	pulumi.Input

	ToTunnelIamMemberMapOutput() TunnelIamMemberMapOutput
	ToTunnelIamMemberMapOutputWithContext(context.Context) TunnelIamMemberMapOutput
}

TunnelIamMemberMapInput is an input type that accepts TunnelIamMemberMap and TunnelIamMemberMapOutput values. You can construct a concrete instance of `TunnelIamMemberMapInput` via: 

TunnelIamMemberMap{ "key": TunnelIamMemberArgs{...} }

type TunnelIamMemberMapOutput added in v4.11.1 

type TunnelIamMemberMapOutput struct{ *pulumi.OutputState }

func (TunnelIamMemberMapOutput) ElementType added in v4.11.1 

func (TunnelIamMemberMapOutput) ElementType() reflect.Type

func (TunnelIamMemberMapOutput) MapIndex added in v4.11.1 

func (o TunnelIamMemberMapOutput) MapIndex(k pulumi.StringInput) TunnelIamMemberOutput

func (TunnelIamMemberMapOutput) ToTunnelIamMemberMapOutput added in v4.11.1 

func (o TunnelIamMemberMapOutput) ToTunnelIamMemberMapOutput() TunnelIamMemberMapOutput

func (TunnelIamMemberMapOutput) ToTunnelIamMemberMapOutputWithContext added in v4.11.1 

func (o TunnelIamMemberMapOutput) ToTunnelIamMemberMapOutputWithContext(ctx context.Context) TunnelIamMemberMapOutput

type TunnelIamMemberOutput added in v4.4.0 

type TunnelIamMemberOutput struct {
	*pulumi.OutputState
}

func (TunnelIamMemberOutput) ElementType added in v4.4.0 

func (TunnelIamMemberOutput) ElementType() reflect.Type

func (TunnelIamMemberOutput) ToTunnelIamMemberOutput added in v4.4.0 

func (o TunnelIamMemberOutput) ToTunnelIamMemberOutput() TunnelIamMemberOutput

func (TunnelIamMemberOutput) ToTunnelIamMemberOutputWithContext added in v4.4.0 

func (o TunnelIamMemberOutput) ToTunnelIamMemberOutputWithContext(ctx context.Context) TunnelIamMemberOutput

func (TunnelIamMemberOutput) ToTunnelIamMemberPtrOutput added in v4.11.1 

func (o TunnelIamMemberOutput) ToTunnelIamMemberPtrOutput() TunnelIamMemberPtrOutput

func (TunnelIamMemberOutput) ToTunnelIamMemberPtrOutputWithContext added in v4.11.1 

func (o TunnelIamMemberOutput) ToTunnelIamMemberPtrOutputWithContext(ctx context.Context) TunnelIamMemberPtrOutput

type TunnelIamMemberPtrInput added in v4.11.1 

type TunnelIamMemberPtrInput interface {
	pulumi.Input

	ToTunnelIamMemberPtrOutput() TunnelIamMemberPtrOutput
	ToTunnelIamMemberPtrOutputWithContext(ctx context.Context) TunnelIamMemberPtrOutput
}

type TunnelIamMemberPtrOutput added in v4.11.1 

type TunnelIamMemberPtrOutput struct {
	*pulumi.OutputState
}

func (TunnelIamMemberPtrOutput) ElementType added in v4.11.1 

func (TunnelIamMemberPtrOutput) ElementType() reflect.Type

func (TunnelIamMemberPtrOutput) ToTunnelIamMemberPtrOutput added in v4.11.1 

func (o TunnelIamMemberPtrOutput) ToTunnelIamMemberPtrOutput() TunnelIamMemberPtrOutput

func (TunnelIamMemberPtrOutput) ToTunnelIamMemberPtrOutputWithContext added in v4.11.1 

func (o TunnelIamMemberPtrOutput) ToTunnelIamMemberPtrOutputWithContext(ctx context.Context) TunnelIamMemberPtrOutput

type TunnelIamMemberState added in v4.2.0 

type TunnelIamMemberState struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition TunnelIamMemberConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag   pulumi.StringPtrInput
	Member pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (TunnelIamMemberState) ElementType added in v4.2.0 

func (TunnelIamMemberState) ElementType() reflect.Type

type TunnelIamPolicy added in v4.2.0 

type TunnelIamPolicy struct {
	pulumi.CustomResourceState

	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringOutput `pulumi:"policyData"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:

* `iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached. * `iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved. * `iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.

> **Note:** `iap.TunnelIamPolicy` **cannot** be used in conjunction with `iap.TunnelIamBinding` and `iap.TunnelIamMember` or they will fight over what your policy should be.

> **Note:** `iap.TunnelIamBinding` resources **can be** used in conjunction with `iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_tunnel\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.tunnelResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewTunnelIamPolicy(ctx, "policy", &iap.TunnelIamPolicyArgs{
			Project:    pulumi.Any(google_project_service.Project_service.Project),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.tunnelResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewTunnelIamPolicy(ctx, "policy", &iap.TunnelIamPolicyArgs{
			Project:    pulumi.Any(google_project_service.Project_service.Project),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_tunnel\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelIamBinding(ctx, "binding", &iap.TunnelIamBindingArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.tunnelResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelIamBinding(ctx, "binding", &iap.TunnelIamBindingArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.tunnelResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &iap.TunnelIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_tunnel\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelIamMember(ctx, "member", &iap.TunnelIamMemberArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.tunnelResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelIamMember(ctx, "member", &iap.TunnelIamMemberArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.tunnelResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
			Condition: &iap.TunnelIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_tunnel * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor "projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor "projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor projects/{{project}}/iap_tunnel

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetTunnelIamPolicy added in v4.2.0 

func GetTunnelIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *TunnelIamPolicyState, opts ...pulumi.ResourceOption) (*TunnelIamPolicy, error)

GetTunnelIamPolicy gets an existing TunnelIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewTunnelIamPolicy added in v4.2.0 

func NewTunnelIamPolicy(ctx *pulumi.Context,
	name string, args *TunnelIamPolicyArgs, opts ...pulumi.ResourceOption) (*TunnelIamPolicy, error)

NewTunnelIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*TunnelIamPolicy) ElementType added in v4.4.0 

func (*TunnelIamPolicy) ElementType() reflect.Type

func (*TunnelIamPolicy) ToTunnelIamPolicyOutput added in v4.4.0 

func (i *TunnelIamPolicy) ToTunnelIamPolicyOutput() TunnelIamPolicyOutput

func (*TunnelIamPolicy) ToTunnelIamPolicyOutputWithContext added in v4.4.0 

func (i *TunnelIamPolicy) ToTunnelIamPolicyOutputWithContext(ctx context.Context) TunnelIamPolicyOutput

func (*TunnelIamPolicy) ToTunnelIamPolicyPtrOutput added in v4.11.1 

func (i *TunnelIamPolicy) ToTunnelIamPolicyPtrOutput() TunnelIamPolicyPtrOutput

func (*TunnelIamPolicy) ToTunnelIamPolicyPtrOutputWithContext added in v4.11.1 

func (i *TunnelIamPolicy) ToTunnelIamPolicyPtrOutputWithContext(ctx context.Context) TunnelIamPolicyPtrOutput

type TunnelIamPolicyArgs added in v4.2.0 

type TunnelIamPolicyArgs struct {
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
}

The set of arguments for constructing a TunnelIamPolicy resource.

func (TunnelIamPolicyArgs) ElementType added in v4.2.0 

func (TunnelIamPolicyArgs) ElementType() reflect.Type

type TunnelIamPolicyArray added in v4.11.1 

type TunnelIamPolicyArray []TunnelIamPolicyInput

func (TunnelIamPolicyArray) ElementType added in v4.11.1 

func (TunnelIamPolicyArray) ElementType() reflect.Type

func (TunnelIamPolicyArray) ToTunnelIamPolicyArrayOutput added in v4.11.1 

func (i TunnelIamPolicyArray) ToTunnelIamPolicyArrayOutput() TunnelIamPolicyArrayOutput

func (TunnelIamPolicyArray) ToTunnelIamPolicyArrayOutputWithContext added in v4.11.1 

func (i TunnelIamPolicyArray) ToTunnelIamPolicyArrayOutputWithContext(ctx context.Context) TunnelIamPolicyArrayOutput

type TunnelIamPolicyArrayInput added in v4.11.1 

type TunnelIamPolicyArrayInput interface {
	pulumi.Input

	ToTunnelIamPolicyArrayOutput() TunnelIamPolicyArrayOutput
	ToTunnelIamPolicyArrayOutputWithContext(context.Context) TunnelIamPolicyArrayOutput
}

TunnelIamPolicyArrayInput is an input type that accepts TunnelIamPolicyArray and TunnelIamPolicyArrayOutput values. You can construct a concrete instance of `TunnelIamPolicyArrayInput` via: 

TunnelIamPolicyArray{ TunnelIamPolicyArgs{...} }

type TunnelIamPolicyArrayOutput added in v4.11.1 

type TunnelIamPolicyArrayOutput struct{ *pulumi.OutputState }

func (TunnelIamPolicyArrayOutput) ElementType added in v4.11.1 

func (TunnelIamPolicyArrayOutput) ElementType() reflect.Type

func (TunnelIamPolicyArrayOutput) Index added in v4.11.1 

func (o TunnelIamPolicyArrayOutput) Index(i pulumi.IntInput) TunnelIamPolicyOutput

func (TunnelIamPolicyArrayOutput) ToTunnelIamPolicyArrayOutput added in v4.11.1 

func (o TunnelIamPolicyArrayOutput) ToTunnelIamPolicyArrayOutput() TunnelIamPolicyArrayOutput

func (TunnelIamPolicyArrayOutput) ToTunnelIamPolicyArrayOutputWithContext added in v4.11.1 

func (o TunnelIamPolicyArrayOutput) ToTunnelIamPolicyArrayOutputWithContext(ctx context.Context) TunnelIamPolicyArrayOutput

type TunnelIamPolicyInput added in v4.4.0 

type TunnelIamPolicyInput interface {
	pulumi.Input

	ToTunnelIamPolicyOutput() TunnelIamPolicyOutput
	ToTunnelIamPolicyOutputWithContext(ctx context.Context) TunnelIamPolicyOutput
}

type TunnelIamPolicyMap added in v4.11.1 

type TunnelIamPolicyMap map[string]TunnelIamPolicyInput

func (TunnelIamPolicyMap) ElementType added in v4.11.1 

func (TunnelIamPolicyMap) ElementType() reflect.Type

func (TunnelIamPolicyMap) ToTunnelIamPolicyMapOutput added in v4.11.1 

func (i TunnelIamPolicyMap) ToTunnelIamPolicyMapOutput() TunnelIamPolicyMapOutput

func (TunnelIamPolicyMap) ToTunnelIamPolicyMapOutputWithContext added in v4.11.1 

func (i TunnelIamPolicyMap) ToTunnelIamPolicyMapOutputWithContext(ctx context.Context) TunnelIamPolicyMapOutput

type TunnelIamPolicyMapInput added in v4.11.1 

type TunnelIamPolicyMapInput interface {
	pulumi.Input

	ToTunnelIamPolicyMapOutput() TunnelIamPolicyMapOutput
	ToTunnelIamPolicyMapOutputWithContext(context.Context) TunnelIamPolicyMapOutput
}

TunnelIamPolicyMapInput is an input type that accepts TunnelIamPolicyMap and TunnelIamPolicyMapOutput values. You can construct a concrete instance of `TunnelIamPolicyMapInput` via: 

TunnelIamPolicyMap{ "key": TunnelIamPolicyArgs{...} }

type TunnelIamPolicyMapOutput added in v4.11.1 

type TunnelIamPolicyMapOutput struct{ *pulumi.OutputState }

func (TunnelIamPolicyMapOutput) ElementType added in v4.11.1 

func (TunnelIamPolicyMapOutput) ElementType() reflect.Type

func (TunnelIamPolicyMapOutput) MapIndex added in v4.11.1 

func (o TunnelIamPolicyMapOutput) MapIndex(k pulumi.StringInput) TunnelIamPolicyOutput

func (TunnelIamPolicyMapOutput) ToTunnelIamPolicyMapOutput added in v4.11.1 

func (o TunnelIamPolicyMapOutput) ToTunnelIamPolicyMapOutput() TunnelIamPolicyMapOutput

func (TunnelIamPolicyMapOutput) ToTunnelIamPolicyMapOutputWithContext added in v4.11.1 

func (o TunnelIamPolicyMapOutput) ToTunnelIamPolicyMapOutputWithContext(ctx context.Context) TunnelIamPolicyMapOutput

type TunnelIamPolicyOutput added in v4.4.0 

type TunnelIamPolicyOutput struct {
	*pulumi.OutputState
}

func (TunnelIamPolicyOutput) ElementType added in v4.4.0 

func (TunnelIamPolicyOutput) ElementType() reflect.Type

func (TunnelIamPolicyOutput) ToTunnelIamPolicyOutput added in v4.4.0 

func (o TunnelIamPolicyOutput) ToTunnelIamPolicyOutput() TunnelIamPolicyOutput

func (TunnelIamPolicyOutput) ToTunnelIamPolicyOutputWithContext added in v4.4.0 

func (o TunnelIamPolicyOutput) ToTunnelIamPolicyOutputWithContext(ctx context.Context) TunnelIamPolicyOutput

func (TunnelIamPolicyOutput) ToTunnelIamPolicyPtrOutput added in v4.11.1 

func (o TunnelIamPolicyOutput) ToTunnelIamPolicyPtrOutput() TunnelIamPolicyPtrOutput

func (TunnelIamPolicyOutput) ToTunnelIamPolicyPtrOutputWithContext added in v4.11.1 

func (o TunnelIamPolicyOutput) ToTunnelIamPolicyPtrOutputWithContext(ctx context.Context) TunnelIamPolicyPtrOutput

type TunnelIamPolicyPtrInput added in v4.11.1 

type TunnelIamPolicyPtrInput interface {
	pulumi.Input

	ToTunnelIamPolicyPtrOutput() TunnelIamPolicyPtrOutput
	ToTunnelIamPolicyPtrOutputWithContext(ctx context.Context) TunnelIamPolicyPtrOutput
}

type TunnelIamPolicyPtrOutput added in v4.11.1 

type TunnelIamPolicyPtrOutput struct {
	*pulumi.OutputState
}

func (TunnelIamPolicyPtrOutput) ElementType added in v4.11.1 

func (TunnelIamPolicyPtrOutput) ElementType() reflect.Type

func (TunnelIamPolicyPtrOutput) ToTunnelIamPolicyPtrOutput added in v4.11.1 

func (o TunnelIamPolicyPtrOutput) ToTunnelIamPolicyPtrOutput() TunnelIamPolicyPtrOutput

func (TunnelIamPolicyPtrOutput) ToTunnelIamPolicyPtrOutputWithContext added in v4.11.1 

func (o TunnelIamPolicyPtrOutput) ToTunnelIamPolicyPtrOutputWithContext(ctx context.Context) TunnelIamPolicyPtrOutput

type TunnelIamPolicyState added in v4.2.0 

type TunnelIamPolicyState struct {
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringPtrInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
}

func (TunnelIamPolicyState) ElementType added in v4.2.0 

func (TunnelIamPolicyState) ElementType() reflect.Type

type TunnelInstanceIAMBinding 

type TunnelInstanceIAMBinding struct {
	pulumi.CustomResourceState

	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition TunnelInstanceIAMBindingConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Used to find the parent resource to bind the IAM policy to
	Instance pulumi.StringOutput      `pulumi:"instance"`
	Members  pulumi.StringArrayOutput `pulumi:"members"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
	Zone pulumi.StringOutput `pulumi:"zone"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:

* `iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached. * `iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved. * `iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.

> **Note:** `iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `iap.TunnelInstanceIAMBinding` and `iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.

> **Note:** `iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_tunnel\_instance\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.tunnelResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{
			Project:    pulumi.Any(google_compute_instance.Tunnelvm.Project),
			Zone:       pulumi.Any(google_compute_instance.Tunnelvm.Zone),
			Instance:   pulumi.Any(google_compute_instance.Tunnelvm.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.tunnelResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{
			Project:    pulumi.Any(google_compute_instance.Tunnelvm.Project),
			Zone:       pulumi.Any(google_compute_instance.Tunnelvm.Zone),
			Instance:   pulumi.Any(google_compute_instance.Tunnelvm.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_tunnel\_instance\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{
			Project:  pulumi.Any(google_compute_instance.Tunnelvm.Project),
			Zone:     pulumi.Any(google_compute_instance.Tunnelvm.Zone),
			Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
			Role:     pulumi.String("roles/iap.tunnelResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{
			Project:  pulumi.Any(google_compute_instance.Tunnelvm.Project),
			Zone:     pulumi.Any(google_compute_instance.Tunnelvm.Zone),
			Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
			Role:     pulumi.String("roles/iap.tunnelResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &iap.TunnelInstanceIAMBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_tunnel\_instance\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{
			Project:  pulumi.Any(google_compute_instance.Tunnelvm.Project),
			Zone:     pulumi.Any(google_compute_instance.Tunnelvm.Zone),
			Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
			Role:     pulumi.String("roles/iap.tunnelResourceAccessor"),
			Member:   pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{
			Project:  pulumi.Any(google_compute_instance.Tunnelvm.Project),
			Zone:     pulumi.Any(google_compute_instance.Tunnelvm.Zone),
			Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
			Role:     pulumi.String("roles/iap.tunnelResourceAccessor"),
			Member:   pulumi.String("user:jane@example.com"),
			Condition: &iap.TunnelInstanceIAMMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}} * projects/{{project}}/zones/{{zone}}/instances/{{name}} * {{project}}/{{zone}}/{{name}} * {{zone}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor "projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor "projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetTunnelInstanceIAMBinding 

func GetTunnelInstanceIAMBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *TunnelInstanceIAMBindingState, opts ...pulumi.ResourceOption) (*TunnelInstanceIAMBinding, error)

GetTunnelInstanceIAMBinding gets an existing TunnelInstanceIAMBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewTunnelInstanceIAMBinding 

func NewTunnelInstanceIAMBinding(ctx *pulumi.Context,
	name string, args *TunnelInstanceIAMBindingArgs, opts ...pulumi.ResourceOption) (*TunnelInstanceIAMBinding, error)

NewTunnelInstanceIAMBinding registers a new resource with the given unique name, arguments, and options.

func (*TunnelInstanceIAMBinding) ElementType added in v4.4.0 

func (*TunnelInstanceIAMBinding) ElementType() reflect.Type

func (*TunnelInstanceIAMBinding) ToTunnelInstanceIAMBindingOutput added in v4.4.0 

func (i *TunnelInstanceIAMBinding) ToTunnelInstanceIAMBindingOutput() TunnelInstanceIAMBindingOutput

func (*TunnelInstanceIAMBinding) ToTunnelInstanceIAMBindingOutputWithContext added in v4.4.0 

func (i *TunnelInstanceIAMBinding) ToTunnelInstanceIAMBindingOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingOutput

func (*TunnelInstanceIAMBinding) ToTunnelInstanceIAMBindingPtrOutput added in v4.11.1 

func (i *TunnelInstanceIAMBinding) ToTunnelInstanceIAMBindingPtrOutput() TunnelInstanceIAMBindingPtrOutput

func (*TunnelInstanceIAMBinding) ToTunnelInstanceIAMBindingPtrOutputWithContext added in v4.11.1 

func (i *TunnelInstanceIAMBinding) ToTunnelInstanceIAMBindingPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingPtrOutput

type TunnelInstanceIAMBindingArgs 

type TunnelInstanceIAMBindingArgs struct {
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition TunnelInstanceIAMBindingConditionPtrInput
	// Used to find the parent resource to bind the IAM policy to
	Instance pulumi.StringInput
	Members  pulumi.StringArrayInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
	Zone pulumi.StringPtrInput
}

The set of arguments for constructing a TunnelInstanceIAMBinding resource.

func (TunnelInstanceIAMBindingArgs) ElementType 

func (TunnelInstanceIAMBindingArgs) ElementType() reflect.Type

type TunnelInstanceIAMBindingArray added in v4.11.1 

type TunnelInstanceIAMBindingArray []TunnelInstanceIAMBindingInput

func (TunnelInstanceIAMBindingArray) ElementType added in v4.11.1 

func (TunnelInstanceIAMBindingArray) ElementType() reflect.Type

func (TunnelInstanceIAMBindingArray) ToTunnelInstanceIAMBindingArrayOutput added in v4.11.1 

func (i TunnelInstanceIAMBindingArray) ToTunnelInstanceIAMBindingArrayOutput() TunnelInstanceIAMBindingArrayOutput

func (TunnelInstanceIAMBindingArray) ToTunnelInstanceIAMBindingArrayOutputWithContext added in v4.11.1 

func (i TunnelInstanceIAMBindingArray) ToTunnelInstanceIAMBindingArrayOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingArrayOutput

type TunnelInstanceIAMBindingArrayInput added in v4.11.1 

type TunnelInstanceIAMBindingArrayInput interface {
	pulumi.Input

	ToTunnelInstanceIAMBindingArrayOutput() TunnelInstanceIAMBindingArrayOutput
	ToTunnelInstanceIAMBindingArrayOutputWithContext(context.Context) TunnelInstanceIAMBindingArrayOutput
}

TunnelInstanceIAMBindingArrayInput is an input type that accepts TunnelInstanceIAMBindingArray and TunnelInstanceIAMBindingArrayOutput values. You can construct a concrete instance of `TunnelInstanceIAMBindingArrayInput` via: 

TunnelInstanceIAMBindingArray{ TunnelInstanceIAMBindingArgs{...} }

type TunnelInstanceIAMBindingArrayOutput added in v4.11.1 

type TunnelInstanceIAMBindingArrayOutput struct{ *pulumi.OutputState }

func (TunnelInstanceIAMBindingArrayOutput) ElementType added in v4.11.1 

func (TunnelInstanceIAMBindingArrayOutput) ElementType() reflect.Type

func (TunnelInstanceIAMBindingArrayOutput) Index added in v4.11.1 

func (o TunnelInstanceIAMBindingArrayOutput) Index(i pulumi.IntInput) TunnelInstanceIAMBindingOutput

func (TunnelInstanceIAMBindingArrayOutput) ToTunnelInstanceIAMBindingArrayOutput added in v4.11.1 

func (o TunnelInstanceIAMBindingArrayOutput) ToTunnelInstanceIAMBindingArrayOutput() TunnelInstanceIAMBindingArrayOutput

func (TunnelInstanceIAMBindingArrayOutput) ToTunnelInstanceIAMBindingArrayOutputWithContext added in v4.11.1 

func (o TunnelInstanceIAMBindingArrayOutput) ToTunnelInstanceIAMBindingArrayOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingArrayOutput

type TunnelInstanceIAMBindingCondition 

type TunnelInstanceIAMBindingCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type TunnelInstanceIAMBindingConditionArgs 

type TunnelInstanceIAMBindingConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (TunnelInstanceIAMBindingConditionArgs) ElementType 

func (TunnelInstanceIAMBindingConditionArgs) ElementType() reflect.Type

func (TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionOutput 

func (i TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionOutput() TunnelInstanceIAMBindingConditionOutput

func (TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionOutputWithContext 

func (i TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionOutput

func (TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionPtrOutput 

func (i TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionPtrOutput() TunnelInstanceIAMBindingConditionPtrOutput

func (TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext 

func (i TunnelInstanceIAMBindingConditionArgs) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionPtrOutput

type TunnelInstanceIAMBindingConditionInput 

type TunnelInstanceIAMBindingConditionInput interface {
	pulumi.Input

	ToTunnelInstanceIAMBindingConditionOutput() TunnelInstanceIAMBindingConditionOutput
	ToTunnelInstanceIAMBindingConditionOutputWithContext(context.Context) TunnelInstanceIAMBindingConditionOutput
}

TunnelInstanceIAMBindingConditionInput is an input type that accepts TunnelInstanceIAMBindingConditionArgs and TunnelInstanceIAMBindingConditionOutput values. You can construct a concrete instance of `TunnelInstanceIAMBindingConditionInput` via: 

TunnelInstanceIAMBindingConditionArgs{...}

type TunnelInstanceIAMBindingConditionOutput 

type TunnelInstanceIAMBindingConditionOutput struct{ *pulumi.OutputState }

func (TunnelInstanceIAMBindingConditionOutput) Description 

func (o TunnelInstanceIAMBindingConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (TunnelInstanceIAMBindingConditionOutput) ElementType 

func (TunnelInstanceIAMBindingConditionOutput) ElementType() reflect.Type

func (TunnelInstanceIAMBindingConditionOutput) Expression 

func (o TunnelInstanceIAMBindingConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (TunnelInstanceIAMBindingConditionOutput) Title 

func (o TunnelInstanceIAMBindingConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionOutput 

func (o TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionOutput() TunnelInstanceIAMBindingConditionOutput

func (TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionOutputWithContext 

func (o TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionOutput

func (TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionPtrOutput 

func (o TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionPtrOutput() TunnelInstanceIAMBindingConditionPtrOutput

func (TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext 

func (o TunnelInstanceIAMBindingConditionOutput) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionPtrOutput

type TunnelInstanceIAMBindingConditionPtrInput 

type TunnelInstanceIAMBindingConditionPtrInput interface {
	pulumi.Input

	ToTunnelInstanceIAMBindingConditionPtrOutput() TunnelInstanceIAMBindingConditionPtrOutput
	ToTunnelInstanceIAMBindingConditionPtrOutputWithContext(context.Context) TunnelInstanceIAMBindingConditionPtrOutput
}

TunnelInstanceIAMBindingConditionPtrInput is an input type that accepts TunnelInstanceIAMBindingConditionArgs, TunnelInstanceIAMBindingConditionPtr and TunnelInstanceIAMBindingConditionPtrOutput values. You can construct a concrete instance of `TunnelInstanceIAMBindingConditionPtrInput` via: 

        TunnelInstanceIAMBindingConditionArgs{...}

or:

        nil

func TunnelInstanceIAMBindingConditionPtr 

func TunnelInstanceIAMBindingConditionPtr(v *TunnelInstanceIAMBindingConditionArgs) TunnelInstanceIAMBindingConditionPtrInput

type TunnelInstanceIAMBindingConditionPtrOutput 

type TunnelInstanceIAMBindingConditionPtrOutput struct{ *pulumi.OutputState }

func (TunnelInstanceIAMBindingConditionPtrOutput) Description 

func (o TunnelInstanceIAMBindingConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (TunnelInstanceIAMBindingConditionPtrOutput) Elem 

func (o TunnelInstanceIAMBindingConditionPtrOutput) Elem() TunnelInstanceIAMBindingConditionOutput

func (TunnelInstanceIAMBindingConditionPtrOutput) ElementType 

func (TunnelInstanceIAMBindingConditionPtrOutput) ElementType() reflect.Type

func (TunnelInstanceIAMBindingConditionPtrOutput) Expression 

func (o TunnelInstanceIAMBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (TunnelInstanceIAMBindingConditionPtrOutput) Title 

func (o TunnelInstanceIAMBindingConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (TunnelInstanceIAMBindingConditionPtrOutput) ToTunnelInstanceIAMBindingConditionPtrOutput 

func (o TunnelInstanceIAMBindingConditionPtrOutput) ToTunnelInstanceIAMBindingConditionPtrOutput() TunnelInstanceIAMBindingConditionPtrOutput

func (TunnelInstanceIAMBindingConditionPtrOutput) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext 

func (o TunnelInstanceIAMBindingConditionPtrOutput) ToTunnelInstanceIAMBindingConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingConditionPtrOutput

type TunnelInstanceIAMBindingInput added in v4.4.0 

type TunnelInstanceIAMBindingInput interface {
	pulumi.Input

	ToTunnelInstanceIAMBindingOutput() TunnelInstanceIAMBindingOutput
	ToTunnelInstanceIAMBindingOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingOutput
}

type TunnelInstanceIAMBindingMap added in v4.11.1 

type TunnelInstanceIAMBindingMap map[string]TunnelInstanceIAMBindingInput

func (TunnelInstanceIAMBindingMap) ElementType added in v4.11.1 

func (TunnelInstanceIAMBindingMap) ElementType() reflect.Type

func (TunnelInstanceIAMBindingMap) ToTunnelInstanceIAMBindingMapOutput added in v4.11.1 

func (i TunnelInstanceIAMBindingMap) ToTunnelInstanceIAMBindingMapOutput() TunnelInstanceIAMBindingMapOutput

func (TunnelInstanceIAMBindingMap) ToTunnelInstanceIAMBindingMapOutputWithContext added in v4.11.1 

func (i TunnelInstanceIAMBindingMap) ToTunnelInstanceIAMBindingMapOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingMapOutput

type TunnelInstanceIAMBindingMapInput added in v4.11.1 

type TunnelInstanceIAMBindingMapInput interface {
	pulumi.Input

	ToTunnelInstanceIAMBindingMapOutput() TunnelInstanceIAMBindingMapOutput
	ToTunnelInstanceIAMBindingMapOutputWithContext(context.Context) TunnelInstanceIAMBindingMapOutput
}

TunnelInstanceIAMBindingMapInput is an input type that accepts TunnelInstanceIAMBindingMap and TunnelInstanceIAMBindingMapOutput values. You can construct a concrete instance of `TunnelInstanceIAMBindingMapInput` via: 

TunnelInstanceIAMBindingMap{ "key": TunnelInstanceIAMBindingArgs{...} }

type TunnelInstanceIAMBindingMapOutput added in v4.11.1 

type TunnelInstanceIAMBindingMapOutput struct{ *pulumi.OutputState }

func (TunnelInstanceIAMBindingMapOutput) ElementType added in v4.11.1 

func (TunnelInstanceIAMBindingMapOutput) ElementType() reflect.Type

func (TunnelInstanceIAMBindingMapOutput) MapIndex added in v4.11.1 

func (o TunnelInstanceIAMBindingMapOutput) MapIndex(k pulumi.StringInput) TunnelInstanceIAMBindingOutput

func (TunnelInstanceIAMBindingMapOutput) ToTunnelInstanceIAMBindingMapOutput added in v4.11.1 

func (o TunnelInstanceIAMBindingMapOutput) ToTunnelInstanceIAMBindingMapOutput() TunnelInstanceIAMBindingMapOutput

func (TunnelInstanceIAMBindingMapOutput) ToTunnelInstanceIAMBindingMapOutputWithContext added in v4.11.1 

func (o TunnelInstanceIAMBindingMapOutput) ToTunnelInstanceIAMBindingMapOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingMapOutput

type TunnelInstanceIAMBindingOutput added in v4.4.0 

type TunnelInstanceIAMBindingOutput struct {
	*pulumi.OutputState
}

func (TunnelInstanceIAMBindingOutput) ElementType added in v4.4.0 

func (TunnelInstanceIAMBindingOutput) ElementType() reflect.Type

func (TunnelInstanceIAMBindingOutput) ToTunnelInstanceIAMBindingOutput added in v4.4.0 

func (o TunnelInstanceIAMBindingOutput) ToTunnelInstanceIAMBindingOutput() TunnelInstanceIAMBindingOutput

func (TunnelInstanceIAMBindingOutput) ToTunnelInstanceIAMBindingOutputWithContext added in v4.4.0 

func (o TunnelInstanceIAMBindingOutput) ToTunnelInstanceIAMBindingOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingOutput

func (TunnelInstanceIAMBindingOutput) ToTunnelInstanceIAMBindingPtrOutput added in v4.11.1 

func (o TunnelInstanceIAMBindingOutput) ToTunnelInstanceIAMBindingPtrOutput() TunnelInstanceIAMBindingPtrOutput

func (TunnelInstanceIAMBindingOutput) ToTunnelInstanceIAMBindingPtrOutputWithContext added in v4.11.1 

func (o TunnelInstanceIAMBindingOutput) ToTunnelInstanceIAMBindingPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingPtrOutput

type TunnelInstanceIAMBindingPtrInput added in v4.11.1 

type TunnelInstanceIAMBindingPtrInput interface {
	pulumi.Input

	ToTunnelInstanceIAMBindingPtrOutput() TunnelInstanceIAMBindingPtrOutput
	ToTunnelInstanceIAMBindingPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingPtrOutput
}

type TunnelInstanceIAMBindingPtrOutput added in v4.11.1 

type TunnelInstanceIAMBindingPtrOutput struct {
	*pulumi.OutputState
}

func (TunnelInstanceIAMBindingPtrOutput) ElementType added in v4.11.1 

func (TunnelInstanceIAMBindingPtrOutput) ElementType() reflect.Type

func (TunnelInstanceIAMBindingPtrOutput) ToTunnelInstanceIAMBindingPtrOutput added in v4.11.1 

func (o TunnelInstanceIAMBindingPtrOutput) ToTunnelInstanceIAMBindingPtrOutput() TunnelInstanceIAMBindingPtrOutput

func (TunnelInstanceIAMBindingPtrOutput) ToTunnelInstanceIAMBindingPtrOutputWithContext added in v4.11.1 

func (o TunnelInstanceIAMBindingPtrOutput) ToTunnelInstanceIAMBindingPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMBindingPtrOutput

type TunnelInstanceIAMBindingState 

type TunnelInstanceIAMBindingState struct {
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition TunnelInstanceIAMBindingConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringPtrInput
	// Used to find the parent resource to bind the IAM policy to
	Instance pulumi.StringPtrInput
	Members  pulumi.StringArrayInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
	Zone pulumi.StringPtrInput
}

func (TunnelInstanceIAMBindingState) ElementType 

func (TunnelInstanceIAMBindingState) ElementType() reflect.Type

type TunnelInstanceIAMMember 

type TunnelInstanceIAMMember struct {
	pulumi.CustomResourceState

	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition TunnelInstanceIAMMemberConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Used to find the parent resource to bind the IAM policy to
	Instance pulumi.StringOutput `pulumi:"instance"`
	Member   pulumi.StringOutput `pulumi:"member"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
	Zone pulumi.StringOutput `pulumi:"zone"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:

* `iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached. * `iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved. * `iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.

> **Note:** `iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `iap.TunnelInstanceIAMBinding` and `iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.

> **Note:** `iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_tunnel\_instance\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.tunnelResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{
			Project:    pulumi.Any(google_compute_instance.Tunnelvm.Project),
			Zone:       pulumi.Any(google_compute_instance.Tunnelvm.Zone),
			Instance:   pulumi.Any(google_compute_instance.Tunnelvm.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.tunnelResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{
			Project:    pulumi.Any(google_compute_instance.Tunnelvm.Project),
			Zone:       pulumi.Any(google_compute_instance.Tunnelvm.Zone),
			Instance:   pulumi.Any(google_compute_instance.Tunnelvm.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_tunnel\_instance\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{
			Project:  pulumi.Any(google_compute_instance.Tunnelvm.Project),
			Zone:     pulumi.Any(google_compute_instance.Tunnelvm.Zone),
			Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
			Role:     pulumi.String("roles/iap.tunnelResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{
			Project:  pulumi.Any(google_compute_instance.Tunnelvm.Project),
			Zone:     pulumi.Any(google_compute_instance.Tunnelvm.Zone),
			Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
			Role:     pulumi.String("roles/iap.tunnelResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &iap.TunnelInstanceIAMBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_tunnel\_instance\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{
			Project:  pulumi.Any(google_compute_instance.Tunnelvm.Project),
			Zone:     pulumi.Any(google_compute_instance.Tunnelvm.Zone),
			Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
			Role:     pulumi.String("roles/iap.tunnelResourceAccessor"),
			Member:   pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{
			Project:  pulumi.Any(google_compute_instance.Tunnelvm.Project),
			Zone:     pulumi.Any(google_compute_instance.Tunnelvm.Zone),
			Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
			Role:     pulumi.String("roles/iap.tunnelResourceAccessor"),
			Member:   pulumi.String("user:jane@example.com"),
			Condition: &iap.TunnelInstanceIAMMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}} * projects/{{project}}/zones/{{zone}}/instances/{{name}} * {{project}}/{{zone}}/{{name}} * {{zone}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor "projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor "projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetTunnelInstanceIAMMember 

func GetTunnelInstanceIAMMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *TunnelInstanceIAMMemberState, opts ...pulumi.ResourceOption) (*TunnelInstanceIAMMember, error)

GetTunnelInstanceIAMMember gets an existing TunnelInstanceIAMMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewTunnelInstanceIAMMember 

func NewTunnelInstanceIAMMember(ctx *pulumi.Context,
	name string, args *TunnelInstanceIAMMemberArgs, opts ...pulumi.ResourceOption) (*TunnelInstanceIAMMember, error)

NewTunnelInstanceIAMMember registers a new resource with the given unique name, arguments, and options.

func (*TunnelInstanceIAMMember) ElementType added in v4.4.0 

func (*TunnelInstanceIAMMember) ElementType() reflect.Type

func (*TunnelInstanceIAMMember) ToTunnelInstanceIAMMemberOutput added in v4.4.0 

func (i *TunnelInstanceIAMMember) ToTunnelInstanceIAMMemberOutput() TunnelInstanceIAMMemberOutput

func (*TunnelInstanceIAMMember) ToTunnelInstanceIAMMemberOutputWithContext added in v4.4.0 

func (i *TunnelInstanceIAMMember) ToTunnelInstanceIAMMemberOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberOutput

func (*TunnelInstanceIAMMember) ToTunnelInstanceIAMMemberPtrOutput added in v4.11.1 

func (i *TunnelInstanceIAMMember) ToTunnelInstanceIAMMemberPtrOutput() TunnelInstanceIAMMemberPtrOutput

func (*TunnelInstanceIAMMember) ToTunnelInstanceIAMMemberPtrOutputWithContext added in v4.11.1 

func (i *TunnelInstanceIAMMember) ToTunnelInstanceIAMMemberPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberPtrOutput

type TunnelInstanceIAMMemberArgs 

type TunnelInstanceIAMMemberArgs struct {
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition TunnelInstanceIAMMemberConditionPtrInput
	// Used to find the parent resource to bind the IAM policy to
	Instance pulumi.StringInput
	Member   pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
	Zone pulumi.StringPtrInput
}

The set of arguments for constructing a TunnelInstanceIAMMember resource.

func (TunnelInstanceIAMMemberArgs) ElementType 

func (TunnelInstanceIAMMemberArgs) ElementType() reflect.Type

type TunnelInstanceIAMMemberArray added in v4.11.1 

type TunnelInstanceIAMMemberArray []TunnelInstanceIAMMemberInput

func (TunnelInstanceIAMMemberArray) ElementType added in v4.11.1 

func (TunnelInstanceIAMMemberArray) ElementType() reflect.Type

func (TunnelInstanceIAMMemberArray) ToTunnelInstanceIAMMemberArrayOutput added in v4.11.1 

func (i TunnelInstanceIAMMemberArray) ToTunnelInstanceIAMMemberArrayOutput() TunnelInstanceIAMMemberArrayOutput

func (TunnelInstanceIAMMemberArray) ToTunnelInstanceIAMMemberArrayOutputWithContext added in v4.11.1 

func (i TunnelInstanceIAMMemberArray) ToTunnelInstanceIAMMemberArrayOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberArrayOutput

type TunnelInstanceIAMMemberArrayInput added in v4.11.1 

type TunnelInstanceIAMMemberArrayInput interface {
	pulumi.Input

	ToTunnelInstanceIAMMemberArrayOutput() TunnelInstanceIAMMemberArrayOutput
	ToTunnelInstanceIAMMemberArrayOutputWithContext(context.Context) TunnelInstanceIAMMemberArrayOutput
}

TunnelInstanceIAMMemberArrayInput is an input type that accepts TunnelInstanceIAMMemberArray and TunnelInstanceIAMMemberArrayOutput values. You can construct a concrete instance of `TunnelInstanceIAMMemberArrayInput` via: 

TunnelInstanceIAMMemberArray{ TunnelInstanceIAMMemberArgs{...} }

type TunnelInstanceIAMMemberArrayOutput added in v4.11.1 

type TunnelInstanceIAMMemberArrayOutput struct{ *pulumi.OutputState }

func (TunnelInstanceIAMMemberArrayOutput) ElementType added in v4.11.1 

func (TunnelInstanceIAMMemberArrayOutput) ElementType() reflect.Type

func (TunnelInstanceIAMMemberArrayOutput) Index added in v4.11.1 

func (o TunnelInstanceIAMMemberArrayOutput) Index(i pulumi.IntInput) TunnelInstanceIAMMemberOutput

func (TunnelInstanceIAMMemberArrayOutput) ToTunnelInstanceIAMMemberArrayOutput added in v4.11.1 

func (o TunnelInstanceIAMMemberArrayOutput) ToTunnelInstanceIAMMemberArrayOutput() TunnelInstanceIAMMemberArrayOutput

func (TunnelInstanceIAMMemberArrayOutput) ToTunnelInstanceIAMMemberArrayOutputWithContext added in v4.11.1 

func (o TunnelInstanceIAMMemberArrayOutput) ToTunnelInstanceIAMMemberArrayOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberArrayOutput

type TunnelInstanceIAMMemberCondition 

type TunnelInstanceIAMMemberCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type TunnelInstanceIAMMemberConditionArgs 

type TunnelInstanceIAMMemberConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (TunnelInstanceIAMMemberConditionArgs) ElementType 

func (TunnelInstanceIAMMemberConditionArgs) ElementType() reflect.Type

func (TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionOutput 

func (i TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionOutput() TunnelInstanceIAMMemberConditionOutput

func (TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionOutputWithContext 

func (i TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionOutput

func (TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionPtrOutput 

func (i TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionPtrOutput() TunnelInstanceIAMMemberConditionPtrOutput

func (TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext 

func (i TunnelInstanceIAMMemberConditionArgs) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionPtrOutput

type TunnelInstanceIAMMemberConditionInput 

type TunnelInstanceIAMMemberConditionInput interface {
	pulumi.Input

	ToTunnelInstanceIAMMemberConditionOutput() TunnelInstanceIAMMemberConditionOutput
	ToTunnelInstanceIAMMemberConditionOutputWithContext(context.Context) TunnelInstanceIAMMemberConditionOutput
}

TunnelInstanceIAMMemberConditionInput is an input type that accepts TunnelInstanceIAMMemberConditionArgs and TunnelInstanceIAMMemberConditionOutput values. You can construct a concrete instance of `TunnelInstanceIAMMemberConditionInput` via: 

TunnelInstanceIAMMemberConditionArgs{...}

type TunnelInstanceIAMMemberConditionOutput 

type TunnelInstanceIAMMemberConditionOutput struct{ *pulumi.OutputState }

func (TunnelInstanceIAMMemberConditionOutput) Description 

func (o TunnelInstanceIAMMemberConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (TunnelInstanceIAMMemberConditionOutput) ElementType 

func (TunnelInstanceIAMMemberConditionOutput) ElementType() reflect.Type

func (TunnelInstanceIAMMemberConditionOutput) Expression 

func (o TunnelInstanceIAMMemberConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (TunnelInstanceIAMMemberConditionOutput) Title 

func (o TunnelInstanceIAMMemberConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionOutput 

func (o TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionOutput() TunnelInstanceIAMMemberConditionOutput

func (TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionOutputWithContext 

func (o TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionOutput

func (TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionPtrOutput 

func (o TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionPtrOutput() TunnelInstanceIAMMemberConditionPtrOutput

func (TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext 

func (o TunnelInstanceIAMMemberConditionOutput) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionPtrOutput

type TunnelInstanceIAMMemberConditionPtrInput 

type TunnelInstanceIAMMemberConditionPtrInput interface {
	pulumi.Input

	ToTunnelInstanceIAMMemberConditionPtrOutput() TunnelInstanceIAMMemberConditionPtrOutput
	ToTunnelInstanceIAMMemberConditionPtrOutputWithContext(context.Context) TunnelInstanceIAMMemberConditionPtrOutput
}

TunnelInstanceIAMMemberConditionPtrInput is an input type that accepts TunnelInstanceIAMMemberConditionArgs, TunnelInstanceIAMMemberConditionPtr and TunnelInstanceIAMMemberConditionPtrOutput values. You can construct a concrete instance of `TunnelInstanceIAMMemberConditionPtrInput` via: 

        TunnelInstanceIAMMemberConditionArgs{...}

or:

        nil

func TunnelInstanceIAMMemberConditionPtr 

func TunnelInstanceIAMMemberConditionPtr(v *TunnelInstanceIAMMemberConditionArgs) TunnelInstanceIAMMemberConditionPtrInput

type TunnelInstanceIAMMemberConditionPtrOutput 

type TunnelInstanceIAMMemberConditionPtrOutput struct{ *pulumi.OutputState }

func (TunnelInstanceIAMMemberConditionPtrOutput) Description 

func (o TunnelInstanceIAMMemberConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (TunnelInstanceIAMMemberConditionPtrOutput) Elem 

func (o TunnelInstanceIAMMemberConditionPtrOutput) Elem() TunnelInstanceIAMMemberConditionOutput

func (TunnelInstanceIAMMemberConditionPtrOutput) ElementType 

func (TunnelInstanceIAMMemberConditionPtrOutput) ElementType() reflect.Type

func (TunnelInstanceIAMMemberConditionPtrOutput) Expression 

func (o TunnelInstanceIAMMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (TunnelInstanceIAMMemberConditionPtrOutput) Title 

func (o TunnelInstanceIAMMemberConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (TunnelInstanceIAMMemberConditionPtrOutput) ToTunnelInstanceIAMMemberConditionPtrOutput 

func (o TunnelInstanceIAMMemberConditionPtrOutput) ToTunnelInstanceIAMMemberConditionPtrOutput() TunnelInstanceIAMMemberConditionPtrOutput

func (TunnelInstanceIAMMemberConditionPtrOutput) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext 

func (o TunnelInstanceIAMMemberConditionPtrOutput) ToTunnelInstanceIAMMemberConditionPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberConditionPtrOutput

type TunnelInstanceIAMMemberInput added in v4.4.0 

type TunnelInstanceIAMMemberInput interface {
	pulumi.Input

	ToTunnelInstanceIAMMemberOutput() TunnelInstanceIAMMemberOutput
	ToTunnelInstanceIAMMemberOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberOutput
}

type TunnelInstanceIAMMemberMap added in v4.11.1 

type TunnelInstanceIAMMemberMap map[string]TunnelInstanceIAMMemberInput

func (TunnelInstanceIAMMemberMap) ElementType added in v4.11.1 

func (TunnelInstanceIAMMemberMap) ElementType() reflect.Type

func (TunnelInstanceIAMMemberMap) ToTunnelInstanceIAMMemberMapOutput added in v4.11.1 

func (i TunnelInstanceIAMMemberMap) ToTunnelInstanceIAMMemberMapOutput() TunnelInstanceIAMMemberMapOutput

func (TunnelInstanceIAMMemberMap) ToTunnelInstanceIAMMemberMapOutputWithContext added in v4.11.1 

func (i TunnelInstanceIAMMemberMap) ToTunnelInstanceIAMMemberMapOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberMapOutput

type TunnelInstanceIAMMemberMapInput added in v4.11.1 

type TunnelInstanceIAMMemberMapInput interface {
	pulumi.Input

	ToTunnelInstanceIAMMemberMapOutput() TunnelInstanceIAMMemberMapOutput
	ToTunnelInstanceIAMMemberMapOutputWithContext(context.Context) TunnelInstanceIAMMemberMapOutput
}

TunnelInstanceIAMMemberMapInput is an input type that accepts TunnelInstanceIAMMemberMap and TunnelInstanceIAMMemberMapOutput values. You can construct a concrete instance of `TunnelInstanceIAMMemberMapInput` via: 

TunnelInstanceIAMMemberMap{ "key": TunnelInstanceIAMMemberArgs{...} }

type TunnelInstanceIAMMemberMapOutput added in v4.11.1 

type TunnelInstanceIAMMemberMapOutput struct{ *pulumi.OutputState }

func (TunnelInstanceIAMMemberMapOutput) ElementType added in v4.11.1 

func (TunnelInstanceIAMMemberMapOutput) ElementType() reflect.Type

func (TunnelInstanceIAMMemberMapOutput) MapIndex added in v4.11.1 

func (o TunnelInstanceIAMMemberMapOutput) MapIndex(k pulumi.StringInput) TunnelInstanceIAMMemberOutput

func (TunnelInstanceIAMMemberMapOutput) ToTunnelInstanceIAMMemberMapOutput added in v4.11.1 

func (o TunnelInstanceIAMMemberMapOutput) ToTunnelInstanceIAMMemberMapOutput() TunnelInstanceIAMMemberMapOutput

func (TunnelInstanceIAMMemberMapOutput) ToTunnelInstanceIAMMemberMapOutputWithContext added in v4.11.1 

func (o TunnelInstanceIAMMemberMapOutput) ToTunnelInstanceIAMMemberMapOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberMapOutput

type TunnelInstanceIAMMemberOutput added in v4.4.0 

type TunnelInstanceIAMMemberOutput struct {
	*pulumi.OutputState
}

func (TunnelInstanceIAMMemberOutput) ElementType added in v4.4.0 

func (TunnelInstanceIAMMemberOutput) ElementType() reflect.Type

func (TunnelInstanceIAMMemberOutput) ToTunnelInstanceIAMMemberOutput added in v4.4.0 

func (o TunnelInstanceIAMMemberOutput) ToTunnelInstanceIAMMemberOutput() TunnelInstanceIAMMemberOutput

func (TunnelInstanceIAMMemberOutput) ToTunnelInstanceIAMMemberOutputWithContext added in v4.4.0 

func (o TunnelInstanceIAMMemberOutput) ToTunnelInstanceIAMMemberOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberOutput

func (TunnelInstanceIAMMemberOutput) ToTunnelInstanceIAMMemberPtrOutput added in v4.11.1 

func (o TunnelInstanceIAMMemberOutput) ToTunnelInstanceIAMMemberPtrOutput() TunnelInstanceIAMMemberPtrOutput

func (TunnelInstanceIAMMemberOutput) ToTunnelInstanceIAMMemberPtrOutputWithContext added in v4.11.1 

func (o TunnelInstanceIAMMemberOutput) ToTunnelInstanceIAMMemberPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberPtrOutput

type TunnelInstanceIAMMemberPtrInput added in v4.11.1 

type TunnelInstanceIAMMemberPtrInput interface {
	pulumi.Input

	ToTunnelInstanceIAMMemberPtrOutput() TunnelInstanceIAMMemberPtrOutput
	ToTunnelInstanceIAMMemberPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberPtrOutput
}

type TunnelInstanceIAMMemberPtrOutput added in v4.11.1 

type TunnelInstanceIAMMemberPtrOutput struct {
	*pulumi.OutputState
}

func (TunnelInstanceIAMMemberPtrOutput) ElementType added in v4.11.1 

func (TunnelInstanceIAMMemberPtrOutput) ElementType() reflect.Type

func (TunnelInstanceIAMMemberPtrOutput) ToTunnelInstanceIAMMemberPtrOutput added in v4.11.1 

func (o TunnelInstanceIAMMemberPtrOutput) ToTunnelInstanceIAMMemberPtrOutput() TunnelInstanceIAMMemberPtrOutput

func (TunnelInstanceIAMMemberPtrOutput) ToTunnelInstanceIAMMemberPtrOutputWithContext added in v4.11.1 

func (o TunnelInstanceIAMMemberPtrOutput) ToTunnelInstanceIAMMemberPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMMemberPtrOutput

type TunnelInstanceIAMMemberState 

type TunnelInstanceIAMMemberState struct {
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition TunnelInstanceIAMMemberConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringPtrInput
	// Used to find the parent resource to bind the IAM policy to
	Instance pulumi.StringPtrInput
	Member   pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
	Zone pulumi.StringPtrInput
}

func (TunnelInstanceIAMMemberState) ElementType 

func (TunnelInstanceIAMMemberState) ElementType() reflect.Type

type TunnelInstanceIAMPolicy 

type TunnelInstanceIAMPolicy struct {
	pulumi.CustomResourceState

	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Used to find the parent resource to bind the IAM policy to
	Instance pulumi.StringOutput `pulumi:"instance"`
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringOutput `pulumi:"policyData"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	Zone    pulumi.StringOutput `pulumi:"zone"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:

* `iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached. * `iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved. * `iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.

> **Note:** `iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `iap.TunnelInstanceIAMBinding` and `iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.

> **Note:** `iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_tunnel\_instance\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.tunnelResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{
			Project:    pulumi.Any(google_compute_instance.Tunnelvm.Project),
			Zone:       pulumi.Any(google_compute_instance.Tunnelvm.Zone),
			Instance:   pulumi.Any(google_compute_instance.Tunnelvm.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.tunnelResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{
			Project:    pulumi.Any(google_compute_instance.Tunnelvm.Project),
			Zone:       pulumi.Any(google_compute_instance.Tunnelvm.Zone),
			Instance:   pulumi.Any(google_compute_instance.Tunnelvm.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_tunnel\_instance\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{
			Project:  pulumi.Any(google_compute_instance.Tunnelvm.Project),
			Zone:     pulumi.Any(google_compute_instance.Tunnelvm.Zone),
			Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
			Role:     pulumi.String("roles/iap.tunnelResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{
			Project:  pulumi.Any(google_compute_instance.Tunnelvm.Project),
			Zone:     pulumi.Any(google_compute_instance.Tunnelvm.Zone),
			Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
			Role:     pulumi.String("roles/iap.tunnelResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &iap.TunnelInstanceIAMBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_tunnel\_instance\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{
			Project:  pulumi.Any(google_compute_instance.Tunnelvm.Project),
			Zone:     pulumi.Any(google_compute_instance.Tunnelvm.Zone),
			Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
			Role:     pulumi.String("roles/iap.tunnelResourceAccessor"),
			Member:   pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{
			Project:  pulumi.Any(google_compute_instance.Tunnelvm.Project),
			Zone:     pulumi.Any(google_compute_instance.Tunnelvm.Zone),
			Instance: pulumi.Any(google_compute_instance.Tunnelvm.Name),
			Role:     pulumi.String("roles/iap.tunnelResourceAccessor"),
			Member:   pulumi.String("user:jane@example.com"),
			Condition: &iap.TunnelInstanceIAMMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}} * projects/{{project}}/zones/{{zone}}/instances/{{name}} * {{project}}/{{zone}}/{{name}} * {{zone}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor "projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor "projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetTunnelInstanceIAMPolicy 

func GetTunnelInstanceIAMPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *TunnelInstanceIAMPolicyState, opts ...pulumi.ResourceOption) (*TunnelInstanceIAMPolicy, error)

GetTunnelInstanceIAMPolicy gets an existing TunnelInstanceIAMPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewTunnelInstanceIAMPolicy 

func NewTunnelInstanceIAMPolicy(ctx *pulumi.Context,
	name string, args *TunnelInstanceIAMPolicyArgs, opts ...pulumi.ResourceOption) (*TunnelInstanceIAMPolicy, error)

NewTunnelInstanceIAMPolicy registers a new resource with the given unique name, arguments, and options.

func (*TunnelInstanceIAMPolicy) ElementType added in v4.4.0 

func (*TunnelInstanceIAMPolicy) ElementType() reflect.Type

func (*TunnelInstanceIAMPolicy) ToTunnelInstanceIAMPolicyOutput added in v4.4.0 

func (i *TunnelInstanceIAMPolicy) ToTunnelInstanceIAMPolicyOutput() TunnelInstanceIAMPolicyOutput

func (*TunnelInstanceIAMPolicy) ToTunnelInstanceIAMPolicyOutputWithContext added in v4.4.0 

func (i *TunnelInstanceIAMPolicy) ToTunnelInstanceIAMPolicyOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyOutput

func (*TunnelInstanceIAMPolicy) ToTunnelInstanceIAMPolicyPtrOutput added in v4.11.1 

func (i *TunnelInstanceIAMPolicy) ToTunnelInstanceIAMPolicyPtrOutput() TunnelInstanceIAMPolicyPtrOutput

func (*TunnelInstanceIAMPolicy) ToTunnelInstanceIAMPolicyPtrOutputWithContext added in v4.11.1 

func (i *TunnelInstanceIAMPolicy) ToTunnelInstanceIAMPolicyPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyPtrOutput

type TunnelInstanceIAMPolicyArgs 

type TunnelInstanceIAMPolicyArgs struct {
	// Used to find the parent resource to bind the IAM policy to
	Instance pulumi.StringInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	Zone    pulumi.StringPtrInput
}

The set of arguments for constructing a TunnelInstanceIAMPolicy resource.

func (TunnelInstanceIAMPolicyArgs) ElementType 

func (TunnelInstanceIAMPolicyArgs) ElementType() reflect.Type

type TunnelInstanceIAMPolicyArray added in v4.11.1 

type TunnelInstanceIAMPolicyArray []TunnelInstanceIAMPolicyInput

func (TunnelInstanceIAMPolicyArray) ElementType added in v4.11.1 

func (TunnelInstanceIAMPolicyArray) ElementType() reflect.Type

func (TunnelInstanceIAMPolicyArray) ToTunnelInstanceIAMPolicyArrayOutput added in v4.11.1 

func (i TunnelInstanceIAMPolicyArray) ToTunnelInstanceIAMPolicyArrayOutput() TunnelInstanceIAMPolicyArrayOutput

func (TunnelInstanceIAMPolicyArray) ToTunnelInstanceIAMPolicyArrayOutputWithContext added in v4.11.1 

func (i TunnelInstanceIAMPolicyArray) ToTunnelInstanceIAMPolicyArrayOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyArrayOutput

type TunnelInstanceIAMPolicyArrayInput added in v4.11.1 

type TunnelInstanceIAMPolicyArrayInput interface {
	pulumi.Input

	ToTunnelInstanceIAMPolicyArrayOutput() TunnelInstanceIAMPolicyArrayOutput
	ToTunnelInstanceIAMPolicyArrayOutputWithContext(context.Context) TunnelInstanceIAMPolicyArrayOutput
}

TunnelInstanceIAMPolicyArrayInput is an input type that accepts TunnelInstanceIAMPolicyArray and TunnelInstanceIAMPolicyArrayOutput values. You can construct a concrete instance of `TunnelInstanceIAMPolicyArrayInput` via: 

TunnelInstanceIAMPolicyArray{ TunnelInstanceIAMPolicyArgs{...} }

type TunnelInstanceIAMPolicyArrayOutput added in v4.11.1 

type TunnelInstanceIAMPolicyArrayOutput struct{ *pulumi.OutputState }

func (TunnelInstanceIAMPolicyArrayOutput) ElementType added in v4.11.1 

func (TunnelInstanceIAMPolicyArrayOutput) ElementType() reflect.Type

func (TunnelInstanceIAMPolicyArrayOutput) Index added in v4.11.1 

func (o TunnelInstanceIAMPolicyArrayOutput) Index(i pulumi.IntInput) TunnelInstanceIAMPolicyOutput

func (TunnelInstanceIAMPolicyArrayOutput) ToTunnelInstanceIAMPolicyArrayOutput added in v4.11.1 

func (o TunnelInstanceIAMPolicyArrayOutput) ToTunnelInstanceIAMPolicyArrayOutput() TunnelInstanceIAMPolicyArrayOutput

func (TunnelInstanceIAMPolicyArrayOutput) ToTunnelInstanceIAMPolicyArrayOutputWithContext added in v4.11.1 

func (o TunnelInstanceIAMPolicyArrayOutput) ToTunnelInstanceIAMPolicyArrayOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyArrayOutput

type TunnelInstanceIAMPolicyInput added in v4.4.0 

type TunnelInstanceIAMPolicyInput interface {
	pulumi.Input

	ToTunnelInstanceIAMPolicyOutput() TunnelInstanceIAMPolicyOutput
	ToTunnelInstanceIAMPolicyOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyOutput
}

type TunnelInstanceIAMPolicyMap added in v4.11.1 

type TunnelInstanceIAMPolicyMap map[string]TunnelInstanceIAMPolicyInput

func (TunnelInstanceIAMPolicyMap) ElementType added in v4.11.1 

func (TunnelInstanceIAMPolicyMap) ElementType() reflect.Type

func (TunnelInstanceIAMPolicyMap) ToTunnelInstanceIAMPolicyMapOutput added in v4.11.1 

func (i TunnelInstanceIAMPolicyMap) ToTunnelInstanceIAMPolicyMapOutput() TunnelInstanceIAMPolicyMapOutput

func (TunnelInstanceIAMPolicyMap) ToTunnelInstanceIAMPolicyMapOutputWithContext added in v4.11.1 

func (i TunnelInstanceIAMPolicyMap) ToTunnelInstanceIAMPolicyMapOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyMapOutput

type TunnelInstanceIAMPolicyMapInput added in v4.11.1 

type TunnelInstanceIAMPolicyMapInput interface {
	pulumi.Input

	ToTunnelInstanceIAMPolicyMapOutput() TunnelInstanceIAMPolicyMapOutput
	ToTunnelInstanceIAMPolicyMapOutputWithContext(context.Context) TunnelInstanceIAMPolicyMapOutput
}

TunnelInstanceIAMPolicyMapInput is an input type that accepts TunnelInstanceIAMPolicyMap and TunnelInstanceIAMPolicyMapOutput values. You can construct a concrete instance of `TunnelInstanceIAMPolicyMapInput` via: 

TunnelInstanceIAMPolicyMap{ "key": TunnelInstanceIAMPolicyArgs{...} }

type TunnelInstanceIAMPolicyMapOutput added in v4.11.1 

type TunnelInstanceIAMPolicyMapOutput struct{ *pulumi.OutputState }

func (TunnelInstanceIAMPolicyMapOutput) ElementType added in v4.11.1 

func (TunnelInstanceIAMPolicyMapOutput) ElementType() reflect.Type

func (TunnelInstanceIAMPolicyMapOutput) MapIndex added in v4.11.1 

func (o TunnelInstanceIAMPolicyMapOutput) MapIndex(k pulumi.StringInput) TunnelInstanceIAMPolicyOutput

func (TunnelInstanceIAMPolicyMapOutput) ToTunnelInstanceIAMPolicyMapOutput added in v4.11.1 

func (o TunnelInstanceIAMPolicyMapOutput) ToTunnelInstanceIAMPolicyMapOutput() TunnelInstanceIAMPolicyMapOutput

func (TunnelInstanceIAMPolicyMapOutput) ToTunnelInstanceIAMPolicyMapOutputWithContext added in v4.11.1 

func (o TunnelInstanceIAMPolicyMapOutput) ToTunnelInstanceIAMPolicyMapOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyMapOutput

type TunnelInstanceIAMPolicyOutput added in v4.4.0 

type TunnelInstanceIAMPolicyOutput struct {
	*pulumi.OutputState
}

func (TunnelInstanceIAMPolicyOutput) ElementType added in v4.4.0 

func (TunnelInstanceIAMPolicyOutput) ElementType() reflect.Type

func (TunnelInstanceIAMPolicyOutput) ToTunnelInstanceIAMPolicyOutput added in v4.4.0 

func (o TunnelInstanceIAMPolicyOutput) ToTunnelInstanceIAMPolicyOutput() TunnelInstanceIAMPolicyOutput

func (TunnelInstanceIAMPolicyOutput) ToTunnelInstanceIAMPolicyOutputWithContext added in v4.4.0 

func (o TunnelInstanceIAMPolicyOutput) ToTunnelInstanceIAMPolicyOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyOutput

func (TunnelInstanceIAMPolicyOutput) ToTunnelInstanceIAMPolicyPtrOutput added in v4.11.1 

func (o TunnelInstanceIAMPolicyOutput) ToTunnelInstanceIAMPolicyPtrOutput() TunnelInstanceIAMPolicyPtrOutput

func (TunnelInstanceIAMPolicyOutput) ToTunnelInstanceIAMPolicyPtrOutputWithContext added in v4.11.1 

func (o TunnelInstanceIAMPolicyOutput) ToTunnelInstanceIAMPolicyPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyPtrOutput

type TunnelInstanceIAMPolicyPtrInput added in v4.11.1 

type TunnelInstanceIAMPolicyPtrInput interface {
	pulumi.Input

	ToTunnelInstanceIAMPolicyPtrOutput() TunnelInstanceIAMPolicyPtrOutput
	ToTunnelInstanceIAMPolicyPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyPtrOutput
}

type TunnelInstanceIAMPolicyPtrOutput added in v4.11.1 

type TunnelInstanceIAMPolicyPtrOutput struct {
	*pulumi.OutputState
}

func (TunnelInstanceIAMPolicyPtrOutput) ElementType added in v4.11.1 

func (TunnelInstanceIAMPolicyPtrOutput) ElementType() reflect.Type

func (TunnelInstanceIAMPolicyPtrOutput) ToTunnelInstanceIAMPolicyPtrOutput added in v4.11.1 

func (o TunnelInstanceIAMPolicyPtrOutput) ToTunnelInstanceIAMPolicyPtrOutput() TunnelInstanceIAMPolicyPtrOutput

func (TunnelInstanceIAMPolicyPtrOutput) ToTunnelInstanceIAMPolicyPtrOutputWithContext added in v4.11.1 

func (o TunnelInstanceIAMPolicyPtrOutput) ToTunnelInstanceIAMPolicyPtrOutputWithContext(ctx context.Context) TunnelInstanceIAMPolicyPtrOutput

type TunnelInstanceIAMPolicyState 

type TunnelInstanceIAMPolicyState struct {
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringPtrInput
	// Used to find the parent resource to bind the IAM policy to
	Instance pulumi.StringPtrInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	Zone    pulumi.StringPtrInput
}

func (TunnelInstanceIAMPolicyState) ElementType 

func (TunnelInstanceIAMPolicyState) ElementType() reflect.Type

type WebBackendServiceIamBinding 

type WebBackendServiceIamBinding struct {
	pulumi.CustomResourceState

	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebBackendServiceIamBindingConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag    pulumi.StringOutput      `pulumi:"etag"`
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
	// Used to find the parent resource to bind the IAM policy to
	WebBackendService pulumi.StringOutput `pulumi:"webBackendService"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:

* `iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached. * `iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved. * `iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.

> **Note:** `iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `iap.WebBackendServiceIamBinding` and `iap.WebBackendServiceIamMember` or they will fight over what your policy should be.

> **Note:** `iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_web\_backend\_service\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{
			Project:           pulumi.Any(google_compute_backend_service.Default.Project),
			WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
			PolicyData:        pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{
			Project:           pulumi.Any(google_compute_backend_service.Default.Project),
			WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
			PolicyData:        pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_backend\_service\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{
			Project:           pulumi.Any(google_compute_backend_service.Default.Project),
			WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
			Role:              pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{
			Project:           pulumi.Any(google_compute_backend_service.Default.Project),
			WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
			Role:              pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &iap.WebBackendServiceIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_backend\_service\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{
			Project:           pulumi.Any(google_compute_backend_service.Default.Project),
			WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
			Role:              pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:            pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{
			Project:           pulumi.Any(google_compute_backend_service.Default.Project),
			WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
			Role:              pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:            pulumi.String("user:jane@example.com"),
			Condition: &iap.WebBackendServiceIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/compute/services/{{name}} * {{project}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor "projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor "projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetWebBackendServiceIamBinding 

func GetWebBackendServiceIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WebBackendServiceIamBindingState, opts ...pulumi.ResourceOption) (*WebBackendServiceIamBinding, error)

GetWebBackendServiceIamBinding gets an existing WebBackendServiceIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWebBackendServiceIamBinding 

func NewWebBackendServiceIamBinding(ctx *pulumi.Context,
	name string, args *WebBackendServiceIamBindingArgs, opts ...pulumi.ResourceOption) (*WebBackendServiceIamBinding, error)

NewWebBackendServiceIamBinding registers a new resource with the given unique name, arguments, and options.

func (*WebBackendServiceIamBinding) ElementType added in v4.4.0 

func (*WebBackendServiceIamBinding) ElementType() reflect.Type

func (*WebBackendServiceIamBinding) ToWebBackendServiceIamBindingOutput added in v4.4.0 

func (i *WebBackendServiceIamBinding) ToWebBackendServiceIamBindingOutput() WebBackendServiceIamBindingOutput

func (*WebBackendServiceIamBinding) ToWebBackendServiceIamBindingOutputWithContext added in v4.4.0 

func (i *WebBackendServiceIamBinding) ToWebBackendServiceIamBindingOutputWithContext(ctx context.Context) WebBackendServiceIamBindingOutput

func (*WebBackendServiceIamBinding) ToWebBackendServiceIamBindingPtrOutput added in v4.11.1 

func (i *WebBackendServiceIamBinding) ToWebBackendServiceIamBindingPtrOutput() WebBackendServiceIamBindingPtrOutput

func (*WebBackendServiceIamBinding) ToWebBackendServiceIamBindingPtrOutputWithContext added in v4.11.1 

func (i *WebBackendServiceIamBinding) ToWebBackendServiceIamBindingPtrOutputWithContext(ctx context.Context) WebBackendServiceIamBindingPtrOutput

type WebBackendServiceIamBindingArgs 

type WebBackendServiceIamBindingArgs struct {
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebBackendServiceIamBindingConditionPtrInput
	Members   pulumi.StringArrayInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
	// Used to find the parent resource to bind the IAM policy to
	WebBackendService pulumi.StringInput
}

The set of arguments for constructing a WebBackendServiceIamBinding resource.

func (WebBackendServiceIamBindingArgs) ElementType 

func (WebBackendServiceIamBindingArgs) ElementType() reflect.Type

type WebBackendServiceIamBindingArray added in v4.11.1 

type WebBackendServiceIamBindingArray []WebBackendServiceIamBindingInput

func (WebBackendServiceIamBindingArray) ElementType added in v4.11.1 

func (WebBackendServiceIamBindingArray) ElementType() reflect.Type

func (WebBackendServiceIamBindingArray) ToWebBackendServiceIamBindingArrayOutput added in v4.11.1 

func (i WebBackendServiceIamBindingArray) ToWebBackendServiceIamBindingArrayOutput() WebBackendServiceIamBindingArrayOutput

func (WebBackendServiceIamBindingArray) ToWebBackendServiceIamBindingArrayOutputWithContext added in v4.11.1 

func (i WebBackendServiceIamBindingArray) ToWebBackendServiceIamBindingArrayOutputWithContext(ctx context.Context) WebBackendServiceIamBindingArrayOutput

type WebBackendServiceIamBindingArrayInput added in v4.11.1 

type WebBackendServiceIamBindingArrayInput interface {
	pulumi.Input

	ToWebBackendServiceIamBindingArrayOutput() WebBackendServiceIamBindingArrayOutput
	ToWebBackendServiceIamBindingArrayOutputWithContext(context.Context) WebBackendServiceIamBindingArrayOutput
}

WebBackendServiceIamBindingArrayInput is an input type that accepts WebBackendServiceIamBindingArray and WebBackendServiceIamBindingArrayOutput values. You can construct a concrete instance of `WebBackendServiceIamBindingArrayInput` via: 

WebBackendServiceIamBindingArray{ WebBackendServiceIamBindingArgs{...} }

type WebBackendServiceIamBindingArrayOutput added in v4.11.1 

type WebBackendServiceIamBindingArrayOutput struct{ *pulumi.OutputState }

func (WebBackendServiceIamBindingArrayOutput) ElementType added in v4.11.1 

func (WebBackendServiceIamBindingArrayOutput) ElementType() reflect.Type

func (WebBackendServiceIamBindingArrayOutput) Index added in v4.11.1 

func (o WebBackendServiceIamBindingArrayOutput) Index(i pulumi.IntInput) WebBackendServiceIamBindingOutput

func (WebBackendServiceIamBindingArrayOutput) ToWebBackendServiceIamBindingArrayOutput added in v4.11.1 

func (o WebBackendServiceIamBindingArrayOutput) ToWebBackendServiceIamBindingArrayOutput() WebBackendServiceIamBindingArrayOutput

func (WebBackendServiceIamBindingArrayOutput) ToWebBackendServiceIamBindingArrayOutputWithContext added in v4.11.1 

func (o WebBackendServiceIamBindingArrayOutput) ToWebBackendServiceIamBindingArrayOutputWithContext(ctx context.Context) WebBackendServiceIamBindingArrayOutput

type WebBackendServiceIamBindingCondition 

type WebBackendServiceIamBindingCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type WebBackendServiceIamBindingConditionArgs 

type WebBackendServiceIamBindingConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (WebBackendServiceIamBindingConditionArgs) ElementType 

func (WebBackendServiceIamBindingConditionArgs) ElementType() reflect.Type

func (WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionOutput 

func (i WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionOutput() WebBackendServiceIamBindingConditionOutput

func (WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionOutputWithContext 

func (i WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionOutput

func (WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionPtrOutput 

func (i WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionPtrOutput() WebBackendServiceIamBindingConditionPtrOutput

func (WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionPtrOutputWithContext 

func (i WebBackendServiceIamBindingConditionArgs) ToWebBackendServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionPtrOutput

type WebBackendServiceIamBindingConditionInput 

type WebBackendServiceIamBindingConditionInput interface {
	pulumi.Input

	ToWebBackendServiceIamBindingConditionOutput() WebBackendServiceIamBindingConditionOutput
	ToWebBackendServiceIamBindingConditionOutputWithContext(context.Context) WebBackendServiceIamBindingConditionOutput
}

WebBackendServiceIamBindingConditionInput is an input type that accepts WebBackendServiceIamBindingConditionArgs and WebBackendServiceIamBindingConditionOutput values. You can construct a concrete instance of `WebBackendServiceIamBindingConditionInput` via: 

WebBackendServiceIamBindingConditionArgs{...}

type WebBackendServiceIamBindingConditionOutput 

type WebBackendServiceIamBindingConditionOutput struct{ *pulumi.OutputState }

func (WebBackendServiceIamBindingConditionOutput) Description 

func (o WebBackendServiceIamBindingConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (WebBackendServiceIamBindingConditionOutput) ElementType 

func (WebBackendServiceIamBindingConditionOutput) ElementType() reflect.Type

func (WebBackendServiceIamBindingConditionOutput) Expression 

func (o WebBackendServiceIamBindingConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (WebBackendServiceIamBindingConditionOutput) Title 

func (o WebBackendServiceIamBindingConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionOutput 

func (o WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionOutput() WebBackendServiceIamBindingConditionOutput

func (WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionOutputWithContext 

func (o WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionOutput

func (WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionPtrOutput 

func (o WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionPtrOutput() WebBackendServiceIamBindingConditionPtrOutput

func (WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionPtrOutputWithContext 

func (o WebBackendServiceIamBindingConditionOutput) ToWebBackendServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionPtrOutput

type WebBackendServiceIamBindingConditionPtrInput 

type WebBackendServiceIamBindingConditionPtrInput interface {
	pulumi.Input

	ToWebBackendServiceIamBindingConditionPtrOutput() WebBackendServiceIamBindingConditionPtrOutput
	ToWebBackendServiceIamBindingConditionPtrOutputWithContext(context.Context) WebBackendServiceIamBindingConditionPtrOutput
}

WebBackendServiceIamBindingConditionPtrInput is an input type that accepts WebBackendServiceIamBindingConditionArgs, WebBackendServiceIamBindingConditionPtr and WebBackendServiceIamBindingConditionPtrOutput values. You can construct a concrete instance of `WebBackendServiceIamBindingConditionPtrInput` via: 

        WebBackendServiceIamBindingConditionArgs{...}

or:

        nil

func WebBackendServiceIamBindingConditionPtr 

func WebBackendServiceIamBindingConditionPtr(v *WebBackendServiceIamBindingConditionArgs) WebBackendServiceIamBindingConditionPtrInput

type WebBackendServiceIamBindingConditionPtrOutput 

type WebBackendServiceIamBindingConditionPtrOutput struct{ *pulumi.OutputState }

func (WebBackendServiceIamBindingConditionPtrOutput) Description 

func (o WebBackendServiceIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (WebBackendServiceIamBindingConditionPtrOutput) Elem 

func (o WebBackendServiceIamBindingConditionPtrOutput) Elem() WebBackendServiceIamBindingConditionOutput

func (WebBackendServiceIamBindingConditionPtrOutput) ElementType 

func (WebBackendServiceIamBindingConditionPtrOutput) ElementType() reflect.Type

func (WebBackendServiceIamBindingConditionPtrOutput) Expression 

func (o WebBackendServiceIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (WebBackendServiceIamBindingConditionPtrOutput) Title 

func (o WebBackendServiceIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (WebBackendServiceIamBindingConditionPtrOutput) ToWebBackendServiceIamBindingConditionPtrOutput 

func (o WebBackendServiceIamBindingConditionPtrOutput) ToWebBackendServiceIamBindingConditionPtrOutput() WebBackendServiceIamBindingConditionPtrOutput

func (WebBackendServiceIamBindingConditionPtrOutput) ToWebBackendServiceIamBindingConditionPtrOutputWithContext 

func (o WebBackendServiceIamBindingConditionPtrOutput) ToWebBackendServiceIamBindingConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamBindingConditionPtrOutput

type WebBackendServiceIamBindingInput added in v4.4.0 

type WebBackendServiceIamBindingInput interface {
	pulumi.Input

	ToWebBackendServiceIamBindingOutput() WebBackendServiceIamBindingOutput
	ToWebBackendServiceIamBindingOutputWithContext(ctx context.Context) WebBackendServiceIamBindingOutput
}

type WebBackendServiceIamBindingMap added in v4.11.1 

type WebBackendServiceIamBindingMap map[string]WebBackendServiceIamBindingInput

func (WebBackendServiceIamBindingMap) ElementType added in v4.11.1 

func (WebBackendServiceIamBindingMap) ElementType() reflect.Type

func (WebBackendServiceIamBindingMap) ToWebBackendServiceIamBindingMapOutput added in v4.11.1 

func (i WebBackendServiceIamBindingMap) ToWebBackendServiceIamBindingMapOutput() WebBackendServiceIamBindingMapOutput

func (WebBackendServiceIamBindingMap) ToWebBackendServiceIamBindingMapOutputWithContext added in v4.11.1 

func (i WebBackendServiceIamBindingMap) ToWebBackendServiceIamBindingMapOutputWithContext(ctx context.Context) WebBackendServiceIamBindingMapOutput

type WebBackendServiceIamBindingMapInput added in v4.11.1 

type WebBackendServiceIamBindingMapInput interface {
	pulumi.Input

	ToWebBackendServiceIamBindingMapOutput() WebBackendServiceIamBindingMapOutput
	ToWebBackendServiceIamBindingMapOutputWithContext(context.Context) WebBackendServiceIamBindingMapOutput
}

WebBackendServiceIamBindingMapInput is an input type that accepts WebBackendServiceIamBindingMap and WebBackendServiceIamBindingMapOutput values. You can construct a concrete instance of `WebBackendServiceIamBindingMapInput` via: 

WebBackendServiceIamBindingMap{ "key": WebBackendServiceIamBindingArgs{...} }

type WebBackendServiceIamBindingMapOutput added in v4.11.1 

type WebBackendServiceIamBindingMapOutput struct{ *pulumi.OutputState }

func (WebBackendServiceIamBindingMapOutput) ElementType added in v4.11.1 

func (WebBackendServiceIamBindingMapOutput) ElementType() reflect.Type

func (WebBackendServiceIamBindingMapOutput) MapIndex added in v4.11.1 

func (o WebBackendServiceIamBindingMapOutput) MapIndex(k pulumi.StringInput) WebBackendServiceIamBindingOutput

func (WebBackendServiceIamBindingMapOutput) ToWebBackendServiceIamBindingMapOutput added in v4.11.1 

func (o WebBackendServiceIamBindingMapOutput) ToWebBackendServiceIamBindingMapOutput() WebBackendServiceIamBindingMapOutput

func (WebBackendServiceIamBindingMapOutput) ToWebBackendServiceIamBindingMapOutputWithContext added in v4.11.1 

func (o WebBackendServiceIamBindingMapOutput) ToWebBackendServiceIamBindingMapOutputWithContext(ctx context.Context) WebBackendServiceIamBindingMapOutput

type WebBackendServiceIamBindingOutput added in v4.4.0 

type WebBackendServiceIamBindingOutput struct {
	*pulumi.OutputState
}

func (WebBackendServiceIamBindingOutput) ElementType added in v4.4.0 

func (WebBackendServiceIamBindingOutput) ElementType() reflect.Type

func (WebBackendServiceIamBindingOutput) ToWebBackendServiceIamBindingOutput added in v4.4.0 

func (o WebBackendServiceIamBindingOutput) ToWebBackendServiceIamBindingOutput() WebBackendServiceIamBindingOutput

func (WebBackendServiceIamBindingOutput) ToWebBackendServiceIamBindingOutputWithContext added in v4.4.0 

func (o WebBackendServiceIamBindingOutput) ToWebBackendServiceIamBindingOutputWithContext(ctx context.Context) WebBackendServiceIamBindingOutput

func (WebBackendServiceIamBindingOutput) ToWebBackendServiceIamBindingPtrOutput added in v4.11.1 

func (o WebBackendServiceIamBindingOutput) ToWebBackendServiceIamBindingPtrOutput() WebBackendServiceIamBindingPtrOutput

func (WebBackendServiceIamBindingOutput) ToWebBackendServiceIamBindingPtrOutputWithContext added in v4.11.1 

func (o WebBackendServiceIamBindingOutput) ToWebBackendServiceIamBindingPtrOutputWithContext(ctx context.Context) WebBackendServiceIamBindingPtrOutput

type WebBackendServiceIamBindingPtrInput added in v4.11.1 

type WebBackendServiceIamBindingPtrInput interface {
	pulumi.Input

	ToWebBackendServiceIamBindingPtrOutput() WebBackendServiceIamBindingPtrOutput
	ToWebBackendServiceIamBindingPtrOutputWithContext(ctx context.Context) WebBackendServiceIamBindingPtrOutput
}

type WebBackendServiceIamBindingPtrOutput added in v4.11.1 

type WebBackendServiceIamBindingPtrOutput struct {
	*pulumi.OutputState
}

func (WebBackendServiceIamBindingPtrOutput) ElementType added in v4.11.1 

func (WebBackendServiceIamBindingPtrOutput) ElementType() reflect.Type

func (WebBackendServiceIamBindingPtrOutput) ToWebBackendServiceIamBindingPtrOutput added in v4.11.1 

func (o WebBackendServiceIamBindingPtrOutput) ToWebBackendServiceIamBindingPtrOutput() WebBackendServiceIamBindingPtrOutput

func (WebBackendServiceIamBindingPtrOutput) ToWebBackendServiceIamBindingPtrOutputWithContext added in v4.11.1 

func (o WebBackendServiceIamBindingPtrOutput) ToWebBackendServiceIamBindingPtrOutputWithContext(ctx context.Context) WebBackendServiceIamBindingPtrOutput

type WebBackendServiceIamBindingState 

type WebBackendServiceIamBindingState struct {
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebBackendServiceIamBindingConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag    pulumi.StringPtrInput
	Members pulumi.StringArrayInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
	// Used to find the parent resource to bind the IAM policy to
	WebBackendService pulumi.StringPtrInput
}

func (WebBackendServiceIamBindingState) ElementType 

func (WebBackendServiceIamBindingState) ElementType() reflect.Type

type WebBackendServiceIamMember 

type WebBackendServiceIamMember struct {
	pulumi.CustomResourceState

	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebBackendServiceIamMemberConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag   pulumi.StringOutput `pulumi:"etag"`
	Member pulumi.StringOutput `pulumi:"member"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
	// Used to find the parent resource to bind the IAM policy to
	WebBackendService pulumi.StringOutput `pulumi:"webBackendService"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:

* `iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached. * `iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved. * `iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.

> **Note:** `iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `iap.WebBackendServiceIamBinding` and `iap.WebBackendServiceIamMember` or they will fight over what your policy should be.

> **Note:** `iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_web\_backend\_service\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{
			Project:           pulumi.Any(google_compute_backend_service.Default.Project),
			WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
			PolicyData:        pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{
			Project:           pulumi.Any(google_compute_backend_service.Default.Project),
			WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
			PolicyData:        pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_backend\_service\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{
			Project:           pulumi.Any(google_compute_backend_service.Default.Project),
			WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
			Role:              pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{
			Project:           pulumi.Any(google_compute_backend_service.Default.Project),
			WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
			Role:              pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &iap.WebBackendServiceIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_backend\_service\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{
			Project:           pulumi.Any(google_compute_backend_service.Default.Project),
			WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
			Role:              pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:            pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{
			Project:           pulumi.Any(google_compute_backend_service.Default.Project),
			WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
			Role:              pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:            pulumi.String("user:jane@example.com"),
			Condition: &iap.WebBackendServiceIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/compute/services/{{name}} * {{project}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor "projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor "projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetWebBackendServiceIamMember 

func GetWebBackendServiceIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WebBackendServiceIamMemberState, opts ...pulumi.ResourceOption) (*WebBackendServiceIamMember, error)

GetWebBackendServiceIamMember gets an existing WebBackendServiceIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWebBackendServiceIamMember 

func NewWebBackendServiceIamMember(ctx *pulumi.Context,
	name string, args *WebBackendServiceIamMemberArgs, opts ...pulumi.ResourceOption) (*WebBackendServiceIamMember, error)

NewWebBackendServiceIamMember registers a new resource with the given unique name, arguments, and options.

func (*WebBackendServiceIamMember) ElementType added in v4.4.0 

func (*WebBackendServiceIamMember) ElementType() reflect.Type

func (*WebBackendServiceIamMember) ToWebBackendServiceIamMemberOutput added in v4.4.0 

func (i *WebBackendServiceIamMember) ToWebBackendServiceIamMemberOutput() WebBackendServiceIamMemberOutput

func (*WebBackendServiceIamMember) ToWebBackendServiceIamMemberOutputWithContext added in v4.4.0 

func (i *WebBackendServiceIamMember) ToWebBackendServiceIamMemberOutputWithContext(ctx context.Context) WebBackendServiceIamMemberOutput

func (*WebBackendServiceIamMember) ToWebBackendServiceIamMemberPtrOutput added in v4.11.1 

func (i *WebBackendServiceIamMember) ToWebBackendServiceIamMemberPtrOutput() WebBackendServiceIamMemberPtrOutput

func (*WebBackendServiceIamMember) ToWebBackendServiceIamMemberPtrOutputWithContext added in v4.11.1 

func (i *WebBackendServiceIamMember) ToWebBackendServiceIamMemberPtrOutputWithContext(ctx context.Context) WebBackendServiceIamMemberPtrOutput

type WebBackendServiceIamMemberArgs 

type WebBackendServiceIamMemberArgs struct {
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebBackendServiceIamMemberConditionPtrInput
	Member    pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
	// Used to find the parent resource to bind the IAM policy to
	WebBackendService pulumi.StringInput
}

The set of arguments for constructing a WebBackendServiceIamMember resource.

func (WebBackendServiceIamMemberArgs) ElementType 

func (WebBackendServiceIamMemberArgs) ElementType() reflect.Type

type WebBackendServiceIamMemberArray added in v4.11.1 

type WebBackendServiceIamMemberArray []WebBackendServiceIamMemberInput

func (WebBackendServiceIamMemberArray) ElementType added in v4.11.1 

func (WebBackendServiceIamMemberArray) ElementType() reflect.Type

func (WebBackendServiceIamMemberArray) ToWebBackendServiceIamMemberArrayOutput added in v4.11.1 

func (i WebBackendServiceIamMemberArray) ToWebBackendServiceIamMemberArrayOutput() WebBackendServiceIamMemberArrayOutput

func (WebBackendServiceIamMemberArray) ToWebBackendServiceIamMemberArrayOutputWithContext added in v4.11.1 

func (i WebBackendServiceIamMemberArray) ToWebBackendServiceIamMemberArrayOutputWithContext(ctx context.Context) WebBackendServiceIamMemberArrayOutput

type WebBackendServiceIamMemberArrayInput added in v4.11.1 

type WebBackendServiceIamMemberArrayInput interface {
	pulumi.Input

	ToWebBackendServiceIamMemberArrayOutput() WebBackendServiceIamMemberArrayOutput
	ToWebBackendServiceIamMemberArrayOutputWithContext(context.Context) WebBackendServiceIamMemberArrayOutput
}

WebBackendServiceIamMemberArrayInput is an input type that accepts WebBackendServiceIamMemberArray and WebBackendServiceIamMemberArrayOutput values. You can construct a concrete instance of `WebBackendServiceIamMemberArrayInput` via: 

WebBackendServiceIamMemberArray{ WebBackendServiceIamMemberArgs{...} }

type WebBackendServiceIamMemberArrayOutput added in v4.11.1 

type WebBackendServiceIamMemberArrayOutput struct{ *pulumi.OutputState }

func (WebBackendServiceIamMemberArrayOutput) ElementType added in v4.11.1 

func (WebBackendServiceIamMemberArrayOutput) ElementType() reflect.Type

func (WebBackendServiceIamMemberArrayOutput) Index added in v4.11.1 

func (o WebBackendServiceIamMemberArrayOutput) Index(i pulumi.IntInput) WebBackendServiceIamMemberOutput

func (WebBackendServiceIamMemberArrayOutput) ToWebBackendServiceIamMemberArrayOutput added in v4.11.1 

func (o WebBackendServiceIamMemberArrayOutput) ToWebBackendServiceIamMemberArrayOutput() WebBackendServiceIamMemberArrayOutput

func (WebBackendServiceIamMemberArrayOutput) ToWebBackendServiceIamMemberArrayOutputWithContext added in v4.11.1 

func (o WebBackendServiceIamMemberArrayOutput) ToWebBackendServiceIamMemberArrayOutputWithContext(ctx context.Context) WebBackendServiceIamMemberArrayOutput

type WebBackendServiceIamMemberCondition 

type WebBackendServiceIamMemberCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type WebBackendServiceIamMemberConditionArgs 

type WebBackendServiceIamMemberConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (WebBackendServiceIamMemberConditionArgs) ElementType 

func (WebBackendServiceIamMemberConditionArgs) ElementType() reflect.Type

func (WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionOutput 

func (i WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionOutput() WebBackendServiceIamMemberConditionOutput

func (WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionOutputWithContext 

func (i WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionOutput

func (WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionPtrOutput 

func (i WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionPtrOutput() WebBackendServiceIamMemberConditionPtrOutput

func (WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionPtrOutputWithContext 

func (i WebBackendServiceIamMemberConditionArgs) ToWebBackendServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionPtrOutput

type WebBackendServiceIamMemberConditionInput 

type WebBackendServiceIamMemberConditionInput interface {
	pulumi.Input

	ToWebBackendServiceIamMemberConditionOutput() WebBackendServiceIamMemberConditionOutput
	ToWebBackendServiceIamMemberConditionOutputWithContext(context.Context) WebBackendServiceIamMemberConditionOutput
}

WebBackendServiceIamMemberConditionInput is an input type that accepts WebBackendServiceIamMemberConditionArgs and WebBackendServiceIamMemberConditionOutput values. You can construct a concrete instance of `WebBackendServiceIamMemberConditionInput` via: 

WebBackendServiceIamMemberConditionArgs{...}

type WebBackendServiceIamMemberConditionOutput 

type WebBackendServiceIamMemberConditionOutput struct{ *pulumi.OutputState }

func (WebBackendServiceIamMemberConditionOutput) Description 

func (o WebBackendServiceIamMemberConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (WebBackendServiceIamMemberConditionOutput) ElementType 

func (WebBackendServiceIamMemberConditionOutput) ElementType() reflect.Type

func (WebBackendServiceIamMemberConditionOutput) Expression 

func (o WebBackendServiceIamMemberConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (WebBackendServiceIamMemberConditionOutput) Title 

func (o WebBackendServiceIamMemberConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionOutput 

func (o WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionOutput() WebBackendServiceIamMemberConditionOutput

func (WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionOutputWithContext 

func (o WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionOutput

func (WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionPtrOutput 

func (o WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionPtrOutput() WebBackendServiceIamMemberConditionPtrOutput

func (WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionPtrOutputWithContext 

func (o WebBackendServiceIamMemberConditionOutput) ToWebBackendServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionPtrOutput

type WebBackendServiceIamMemberConditionPtrInput 

type WebBackendServiceIamMemberConditionPtrInput interface {
	pulumi.Input

	ToWebBackendServiceIamMemberConditionPtrOutput() WebBackendServiceIamMemberConditionPtrOutput
	ToWebBackendServiceIamMemberConditionPtrOutputWithContext(context.Context) WebBackendServiceIamMemberConditionPtrOutput
}

WebBackendServiceIamMemberConditionPtrInput is an input type that accepts WebBackendServiceIamMemberConditionArgs, WebBackendServiceIamMemberConditionPtr and WebBackendServiceIamMemberConditionPtrOutput values. You can construct a concrete instance of `WebBackendServiceIamMemberConditionPtrInput` via: 

        WebBackendServiceIamMemberConditionArgs{...}

or:

        nil

func WebBackendServiceIamMemberConditionPtr 

func WebBackendServiceIamMemberConditionPtr(v *WebBackendServiceIamMemberConditionArgs) WebBackendServiceIamMemberConditionPtrInput

type WebBackendServiceIamMemberConditionPtrOutput 

type WebBackendServiceIamMemberConditionPtrOutput struct{ *pulumi.OutputState }

func (WebBackendServiceIamMemberConditionPtrOutput) Description 

func (o WebBackendServiceIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (WebBackendServiceIamMemberConditionPtrOutput) Elem 

func (o WebBackendServiceIamMemberConditionPtrOutput) Elem() WebBackendServiceIamMemberConditionOutput

func (WebBackendServiceIamMemberConditionPtrOutput) ElementType 

func (WebBackendServiceIamMemberConditionPtrOutput) ElementType() reflect.Type

func (WebBackendServiceIamMemberConditionPtrOutput) Expression 

func (o WebBackendServiceIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (WebBackendServiceIamMemberConditionPtrOutput) Title 

func (o WebBackendServiceIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (WebBackendServiceIamMemberConditionPtrOutput) ToWebBackendServiceIamMemberConditionPtrOutput 

func (o WebBackendServiceIamMemberConditionPtrOutput) ToWebBackendServiceIamMemberConditionPtrOutput() WebBackendServiceIamMemberConditionPtrOutput

func (WebBackendServiceIamMemberConditionPtrOutput) ToWebBackendServiceIamMemberConditionPtrOutputWithContext 

func (o WebBackendServiceIamMemberConditionPtrOutput) ToWebBackendServiceIamMemberConditionPtrOutputWithContext(ctx context.Context) WebBackendServiceIamMemberConditionPtrOutput

type WebBackendServiceIamMemberInput added in v4.4.0 

type WebBackendServiceIamMemberInput interface {
	pulumi.Input

	ToWebBackendServiceIamMemberOutput() WebBackendServiceIamMemberOutput
	ToWebBackendServiceIamMemberOutputWithContext(ctx context.Context) WebBackendServiceIamMemberOutput
}

type WebBackendServiceIamMemberMap added in v4.11.1 

type WebBackendServiceIamMemberMap map[string]WebBackendServiceIamMemberInput

func (WebBackendServiceIamMemberMap) ElementType added in v4.11.1 

func (WebBackendServiceIamMemberMap) ElementType() reflect.Type

func (WebBackendServiceIamMemberMap) ToWebBackendServiceIamMemberMapOutput added in v4.11.1 

func (i WebBackendServiceIamMemberMap) ToWebBackendServiceIamMemberMapOutput() WebBackendServiceIamMemberMapOutput

func (WebBackendServiceIamMemberMap) ToWebBackendServiceIamMemberMapOutputWithContext added in v4.11.1 

func (i WebBackendServiceIamMemberMap) ToWebBackendServiceIamMemberMapOutputWithContext(ctx context.Context) WebBackendServiceIamMemberMapOutput

type WebBackendServiceIamMemberMapInput added in v4.11.1 

type WebBackendServiceIamMemberMapInput interface {
	pulumi.Input

	ToWebBackendServiceIamMemberMapOutput() WebBackendServiceIamMemberMapOutput
	ToWebBackendServiceIamMemberMapOutputWithContext(context.Context) WebBackendServiceIamMemberMapOutput
}

WebBackendServiceIamMemberMapInput is an input type that accepts WebBackendServiceIamMemberMap and WebBackendServiceIamMemberMapOutput values. You can construct a concrete instance of `WebBackendServiceIamMemberMapInput` via: 

WebBackendServiceIamMemberMap{ "key": WebBackendServiceIamMemberArgs{...} }

type WebBackendServiceIamMemberMapOutput added in v4.11.1 

type WebBackendServiceIamMemberMapOutput struct{ *pulumi.OutputState }

func (WebBackendServiceIamMemberMapOutput) ElementType added in v4.11.1 

func (WebBackendServiceIamMemberMapOutput) ElementType() reflect.Type

func (WebBackendServiceIamMemberMapOutput) MapIndex added in v4.11.1 

func (o WebBackendServiceIamMemberMapOutput) MapIndex(k pulumi.StringInput) WebBackendServiceIamMemberOutput

func (WebBackendServiceIamMemberMapOutput) ToWebBackendServiceIamMemberMapOutput added in v4.11.1 

func (o WebBackendServiceIamMemberMapOutput) ToWebBackendServiceIamMemberMapOutput() WebBackendServiceIamMemberMapOutput

func (WebBackendServiceIamMemberMapOutput) ToWebBackendServiceIamMemberMapOutputWithContext added in v4.11.1 

func (o WebBackendServiceIamMemberMapOutput) ToWebBackendServiceIamMemberMapOutputWithContext(ctx context.Context) WebBackendServiceIamMemberMapOutput

type WebBackendServiceIamMemberOutput added in v4.4.0 

type WebBackendServiceIamMemberOutput struct {
	*pulumi.OutputState
}

func (WebBackendServiceIamMemberOutput) ElementType added in v4.4.0 

func (WebBackendServiceIamMemberOutput) ElementType() reflect.Type

func (WebBackendServiceIamMemberOutput) ToWebBackendServiceIamMemberOutput added in v4.4.0 

func (o WebBackendServiceIamMemberOutput) ToWebBackendServiceIamMemberOutput() WebBackendServiceIamMemberOutput

func (WebBackendServiceIamMemberOutput) ToWebBackendServiceIamMemberOutputWithContext added in v4.4.0 

func (o WebBackendServiceIamMemberOutput) ToWebBackendServiceIamMemberOutputWithContext(ctx context.Context) WebBackendServiceIamMemberOutput

func (WebBackendServiceIamMemberOutput) ToWebBackendServiceIamMemberPtrOutput added in v4.11.1 

func (o WebBackendServiceIamMemberOutput) ToWebBackendServiceIamMemberPtrOutput() WebBackendServiceIamMemberPtrOutput

func (WebBackendServiceIamMemberOutput) ToWebBackendServiceIamMemberPtrOutputWithContext added in v4.11.1 

func (o WebBackendServiceIamMemberOutput) ToWebBackendServiceIamMemberPtrOutputWithContext(ctx context.Context) WebBackendServiceIamMemberPtrOutput

type WebBackendServiceIamMemberPtrInput added in v4.11.1 

type WebBackendServiceIamMemberPtrInput interface {
	pulumi.Input

	ToWebBackendServiceIamMemberPtrOutput() WebBackendServiceIamMemberPtrOutput
	ToWebBackendServiceIamMemberPtrOutputWithContext(ctx context.Context) WebBackendServiceIamMemberPtrOutput
}

type WebBackendServiceIamMemberPtrOutput added in v4.11.1 

type WebBackendServiceIamMemberPtrOutput struct {
	*pulumi.OutputState
}

func (WebBackendServiceIamMemberPtrOutput) ElementType added in v4.11.1 

func (WebBackendServiceIamMemberPtrOutput) ElementType() reflect.Type

func (WebBackendServiceIamMemberPtrOutput) ToWebBackendServiceIamMemberPtrOutput added in v4.11.1 

func (o WebBackendServiceIamMemberPtrOutput) ToWebBackendServiceIamMemberPtrOutput() WebBackendServiceIamMemberPtrOutput

func (WebBackendServiceIamMemberPtrOutput) ToWebBackendServiceIamMemberPtrOutputWithContext added in v4.11.1 

func (o WebBackendServiceIamMemberPtrOutput) ToWebBackendServiceIamMemberPtrOutputWithContext(ctx context.Context) WebBackendServiceIamMemberPtrOutput

type WebBackendServiceIamMemberState 

type WebBackendServiceIamMemberState struct {
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebBackendServiceIamMemberConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag   pulumi.StringPtrInput
	Member pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
	// Used to find the parent resource to bind the IAM policy to
	WebBackendService pulumi.StringPtrInput
}

func (WebBackendServiceIamMemberState) ElementType 

func (WebBackendServiceIamMemberState) ElementType() reflect.Type

type WebBackendServiceIamPolicy 

type WebBackendServiceIamPolicy struct {
	pulumi.CustomResourceState

	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringOutput `pulumi:"policyData"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// Used to find the parent resource to bind the IAM policy to
	WebBackendService pulumi.StringOutput `pulumi:"webBackendService"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:

* `iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached. * `iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved. * `iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.

> **Note:** `iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `iap.WebBackendServiceIamBinding` and `iap.WebBackendServiceIamMember` or they will fight over what your policy should be.

> **Note:** `iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_web\_backend\_service\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{
			Project:           pulumi.Any(google_compute_backend_service.Default.Project),
			WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
			PolicyData:        pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{
			Project:           pulumi.Any(google_compute_backend_service.Default.Project),
			WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
			PolicyData:        pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_backend\_service\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{
			Project:           pulumi.Any(google_compute_backend_service.Default.Project),
			WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
			Role:              pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{
			Project:           pulumi.Any(google_compute_backend_service.Default.Project),
			WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
			Role:              pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &iap.WebBackendServiceIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_backend\_service\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{
			Project:           pulumi.Any(google_compute_backend_service.Default.Project),
			WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
			Role:              pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:            pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{
			Project:           pulumi.Any(google_compute_backend_service.Default.Project),
			WebBackendService: pulumi.Any(google_compute_backend_service.Default.Name),
			Role:              pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:            pulumi.String("user:jane@example.com"),
			Condition: &iap.WebBackendServiceIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/compute/services/{{name}} * {{project}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor "projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor "projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetWebBackendServiceIamPolicy 

func GetWebBackendServiceIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WebBackendServiceIamPolicyState, opts ...pulumi.ResourceOption) (*WebBackendServiceIamPolicy, error)

GetWebBackendServiceIamPolicy gets an existing WebBackendServiceIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWebBackendServiceIamPolicy 

func NewWebBackendServiceIamPolicy(ctx *pulumi.Context,
	name string, args *WebBackendServiceIamPolicyArgs, opts ...pulumi.ResourceOption) (*WebBackendServiceIamPolicy, error)

NewWebBackendServiceIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*WebBackendServiceIamPolicy) ElementType added in v4.4.0 

func (*WebBackendServiceIamPolicy) ElementType() reflect.Type

func (*WebBackendServiceIamPolicy) ToWebBackendServiceIamPolicyOutput added in v4.4.0 

func (i *WebBackendServiceIamPolicy) ToWebBackendServiceIamPolicyOutput() WebBackendServiceIamPolicyOutput

func (*WebBackendServiceIamPolicy) ToWebBackendServiceIamPolicyOutputWithContext added in v4.4.0 

func (i *WebBackendServiceIamPolicy) ToWebBackendServiceIamPolicyOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyOutput

func (*WebBackendServiceIamPolicy) ToWebBackendServiceIamPolicyPtrOutput added in v4.11.1 

func (i *WebBackendServiceIamPolicy) ToWebBackendServiceIamPolicyPtrOutput() WebBackendServiceIamPolicyPtrOutput

func (*WebBackendServiceIamPolicy) ToWebBackendServiceIamPolicyPtrOutputWithContext added in v4.11.1 

func (i *WebBackendServiceIamPolicy) ToWebBackendServiceIamPolicyPtrOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyPtrOutput

type WebBackendServiceIamPolicyArgs 

type WebBackendServiceIamPolicyArgs struct {
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// Used to find the parent resource to bind the IAM policy to
	WebBackendService pulumi.StringInput
}

The set of arguments for constructing a WebBackendServiceIamPolicy resource.

func (WebBackendServiceIamPolicyArgs) ElementType 

func (WebBackendServiceIamPolicyArgs) ElementType() reflect.Type

type WebBackendServiceIamPolicyArray added in v4.11.1 

type WebBackendServiceIamPolicyArray []WebBackendServiceIamPolicyInput

func (WebBackendServiceIamPolicyArray) ElementType added in v4.11.1 

func (WebBackendServiceIamPolicyArray) ElementType() reflect.Type

func (WebBackendServiceIamPolicyArray) ToWebBackendServiceIamPolicyArrayOutput added in v4.11.1 

func (i WebBackendServiceIamPolicyArray) ToWebBackendServiceIamPolicyArrayOutput() WebBackendServiceIamPolicyArrayOutput

func (WebBackendServiceIamPolicyArray) ToWebBackendServiceIamPolicyArrayOutputWithContext added in v4.11.1 

func (i WebBackendServiceIamPolicyArray) ToWebBackendServiceIamPolicyArrayOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyArrayOutput

type WebBackendServiceIamPolicyArrayInput added in v4.11.1 

type WebBackendServiceIamPolicyArrayInput interface {
	pulumi.Input

	ToWebBackendServiceIamPolicyArrayOutput() WebBackendServiceIamPolicyArrayOutput
	ToWebBackendServiceIamPolicyArrayOutputWithContext(context.Context) WebBackendServiceIamPolicyArrayOutput
}

WebBackendServiceIamPolicyArrayInput is an input type that accepts WebBackendServiceIamPolicyArray and WebBackendServiceIamPolicyArrayOutput values. You can construct a concrete instance of `WebBackendServiceIamPolicyArrayInput` via: 

WebBackendServiceIamPolicyArray{ WebBackendServiceIamPolicyArgs{...} }

type WebBackendServiceIamPolicyArrayOutput added in v4.11.1 

type WebBackendServiceIamPolicyArrayOutput struct{ *pulumi.OutputState }

func (WebBackendServiceIamPolicyArrayOutput) ElementType added in v4.11.1 

func (WebBackendServiceIamPolicyArrayOutput) ElementType() reflect.Type

func (WebBackendServiceIamPolicyArrayOutput) Index added in v4.11.1 

func (o WebBackendServiceIamPolicyArrayOutput) Index(i pulumi.IntInput) WebBackendServiceIamPolicyOutput

func (WebBackendServiceIamPolicyArrayOutput) ToWebBackendServiceIamPolicyArrayOutput added in v4.11.1 

func (o WebBackendServiceIamPolicyArrayOutput) ToWebBackendServiceIamPolicyArrayOutput() WebBackendServiceIamPolicyArrayOutput

func (WebBackendServiceIamPolicyArrayOutput) ToWebBackendServiceIamPolicyArrayOutputWithContext added in v4.11.1 

func (o WebBackendServiceIamPolicyArrayOutput) ToWebBackendServiceIamPolicyArrayOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyArrayOutput

type WebBackendServiceIamPolicyInput added in v4.4.0 

type WebBackendServiceIamPolicyInput interface {
	pulumi.Input

	ToWebBackendServiceIamPolicyOutput() WebBackendServiceIamPolicyOutput
	ToWebBackendServiceIamPolicyOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyOutput
}

type WebBackendServiceIamPolicyMap added in v4.11.1 

type WebBackendServiceIamPolicyMap map[string]WebBackendServiceIamPolicyInput

func (WebBackendServiceIamPolicyMap) ElementType added in v4.11.1 

func (WebBackendServiceIamPolicyMap) ElementType() reflect.Type

func (WebBackendServiceIamPolicyMap) ToWebBackendServiceIamPolicyMapOutput added in v4.11.1 

func (i WebBackendServiceIamPolicyMap) ToWebBackendServiceIamPolicyMapOutput() WebBackendServiceIamPolicyMapOutput

func (WebBackendServiceIamPolicyMap) ToWebBackendServiceIamPolicyMapOutputWithContext added in v4.11.1 

func (i WebBackendServiceIamPolicyMap) ToWebBackendServiceIamPolicyMapOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyMapOutput

type WebBackendServiceIamPolicyMapInput added in v4.11.1 

type WebBackendServiceIamPolicyMapInput interface {
	pulumi.Input

	ToWebBackendServiceIamPolicyMapOutput() WebBackendServiceIamPolicyMapOutput
	ToWebBackendServiceIamPolicyMapOutputWithContext(context.Context) WebBackendServiceIamPolicyMapOutput
}

WebBackendServiceIamPolicyMapInput is an input type that accepts WebBackendServiceIamPolicyMap and WebBackendServiceIamPolicyMapOutput values. You can construct a concrete instance of `WebBackendServiceIamPolicyMapInput` via: 

WebBackendServiceIamPolicyMap{ "key": WebBackendServiceIamPolicyArgs{...} }

type WebBackendServiceIamPolicyMapOutput added in v4.11.1 

type WebBackendServiceIamPolicyMapOutput struct{ *pulumi.OutputState }

func (WebBackendServiceIamPolicyMapOutput) ElementType added in v4.11.1 

func (WebBackendServiceIamPolicyMapOutput) ElementType() reflect.Type

func (WebBackendServiceIamPolicyMapOutput) MapIndex added in v4.11.1 

func (o WebBackendServiceIamPolicyMapOutput) MapIndex(k pulumi.StringInput) WebBackendServiceIamPolicyOutput

func (WebBackendServiceIamPolicyMapOutput) ToWebBackendServiceIamPolicyMapOutput added in v4.11.1 

func (o WebBackendServiceIamPolicyMapOutput) ToWebBackendServiceIamPolicyMapOutput() WebBackendServiceIamPolicyMapOutput

func (WebBackendServiceIamPolicyMapOutput) ToWebBackendServiceIamPolicyMapOutputWithContext added in v4.11.1 

func (o WebBackendServiceIamPolicyMapOutput) ToWebBackendServiceIamPolicyMapOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyMapOutput

type WebBackendServiceIamPolicyOutput added in v4.4.0 

type WebBackendServiceIamPolicyOutput struct {
	*pulumi.OutputState
}

func (WebBackendServiceIamPolicyOutput) ElementType added in v4.4.0 

func (WebBackendServiceIamPolicyOutput) ElementType() reflect.Type

func (WebBackendServiceIamPolicyOutput) ToWebBackendServiceIamPolicyOutput added in v4.4.0 

func (o WebBackendServiceIamPolicyOutput) ToWebBackendServiceIamPolicyOutput() WebBackendServiceIamPolicyOutput

func (WebBackendServiceIamPolicyOutput) ToWebBackendServiceIamPolicyOutputWithContext added in v4.4.0 

func (o WebBackendServiceIamPolicyOutput) ToWebBackendServiceIamPolicyOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyOutput

func (WebBackendServiceIamPolicyOutput) ToWebBackendServiceIamPolicyPtrOutput added in v4.11.1 

func (o WebBackendServiceIamPolicyOutput) ToWebBackendServiceIamPolicyPtrOutput() WebBackendServiceIamPolicyPtrOutput

func (WebBackendServiceIamPolicyOutput) ToWebBackendServiceIamPolicyPtrOutputWithContext added in v4.11.1 

func (o WebBackendServiceIamPolicyOutput) ToWebBackendServiceIamPolicyPtrOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyPtrOutput

type WebBackendServiceIamPolicyPtrInput added in v4.11.1 

type WebBackendServiceIamPolicyPtrInput interface {
	pulumi.Input

	ToWebBackendServiceIamPolicyPtrOutput() WebBackendServiceIamPolicyPtrOutput
	ToWebBackendServiceIamPolicyPtrOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyPtrOutput
}

type WebBackendServiceIamPolicyPtrOutput added in v4.11.1 

type WebBackendServiceIamPolicyPtrOutput struct {
	*pulumi.OutputState
}

func (WebBackendServiceIamPolicyPtrOutput) ElementType added in v4.11.1 

func (WebBackendServiceIamPolicyPtrOutput) ElementType() reflect.Type

func (WebBackendServiceIamPolicyPtrOutput) ToWebBackendServiceIamPolicyPtrOutput added in v4.11.1 

func (o WebBackendServiceIamPolicyPtrOutput) ToWebBackendServiceIamPolicyPtrOutput() WebBackendServiceIamPolicyPtrOutput

func (WebBackendServiceIamPolicyPtrOutput) ToWebBackendServiceIamPolicyPtrOutputWithContext added in v4.11.1 

func (o WebBackendServiceIamPolicyPtrOutput) ToWebBackendServiceIamPolicyPtrOutputWithContext(ctx context.Context) WebBackendServiceIamPolicyPtrOutput

type WebBackendServiceIamPolicyState 

type WebBackendServiceIamPolicyState struct {
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringPtrInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// Used to find the parent resource to bind the IAM policy to
	WebBackendService pulumi.StringPtrInput
}

func (WebBackendServiceIamPolicyState) ElementType 

func (WebBackendServiceIamPolicyState) ElementType() reflect.Type

type WebIamBinding 

type WebIamBinding struct {
	pulumi.CustomResourceState

	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebIamBindingConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag    pulumi.StringOutput      `pulumi:"etag"`
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:

* `iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached. * `iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved. * `iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.

> **Note:** `iap.WebIamPolicy` **cannot** be used in conjunction with `iap.WebIamBinding` and `iap.WebIamMember` or they will fight over what your policy should be.

> **Note:** `iap.WebIamBinding` resources **can be** used in conjunction with `iap.WebIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_web\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{
			Project:    pulumi.Any(google_project_service.Project_service.Project),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{
			Project:    pulumi.Any(google_project_service.Project_service.Project),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &iap.WebIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
			Condition: &iap.WebIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor "projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor "projects/{{project}}/iap_web roles/iap.httpsResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor projects/{{project}}/iap_web

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetWebIamBinding 

func GetWebIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WebIamBindingState, opts ...pulumi.ResourceOption) (*WebIamBinding, error)

GetWebIamBinding gets an existing WebIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWebIamBinding 

func NewWebIamBinding(ctx *pulumi.Context,
	name string, args *WebIamBindingArgs, opts ...pulumi.ResourceOption) (*WebIamBinding, error)

NewWebIamBinding registers a new resource with the given unique name, arguments, and options.

func (*WebIamBinding) ElementType added in v4.4.0 

func (*WebIamBinding) ElementType() reflect.Type

func (*WebIamBinding) ToWebIamBindingOutput added in v4.4.0 

func (i *WebIamBinding) ToWebIamBindingOutput() WebIamBindingOutput

func (*WebIamBinding) ToWebIamBindingOutputWithContext added in v4.4.0 

func (i *WebIamBinding) ToWebIamBindingOutputWithContext(ctx context.Context) WebIamBindingOutput

func (*WebIamBinding) ToWebIamBindingPtrOutput added in v4.11.1 

func (i *WebIamBinding) ToWebIamBindingPtrOutput() WebIamBindingPtrOutput

func (*WebIamBinding) ToWebIamBindingPtrOutputWithContext added in v4.11.1 

func (i *WebIamBinding) ToWebIamBindingPtrOutputWithContext(ctx context.Context) WebIamBindingPtrOutput

type WebIamBindingArgs 

type WebIamBindingArgs struct {
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebIamBindingConditionPtrInput
	Members   pulumi.StringArrayInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a WebIamBinding resource.

func (WebIamBindingArgs) ElementType 

func (WebIamBindingArgs) ElementType() reflect.Type

type WebIamBindingArray added in v4.11.1 

type WebIamBindingArray []WebIamBindingInput

func (WebIamBindingArray) ElementType added in v4.11.1 

func (WebIamBindingArray) ElementType() reflect.Type

func (WebIamBindingArray) ToWebIamBindingArrayOutput added in v4.11.1 

func (i WebIamBindingArray) ToWebIamBindingArrayOutput() WebIamBindingArrayOutput

func (WebIamBindingArray) ToWebIamBindingArrayOutputWithContext added in v4.11.1 

func (i WebIamBindingArray) ToWebIamBindingArrayOutputWithContext(ctx context.Context) WebIamBindingArrayOutput

type WebIamBindingArrayInput added in v4.11.1 

type WebIamBindingArrayInput interface {
	pulumi.Input

	ToWebIamBindingArrayOutput() WebIamBindingArrayOutput
	ToWebIamBindingArrayOutputWithContext(context.Context) WebIamBindingArrayOutput
}

WebIamBindingArrayInput is an input type that accepts WebIamBindingArray and WebIamBindingArrayOutput values. You can construct a concrete instance of `WebIamBindingArrayInput` via: 

WebIamBindingArray{ WebIamBindingArgs{...} }

type WebIamBindingArrayOutput added in v4.11.1 

type WebIamBindingArrayOutput struct{ *pulumi.OutputState }

func (WebIamBindingArrayOutput) ElementType added in v4.11.1 

func (WebIamBindingArrayOutput) ElementType() reflect.Type

func (WebIamBindingArrayOutput) Index added in v4.11.1 

func (o WebIamBindingArrayOutput) Index(i pulumi.IntInput) WebIamBindingOutput

func (WebIamBindingArrayOutput) ToWebIamBindingArrayOutput added in v4.11.1 

func (o WebIamBindingArrayOutput) ToWebIamBindingArrayOutput() WebIamBindingArrayOutput

func (WebIamBindingArrayOutput) ToWebIamBindingArrayOutputWithContext added in v4.11.1 

func (o WebIamBindingArrayOutput) ToWebIamBindingArrayOutputWithContext(ctx context.Context) WebIamBindingArrayOutput

type WebIamBindingCondition 

type WebIamBindingCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type WebIamBindingConditionArgs 

type WebIamBindingConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (WebIamBindingConditionArgs) ElementType 

func (WebIamBindingConditionArgs) ElementType() reflect.Type

func (WebIamBindingConditionArgs) ToWebIamBindingConditionOutput 

func (i WebIamBindingConditionArgs) ToWebIamBindingConditionOutput() WebIamBindingConditionOutput

func (WebIamBindingConditionArgs) ToWebIamBindingConditionOutputWithContext 

func (i WebIamBindingConditionArgs) ToWebIamBindingConditionOutputWithContext(ctx context.Context) WebIamBindingConditionOutput

func (WebIamBindingConditionArgs) ToWebIamBindingConditionPtrOutput 

func (i WebIamBindingConditionArgs) ToWebIamBindingConditionPtrOutput() WebIamBindingConditionPtrOutput

func (WebIamBindingConditionArgs) ToWebIamBindingConditionPtrOutputWithContext 

func (i WebIamBindingConditionArgs) ToWebIamBindingConditionPtrOutputWithContext(ctx context.Context) WebIamBindingConditionPtrOutput

type WebIamBindingConditionInput 

type WebIamBindingConditionInput interface {
	pulumi.Input

	ToWebIamBindingConditionOutput() WebIamBindingConditionOutput
	ToWebIamBindingConditionOutputWithContext(context.Context) WebIamBindingConditionOutput
}

WebIamBindingConditionInput is an input type that accepts WebIamBindingConditionArgs and WebIamBindingConditionOutput values. You can construct a concrete instance of `WebIamBindingConditionInput` via: 

WebIamBindingConditionArgs{...}

type WebIamBindingConditionOutput 

type WebIamBindingConditionOutput struct{ *pulumi.OutputState }

func (WebIamBindingConditionOutput) Description 

func (o WebIamBindingConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (WebIamBindingConditionOutput) ElementType 

func (WebIamBindingConditionOutput) ElementType() reflect.Type

func (WebIamBindingConditionOutput) Expression 

func (o WebIamBindingConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (WebIamBindingConditionOutput) Title 

func (o WebIamBindingConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (WebIamBindingConditionOutput) ToWebIamBindingConditionOutput 

func (o WebIamBindingConditionOutput) ToWebIamBindingConditionOutput() WebIamBindingConditionOutput

func (WebIamBindingConditionOutput) ToWebIamBindingConditionOutputWithContext 

func (o WebIamBindingConditionOutput) ToWebIamBindingConditionOutputWithContext(ctx context.Context) WebIamBindingConditionOutput

func (WebIamBindingConditionOutput) ToWebIamBindingConditionPtrOutput 

func (o WebIamBindingConditionOutput) ToWebIamBindingConditionPtrOutput() WebIamBindingConditionPtrOutput

func (WebIamBindingConditionOutput) ToWebIamBindingConditionPtrOutputWithContext 

func (o WebIamBindingConditionOutput) ToWebIamBindingConditionPtrOutputWithContext(ctx context.Context) WebIamBindingConditionPtrOutput

type WebIamBindingConditionPtrInput 

type WebIamBindingConditionPtrInput interface {
	pulumi.Input

	ToWebIamBindingConditionPtrOutput() WebIamBindingConditionPtrOutput
	ToWebIamBindingConditionPtrOutputWithContext(context.Context) WebIamBindingConditionPtrOutput
}

WebIamBindingConditionPtrInput is an input type that accepts WebIamBindingConditionArgs, WebIamBindingConditionPtr and WebIamBindingConditionPtrOutput values. You can construct a concrete instance of `WebIamBindingConditionPtrInput` via: 

        WebIamBindingConditionArgs{...}

or:

        nil

func WebIamBindingConditionPtr 

func WebIamBindingConditionPtr(v *WebIamBindingConditionArgs) WebIamBindingConditionPtrInput

type WebIamBindingConditionPtrOutput 

type WebIamBindingConditionPtrOutput struct{ *pulumi.OutputState }

func (WebIamBindingConditionPtrOutput) Description 

func (o WebIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (WebIamBindingConditionPtrOutput) Elem 

func (o WebIamBindingConditionPtrOutput) Elem() WebIamBindingConditionOutput

func (WebIamBindingConditionPtrOutput) ElementType 

func (WebIamBindingConditionPtrOutput) ElementType() reflect.Type

func (WebIamBindingConditionPtrOutput) Expression 

func (o WebIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (WebIamBindingConditionPtrOutput) Title 

func (o WebIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (WebIamBindingConditionPtrOutput) ToWebIamBindingConditionPtrOutput 

func (o WebIamBindingConditionPtrOutput) ToWebIamBindingConditionPtrOutput() WebIamBindingConditionPtrOutput

func (WebIamBindingConditionPtrOutput) ToWebIamBindingConditionPtrOutputWithContext 

func (o WebIamBindingConditionPtrOutput) ToWebIamBindingConditionPtrOutputWithContext(ctx context.Context) WebIamBindingConditionPtrOutput

type WebIamBindingInput added in v4.4.0 

type WebIamBindingInput interface {
	pulumi.Input

	ToWebIamBindingOutput() WebIamBindingOutput
	ToWebIamBindingOutputWithContext(ctx context.Context) WebIamBindingOutput
}

type WebIamBindingMap added in v4.11.1 

type WebIamBindingMap map[string]WebIamBindingInput

func (WebIamBindingMap) ElementType added in v4.11.1 

func (WebIamBindingMap) ElementType() reflect.Type

func (WebIamBindingMap) ToWebIamBindingMapOutput added in v4.11.1 

func (i WebIamBindingMap) ToWebIamBindingMapOutput() WebIamBindingMapOutput

func (WebIamBindingMap) ToWebIamBindingMapOutputWithContext added in v4.11.1 

func (i WebIamBindingMap) ToWebIamBindingMapOutputWithContext(ctx context.Context) WebIamBindingMapOutput

type WebIamBindingMapInput added in v4.11.1 

type WebIamBindingMapInput interface {
	pulumi.Input

	ToWebIamBindingMapOutput() WebIamBindingMapOutput
	ToWebIamBindingMapOutputWithContext(context.Context) WebIamBindingMapOutput
}

WebIamBindingMapInput is an input type that accepts WebIamBindingMap and WebIamBindingMapOutput values. You can construct a concrete instance of `WebIamBindingMapInput` via: 

WebIamBindingMap{ "key": WebIamBindingArgs{...} }

type WebIamBindingMapOutput added in v4.11.1 

type WebIamBindingMapOutput struct{ *pulumi.OutputState }

func (WebIamBindingMapOutput) ElementType added in v4.11.1 

func (WebIamBindingMapOutput) ElementType() reflect.Type

func (WebIamBindingMapOutput) MapIndex added in v4.11.1 

func (o WebIamBindingMapOutput) MapIndex(k pulumi.StringInput) WebIamBindingOutput

func (WebIamBindingMapOutput) ToWebIamBindingMapOutput added in v4.11.1 

func (o WebIamBindingMapOutput) ToWebIamBindingMapOutput() WebIamBindingMapOutput

func (WebIamBindingMapOutput) ToWebIamBindingMapOutputWithContext added in v4.11.1 

func (o WebIamBindingMapOutput) ToWebIamBindingMapOutputWithContext(ctx context.Context) WebIamBindingMapOutput

type WebIamBindingOutput added in v4.4.0 

type WebIamBindingOutput struct {
	*pulumi.OutputState
}

func (WebIamBindingOutput) ElementType added in v4.4.0 

func (WebIamBindingOutput) ElementType() reflect.Type

func (WebIamBindingOutput) ToWebIamBindingOutput added in v4.4.0 

func (o WebIamBindingOutput) ToWebIamBindingOutput() WebIamBindingOutput

func (WebIamBindingOutput) ToWebIamBindingOutputWithContext added in v4.4.0 

func (o WebIamBindingOutput) ToWebIamBindingOutputWithContext(ctx context.Context) WebIamBindingOutput

func (WebIamBindingOutput) ToWebIamBindingPtrOutput added in v4.11.1 

func (o WebIamBindingOutput) ToWebIamBindingPtrOutput() WebIamBindingPtrOutput

func (WebIamBindingOutput) ToWebIamBindingPtrOutputWithContext added in v4.11.1 

func (o WebIamBindingOutput) ToWebIamBindingPtrOutputWithContext(ctx context.Context) WebIamBindingPtrOutput

type WebIamBindingPtrInput added in v4.11.1 

type WebIamBindingPtrInput interface {
	pulumi.Input

	ToWebIamBindingPtrOutput() WebIamBindingPtrOutput
	ToWebIamBindingPtrOutputWithContext(ctx context.Context) WebIamBindingPtrOutput
}

type WebIamBindingPtrOutput added in v4.11.1 

type WebIamBindingPtrOutput struct {
	*pulumi.OutputState
}

func (WebIamBindingPtrOutput) ElementType added in v4.11.1 

func (WebIamBindingPtrOutput) ElementType() reflect.Type

func (WebIamBindingPtrOutput) ToWebIamBindingPtrOutput added in v4.11.1 

func (o WebIamBindingPtrOutput) ToWebIamBindingPtrOutput() WebIamBindingPtrOutput

func (WebIamBindingPtrOutput) ToWebIamBindingPtrOutputWithContext added in v4.11.1 

func (o WebIamBindingPtrOutput) ToWebIamBindingPtrOutputWithContext(ctx context.Context) WebIamBindingPtrOutput

type WebIamBindingState 

type WebIamBindingState struct {
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebIamBindingConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag    pulumi.StringPtrInput
	Members pulumi.StringArrayInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (WebIamBindingState) ElementType 

func (WebIamBindingState) ElementType() reflect.Type

type WebIamMember 

type WebIamMember struct {
	pulumi.CustomResourceState

	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebIamMemberConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag   pulumi.StringOutput `pulumi:"etag"`
	Member pulumi.StringOutput `pulumi:"member"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:

* `iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached. * `iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved. * `iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.

> **Note:** `iap.WebIamPolicy` **cannot** be used in conjunction with `iap.WebIamBinding` and `iap.WebIamMember` or they will fight over what your policy should be.

> **Note:** `iap.WebIamBinding` resources **can be** used in conjunction with `iap.WebIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_web\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{
			Project:    pulumi.Any(google_project_service.Project_service.Project),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{
			Project:    pulumi.Any(google_project_service.Project_service.Project),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &iap.WebIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
			Condition: &iap.WebIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/webIamMember:WebIamMember editor "projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/webIamMember:WebIamMember editor "projects/{{project}}/iap_web roles/iap.httpsResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/webIamMember:WebIamMember editor projects/{{project}}/iap_web

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetWebIamMember 

func GetWebIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WebIamMemberState, opts ...pulumi.ResourceOption) (*WebIamMember, error)

GetWebIamMember gets an existing WebIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWebIamMember 

func NewWebIamMember(ctx *pulumi.Context,
	name string, args *WebIamMemberArgs, opts ...pulumi.ResourceOption) (*WebIamMember, error)

NewWebIamMember registers a new resource with the given unique name, arguments, and options.

func (*WebIamMember) ElementType added in v4.4.0 

func (*WebIamMember) ElementType() reflect.Type

func (*WebIamMember) ToWebIamMemberOutput added in v4.4.0 

func (i *WebIamMember) ToWebIamMemberOutput() WebIamMemberOutput

func (*WebIamMember) ToWebIamMemberOutputWithContext added in v4.4.0 

func (i *WebIamMember) ToWebIamMemberOutputWithContext(ctx context.Context) WebIamMemberOutput

func (*WebIamMember) ToWebIamMemberPtrOutput added in v4.11.1 

func (i *WebIamMember) ToWebIamMemberPtrOutput() WebIamMemberPtrOutput

func (*WebIamMember) ToWebIamMemberPtrOutputWithContext added in v4.11.1 

func (i *WebIamMember) ToWebIamMemberPtrOutputWithContext(ctx context.Context) WebIamMemberPtrOutput

type WebIamMemberArgs 

type WebIamMemberArgs struct {
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebIamMemberConditionPtrInput
	Member    pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a WebIamMember resource.

func (WebIamMemberArgs) ElementType 

func (WebIamMemberArgs) ElementType() reflect.Type

type WebIamMemberArray added in v4.11.1 

type WebIamMemberArray []WebIamMemberInput

func (WebIamMemberArray) ElementType added in v4.11.1 

func (WebIamMemberArray) ElementType() reflect.Type

func (WebIamMemberArray) ToWebIamMemberArrayOutput added in v4.11.1 

func (i WebIamMemberArray) ToWebIamMemberArrayOutput() WebIamMemberArrayOutput

func (WebIamMemberArray) ToWebIamMemberArrayOutputWithContext added in v4.11.1 

func (i WebIamMemberArray) ToWebIamMemberArrayOutputWithContext(ctx context.Context) WebIamMemberArrayOutput

type WebIamMemberArrayInput added in v4.11.1 

type WebIamMemberArrayInput interface {
	pulumi.Input

	ToWebIamMemberArrayOutput() WebIamMemberArrayOutput
	ToWebIamMemberArrayOutputWithContext(context.Context) WebIamMemberArrayOutput
}

WebIamMemberArrayInput is an input type that accepts WebIamMemberArray and WebIamMemberArrayOutput values. You can construct a concrete instance of `WebIamMemberArrayInput` via: 

WebIamMemberArray{ WebIamMemberArgs{...} }

type WebIamMemberArrayOutput added in v4.11.1 

type WebIamMemberArrayOutput struct{ *pulumi.OutputState }

func (WebIamMemberArrayOutput) ElementType added in v4.11.1 

func (WebIamMemberArrayOutput) ElementType() reflect.Type

func (WebIamMemberArrayOutput) Index added in v4.11.1 

func (o WebIamMemberArrayOutput) Index(i pulumi.IntInput) WebIamMemberOutput

func (WebIamMemberArrayOutput) ToWebIamMemberArrayOutput added in v4.11.1 

func (o WebIamMemberArrayOutput) ToWebIamMemberArrayOutput() WebIamMemberArrayOutput

func (WebIamMemberArrayOutput) ToWebIamMemberArrayOutputWithContext added in v4.11.1 

func (o WebIamMemberArrayOutput) ToWebIamMemberArrayOutputWithContext(ctx context.Context) WebIamMemberArrayOutput

type WebIamMemberCondition 

type WebIamMemberCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type WebIamMemberConditionArgs 

type WebIamMemberConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (WebIamMemberConditionArgs) ElementType 

func (WebIamMemberConditionArgs) ElementType() reflect.Type

func (WebIamMemberConditionArgs) ToWebIamMemberConditionOutput 

func (i WebIamMemberConditionArgs) ToWebIamMemberConditionOutput() WebIamMemberConditionOutput

func (WebIamMemberConditionArgs) ToWebIamMemberConditionOutputWithContext 

func (i WebIamMemberConditionArgs) ToWebIamMemberConditionOutputWithContext(ctx context.Context) WebIamMemberConditionOutput

func (WebIamMemberConditionArgs) ToWebIamMemberConditionPtrOutput 

func (i WebIamMemberConditionArgs) ToWebIamMemberConditionPtrOutput() WebIamMemberConditionPtrOutput

func (WebIamMemberConditionArgs) ToWebIamMemberConditionPtrOutputWithContext 

func (i WebIamMemberConditionArgs) ToWebIamMemberConditionPtrOutputWithContext(ctx context.Context) WebIamMemberConditionPtrOutput

type WebIamMemberConditionInput 

type WebIamMemberConditionInput interface {
	pulumi.Input

	ToWebIamMemberConditionOutput() WebIamMemberConditionOutput
	ToWebIamMemberConditionOutputWithContext(context.Context) WebIamMemberConditionOutput
}

WebIamMemberConditionInput is an input type that accepts WebIamMemberConditionArgs and WebIamMemberConditionOutput values. You can construct a concrete instance of `WebIamMemberConditionInput` via: 

WebIamMemberConditionArgs{...}

type WebIamMemberConditionOutput 

type WebIamMemberConditionOutput struct{ *pulumi.OutputState }

func (WebIamMemberConditionOutput) Description 

func (o WebIamMemberConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (WebIamMemberConditionOutput) ElementType 

func (WebIamMemberConditionOutput) ElementType() reflect.Type

func (WebIamMemberConditionOutput) Expression 

func (o WebIamMemberConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (WebIamMemberConditionOutput) Title 

func (o WebIamMemberConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (WebIamMemberConditionOutput) ToWebIamMemberConditionOutput 

func (o WebIamMemberConditionOutput) ToWebIamMemberConditionOutput() WebIamMemberConditionOutput

func (WebIamMemberConditionOutput) ToWebIamMemberConditionOutputWithContext 

func (o WebIamMemberConditionOutput) ToWebIamMemberConditionOutputWithContext(ctx context.Context) WebIamMemberConditionOutput

func (WebIamMemberConditionOutput) ToWebIamMemberConditionPtrOutput 

func (o WebIamMemberConditionOutput) ToWebIamMemberConditionPtrOutput() WebIamMemberConditionPtrOutput

func (WebIamMemberConditionOutput) ToWebIamMemberConditionPtrOutputWithContext 

func (o WebIamMemberConditionOutput) ToWebIamMemberConditionPtrOutputWithContext(ctx context.Context) WebIamMemberConditionPtrOutput

type WebIamMemberConditionPtrInput 

type WebIamMemberConditionPtrInput interface {
	pulumi.Input

	ToWebIamMemberConditionPtrOutput() WebIamMemberConditionPtrOutput
	ToWebIamMemberConditionPtrOutputWithContext(context.Context) WebIamMemberConditionPtrOutput
}

WebIamMemberConditionPtrInput is an input type that accepts WebIamMemberConditionArgs, WebIamMemberConditionPtr and WebIamMemberConditionPtrOutput values. You can construct a concrete instance of `WebIamMemberConditionPtrInput` via: 

        WebIamMemberConditionArgs{...}

or:

        nil

func WebIamMemberConditionPtr 

func WebIamMemberConditionPtr(v *WebIamMemberConditionArgs) WebIamMemberConditionPtrInput

type WebIamMemberConditionPtrOutput 

type WebIamMemberConditionPtrOutput struct{ *pulumi.OutputState }

func (WebIamMemberConditionPtrOutput) Description 

func (o WebIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (WebIamMemberConditionPtrOutput) Elem 

func (o WebIamMemberConditionPtrOutput) Elem() WebIamMemberConditionOutput

func (WebIamMemberConditionPtrOutput) ElementType 

func (WebIamMemberConditionPtrOutput) ElementType() reflect.Type

func (WebIamMemberConditionPtrOutput) Expression 

func (o WebIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (WebIamMemberConditionPtrOutput) Title 

func (o WebIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (WebIamMemberConditionPtrOutput) ToWebIamMemberConditionPtrOutput 

func (o WebIamMemberConditionPtrOutput) ToWebIamMemberConditionPtrOutput() WebIamMemberConditionPtrOutput

func (WebIamMemberConditionPtrOutput) ToWebIamMemberConditionPtrOutputWithContext 

func (o WebIamMemberConditionPtrOutput) ToWebIamMemberConditionPtrOutputWithContext(ctx context.Context) WebIamMemberConditionPtrOutput

type WebIamMemberInput added in v4.4.0 

type WebIamMemberInput interface {
	pulumi.Input

	ToWebIamMemberOutput() WebIamMemberOutput
	ToWebIamMemberOutputWithContext(ctx context.Context) WebIamMemberOutput
}

type WebIamMemberMap added in v4.11.1 

type WebIamMemberMap map[string]WebIamMemberInput

func (WebIamMemberMap) ElementType added in v4.11.1 

func (WebIamMemberMap) ElementType() reflect.Type

func (WebIamMemberMap) ToWebIamMemberMapOutput added in v4.11.1 

func (i WebIamMemberMap) ToWebIamMemberMapOutput() WebIamMemberMapOutput

func (WebIamMemberMap) ToWebIamMemberMapOutputWithContext added in v4.11.1 

func (i WebIamMemberMap) ToWebIamMemberMapOutputWithContext(ctx context.Context) WebIamMemberMapOutput

type WebIamMemberMapInput added in v4.11.1 

type WebIamMemberMapInput interface {
	pulumi.Input

	ToWebIamMemberMapOutput() WebIamMemberMapOutput
	ToWebIamMemberMapOutputWithContext(context.Context) WebIamMemberMapOutput
}

WebIamMemberMapInput is an input type that accepts WebIamMemberMap and WebIamMemberMapOutput values. You can construct a concrete instance of `WebIamMemberMapInput` via: 

WebIamMemberMap{ "key": WebIamMemberArgs{...} }

type WebIamMemberMapOutput added in v4.11.1 

type WebIamMemberMapOutput struct{ *pulumi.OutputState }

func (WebIamMemberMapOutput) ElementType added in v4.11.1 

func (WebIamMemberMapOutput) ElementType() reflect.Type

func (WebIamMemberMapOutput) MapIndex added in v4.11.1 

func (o WebIamMemberMapOutput) MapIndex(k pulumi.StringInput) WebIamMemberOutput

func (WebIamMemberMapOutput) ToWebIamMemberMapOutput added in v4.11.1 

func (o WebIamMemberMapOutput) ToWebIamMemberMapOutput() WebIamMemberMapOutput

func (WebIamMemberMapOutput) ToWebIamMemberMapOutputWithContext added in v4.11.1 

func (o WebIamMemberMapOutput) ToWebIamMemberMapOutputWithContext(ctx context.Context) WebIamMemberMapOutput

type WebIamMemberOutput added in v4.4.0 

type WebIamMemberOutput struct {
	*pulumi.OutputState
}

func (WebIamMemberOutput) ElementType added in v4.4.0 

func (WebIamMemberOutput) ElementType() reflect.Type

func (WebIamMemberOutput) ToWebIamMemberOutput added in v4.4.0 

func (o WebIamMemberOutput) ToWebIamMemberOutput() WebIamMemberOutput

func (WebIamMemberOutput) ToWebIamMemberOutputWithContext added in v4.4.0 

func (o WebIamMemberOutput) ToWebIamMemberOutputWithContext(ctx context.Context) WebIamMemberOutput

func (WebIamMemberOutput) ToWebIamMemberPtrOutput added in v4.11.1 

func (o WebIamMemberOutput) ToWebIamMemberPtrOutput() WebIamMemberPtrOutput

func (WebIamMemberOutput) ToWebIamMemberPtrOutputWithContext added in v4.11.1 

func (o WebIamMemberOutput) ToWebIamMemberPtrOutputWithContext(ctx context.Context) WebIamMemberPtrOutput

type WebIamMemberPtrInput added in v4.11.1 

type WebIamMemberPtrInput interface {
	pulumi.Input

	ToWebIamMemberPtrOutput() WebIamMemberPtrOutput
	ToWebIamMemberPtrOutputWithContext(ctx context.Context) WebIamMemberPtrOutput
}

type WebIamMemberPtrOutput added in v4.11.1 

type WebIamMemberPtrOutput struct {
	*pulumi.OutputState
}

func (WebIamMemberPtrOutput) ElementType added in v4.11.1 

func (WebIamMemberPtrOutput) ElementType() reflect.Type

func (WebIamMemberPtrOutput) ToWebIamMemberPtrOutput added in v4.11.1 

func (o WebIamMemberPtrOutput) ToWebIamMemberPtrOutput() WebIamMemberPtrOutput

func (WebIamMemberPtrOutput) ToWebIamMemberPtrOutputWithContext added in v4.11.1 

func (o WebIamMemberPtrOutput) ToWebIamMemberPtrOutputWithContext(ctx context.Context) WebIamMemberPtrOutput

type WebIamMemberState 

type WebIamMemberState struct {
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebIamMemberConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag   pulumi.StringPtrInput
	Member pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (WebIamMemberState) ElementType 

func (WebIamMemberState) ElementType() reflect.Type

type WebIamPolicy 

type WebIamPolicy struct {
	pulumi.CustomResourceState

	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringOutput `pulumi:"policyData"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:

* `iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached. * `iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved. * `iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.

> **Note:** `iap.WebIamPolicy` **cannot** be used in conjunction with `iap.WebIamBinding` and `iap.WebIamMember` or they will fight over what your policy should be.

> **Note:** `iap.WebIamBinding` resources **can be** used in conjunction with `iap.WebIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_web\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{
			Project:    pulumi.Any(google_project_service.Project_service.Project),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{
			Project:    pulumi.Any(google_project_service.Project_service.Project),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &iap.WebIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
			Condition: &iap.WebIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor "projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor "projects/{{project}}/iap_web roles/iap.httpsResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor projects/{{project}}/iap_web

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetWebIamPolicy 

func GetWebIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WebIamPolicyState, opts ...pulumi.ResourceOption) (*WebIamPolicy, error)

GetWebIamPolicy gets an existing WebIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWebIamPolicy 

func NewWebIamPolicy(ctx *pulumi.Context,
	name string, args *WebIamPolicyArgs, opts ...pulumi.ResourceOption) (*WebIamPolicy, error)

NewWebIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*WebIamPolicy) ElementType added in v4.4.0 

func (*WebIamPolicy) ElementType() reflect.Type

func (*WebIamPolicy) ToWebIamPolicyOutput added in v4.4.0 

func (i *WebIamPolicy) ToWebIamPolicyOutput() WebIamPolicyOutput

func (*WebIamPolicy) ToWebIamPolicyOutputWithContext added in v4.4.0 

func (i *WebIamPolicy) ToWebIamPolicyOutputWithContext(ctx context.Context) WebIamPolicyOutput

func (*WebIamPolicy) ToWebIamPolicyPtrOutput added in v4.11.1 

func (i *WebIamPolicy) ToWebIamPolicyPtrOutput() WebIamPolicyPtrOutput

func (*WebIamPolicy) ToWebIamPolicyPtrOutputWithContext added in v4.11.1 

func (i *WebIamPolicy) ToWebIamPolicyPtrOutputWithContext(ctx context.Context) WebIamPolicyPtrOutput

type WebIamPolicyArgs 

type WebIamPolicyArgs struct {
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
}

The set of arguments for constructing a WebIamPolicy resource.

func (WebIamPolicyArgs) ElementType 

func (WebIamPolicyArgs) ElementType() reflect.Type

type WebIamPolicyArray added in v4.11.1 

type WebIamPolicyArray []WebIamPolicyInput

func (WebIamPolicyArray) ElementType added in v4.11.1 

func (WebIamPolicyArray) ElementType() reflect.Type

func (WebIamPolicyArray) ToWebIamPolicyArrayOutput added in v4.11.1 

func (i WebIamPolicyArray) ToWebIamPolicyArrayOutput() WebIamPolicyArrayOutput

func (WebIamPolicyArray) ToWebIamPolicyArrayOutputWithContext added in v4.11.1 

func (i WebIamPolicyArray) ToWebIamPolicyArrayOutputWithContext(ctx context.Context) WebIamPolicyArrayOutput

type WebIamPolicyArrayInput added in v4.11.1 

type WebIamPolicyArrayInput interface {
	pulumi.Input

	ToWebIamPolicyArrayOutput() WebIamPolicyArrayOutput
	ToWebIamPolicyArrayOutputWithContext(context.Context) WebIamPolicyArrayOutput
}

WebIamPolicyArrayInput is an input type that accepts WebIamPolicyArray and WebIamPolicyArrayOutput values. You can construct a concrete instance of `WebIamPolicyArrayInput` via: 

WebIamPolicyArray{ WebIamPolicyArgs{...} }

type WebIamPolicyArrayOutput added in v4.11.1 

type WebIamPolicyArrayOutput struct{ *pulumi.OutputState }

func (WebIamPolicyArrayOutput) ElementType added in v4.11.1 

func (WebIamPolicyArrayOutput) ElementType() reflect.Type

func (WebIamPolicyArrayOutput) Index added in v4.11.1 

func (o WebIamPolicyArrayOutput) Index(i pulumi.IntInput) WebIamPolicyOutput

func (WebIamPolicyArrayOutput) ToWebIamPolicyArrayOutput added in v4.11.1 

func (o WebIamPolicyArrayOutput) ToWebIamPolicyArrayOutput() WebIamPolicyArrayOutput

func (WebIamPolicyArrayOutput) ToWebIamPolicyArrayOutputWithContext added in v4.11.1 

func (o WebIamPolicyArrayOutput) ToWebIamPolicyArrayOutputWithContext(ctx context.Context) WebIamPolicyArrayOutput

type WebIamPolicyInput added in v4.4.0 

type WebIamPolicyInput interface {
	pulumi.Input

	ToWebIamPolicyOutput() WebIamPolicyOutput
	ToWebIamPolicyOutputWithContext(ctx context.Context) WebIamPolicyOutput
}

type WebIamPolicyMap added in v4.11.1 

type WebIamPolicyMap map[string]WebIamPolicyInput

func (WebIamPolicyMap) ElementType added in v4.11.1 

func (WebIamPolicyMap) ElementType() reflect.Type

func (WebIamPolicyMap) ToWebIamPolicyMapOutput added in v4.11.1 

func (i WebIamPolicyMap) ToWebIamPolicyMapOutput() WebIamPolicyMapOutput

func (WebIamPolicyMap) ToWebIamPolicyMapOutputWithContext added in v4.11.1 

func (i WebIamPolicyMap) ToWebIamPolicyMapOutputWithContext(ctx context.Context) WebIamPolicyMapOutput

type WebIamPolicyMapInput added in v4.11.1 

type WebIamPolicyMapInput interface {
	pulumi.Input

	ToWebIamPolicyMapOutput() WebIamPolicyMapOutput
	ToWebIamPolicyMapOutputWithContext(context.Context) WebIamPolicyMapOutput
}

WebIamPolicyMapInput is an input type that accepts WebIamPolicyMap and WebIamPolicyMapOutput values. You can construct a concrete instance of `WebIamPolicyMapInput` via: 

WebIamPolicyMap{ "key": WebIamPolicyArgs{...} }

type WebIamPolicyMapOutput added in v4.11.1 

type WebIamPolicyMapOutput struct{ *pulumi.OutputState }

func (WebIamPolicyMapOutput) ElementType added in v4.11.1 

func (WebIamPolicyMapOutput) ElementType() reflect.Type

func (WebIamPolicyMapOutput) MapIndex added in v4.11.1 

func (o WebIamPolicyMapOutput) MapIndex(k pulumi.StringInput) WebIamPolicyOutput

func (WebIamPolicyMapOutput) ToWebIamPolicyMapOutput added in v4.11.1 

func (o WebIamPolicyMapOutput) ToWebIamPolicyMapOutput() WebIamPolicyMapOutput

func (WebIamPolicyMapOutput) ToWebIamPolicyMapOutputWithContext added in v4.11.1 

func (o WebIamPolicyMapOutput) ToWebIamPolicyMapOutputWithContext(ctx context.Context) WebIamPolicyMapOutput

type WebIamPolicyOutput added in v4.4.0 

type WebIamPolicyOutput struct {
	*pulumi.OutputState
}

func (WebIamPolicyOutput) ElementType added in v4.4.0 

func (WebIamPolicyOutput) ElementType() reflect.Type

func (WebIamPolicyOutput) ToWebIamPolicyOutput added in v4.4.0 

func (o WebIamPolicyOutput) ToWebIamPolicyOutput() WebIamPolicyOutput

func (WebIamPolicyOutput) ToWebIamPolicyOutputWithContext added in v4.4.0 

func (o WebIamPolicyOutput) ToWebIamPolicyOutputWithContext(ctx context.Context) WebIamPolicyOutput

func (WebIamPolicyOutput) ToWebIamPolicyPtrOutput added in v4.11.1 

func (o WebIamPolicyOutput) ToWebIamPolicyPtrOutput() WebIamPolicyPtrOutput

func (WebIamPolicyOutput) ToWebIamPolicyPtrOutputWithContext added in v4.11.1 

func (o WebIamPolicyOutput) ToWebIamPolicyPtrOutputWithContext(ctx context.Context) WebIamPolicyPtrOutput

type WebIamPolicyPtrInput added in v4.11.1 

type WebIamPolicyPtrInput interface {
	pulumi.Input

	ToWebIamPolicyPtrOutput() WebIamPolicyPtrOutput
	ToWebIamPolicyPtrOutputWithContext(ctx context.Context) WebIamPolicyPtrOutput
}

type WebIamPolicyPtrOutput added in v4.11.1 

type WebIamPolicyPtrOutput struct {
	*pulumi.OutputState
}

func (WebIamPolicyPtrOutput) ElementType added in v4.11.1 

func (WebIamPolicyPtrOutput) ElementType() reflect.Type

func (WebIamPolicyPtrOutput) ToWebIamPolicyPtrOutput added in v4.11.1 

func (o WebIamPolicyPtrOutput) ToWebIamPolicyPtrOutput() WebIamPolicyPtrOutput

func (WebIamPolicyPtrOutput) ToWebIamPolicyPtrOutputWithContext added in v4.11.1 

func (o WebIamPolicyPtrOutput) ToWebIamPolicyPtrOutputWithContext(ctx context.Context) WebIamPolicyPtrOutput

type WebIamPolicyState 

type WebIamPolicyState struct {
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringPtrInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
}

func (WebIamPolicyState) ElementType 

func (WebIamPolicyState) ElementType() reflect.Type

type WebTypeAppEngingIamBinding 

type WebTypeAppEngingIamBinding struct {
	pulumi.CustomResourceState

	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringOutput `pulumi:"appId"`
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebTypeAppEngingIamBindingConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag    pulumi.StringOutput      `pulumi:"etag"`
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:

* `iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached. * `iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved. * `iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.

> **Note:** `iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `iap.WebTypeAppEngingIamBinding` and `iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.

> **Note:** `iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_web\_type\_app\_engine\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{
			Project:    pulumi.Any(google_app_engine_application.App.Project),
			AppId:      pulumi.Any(google_app_engine_application.App.App_id),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{
			Project:    pulumi.Any(google_app_engine_application.App.Project),
			AppId:      pulumi.Any(google_app_engine_application.App.App_id),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_type\_app\_engine\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{
			Project: pulumi.Any(google_app_engine_application.App.Project),
			AppId:   pulumi.Any(google_app_engine_application.App.App_id),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{
			Project: pulumi.Any(google_app_engine_application.App.Project),
			AppId:   pulumi.Any(google_app_engine_application.App.App_id),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &iap.WebTypeAppEngingIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_type\_app\_engine\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{
			Project: pulumi.Any(google_app_engine_application.App.Project),
			AppId:   pulumi.Any(google_app_engine_application.App.App_id),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{
			Project: pulumi.Any(google_app_engine_application.App.Project),
			AppId:   pulumi.Any(google_app_engine_application.App.App_id),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
			Condition: &iap.WebTypeAppEngingIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}} * {{project}}/{{appId}} * {{appId}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor "projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor "projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetWebTypeAppEngingIamBinding 

func GetWebTypeAppEngingIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WebTypeAppEngingIamBindingState, opts ...pulumi.ResourceOption) (*WebTypeAppEngingIamBinding, error)

GetWebTypeAppEngingIamBinding gets an existing WebTypeAppEngingIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWebTypeAppEngingIamBinding 

func NewWebTypeAppEngingIamBinding(ctx *pulumi.Context,
	name string, args *WebTypeAppEngingIamBindingArgs, opts ...pulumi.ResourceOption) (*WebTypeAppEngingIamBinding, error)

NewWebTypeAppEngingIamBinding registers a new resource with the given unique name, arguments, and options.

func (*WebTypeAppEngingIamBinding) ElementType added in v4.4.0 

func (*WebTypeAppEngingIamBinding) ElementType() reflect.Type

func (*WebTypeAppEngingIamBinding) ToWebTypeAppEngingIamBindingOutput added in v4.4.0 

func (i *WebTypeAppEngingIamBinding) ToWebTypeAppEngingIamBindingOutput() WebTypeAppEngingIamBindingOutput

func (*WebTypeAppEngingIamBinding) ToWebTypeAppEngingIamBindingOutputWithContext added in v4.4.0 

func (i *WebTypeAppEngingIamBinding) ToWebTypeAppEngingIamBindingOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingOutput

func (*WebTypeAppEngingIamBinding) ToWebTypeAppEngingIamBindingPtrOutput added in v4.11.1 

func (i *WebTypeAppEngingIamBinding) ToWebTypeAppEngingIamBindingPtrOutput() WebTypeAppEngingIamBindingPtrOutput

func (*WebTypeAppEngingIamBinding) ToWebTypeAppEngingIamBindingPtrOutputWithContext added in v4.11.1 

func (i *WebTypeAppEngingIamBinding) ToWebTypeAppEngingIamBindingPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingPtrOutput

type WebTypeAppEngingIamBindingArgs 

type WebTypeAppEngingIamBindingArgs struct {
	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringInput
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebTypeAppEngingIamBindingConditionPtrInput
	Members   pulumi.StringArrayInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a WebTypeAppEngingIamBinding resource.

func (WebTypeAppEngingIamBindingArgs) ElementType 

func (WebTypeAppEngingIamBindingArgs) ElementType() reflect.Type

type WebTypeAppEngingIamBindingArray added in v4.11.1 

type WebTypeAppEngingIamBindingArray []WebTypeAppEngingIamBindingInput

func (WebTypeAppEngingIamBindingArray) ElementType added in v4.11.1 

func (WebTypeAppEngingIamBindingArray) ElementType() reflect.Type

func (WebTypeAppEngingIamBindingArray) ToWebTypeAppEngingIamBindingArrayOutput added in v4.11.1 

func (i WebTypeAppEngingIamBindingArray) ToWebTypeAppEngingIamBindingArrayOutput() WebTypeAppEngingIamBindingArrayOutput

func (WebTypeAppEngingIamBindingArray) ToWebTypeAppEngingIamBindingArrayOutputWithContext added in v4.11.1 

func (i WebTypeAppEngingIamBindingArray) ToWebTypeAppEngingIamBindingArrayOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingArrayOutput

type WebTypeAppEngingIamBindingArrayInput added in v4.11.1 

type WebTypeAppEngingIamBindingArrayInput interface {
	pulumi.Input

	ToWebTypeAppEngingIamBindingArrayOutput() WebTypeAppEngingIamBindingArrayOutput
	ToWebTypeAppEngingIamBindingArrayOutputWithContext(context.Context) WebTypeAppEngingIamBindingArrayOutput
}

WebTypeAppEngingIamBindingArrayInput is an input type that accepts WebTypeAppEngingIamBindingArray and WebTypeAppEngingIamBindingArrayOutput values. You can construct a concrete instance of `WebTypeAppEngingIamBindingArrayInput` via: 

WebTypeAppEngingIamBindingArray{ WebTypeAppEngingIamBindingArgs{...} }

type WebTypeAppEngingIamBindingArrayOutput added in v4.11.1 

type WebTypeAppEngingIamBindingArrayOutput struct{ *pulumi.OutputState }

func (WebTypeAppEngingIamBindingArrayOutput) ElementType added in v4.11.1 

func (WebTypeAppEngingIamBindingArrayOutput) ElementType() reflect.Type

func (WebTypeAppEngingIamBindingArrayOutput) Index added in v4.11.1 

func (o WebTypeAppEngingIamBindingArrayOutput) Index(i pulumi.IntInput) WebTypeAppEngingIamBindingOutput

func (WebTypeAppEngingIamBindingArrayOutput) ToWebTypeAppEngingIamBindingArrayOutput added in v4.11.1 

func (o WebTypeAppEngingIamBindingArrayOutput) ToWebTypeAppEngingIamBindingArrayOutput() WebTypeAppEngingIamBindingArrayOutput

func (WebTypeAppEngingIamBindingArrayOutput) ToWebTypeAppEngingIamBindingArrayOutputWithContext added in v4.11.1 

func (o WebTypeAppEngingIamBindingArrayOutput) ToWebTypeAppEngingIamBindingArrayOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingArrayOutput

type WebTypeAppEngingIamBindingCondition 

type WebTypeAppEngingIamBindingCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type WebTypeAppEngingIamBindingConditionArgs 

type WebTypeAppEngingIamBindingConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (WebTypeAppEngingIamBindingConditionArgs) ElementType 

func (WebTypeAppEngingIamBindingConditionArgs) ElementType() reflect.Type

func (WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionOutput 

func (i WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionOutput() WebTypeAppEngingIamBindingConditionOutput

func (WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionOutputWithContext 

func (i WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionOutput

func (WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionPtrOutput 

func (i WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionPtrOutput() WebTypeAppEngingIamBindingConditionPtrOutput

func (WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext 

func (i WebTypeAppEngingIamBindingConditionArgs) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionPtrOutput

type WebTypeAppEngingIamBindingConditionInput 

type WebTypeAppEngingIamBindingConditionInput interface {
	pulumi.Input

	ToWebTypeAppEngingIamBindingConditionOutput() WebTypeAppEngingIamBindingConditionOutput
	ToWebTypeAppEngingIamBindingConditionOutputWithContext(context.Context) WebTypeAppEngingIamBindingConditionOutput
}

WebTypeAppEngingIamBindingConditionInput is an input type that accepts WebTypeAppEngingIamBindingConditionArgs and WebTypeAppEngingIamBindingConditionOutput values. You can construct a concrete instance of `WebTypeAppEngingIamBindingConditionInput` via: 

WebTypeAppEngingIamBindingConditionArgs{...}

type WebTypeAppEngingIamBindingConditionOutput 

type WebTypeAppEngingIamBindingConditionOutput struct{ *pulumi.OutputState }

func (WebTypeAppEngingIamBindingConditionOutput) Description 

func (o WebTypeAppEngingIamBindingConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (WebTypeAppEngingIamBindingConditionOutput) ElementType 

func (WebTypeAppEngingIamBindingConditionOutput) ElementType() reflect.Type

func (WebTypeAppEngingIamBindingConditionOutput) Expression 

func (o WebTypeAppEngingIamBindingConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (WebTypeAppEngingIamBindingConditionOutput) Title 

func (o WebTypeAppEngingIamBindingConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionOutput 

func (o WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionOutput() WebTypeAppEngingIamBindingConditionOutput

func (WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionOutputWithContext 

func (o WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionOutput

func (WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionPtrOutput 

func (o WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionPtrOutput() WebTypeAppEngingIamBindingConditionPtrOutput

func (WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext 

func (o WebTypeAppEngingIamBindingConditionOutput) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionPtrOutput

type WebTypeAppEngingIamBindingConditionPtrInput 

type WebTypeAppEngingIamBindingConditionPtrInput interface {
	pulumi.Input

	ToWebTypeAppEngingIamBindingConditionPtrOutput() WebTypeAppEngingIamBindingConditionPtrOutput
	ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext(context.Context) WebTypeAppEngingIamBindingConditionPtrOutput
}

WebTypeAppEngingIamBindingConditionPtrInput is an input type that accepts WebTypeAppEngingIamBindingConditionArgs, WebTypeAppEngingIamBindingConditionPtr and WebTypeAppEngingIamBindingConditionPtrOutput values. You can construct a concrete instance of `WebTypeAppEngingIamBindingConditionPtrInput` via: 

        WebTypeAppEngingIamBindingConditionArgs{...}

or:

        nil

func WebTypeAppEngingIamBindingConditionPtr 

func WebTypeAppEngingIamBindingConditionPtr(v *WebTypeAppEngingIamBindingConditionArgs) WebTypeAppEngingIamBindingConditionPtrInput

type WebTypeAppEngingIamBindingConditionPtrOutput 

type WebTypeAppEngingIamBindingConditionPtrOutput struct{ *pulumi.OutputState }

func (WebTypeAppEngingIamBindingConditionPtrOutput) Description 

func (o WebTypeAppEngingIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (WebTypeAppEngingIamBindingConditionPtrOutput) Elem 

func (o WebTypeAppEngingIamBindingConditionPtrOutput) Elem() WebTypeAppEngingIamBindingConditionOutput

func (WebTypeAppEngingIamBindingConditionPtrOutput) ElementType 

func (WebTypeAppEngingIamBindingConditionPtrOutput) ElementType() reflect.Type

func (WebTypeAppEngingIamBindingConditionPtrOutput) Expression 

func (o WebTypeAppEngingIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (WebTypeAppEngingIamBindingConditionPtrOutput) Title 

func (o WebTypeAppEngingIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (WebTypeAppEngingIamBindingConditionPtrOutput) ToWebTypeAppEngingIamBindingConditionPtrOutput 

func (o WebTypeAppEngingIamBindingConditionPtrOutput) ToWebTypeAppEngingIamBindingConditionPtrOutput() WebTypeAppEngingIamBindingConditionPtrOutput

func (WebTypeAppEngingIamBindingConditionPtrOutput) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext 

func (o WebTypeAppEngingIamBindingConditionPtrOutput) ToWebTypeAppEngingIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingConditionPtrOutput

type WebTypeAppEngingIamBindingInput added in v4.4.0 

type WebTypeAppEngingIamBindingInput interface {
	pulumi.Input

	ToWebTypeAppEngingIamBindingOutput() WebTypeAppEngingIamBindingOutput
	ToWebTypeAppEngingIamBindingOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingOutput
}

type WebTypeAppEngingIamBindingMap added in v4.11.1 

type WebTypeAppEngingIamBindingMap map[string]WebTypeAppEngingIamBindingInput

func (WebTypeAppEngingIamBindingMap) ElementType added in v4.11.1 

func (WebTypeAppEngingIamBindingMap) ElementType() reflect.Type

func (WebTypeAppEngingIamBindingMap) ToWebTypeAppEngingIamBindingMapOutput added in v4.11.1 

func (i WebTypeAppEngingIamBindingMap) ToWebTypeAppEngingIamBindingMapOutput() WebTypeAppEngingIamBindingMapOutput

func (WebTypeAppEngingIamBindingMap) ToWebTypeAppEngingIamBindingMapOutputWithContext added in v4.11.1 

func (i WebTypeAppEngingIamBindingMap) ToWebTypeAppEngingIamBindingMapOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingMapOutput

type WebTypeAppEngingIamBindingMapInput added in v4.11.1 

type WebTypeAppEngingIamBindingMapInput interface {
	pulumi.Input

	ToWebTypeAppEngingIamBindingMapOutput() WebTypeAppEngingIamBindingMapOutput
	ToWebTypeAppEngingIamBindingMapOutputWithContext(context.Context) WebTypeAppEngingIamBindingMapOutput
}

WebTypeAppEngingIamBindingMapInput is an input type that accepts WebTypeAppEngingIamBindingMap and WebTypeAppEngingIamBindingMapOutput values. You can construct a concrete instance of `WebTypeAppEngingIamBindingMapInput` via: 

WebTypeAppEngingIamBindingMap{ "key": WebTypeAppEngingIamBindingArgs{...} }

type WebTypeAppEngingIamBindingMapOutput added in v4.11.1 

type WebTypeAppEngingIamBindingMapOutput struct{ *pulumi.OutputState }

func (WebTypeAppEngingIamBindingMapOutput) ElementType added in v4.11.1 

func (WebTypeAppEngingIamBindingMapOutput) ElementType() reflect.Type

func (WebTypeAppEngingIamBindingMapOutput) MapIndex added in v4.11.1 

func (o WebTypeAppEngingIamBindingMapOutput) MapIndex(k pulumi.StringInput) WebTypeAppEngingIamBindingOutput

func (WebTypeAppEngingIamBindingMapOutput) ToWebTypeAppEngingIamBindingMapOutput added in v4.11.1 

func (o WebTypeAppEngingIamBindingMapOutput) ToWebTypeAppEngingIamBindingMapOutput() WebTypeAppEngingIamBindingMapOutput

func (WebTypeAppEngingIamBindingMapOutput) ToWebTypeAppEngingIamBindingMapOutputWithContext added in v4.11.1 

func (o WebTypeAppEngingIamBindingMapOutput) ToWebTypeAppEngingIamBindingMapOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingMapOutput

type WebTypeAppEngingIamBindingOutput added in v4.4.0 

type WebTypeAppEngingIamBindingOutput struct {
	*pulumi.OutputState
}

func (WebTypeAppEngingIamBindingOutput) ElementType added in v4.4.0 

func (WebTypeAppEngingIamBindingOutput) ElementType() reflect.Type

func (WebTypeAppEngingIamBindingOutput) ToWebTypeAppEngingIamBindingOutput added in v4.4.0 

func (o WebTypeAppEngingIamBindingOutput) ToWebTypeAppEngingIamBindingOutput() WebTypeAppEngingIamBindingOutput

func (WebTypeAppEngingIamBindingOutput) ToWebTypeAppEngingIamBindingOutputWithContext added in v4.4.0 

func (o WebTypeAppEngingIamBindingOutput) ToWebTypeAppEngingIamBindingOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingOutput

func (WebTypeAppEngingIamBindingOutput) ToWebTypeAppEngingIamBindingPtrOutput added in v4.11.1 

func (o WebTypeAppEngingIamBindingOutput) ToWebTypeAppEngingIamBindingPtrOutput() WebTypeAppEngingIamBindingPtrOutput

func (WebTypeAppEngingIamBindingOutput) ToWebTypeAppEngingIamBindingPtrOutputWithContext added in v4.11.1 

func (o WebTypeAppEngingIamBindingOutput) ToWebTypeAppEngingIamBindingPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingPtrOutput

type WebTypeAppEngingIamBindingPtrInput added in v4.11.1 

type WebTypeAppEngingIamBindingPtrInput interface {
	pulumi.Input

	ToWebTypeAppEngingIamBindingPtrOutput() WebTypeAppEngingIamBindingPtrOutput
	ToWebTypeAppEngingIamBindingPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingPtrOutput
}

type WebTypeAppEngingIamBindingPtrOutput added in v4.11.1 

type WebTypeAppEngingIamBindingPtrOutput struct {
	*pulumi.OutputState
}

func (WebTypeAppEngingIamBindingPtrOutput) ElementType added in v4.11.1 

func (WebTypeAppEngingIamBindingPtrOutput) ElementType() reflect.Type

func (WebTypeAppEngingIamBindingPtrOutput) ToWebTypeAppEngingIamBindingPtrOutput added in v4.11.1 

func (o WebTypeAppEngingIamBindingPtrOutput) ToWebTypeAppEngingIamBindingPtrOutput() WebTypeAppEngingIamBindingPtrOutput

func (WebTypeAppEngingIamBindingPtrOutput) ToWebTypeAppEngingIamBindingPtrOutputWithContext added in v4.11.1 

func (o WebTypeAppEngingIamBindingPtrOutput) ToWebTypeAppEngingIamBindingPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamBindingPtrOutput

type WebTypeAppEngingIamBindingState 

type WebTypeAppEngingIamBindingState struct {
	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringPtrInput
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebTypeAppEngingIamBindingConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag    pulumi.StringPtrInput
	Members pulumi.StringArrayInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (WebTypeAppEngingIamBindingState) ElementType 

func (WebTypeAppEngingIamBindingState) ElementType() reflect.Type

type WebTypeAppEngingIamMember 

type WebTypeAppEngingIamMember struct {
	pulumi.CustomResourceState

	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringOutput `pulumi:"appId"`
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebTypeAppEngingIamMemberConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag   pulumi.StringOutput `pulumi:"etag"`
	Member pulumi.StringOutput `pulumi:"member"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:

* `iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached. * `iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved. * `iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.

> **Note:** `iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `iap.WebTypeAppEngingIamBinding` and `iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.

> **Note:** `iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_web\_type\_app\_engine\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{
			Project:    pulumi.Any(google_app_engine_application.App.Project),
			AppId:      pulumi.Any(google_app_engine_application.App.App_id),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{
			Project:    pulumi.Any(google_app_engine_application.App.Project),
			AppId:      pulumi.Any(google_app_engine_application.App.App_id),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_type\_app\_engine\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{
			Project: pulumi.Any(google_app_engine_application.App.Project),
			AppId:   pulumi.Any(google_app_engine_application.App.App_id),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{
			Project: pulumi.Any(google_app_engine_application.App.Project),
			AppId:   pulumi.Any(google_app_engine_application.App.App_id),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &iap.WebTypeAppEngingIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_type\_app\_engine\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{
			Project: pulumi.Any(google_app_engine_application.App.Project),
			AppId:   pulumi.Any(google_app_engine_application.App.App_id),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{
			Project: pulumi.Any(google_app_engine_application.App.Project),
			AppId:   pulumi.Any(google_app_engine_application.App.App_id),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
			Condition: &iap.WebTypeAppEngingIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}} * {{project}}/{{appId}} * {{appId}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor "projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor "projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetWebTypeAppEngingIamMember 

func GetWebTypeAppEngingIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WebTypeAppEngingIamMemberState, opts ...pulumi.ResourceOption) (*WebTypeAppEngingIamMember, error)

GetWebTypeAppEngingIamMember gets an existing WebTypeAppEngingIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWebTypeAppEngingIamMember 

func NewWebTypeAppEngingIamMember(ctx *pulumi.Context,
	name string, args *WebTypeAppEngingIamMemberArgs, opts ...pulumi.ResourceOption) (*WebTypeAppEngingIamMember, error)

NewWebTypeAppEngingIamMember registers a new resource with the given unique name, arguments, and options.

func (*WebTypeAppEngingIamMember) ElementType added in v4.4.0 

func (*WebTypeAppEngingIamMember) ElementType() reflect.Type

func (*WebTypeAppEngingIamMember) ToWebTypeAppEngingIamMemberOutput added in v4.4.0 

func (i *WebTypeAppEngingIamMember) ToWebTypeAppEngingIamMemberOutput() WebTypeAppEngingIamMemberOutput

func (*WebTypeAppEngingIamMember) ToWebTypeAppEngingIamMemberOutputWithContext added in v4.4.0 

func (i *WebTypeAppEngingIamMember) ToWebTypeAppEngingIamMemberOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberOutput

func (*WebTypeAppEngingIamMember) ToWebTypeAppEngingIamMemberPtrOutput added in v4.11.1 

func (i *WebTypeAppEngingIamMember) ToWebTypeAppEngingIamMemberPtrOutput() WebTypeAppEngingIamMemberPtrOutput

func (*WebTypeAppEngingIamMember) ToWebTypeAppEngingIamMemberPtrOutputWithContext added in v4.11.1 

func (i *WebTypeAppEngingIamMember) ToWebTypeAppEngingIamMemberPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberPtrOutput

type WebTypeAppEngingIamMemberArgs 

type WebTypeAppEngingIamMemberArgs struct {
	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringInput
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebTypeAppEngingIamMemberConditionPtrInput
	Member    pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a WebTypeAppEngingIamMember resource.

func (WebTypeAppEngingIamMemberArgs) ElementType 

func (WebTypeAppEngingIamMemberArgs) ElementType() reflect.Type

type WebTypeAppEngingIamMemberArray added in v4.11.1 

type WebTypeAppEngingIamMemberArray []WebTypeAppEngingIamMemberInput

func (WebTypeAppEngingIamMemberArray) ElementType added in v4.11.1 

func (WebTypeAppEngingIamMemberArray) ElementType() reflect.Type

func (WebTypeAppEngingIamMemberArray) ToWebTypeAppEngingIamMemberArrayOutput added in v4.11.1 

func (i WebTypeAppEngingIamMemberArray) ToWebTypeAppEngingIamMemberArrayOutput() WebTypeAppEngingIamMemberArrayOutput

func (WebTypeAppEngingIamMemberArray) ToWebTypeAppEngingIamMemberArrayOutputWithContext added in v4.11.1 

func (i WebTypeAppEngingIamMemberArray) ToWebTypeAppEngingIamMemberArrayOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberArrayOutput

type WebTypeAppEngingIamMemberArrayInput added in v4.11.1 

type WebTypeAppEngingIamMemberArrayInput interface {
	pulumi.Input

	ToWebTypeAppEngingIamMemberArrayOutput() WebTypeAppEngingIamMemberArrayOutput
	ToWebTypeAppEngingIamMemberArrayOutputWithContext(context.Context) WebTypeAppEngingIamMemberArrayOutput
}

WebTypeAppEngingIamMemberArrayInput is an input type that accepts WebTypeAppEngingIamMemberArray and WebTypeAppEngingIamMemberArrayOutput values. You can construct a concrete instance of `WebTypeAppEngingIamMemberArrayInput` via: 

WebTypeAppEngingIamMemberArray{ WebTypeAppEngingIamMemberArgs{...} }

type WebTypeAppEngingIamMemberArrayOutput added in v4.11.1 

type WebTypeAppEngingIamMemberArrayOutput struct{ *pulumi.OutputState }

func (WebTypeAppEngingIamMemberArrayOutput) ElementType added in v4.11.1 

func (WebTypeAppEngingIamMemberArrayOutput) ElementType() reflect.Type

func (WebTypeAppEngingIamMemberArrayOutput) Index added in v4.11.1 

func (o WebTypeAppEngingIamMemberArrayOutput) Index(i pulumi.IntInput) WebTypeAppEngingIamMemberOutput

func (WebTypeAppEngingIamMemberArrayOutput) ToWebTypeAppEngingIamMemberArrayOutput added in v4.11.1 

func (o WebTypeAppEngingIamMemberArrayOutput) ToWebTypeAppEngingIamMemberArrayOutput() WebTypeAppEngingIamMemberArrayOutput

func (WebTypeAppEngingIamMemberArrayOutput) ToWebTypeAppEngingIamMemberArrayOutputWithContext added in v4.11.1 

func (o WebTypeAppEngingIamMemberArrayOutput) ToWebTypeAppEngingIamMemberArrayOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberArrayOutput

type WebTypeAppEngingIamMemberCondition 

type WebTypeAppEngingIamMemberCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type WebTypeAppEngingIamMemberConditionArgs 

type WebTypeAppEngingIamMemberConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (WebTypeAppEngingIamMemberConditionArgs) ElementType 

func (WebTypeAppEngingIamMemberConditionArgs) ElementType() reflect.Type

func (WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionOutput 

func (i WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionOutput() WebTypeAppEngingIamMemberConditionOutput

func (WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionOutputWithContext 

func (i WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionOutput

func (WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionPtrOutput 

func (i WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionPtrOutput() WebTypeAppEngingIamMemberConditionPtrOutput

func (WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext 

func (i WebTypeAppEngingIamMemberConditionArgs) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionPtrOutput

type WebTypeAppEngingIamMemberConditionInput 

type WebTypeAppEngingIamMemberConditionInput interface {
	pulumi.Input

	ToWebTypeAppEngingIamMemberConditionOutput() WebTypeAppEngingIamMemberConditionOutput
	ToWebTypeAppEngingIamMemberConditionOutputWithContext(context.Context) WebTypeAppEngingIamMemberConditionOutput
}

WebTypeAppEngingIamMemberConditionInput is an input type that accepts WebTypeAppEngingIamMemberConditionArgs and WebTypeAppEngingIamMemberConditionOutput values. You can construct a concrete instance of `WebTypeAppEngingIamMemberConditionInput` via: 

WebTypeAppEngingIamMemberConditionArgs{...}

type WebTypeAppEngingIamMemberConditionOutput 

type WebTypeAppEngingIamMemberConditionOutput struct{ *pulumi.OutputState }

func (WebTypeAppEngingIamMemberConditionOutput) Description 

func (o WebTypeAppEngingIamMemberConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (WebTypeAppEngingIamMemberConditionOutput) ElementType 

func (WebTypeAppEngingIamMemberConditionOutput) ElementType() reflect.Type

func (WebTypeAppEngingIamMemberConditionOutput) Expression 

func (o WebTypeAppEngingIamMemberConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (WebTypeAppEngingIamMemberConditionOutput) Title 

func (o WebTypeAppEngingIamMemberConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionOutput 

func (o WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionOutput() WebTypeAppEngingIamMemberConditionOutput

func (WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionOutputWithContext 

func (o WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionOutput

func (WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionPtrOutput 

func (o WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionPtrOutput() WebTypeAppEngingIamMemberConditionPtrOutput

func (WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext 

func (o WebTypeAppEngingIamMemberConditionOutput) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionPtrOutput

type WebTypeAppEngingIamMemberConditionPtrInput 

type WebTypeAppEngingIamMemberConditionPtrInput interface {
	pulumi.Input

	ToWebTypeAppEngingIamMemberConditionPtrOutput() WebTypeAppEngingIamMemberConditionPtrOutput
	ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext(context.Context) WebTypeAppEngingIamMemberConditionPtrOutput
}

WebTypeAppEngingIamMemberConditionPtrInput is an input type that accepts WebTypeAppEngingIamMemberConditionArgs, WebTypeAppEngingIamMemberConditionPtr and WebTypeAppEngingIamMemberConditionPtrOutput values. You can construct a concrete instance of `WebTypeAppEngingIamMemberConditionPtrInput` via: 

        WebTypeAppEngingIamMemberConditionArgs{...}

or:

        nil

func WebTypeAppEngingIamMemberConditionPtr 

func WebTypeAppEngingIamMemberConditionPtr(v *WebTypeAppEngingIamMemberConditionArgs) WebTypeAppEngingIamMemberConditionPtrInput

type WebTypeAppEngingIamMemberConditionPtrOutput 

type WebTypeAppEngingIamMemberConditionPtrOutput struct{ *pulumi.OutputState }

func (WebTypeAppEngingIamMemberConditionPtrOutput) Description 

func (o WebTypeAppEngingIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (WebTypeAppEngingIamMemberConditionPtrOutput) Elem 

func (o WebTypeAppEngingIamMemberConditionPtrOutput) Elem() WebTypeAppEngingIamMemberConditionOutput

func (WebTypeAppEngingIamMemberConditionPtrOutput) ElementType 

func (WebTypeAppEngingIamMemberConditionPtrOutput) ElementType() reflect.Type

func (WebTypeAppEngingIamMemberConditionPtrOutput) Expression 

func (o WebTypeAppEngingIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (WebTypeAppEngingIamMemberConditionPtrOutput) Title 

func (o WebTypeAppEngingIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (WebTypeAppEngingIamMemberConditionPtrOutput) ToWebTypeAppEngingIamMemberConditionPtrOutput 

func (o WebTypeAppEngingIamMemberConditionPtrOutput) ToWebTypeAppEngingIamMemberConditionPtrOutput() WebTypeAppEngingIamMemberConditionPtrOutput

func (WebTypeAppEngingIamMemberConditionPtrOutput) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext 

func (o WebTypeAppEngingIamMemberConditionPtrOutput) ToWebTypeAppEngingIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberConditionPtrOutput

type WebTypeAppEngingIamMemberInput added in v4.4.0 

type WebTypeAppEngingIamMemberInput interface {
	pulumi.Input

	ToWebTypeAppEngingIamMemberOutput() WebTypeAppEngingIamMemberOutput
	ToWebTypeAppEngingIamMemberOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberOutput
}

type WebTypeAppEngingIamMemberMap added in v4.11.1 

type WebTypeAppEngingIamMemberMap map[string]WebTypeAppEngingIamMemberInput

func (WebTypeAppEngingIamMemberMap) ElementType added in v4.11.1 

func (WebTypeAppEngingIamMemberMap) ElementType() reflect.Type

func (WebTypeAppEngingIamMemberMap) ToWebTypeAppEngingIamMemberMapOutput added in v4.11.1 

func (i WebTypeAppEngingIamMemberMap) ToWebTypeAppEngingIamMemberMapOutput() WebTypeAppEngingIamMemberMapOutput

func (WebTypeAppEngingIamMemberMap) ToWebTypeAppEngingIamMemberMapOutputWithContext added in v4.11.1 

func (i WebTypeAppEngingIamMemberMap) ToWebTypeAppEngingIamMemberMapOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberMapOutput

type WebTypeAppEngingIamMemberMapInput added in v4.11.1 

type WebTypeAppEngingIamMemberMapInput interface {
	pulumi.Input

	ToWebTypeAppEngingIamMemberMapOutput() WebTypeAppEngingIamMemberMapOutput
	ToWebTypeAppEngingIamMemberMapOutputWithContext(context.Context) WebTypeAppEngingIamMemberMapOutput
}

WebTypeAppEngingIamMemberMapInput is an input type that accepts WebTypeAppEngingIamMemberMap and WebTypeAppEngingIamMemberMapOutput values. You can construct a concrete instance of `WebTypeAppEngingIamMemberMapInput` via: 

WebTypeAppEngingIamMemberMap{ "key": WebTypeAppEngingIamMemberArgs{...} }

type WebTypeAppEngingIamMemberMapOutput added in v4.11.1 

type WebTypeAppEngingIamMemberMapOutput struct{ *pulumi.OutputState }

func (WebTypeAppEngingIamMemberMapOutput) ElementType added in v4.11.1 

func (WebTypeAppEngingIamMemberMapOutput) ElementType() reflect.Type

func (WebTypeAppEngingIamMemberMapOutput) MapIndex added in v4.11.1 

func (o WebTypeAppEngingIamMemberMapOutput) MapIndex(k pulumi.StringInput) WebTypeAppEngingIamMemberOutput

func (WebTypeAppEngingIamMemberMapOutput) ToWebTypeAppEngingIamMemberMapOutput added in v4.11.1 

func (o WebTypeAppEngingIamMemberMapOutput) ToWebTypeAppEngingIamMemberMapOutput() WebTypeAppEngingIamMemberMapOutput

func (WebTypeAppEngingIamMemberMapOutput) ToWebTypeAppEngingIamMemberMapOutputWithContext added in v4.11.1 

func (o WebTypeAppEngingIamMemberMapOutput) ToWebTypeAppEngingIamMemberMapOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberMapOutput

type WebTypeAppEngingIamMemberOutput added in v4.4.0 

type WebTypeAppEngingIamMemberOutput struct {
	*pulumi.OutputState
}

func (WebTypeAppEngingIamMemberOutput) ElementType added in v4.4.0 

func (WebTypeAppEngingIamMemberOutput) ElementType() reflect.Type

func (WebTypeAppEngingIamMemberOutput) ToWebTypeAppEngingIamMemberOutput added in v4.4.0 

func (o WebTypeAppEngingIamMemberOutput) ToWebTypeAppEngingIamMemberOutput() WebTypeAppEngingIamMemberOutput

func (WebTypeAppEngingIamMemberOutput) ToWebTypeAppEngingIamMemberOutputWithContext added in v4.4.0 

func (o WebTypeAppEngingIamMemberOutput) ToWebTypeAppEngingIamMemberOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberOutput

func (WebTypeAppEngingIamMemberOutput) ToWebTypeAppEngingIamMemberPtrOutput added in v4.11.1 

func (o WebTypeAppEngingIamMemberOutput) ToWebTypeAppEngingIamMemberPtrOutput() WebTypeAppEngingIamMemberPtrOutput

func (WebTypeAppEngingIamMemberOutput) ToWebTypeAppEngingIamMemberPtrOutputWithContext added in v4.11.1 

func (o WebTypeAppEngingIamMemberOutput) ToWebTypeAppEngingIamMemberPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberPtrOutput

type WebTypeAppEngingIamMemberPtrInput added in v4.11.1 

type WebTypeAppEngingIamMemberPtrInput interface {
	pulumi.Input

	ToWebTypeAppEngingIamMemberPtrOutput() WebTypeAppEngingIamMemberPtrOutput
	ToWebTypeAppEngingIamMemberPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberPtrOutput
}

type WebTypeAppEngingIamMemberPtrOutput added in v4.11.1 

type WebTypeAppEngingIamMemberPtrOutput struct {
	*pulumi.OutputState
}

func (WebTypeAppEngingIamMemberPtrOutput) ElementType added in v4.11.1 

func (WebTypeAppEngingIamMemberPtrOutput) ElementType() reflect.Type

func (WebTypeAppEngingIamMemberPtrOutput) ToWebTypeAppEngingIamMemberPtrOutput added in v4.11.1 

func (o WebTypeAppEngingIamMemberPtrOutput) ToWebTypeAppEngingIamMemberPtrOutput() WebTypeAppEngingIamMemberPtrOutput

func (WebTypeAppEngingIamMemberPtrOutput) ToWebTypeAppEngingIamMemberPtrOutputWithContext added in v4.11.1 

func (o WebTypeAppEngingIamMemberPtrOutput) ToWebTypeAppEngingIamMemberPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamMemberPtrOutput

type WebTypeAppEngingIamMemberState 

type WebTypeAppEngingIamMemberState struct {
	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringPtrInput
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebTypeAppEngingIamMemberConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag   pulumi.StringPtrInput
	Member pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (WebTypeAppEngingIamMemberState) ElementType 

func (WebTypeAppEngingIamMemberState) ElementType() reflect.Type

type WebTypeAppEngingIamPolicy 

type WebTypeAppEngingIamPolicy struct {
	pulumi.CustomResourceState

	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringOutput `pulumi:"appId"`
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringOutput `pulumi:"policyData"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:

* `iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached. * `iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved. * `iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.

> **Note:** `iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `iap.WebTypeAppEngingIamBinding` and `iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.

> **Note:** `iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_web\_type\_app\_engine\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{
			Project:    pulumi.Any(google_app_engine_application.App.Project),
			AppId:      pulumi.Any(google_app_engine_application.App.App_id),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{
			Project:    pulumi.Any(google_app_engine_application.App.Project),
			AppId:      pulumi.Any(google_app_engine_application.App.App_id),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_type\_app\_engine\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{
			Project: pulumi.Any(google_app_engine_application.App.Project),
			AppId:   pulumi.Any(google_app_engine_application.App.App_id),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{
			Project: pulumi.Any(google_app_engine_application.App.Project),
			AppId:   pulumi.Any(google_app_engine_application.App.App_id),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &iap.WebTypeAppEngingIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_type\_app\_engine\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{
			Project: pulumi.Any(google_app_engine_application.App.Project),
			AppId:   pulumi.Any(google_app_engine_application.App.App_id),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{
			Project: pulumi.Any(google_app_engine_application.App.Project),
			AppId:   pulumi.Any(google_app_engine_application.App.App_id),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
			Condition: &iap.WebTypeAppEngingIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/appengine-{{appId}} * {{project}}/{{appId}} * {{appId}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor "projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor "projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetWebTypeAppEngingIamPolicy 

func GetWebTypeAppEngingIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WebTypeAppEngingIamPolicyState, opts ...pulumi.ResourceOption) (*WebTypeAppEngingIamPolicy, error)

GetWebTypeAppEngingIamPolicy gets an existing WebTypeAppEngingIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWebTypeAppEngingIamPolicy 

func NewWebTypeAppEngingIamPolicy(ctx *pulumi.Context,
	name string, args *WebTypeAppEngingIamPolicyArgs, opts ...pulumi.ResourceOption) (*WebTypeAppEngingIamPolicy, error)

NewWebTypeAppEngingIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*WebTypeAppEngingIamPolicy) ElementType added in v4.4.0 

func (*WebTypeAppEngingIamPolicy) ElementType() reflect.Type

func (*WebTypeAppEngingIamPolicy) ToWebTypeAppEngingIamPolicyOutput added in v4.4.0 

func (i *WebTypeAppEngingIamPolicy) ToWebTypeAppEngingIamPolicyOutput() WebTypeAppEngingIamPolicyOutput

func (*WebTypeAppEngingIamPolicy) ToWebTypeAppEngingIamPolicyOutputWithContext added in v4.4.0 

func (i *WebTypeAppEngingIamPolicy) ToWebTypeAppEngingIamPolicyOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyOutput

func (*WebTypeAppEngingIamPolicy) ToWebTypeAppEngingIamPolicyPtrOutput added in v4.11.1 

func (i *WebTypeAppEngingIamPolicy) ToWebTypeAppEngingIamPolicyPtrOutput() WebTypeAppEngingIamPolicyPtrOutput

func (*WebTypeAppEngingIamPolicy) ToWebTypeAppEngingIamPolicyPtrOutputWithContext added in v4.11.1 

func (i *WebTypeAppEngingIamPolicy) ToWebTypeAppEngingIamPolicyPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyPtrOutput

type WebTypeAppEngingIamPolicyArgs 

type WebTypeAppEngingIamPolicyArgs struct {
	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
}

The set of arguments for constructing a WebTypeAppEngingIamPolicy resource.

func (WebTypeAppEngingIamPolicyArgs) ElementType 

func (WebTypeAppEngingIamPolicyArgs) ElementType() reflect.Type

type WebTypeAppEngingIamPolicyArray added in v4.11.1 

type WebTypeAppEngingIamPolicyArray []WebTypeAppEngingIamPolicyInput

func (WebTypeAppEngingIamPolicyArray) ElementType added in v4.11.1 

func (WebTypeAppEngingIamPolicyArray) ElementType() reflect.Type

func (WebTypeAppEngingIamPolicyArray) ToWebTypeAppEngingIamPolicyArrayOutput added in v4.11.1 

func (i WebTypeAppEngingIamPolicyArray) ToWebTypeAppEngingIamPolicyArrayOutput() WebTypeAppEngingIamPolicyArrayOutput

func (WebTypeAppEngingIamPolicyArray) ToWebTypeAppEngingIamPolicyArrayOutputWithContext added in v4.11.1 

func (i WebTypeAppEngingIamPolicyArray) ToWebTypeAppEngingIamPolicyArrayOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyArrayOutput

type WebTypeAppEngingIamPolicyArrayInput added in v4.11.1 

type WebTypeAppEngingIamPolicyArrayInput interface {
	pulumi.Input

	ToWebTypeAppEngingIamPolicyArrayOutput() WebTypeAppEngingIamPolicyArrayOutput
	ToWebTypeAppEngingIamPolicyArrayOutputWithContext(context.Context) WebTypeAppEngingIamPolicyArrayOutput
}

WebTypeAppEngingIamPolicyArrayInput is an input type that accepts WebTypeAppEngingIamPolicyArray and WebTypeAppEngingIamPolicyArrayOutput values. You can construct a concrete instance of `WebTypeAppEngingIamPolicyArrayInput` via: 

WebTypeAppEngingIamPolicyArray{ WebTypeAppEngingIamPolicyArgs{...} }

type WebTypeAppEngingIamPolicyArrayOutput added in v4.11.1 

type WebTypeAppEngingIamPolicyArrayOutput struct{ *pulumi.OutputState }

func (WebTypeAppEngingIamPolicyArrayOutput) ElementType added in v4.11.1 

func (WebTypeAppEngingIamPolicyArrayOutput) ElementType() reflect.Type

func (WebTypeAppEngingIamPolicyArrayOutput) Index added in v4.11.1 

func (o WebTypeAppEngingIamPolicyArrayOutput) Index(i pulumi.IntInput) WebTypeAppEngingIamPolicyOutput

func (WebTypeAppEngingIamPolicyArrayOutput) ToWebTypeAppEngingIamPolicyArrayOutput added in v4.11.1 

func (o WebTypeAppEngingIamPolicyArrayOutput) ToWebTypeAppEngingIamPolicyArrayOutput() WebTypeAppEngingIamPolicyArrayOutput

func (WebTypeAppEngingIamPolicyArrayOutput) ToWebTypeAppEngingIamPolicyArrayOutputWithContext added in v4.11.1 

func (o WebTypeAppEngingIamPolicyArrayOutput) ToWebTypeAppEngingIamPolicyArrayOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyArrayOutput

type WebTypeAppEngingIamPolicyInput added in v4.4.0 

type WebTypeAppEngingIamPolicyInput interface {
	pulumi.Input

	ToWebTypeAppEngingIamPolicyOutput() WebTypeAppEngingIamPolicyOutput
	ToWebTypeAppEngingIamPolicyOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyOutput
}

type WebTypeAppEngingIamPolicyMap added in v4.11.1 

type WebTypeAppEngingIamPolicyMap map[string]WebTypeAppEngingIamPolicyInput

func (WebTypeAppEngingIamPolicyMap) ElementType added in v4.11.1 

func (WebTypeAppEngingIamPolicyMap) ElementType() reflect.Type

func (WebTypeAppEngingIamPolicyMap) ToWebTypeAppEngingIamPolicyMapOutput added in v4.11.1 

func (i WebTypeAppEngingIamPolicyMap) ToWebTypeAppEngingIamPolicyMapOutput() WebTypeAppEngingIamPolicyMapOutput

func (WebTypeAppEngingIamPolicyMap) ToWebTypeAppEngingIamPolicyMapOutputWithContext added in v4.11.1 

func (i WebTypeAppEngingIamPolicyMap) ToWebTypeAppEngingIamPolicyMapOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyMapOutput

type WebTypeAppEngingIamPolicyMapInput added in v4.11.1 

type WebTypeAppEngingIamPolicyMapInput interface {
	pulumi.Input

	ToWebTypeAppEngingIamPolicyMapOutput() WebTypeAppEngingIamPolicyMapOutput
	ToWebTypeAppEngingIamPolicyMapOutputWithContext(context.Context) WebTypeAppEngingIamPolicyMapOutput
}

WebTypeAppEngingIamPolicyMapInput is an input type that accepts WebTypeAppEngingIamPolicyMap and WebTypeAppEngingIamPolicyMapOutput values. You can construct a concrete instance of `WebTypeAppEngingIamPolicyMapInput` via: 

WebTypeAppEngingIamPolicyMap{ "key": WebTypeAppEngingIamPolicyArgs{...} }

type WebTypeAppEngingIamPolicyMapOutput added in v4.11.1 

type WebTypeAppEngingIamPolicyMapOutput struct{ *pulumi.OutputState }

func (WebTypeAppEngingIamPolicyMapOutput) ElementType added in v4.11.1 

func (WebTypeAppEngingIamPolicyMapOutput) ElementType() reflect.Type

func (WebTypeAppEngingIamPolicyMapOutput) MapIndex added in v4.11.1 

func (o WebTypeAppEngingIamPolicyMapOutput) MapIndex(k pulumi.StringInput) WebTypeAppEngingIamPolicyOutput

func (WebTypeAppEngingIamPolicyMapOutput) ToWebTypeAppEngingIamPolicyMapOutput added in v4.11.1 

func (o WebTypeAppEngingIamPolicyMapOutput) ToWebTypeAppEngingIamPolicyMapOutput() WebTypeAppEngingIamPolicyMapOutput

func (WebTypeAppEngingIamPolicyMapOutput) ToWebTypeAppEngingIamPolicyMapOutputWithContext added in v4.11.1 

func (o WebTypeAppEngingIamPolicyMapOutput) ToWebTypeAppEngingIamPolicyMapOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyMapOutput

type WebTypeAppEngingIamPolicyOutput added in v4.4.0 

type WebTypeAppEngingIamPolicyOutput struct {
	*pulumi.OutputState
}

func (WebTypeAppEngingIamPolicyOutput) ElementType added in v4.4.0 

func (WebTypeAppEngingIamPolicyOutput) ElementType() reflect.Type

func (WebTypeAppEngingIamPolicyOutput) ToWebTypeAppEngingIamPolicyOutput added in v4.4.0 

func (o WebTypeAppEngingIamPolicyOutput) ToWebTypeAppEngingIamPolicyOutput() WebTypeAppEngingIamPolicyOutput

func (WebTypeAppEngingIamPolicyOutput) ToWebTypeAppEngingIamPolicyOutputWithContext added in v4.4.0 

func (o WebTypeAppEngingIamPolicyOutput) ToWebTypeAppEngingIamPolicyOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyOutput

func (WebTypeAppEngingIamPolicyOutput) ToWebTypeAppEngingIamPolicyPtrOutput added in v4.11.1 

func (o WebTypeAppEngingIamPolicyOutput) ToWebTypeAppEngingIamPolicyPtrOutput() WebTypeAppEngingIamPolicyPtrOutput

func (WebTypeAppEngingIamPolicyOutput) ToWebTypeAppEngingIamPolicyPtrOutputWithContext added in v4.11.1 

func (o WebTypeAppEngingIamPolicyOutput) ToWebTypeAppEngingIamPolicyPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyPtrOutput

type WebTypeAppEngingIamPolicyPtrInput added in v4.11.1 

type WebTypeAppEngingIamPolicyPtrInput interface {
	pulumi.Input

	ToWebTypeAppEngingIamPolicyPtrOutput() WebTypeAppEngingIamPolicyPtrOutput
	ToWebTypeAppEngingIamPolicyPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyPtrOutput
}

type WebTypeAppEngingIamPolicyPtrOutput added in v4.11.1 

type WebTypeAppEngingIamPolicyPtrOutput struct {
	*pulumi.OutputState
}

func (WebTypeAppEngingIamPolicyPtrOutput) ElementType added in v4.11.1 

func (WebTypeAppEngingIamPolicyPtrOutput) ElementType() reflect.Type

func (WebTypeAppEngingIamPolicyPtrOutput) ToWebTypeAppEngingIamPolicyPtrOutput added in v4.11.1 

func (o WebTypeAppEngingIamPolicyPtrOutput) ToWebTypeAppEngingIamPolicyPtrOutput() WebTypeAppEngingIamPolicyPtrOutput

func (WebTypeAppEngingIamPolicyPtrOutput) ToWebTypeAppEngingIamPolicyPtrOutputWithContext added in v4.11.1 

func (o WebTypeAppEngingIamPolicyPtrOutput) ToWebTypeAppEngingIamPolicyPtrOutputWithContext(ctx context.Context) WebTypeAppEngingIamPolicyPtrOutput

type WebTypeAppEngingIamPolicyState 

type WebTypeAppEngingIamPolicyState struct {
	// Id of the App Engine application. Used to find the parent resource to bind the IAM policy to
	AppId pulumi.StringPtrInput
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringPtrInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
}

func (WebTypeAppEngingIamPolicyState) ElementType 

func (WebTypeAppEngingIamPolicyState) ElementType() reflect.Type

type WebTypeComputeIamBinding 

type WebTypeComputeIamBinding struct {
	pulumi.CustomResourceState

	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebTypeComputeIamBindingConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag    pulumi.StringOutput      `pulumi:"etag"`
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:

* `iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached. * `iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved. * `iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.

> **Note:** `iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `iap.WebTypeComputeIamBinding` and `iap.WebTypeComputeIamMember` or they will fight over what your policy should be.

> **Note:** `iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_web\_type\_compute\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{
			Project:    pulumi.Any(google_project_service.Project_service.Project),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{
			Project:    pulumi.Any(google_project_service.Project_service.Project),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_type\_compute\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &iap.WebTypeComputeIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_type\_compute\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
			Condition: &iap.WebTypeComputeIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/compute * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor "projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor "projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor projects/{{project}}/iap_web/compute

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetWebTypeComputeIamBinding 

func GetWebTypeComputeIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WebTypeComputeIamBindingState, opts ...pulumi.ResourceOption) (*WebTypeComputeIamBinding, error)

GetWebTypeComputeIamBinding gets an existing WebTypeComputeIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWebTypeComputeIamBinding 

func NewWebTypeComputeIamBinding(ctx *pulumi.Context,
	name string, args *WebTypeComputeIamBindingArgs, opts ...pulumi.ResourceOption) (*WebTypeComputeIamBinding, error)

NewWebTypeComputeIamBinding registers a new resource with the given unique name, arguments, and options.

func (*WebTypeComputeIamBinding) ElementType added in v4.4.0 

func (*WebTypeComputeIamBinding) ElementType() reflect.Type

func (*WebTypeComputeIamBinding) ToWebTypeComputeIamBindingOutput added in v4.4.0 

func (i *WebTypeComputeIamBinding) ToWebTypeComputeIamBindingOutput() WebTypeComputeIamBindingOutput

func (*WebTypeComputeIamBinding) ToWebTypeComputeIamBindingOutputWithContext added in v4.4.0 

func (i *WebTypeComputeIamBinding) ToWebTypeComputeIamBindingOutputWithContext(ctx context.Context) WebTypeComputeIamBindingOutput

func (*WebTypeComputeIamBinding) ToWebTypeComputeIamBindingPtrOutput added in v4.11.1 

func (i *WebTypeComputeIamBinding) ToWebTypeComputeIamBindingPtrOutput() WebTypeComputeIamBindingPtrOutput

func (*WebTypeComputeIamBinding) ToWebTypeComputeIamBindingPtrOutputWithContext added in v4.11.1 

func (i *WebTypeComputeIamBinding) ToWebTypeComputeIamBindingPtrOutputWithContext(ctx context.Context) WebTypeComputeIamBindingPtrOutput

type WebTypeComputeIamBindingArgs 

type WebTypeComputeIamBindingArgs struct {
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebTypeComputeIamBindingConditionPtrInput
	Members   pulumi.StringArrayInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a WebTypeComputeIamBinding resource.

func (WebTypeComputeIamBindingArgs) ElementType 

func (WebTypeComputeIamBindingArgs) ElementType() reflect.Type

type WebTypeComputeIamBindingArray added in v4.11.1 

type WebTypeComputeIamBindingArray []WebTypeComputeIamBindingInput

func (WebTypeComputeIamBindingArray) ElementType added in v4.11.1 

func (WebTypeComputeIamBindingArray) ElementType() reflect.Type

func (WebTypeComputeIamBindingArray) ToWebTypeComputeIamBindingArrayOutput added in v4.11.1 

func (i WebTypeComputeIamBindingArray) ToWebTypeComputeIamBindingArrayOutput() WebTypeComputeIamBindingArrayOutput

func (WebTypeComputeIamBindingArray) ToWebTypeComputeIamBindingArrayOutputWithContext added in v4.11.1 

func (i WebTypeComputeIamBindingArray) ToWebTypeComputeIamBindingArrayOutputWithContext(ctx context.Context) WebTypeComputeIamBindingArrayOutput

type WebTypeComputeIamBindingArrayInput added in v4.11.1 

type WebTypeComputeIamBindingArrayInput interface {
	pulumi.Input

	ToWebTypeComputeIamBindingArrayOutput() WebTypeComputeIamBindingArrayOutput
	ToWebTypeComputeIamBindingArrayOutputWithContext(context.Context) WebTypeComputeIamBindingArrayOutput
}

WebTypeComputeIamBindingArrayInput is an input type that accepts WebTypeComputeIamBindingArray and WebTypeComputeIamBindingArrayOutput values. You can construct a concrete instance of `WebTypeComputeIamBindingArrayInput` via: 

WebTypeComputeIamBindingArray{ WebTypeComputeIamBindingArgs{...} }

type WebTypeComputeIamBindingArrayOutput added in v4.11.1 

type WebTypeComputeIamBindingArrayOutput struct{ *pulumi.OutputState }

func (WebTypeComputeIamBindingArrayOutput) ElementType added in v4.11.1 

func (WebTypeComputeIamBindingArrayOutput) ElementType() reflect.Type

func (WebTypeComputeIamBindingArrayOutput) Index added in v4.11.1 

func (o WebTypeComputeIamBindingArrayOutput) Index(i pulumi.IntInput) WebTypeComputeIamBindingOutput

func (WebTypeComputeIamBindingArrayOutput) ToWebTypeComputeIamBindingArrayOutput added in v4.11.1 

func (o WebTypeComputeIamBindingArrayOutput) ToWebTypeComputeIamBindingArrayOutput() WebTypeComputeIamBindingArrayOutput

func (WebTypeComputeIamBindingArrayOutput) ToWebTypeComputeIamBindingArrayOutputWithContext added in v4.11.1 

func (o WebTypeComputeIamBindingArrayOutput) ToWebTypeComputeIamBindingArrayOutputWithContext(ctx context.Context) WebTypeComputeIamBindingArrayOutput

type WebTypeComputeIamBindingCondition 

type WebTypeComputeIamBindingCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type WebTypeComputeIamBindingConditionArgs 

type WebTypeComputeIamBindingConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (WebTypeComputeIamBindingConditionArgs) ElementType 

func (WebTypeComputeIamBindingConditionArgs) ElementType() reflect.Type

func (WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionOutput 

func (i WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionOutput() WebTypeComputeIamBindingConditionOutput

func (WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionOutputWithContext 

func (i WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionOutput

func (WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionPtrOutput 

func (i WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionPtrOutput() WebTypeComputeIamBindingConditionPtrOutput

func (WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionPtrOutputWithContext 

func (i WebTypeComputeIamBindingConditionArgs) ToWebTypeComputeIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionPtrOutput

type WebTypeComputeIamBindingConditionInput 

type WebTypeComputeIamBindingConditionInput interface {
	pulumi.Input

	ToWebTypeComputeIamBindingConditionOutput() WebTypeComputeIamBindingConditionOutput
	ToWebTypeComputeIamBindingConditionOutputWithContext(context.Context) WebTypeComputeIamBindingConditionOutput
}

WebTypeComputeIamBindingConditionInput is an input type that accepts WebTypeComputeIamBindingConditionArgs and WebTypeComputeIamBindingConditionOutput values. You can construct a concrete instance of `WebTypeComputeIamBindingConditionInput` via: 

WebTypeComputeIamBindingConditionArgs{...}

type WebTypeComputeIamBindingConditionOutput 

type WebTypeComputeIamBindingConditionOutput struct{ *pulumi.OutputState }

func (WebTypeComputeIamBindingConditionOutput) Description 

func (o WebTypeComputeIamBindingConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (WebTypeComputeIamBindingConditionOutput) ElementType 

func (WebTypeComputeIamBindingConditionOutput) ElementType() reflect.Type

func (WebTypeComputeIamBindingConditionOutput) Expression 

func (o WebTypeComputeIamBindingConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (WebTypeComputeIamBindingConditionOutput) Title 

func (o WebTypeComputeIamBindingConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionOutput 

func (o WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionOutput() WebTypeComputeIamBindingConditionOutput

func (WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionOutputWithContext 

func (o WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionOutput

func (WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionPtrOutput 

func (o WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionPtrOutput() WebTypeComputeIamBindingConditionPtrOutput

func (WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionPtrOutputWithContext 

func (o WebTypeComputeIamBindingConditionOutput) ToWebTypeComputeIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionPtrOutput

type WebTypeComputeIamBindingConditionPtrInput 

type WebTypeComputeIamBindingConditionPtrInput interface {
	pulumi.Input

	ToWebTypeComputeIamBindingConditionPtrOutput() WebTypeComputeIamBindingConditionPtrOutput
	ToWebTypeComputeIamBindingConditionPtrOutputWithContext(context.Context) WebTypeComputeIamBindingConditionPtrOutput
}

WebTypeComputeIamBindingConditionPtrInput is an input type that accepts WebTypeComputeIamBindingConditionArgs, WebTypeComputeIamBindingConditionPtr and WebTypeComputeIamBindingConditionPtrOutput values. You can construct a concrete instance of `WebTypeComputeIamBindingConditionPtrInput` via: 

        WebTypeComputeIamBindingConditionArgs{...}

or:

        nil

func WebTypeComputeIamBindingConditionPtr 

func WebTypeComputeIamBindingConditionPtr(v *WebTypeComputeIamBindingConditionArgs) WebTypeComputeIamBindingConditionPtrInput

type WebTypeComputeIamBindingConditionPtrOutput 

type WebTypeComputeIamBindingConditionPtrOutput struct{ *pulumi.OutputState }

func (WebTypeComputeIamBindingConditionPtrOutput) Description 

func (o WebTypeComputeIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (WebTypeComputeIamBindingConditionPtrOutput) Elem 

func (o WebTypeComputeIamBindingConditionPtrOutput) Elem() WebTypeComputeIamBindingConditionOutput

func (WebTypeComputeIamBindingConditionPtrOutput) ElementType 

func (WebTypeComputeIamBindingConditionPtrOutput) ElementType() reflect.Type

func (WebTypeComputeIamBindingConditionPtrOutput) Expression 

func (o WebTypeComputeIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (WebTypeComputeIamBindingConditionPtrOutput) Title 

func (o WebTypeComputeIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (WebTypeComputeIamBindingConditionPtrOutput) ToWebTypeComputeIamBindingConditionPtrOutput 

func (o WebTypeComputeIamBindingConditionPtrOutput) ToWebTypeComputeIamBindingConditionPtrOutput() WebTypeComputeIamBindingConditionPtrOutput

func (WebTypeComputeIamBindingConditionPtrOutput) ToWebTypeComputeIamBindingConditionPtrOutputWithContext 

func (o WebTypeComputeIamBindingConditionPtrOutput) ToWebTypeComputeIamBindingConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamBindingConditionPtrOutput

type WebTypeComputeIamBindingInput added in v4.4.0 

type WebTypeComputeIamBindingInput interface {
	pulumi.Input

	ToWebTypeComputeIamBindingOutput() WebTypeComputeIamBindingOutput
	ToWebTypeComputeIamBindingOutputWithContext(ctx context.Context) WebTypeComputeIamBindingOutput
}

type WebTypeComputeIamBindingMap added in v4.11.1 

type WebTypeComputeIamBindingMap map[string]WebTypeComputeIamBindingInput

func (WebTypeComputeIamBindingMap) ElementType added in v4.11.1 

func (WebTypeComputeIamBindingMap) ElementType() reflect.Type

func (WebTypeComputeIamBindingMap) ToWebTypeComputeIamBindingMapOutput added in v4.11.1 

func (i WebTypeComputeIamBindingMap) ToWebTypeComputeIamBindingMapOutput() WebTypeComputeIamBindingMapOutput

func (WebTypeComputeIamBindingMap) ToWebTypeComputeIamBindingMapOutputWithContext added in v4.11.1 

func (i WebTypeComputeIamBindingMap) ToWebTypeComputeIamBindingMapOutputWithContext(ctx context.Context) WebTypeComputeIamBindingMapOutput

type WebTypeComputeIamBindingMapInput added in v4.11.1 

type WebTypeComputeIamBindingMapInput interface {
	pulumi.Input

	ToWebTypeComputeIamBindingMapOutput() WebTypeComputeIamBindingMapOutput
	ToWebTypeComputeIamBindingMapOutputWithContext(context.Context) WebTypeComputeIamBindingMapOutput
}

WebTypeComputeIamBindingMapInput is an input type that accepts WebTypeComputeIamBindingMap and WebTypeComputeIamBindingMapOutput values. You can construct a concrete instance of `WebTypeComputeIamBindingMapInput` via: 

WebTypeComputeIamBindingMap{ "key": WebTypeComputeIamBindingArgs{...} }

type WebTypeComputeIamBindingMapOutput added in v4.11.1 

type WebTypeComputeIamBindingMapOutput struct{ *pulumi.OutputState }

func (WebTypeComputeIamBindingMapOutput) ElementType added in v4.11.1 

func (WebTypeComputeIamBindingMapOutput) ElementType() reflect.Type

func (WebTypeComputeIamBindingMapOutput) MapIndex added in v4.11.1 

func (o WebTypeComputeIamBindingMapOutput) MapIndex(k pulumi.StringInput) WebTypeComputeIamBindingOutput

func (WebTypeComputeIamBindingMapOutput) ToWebTypeComputeIamBindingMapOutput added in v4.11.1 

func (o WebTypeComputeIamBindingMapOutput) ToWebTypeComputeIamBindingMapOutput() WebTypeComputeIamBindingMapOutput

func (WebTypeComputeIamBindingMapOutput) ToWebTypeComputeIamBindingMapOutputWithContext added in v4.11.1 

func (o WebTypeComputeIamBindingMapOutput) ToWebTypeComputeIamBindingMapOutputWithContext(ctx context.Context) WebTypeComputeIamBindingMapOutput

type WebTypeComputeIamBindingOutput added in v4.4.0 

type WebTypeComputeIamBindingOutput struct {
	*pulumi.OutputState
}

func (WebTypeComputeIamBindingOutput) ElementType added in v4.4.0 

func (WebTypeComputeIamBindingOutput) ElementType() reflect.Type

func (WebTypeComputeIamBindingOutput) ToWebTypeComputeIamBindingOutput added in v4.4.0 

func (o WebTypeComputeIamBindingOutput) ToWebTypeComputeIamBindingOutput() WebTypeComputeIamBindingOutput

func (WebTypeComputeIamBindingOutput) ToWebTypeComputeIamBindingOutputWithContext added in v4.4.0 

func (o WebTypeComputeIamBindingOutput) ToWebTypeComputeIamBindingOutputWithContext(ctx context.Context) WebTypeComputeIamBindingOutput

func (WebTypeComputeIamBindingOutput) ToWebTypeComputeIamBindingPtrOutput added in v4.11.1 

func (o WebTypeComputeIamBindingOutput) ToWebTypeComputeIamBindingPtrOutput() WebTypeComputeIamBindingPtrOutput

func (WebTypeComputeIamBindingOutput) ToWebTypeComputeIamBindingPtrOutputWithContext added in v4.11.1 

func (o WebTypeComputeIamBindingOutput) ToWebTypeComputeIamBindingPtrOutputWithContext(ctx context.Context) WebTypeComputeIamBindingPtrOutput

type WebTypeComputeIamBindingPtrInput added in v4.11.1 

type WebTypeComputeIamBindingPtrInput interface {
	pulumi.Input

	ToWebTypeComputeIamBindingPtrOutput() WebTypeComputeIamBindingPtrOutput
	ToWebTypeComputeIamBindingPtrOutputWithContext(ctx context.Context) WebTypeComputeIamBindingPtrOutput
}

type WebTypeComputeIamBindingPtrOutput added in v4.11.1 

type WebTypeComputeIamBindingPtrOutput struct {
	*pulumi.OutputState
}

func (WebTypeComputeIamBindingPtrOutput) ElementType added in v4.11.1 

func (WebTypeComputeIamBindingPtrOutput) ElementType() reflect.Type

func (WebTypeComputeIamBindingPtrOutput) ToWebTypeComputeIamBindingPtrOutput added in v4.11.1 

func (o WebTypeComputeIamBindingPtrOutput) ToWebTypeComputeIamBindingPtrOutput() WebTypeComputeIamBindingPtrOutput

func (WebTypeComputeIamBindingPtrOutput) ToWebTypeComputeIamBindingPtrOutputWithContext added in v4.11.1 

func (o WebTypeComputeIamBindingPtrOutput) ToWebTypeComputeIamBindingPtrOutputWithContext(ctx context.Context) WebTypeComputeIamBindingPtrOutput

type WebTypeComputeIamBindingState 

type WebTypeComputeIamBindingState struct {
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebTypeComputeIamBindingConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag    pulumi.StringPtrInput
	Members pulumi.StringArrayInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (WebTypeComputeIamBindingState) ElementType 

func (WebTypeComputeIamBindingState) ElementType() reflect.Type

type WebTypeComputeIamMember 

type WebTypeComputeIamMember struct {
	pulumi.CustomResourceState

	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebTypeComputeIamMemberConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag   pulumi.StringOutput `pulumi:"etag"`
	Member pulumi.StringOutput `pulumi:"member"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:

* `iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached. * `iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved. * `iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.

> **Note:** `iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `iap.WebTypeComputeIamBinding` and `iap.WebTypeComputeIamMember` or they will fight over what your policy should be.

> **Note:** `iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_web\_type\_compute\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{
			Project:    pulumi.Any(google_project_service.Project_service.Project),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{
			Project:    pulumi.Any(google_project_service.Project_service.Project),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_type\_compute\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &iap.WebTypeComputeIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_type\_compute\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
			Condition: &iap.WebTypeComputeIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/compute * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor "projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor "projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor projects/{{project}}/iap_web/compute

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetWebTypeComputeIamMember 

func GetWebTypeComputeIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WebTypeComputeIamMemberState, opts ...pulumi.ResourceOption) (*WebTypeComputeIamMember, error)

GetWebTypeComputeIamMember gets an existing WebTypeComputeIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWebTypeComputeIamMember 

func NewWebTypeComputeIamMember(ctx *pulumi.Context,
	name string, args *WebTypeComputeIamMemberArgs, opts ...pulumi.ResourceOption) (*WebTypeComputeIamMember, error)

NewWebTypeComputeIamMember registers a new resource with the given unique name, arguments, and options.

func (*WebTypeComputeIamMember) ElementType added in v4.4.0 

func (*WebTypeComputeIamMember) ElementType() reflect.Type

func (*WebTypeComputeIamMember) ToWebTypeComputeIamMemberOutput added in v4.4.0 

func (i *WebTypeComputeIamMember) ToWebTypeComputeIamMemberOutput() WebTypeComputeIamMemberOutput

func (*WebTypeComputeIamMember) ToWebTypeComputeIamMemberOutputWithContext added in v4.4.0 

func (i *WebTypeComputeIamMember) ToWebTypeComputeIamMemberOutputWithContext(ctx context.Context) WebTypeComputeIamMemberOutput

func (*WebTypeComputeIamMember) ToWebTypeComputeIamMemberPtrOutput added in v4.11.1 

func (i *WebTypeComputeIamMember) ToWebTypeComputeIamMemberPtrOutput() WebTypeComputeIamMemberPtrOutput

func (*WebTypeComputeIamMember) ToWebTypeComputeIamMemberPtrOutputWithContext added in v4.11.1 

func (i *WebTypeComputeIamMember) ToWebTypeComputeIamMemberPtrOutputWithContext(ctx context.Context) WebTypeComputeIamMemberPtrOutput

type WebTypeComputeIamMemberArgs 

type WebTypeComputeIamMemberArgs struct {
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebTypeComputeIamMemberConditionPtrInput
	Member    pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a WebTypeComputeIamMember resource.

func (WebTypeComputeIamMemberArgs) ElementType 

func (WebTypeComputeIamMemberArgs) ElementType() reflect.Type

type WebTypeComputeIamMemberArray added in v4.11.1 

type WebTypeComputeIamMemberArray []WebTypeComputeIamMemberInput

func (WebTypeComputeIamMemberArray) ElementType added in v4.11.1 

func (WebTypeComputeIamMemberArray) ElementType() reflect.Type

func (WebTypeComputeIamMemberArray) ToWebTypeComputeIamMemberArrayOutput added in v4.11.1 

func (i WebTypeComputeIamMemberArray) ToWebTypeComputeIamMemberArrayOutput() WebTypeComputeIamMemberArrayOutput

func (WebTypeComputeIamMemberArray) ToWebTypeComputeIamMemberArrayOutputWithContext added in v4.11.1 

func (i WebTypeComputeIamMemberArray) ToWebTypeComputeIamMemberArrayOutputWithContext(ctx context.Context) WebTypeComputeIamMemberArrayOutput

type WebTypeComputeIamMemberArrayInput added in v4.11.1 

type WebTypeComputeIamMemberArrayInput interface {
	pulumi.Input

	ToWebTypeComputeIamMemberArrayOutput() WebTypeComputeIamMemberArrayOutput
	ToWebTypeComputeIamMemberArrayOutputWithContext(context.Context) WebTypeComputeIamMemberArrayOutput
}

WebTypeComputeIamMemberArrayInput is an input type that accepts WebTypeComputeIamMemberArray and WebTypeComputeIamMemberArrayOutput values. You can construct a concrete instance of `WebTypeComputeIamMemberArrayInput` via: 

WebTypeComputeIamMemberArray{ WebTypeComputeIamMemberArgs{...} }

type WebTypeComputeIamMemberArrayOutput added in v4.11.1 

type WebTypeComputeIamMemberArrayOutput struct{ *pulumi.OutputState }

func (WebTypeComputeIamMemberArrayOutput) ElementType added in v4.11.1 

func (WebTypeComputeIamMemberArrayOutput) ElementType() reflect.Type

func (WebTypeComputeIamMemberArrayOutput) Index added in v4.11.1 

func (o WebTypeComputeIamMemberArrayOutput) Index(i pulumi.IntInput) WebTypeComputeIamMemberOutput

func (WebTypeComputeIamMemberArrayOutput) ToWebTypeComputeIamMemberArrayOutput added in v4.11.1 

func (o WebTypeComputeIamMemberArrayOutput) ToWebTypeComputeIamMemberArrayOutput() WebTypeComputeIamMemberArrayOutput

func (WebTypeComputeIamMemberArrayOutput) ToWebTypeComputeIamMemberArrayOutputWithContext added in v4.11.1 

func (o WebTypeComputeIamMemberArrayOutput) ToWebTypeComputeIamMemberArrayOutputWithContext(ctx context.Context) WebTypeComputeIamMemberArrayOutput

type WebTypeComputeIamMemberCondition 

type WebTypeComputeIamMemberCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type WebTypeComputeIamMemberConditionArgs 

type WebTypeComputeIamMemberConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (WebTypeComputeIamMemberConditionArgs) ElementType 

func (WebTypeComputeIamMemberConditionArgs) ElementType() reflect.Type

func (WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionOutput 

func (i WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionOutput() WebTypeComputeIamMemberConditionOutput

func (WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionOutputWithContext 

func (i WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionOutput

func (WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionPtrOutput 

func (i WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionPtrOutput() WebTypeComputeIamMemberConditionPtrOutput

func (WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionPtrOutputWithContext 

func (i WebTypeComputeIamMemberConditionArgs) ToWebTypeComputeIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionPtrOutput

type WebTypeComputeIamMemberConditionInput 

type WebTypeComputeIamMemberConditionInput interface {
	pulumi.Input

	ToWebTypeComputeIamMemberConditionOutput() WebTypeComputeIamMemberConditionOutput
	ToWebTypeComputeIamMemberConditionOutputWithContext(context.Context) WebTypeComputeIamMemberConditionOutput
}

WebTypeComputeIamMemberConditionInput is an input type that accepts WebTypeComputeIamMemberConditionArgs and WebTypeComputeIamMemberConditionOutput values. You can construct a concrete instance of `WebTypeComputeIamMemberConditionInput` via: 

WebTypeComputeIamMemberConditionArgs{...}

type WebTypeComputeIamMemberConditionOutput 

type WebTypeComputeIamMemberConditionOutput struct{ *pulumi.OutputState }

func (WebTypeComputeIamMemberConditionOutput) Description 

func (o WebTypeComputeIamMemberConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (WebTypeComputeIamMemberConditionOutput) ElementType 

func (WebTypeComputeIamMemberConditionOutput) ElementType() reflect.Type

func (WebTypeComputeIamMemberConditionOutput) Expression 

func (o WebTypeComputeIamMemberConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (WebTypeComputeIamMemberConditionOutput) Title 

func (o WebTypeComputeIamMemberConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionOutput 

func (o WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionOutput() WebTypeComputeIamMemberConditionOutput

func (WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionOutputWithContext 

func (o WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionOutput

func (WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionPtrOutput 

func (o WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionPtrOutput() WebTypeComputeIamMemberConditionPtrOutput

func (WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionPtrOutputWithContext 

func (o WebTypeComputeIamMemberConditionOutput) ToWebTypeComputeIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionPtrOutput

type WebTypeComputeIamMemberConditionPtrInput 

type WebTypeComputeIamMemberConditionPtrInput interface {
	pulumi.Input

	ToWebTypeComputeIamMemberConditionPtrOutput() WebTypeComputeIamMemberConditionPtrOutput
	ToWebTypeComputeIamMemberConditionPtrOutputWithContext(context.Context) WebTypeComputeIamMemberConditionPtrOutput
}

WebTypeComputeIamMemberConditionPtrInput is an input type that accepts WebTypeComputeIamMemberConditionArgs, WebTypeComputeIamMemberConditionPtr and WebTypeComputeIamMemberConditionPtrOutput values. You can construct a concrete instance of `WebTypeComputeIamMemberConditionPtrInput` via: 

        WebTypeComputeIamMemberConditionArgs{...}

or:

        nil

func WebTypeComputeIamMemberConditionPtr 

func WebTypeComputeIamMemberConditionPtr(v *WebTypeComputeIamMemberConditionArgs) WebTypeComputeIamMemberConditionPtrInput

type WebTypeComputeIamMemberConditionPtrOutput 

type WebTypeComputeIamMemberConditionPtrOutput struct{ *pulumi.OutputState }

func (WebTypeComputeIamMemberConditionPtrOutput) Description 

func (o WebTypeComputeIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (WebTypeComputeIamMemberConditionPtrOutput) Elem 

func (o WebTypeComputeIamMemberConditionPtrOutput) Elem() WebTypeComputeIamMemberConditionOutput

func (WebTypeComputeIamMemberConditionPtrOutput) ElementType 

func (WebTypeComputeIamMemberConditionPtrOutput) ElementType() reflect.Type

func (WebTypeComputeIamMemberConditionPtrOutput) Expression 

func (o WebTypeComputeIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (WebTypeComputeIamMemberConditionPtrOutput) Title 

func (o WebTypeComputeIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (WebTypeComputeIamMemberConditionPtrOutput) ToWebTypeComputeIamMemberConditionPtrOutput 

func (o WebTypeComputeIamMemberConditionPtrOutput) ToWebTypeComputeIamMemberConditionPtrOutput() WebTypeComputeIamMemberConditionPtrOutput

func (WebTypeComputeIamMemberConditionPtrOutput) ToWebTypeComputeIamMemberConditionPtrOutputWithContext 

func (o WebTypeComputeIamMemberConditionPtrOutput) ToWebTypeComputeIamMemberConditionPtrOutputWithContext(ctx context.Context) WebTypeComputeIamMemberConditionPtrOutput

type WebTypeComputeIamMemberInput added in v4.4.0 

type WebTypeComputeIamMemberInput interface {
	pulumi.Input

	ToWebTypeComputeIamMemberOutput() WebTypeComputeIamMemberOutput
	ToWebTypeComputeIamMemberOutputWithContext(ctx context.Context) WebTypeComputeIamMemberOutput
}

type WebTypeComputeIamMemberMap added in v4.11.1 

type WebTypeComputeIamMemberMap map[string]WebTypeComputeIamMemberInput

func (WebTypeComputeIamMemberMap) ElementType added in v4.11.1 

func (WebTypeComputeIamMemberMap) ElementType() reflect.Type

func (WebTypeComputeIamMemberMap) ToWebTypeComputeIamMemberMapOutput added in v4.11.1 

func (i WebTypeComputeIamMemberMap) ToWebTypeComputeIamMemberMapOutput() WebTypeComputeIamMemberMapOutput

func (WebTypeComputeIamMemberMap) ToWebTypeComputeIamMemberMapOutputWithContext added in v4.11.1 

func (i WebTypeComputeIamMemberMap) ToWebTypeComputeIamMemberMapOutputWithContext(ctx context.Context) WebTypeComputeIamMemberMapOutput

type WebTypeComputeIamMemberMapInput added in v4.11.1 

type WebTypeComputeIamMemberMapInput interface {
	pulumi.Input

	ToWebTypeComputeIamMemberMapOutput() WebTypeComputeIamMemberMapOutput
	ToWebTypeComputeIamMemberMapOutputWithContext(context.Context) WebTypeComputeIamMemberMapOutput
}

WebTypeComputeIamMemberMapInput is an input type that accepts WebTypeComputeIamMemberMap and WebTypeComputeIamMemberMapOutput values. You can construct a concrete instance of `WebTypeComputeIamMemberMapInput` via: 

WebTypeComputeIamMemberMap{ "key": WebTypeComputeIamMemberArgs{...} }

type WebTypeComputeIamMemberMapOutput added in v4.11.1 

type WebTypeComputeIamMemberMapOutput struct{ *pulumi.OutputState }

func (WebTypeComputeIamMemberMapOutput) ElementType added in v4.11.1 

func (WebTypeComputeIamMemberMapOutput) ElementType() reflect.Type

func (WebTypeComputeIamMemberMapOutput) MapIndex added in v4.11.1 

func (o WebTypeComputeIamMemberMapOutput) MapIndex(k pulumi.StringInput) WebTypeComputeIamMemberOutput

func (WebTypeComputeIamMemberMapOutput) ToWebTypeComputeIamMemberMapOutput added in v4.11.1 

func (o WebTypeComputeIamMemberMapOutput) ToWebTypeComputeIamMemberMapOutput() WebTypeComputeIamMemberMapOutput

func (WebTypeComputeIamMemberMapOutput) ToWebTypeComputeIamMemberMapOutputWithContext added in v4.11.1 

func (o WebTypeComputeIamMemberMapOutput) ToWebTypeComputeIamMemberMapOutputWithContext(ctx context.Context) WebTypeComputeIamMemberMapOutput

type WebTypeComputeIamMemberOutput added in v4.4.0 

type WebTypeComputeIamMemberOutput struct {
	*pulumi.OutputState
}

func (WebTypeComputeIamMemberOutput) ElementType added in v4.4.0 

func (WebTypeComputeIamMemberOutput) ElementType() reflect.Type

func (WebTypeComputeIamMemberOutput) ToWebTypeComputeIamMemberOutput added in v4.4.0 

func (o WebTypeComputeIamMemberOutput) ToWebTypeComputeIamMemberOutput() WebTypeComputeIamMemberOutput

func (WebTypeComputeIamMemberOutput) ToWebTypeComputeIamMemberOutputWithContext added in v4.4.0 

func (o WebTypeComputeIamMemberOutput) ToWebTypeComputeIamMemberOutputWithContext(ctx context.Context) WebTypeComputeIamMemberOutput

func (WebTypeComputeIamMemberOutput) ToWebTypeComputeIamMemberPtrOutput added in v4.11.1 

func (o WebTypeComputeIamMemberOutput) ToWebTypeComputeIamMemberPtrOutput() WebTypeComputeIamMemberPtrOutput

func (WebTypeComputeIamMemberOutput) ToWebTypeComputeIamMemberPtrOutputWithContext added in v4.11.1 

func (o WebTypeComputeIamMemberOutput) ToWebTypeComputeIamMemberPtrOutputWithContext(ctx context.Context) WebTypeComputeIamMemberPtrOutput

type WebTypeComputeIamMemberPtrInput added in v4.11.1 

type WebTypeComputeIamMemberPtrInput interface {
	pulumi.Input

	ToWebTypeComputeIamMemberPtrOutput() WebTypeComputeIamMemberPtrOutput
	ToWebTypeComputeIamMemberPtrOutputWithContext(ctx context.Context) WebTypeComputeIamMemberPtrOutput
}

type WebTypeComputeIamMemberPtrOutput added in v4.11.1 

type WebTypeComputeIamMemberPtrOutput struct {
	*pulumi.OutputState
}

func (WebTypeComputeIamMemberPtrOutput) ElementType added in v4.11.1 

func (WebTypeComputeIamMemberPtrOutput) ElementType() reflect.Type

func (WebTypeComputeIamMemberPtrOutput) ToWebTypeComputeIamMemberPtrOutput added in v4.11.1 

func (o WebTypeComputeIamMemberPtrOutput) ToWebTypeComputeIamMemberPtrOutput() WebTypeComputeIamMemberPtrOutput

func (WebTypeComputeIamMemberPtrOutput) ToWebTypeComputeIamMemberPtrOutputWithContext added in v4.11.1 

func (o WebTypeComputeIamMemberPtrOutput) ToWebTypeComputeIamMemberPtrOutputWithContext(ctx context.Context) WebTypeComputeIamMemberPtrOutput

type WebTypeComputeIamMemberState 

type WebTypeComputeIamMemberState struct {
	// ) An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition WebTypeComputeIamMemberConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag   pulumi.StringPtrInput
	Member pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (WebTypeComputeIamMemberState) ElementType 

func (WebTypeComputeIamMemberState) ElementType() reflect.Type

type WebTypeComputeIamPolicy 

type WebTypeComputeIamPolicy struct {
	pulumi.CustomResourceState

	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringOutput `pulumi:"policyData"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
}

Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:

* `iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached. * `iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved. * `iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.

> **Note:** `iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `iap.WebTypeComputeIamBinding` and `iap.WebTypeComputeIamMember` or they will fight over what your policy should be.

> **Note:** `iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.

## google\_iap\_web\_type\_compute\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{
			Project:    pulumi.Any(google_project_service.Project_service.Project),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				organizations.GetIAMPolicyBinding{
					Role: "roles/iap.httpsResourceAccessor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: organizations.GetIAMPolicyBindingCondition{
						Title:       "expires_after_2019_12_31",
						Description: "Expiring at midnight of 2019-12-31",
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{
			Project:    pulumi.Any(google_project_service.Project_service.Project),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_type\_compute\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &iap.WebTypeComputeIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## google\_iap\_web\_type\_compute\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/iap"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{
			Project: pulumi.Any(google_project_service.Project_service.Project),
			Role:    pulumi.String("roles/iap.httpsResourceAccessor"),
			Member:  pulumi.String("user:jane@example.com"),
			Condition: &iap.WebTypeComputeIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/iap_web/compute * {{project}} Any variables not passed in the import command will be taken from the provider configuration. Identity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh 

$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor "projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com"

``` 

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh 

$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor "projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor"

``` 

IAM policy imports use the identifier of the resource in question, e.g.

```sh 

$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor projects/{{project}}/iap_web/compute

``` 

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetWebTypeComputeIamPolicy 

func GetWebTypeComputeIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WebTypeComputeIamPolicyState, opts ...pulumi.ResourceOption) (*WebTypeComputeIamPolicy, error)

GetWebTypeComputeIamPolicy gets an existing WebTypeComputeIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWebTypeComputeIamPolicy 

func NewWebTypeComputeIamPolicy(ctx *pulumi.Context,
	name string, args *WebTypeComputeIamPolicyArgs, opts ...pulumi.ResourceOption) (*WebTypeComputeIamPolicy, error)

NewWebTypeComputeIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*WebTypeComputeIamPolicy) ElementType added in v4.4.0 

func (*WebTypeComputeIamPolicy) ElementType() reflect.Type

func (*WebTypeComputeIamPolicy) ToWebTypeComputeIamPolicyOutput added in v4.4.0 

func (i *WebTypeComputeIamPolicy) ToWebTypeComputeIamPolicyOutput() WebTypeComputeIamPolicyOutput

func (*WebTypeComputeIamPolicy) ToWebTypeComputeIamPolicyOutputWithContext added in v4.4.0 

func (i *WebTypeComputeIamPolicy) ToWebTypeComputeIamPolicyOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyOutput

func (*WebTypeComputeIamPolicy) ToWebTypeComputeIamPolicyPtrOutput added in v4.11.1 

func (i *WebTypeComputeIamPolicy) ToWebTypeComputeIamPolicyPtrOutput() WebTypeComputeIamPolicyPtrOutput

func (*WebTypeComputeIamPolicy) ToWebTypeComputeIamPolicyPtrOutputWithContext added in v4.11.1 

func (i *WebTypeComputeIamPolicy) ToWebTypeComputeIamPolicyPtrOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyPtrOutput

type WebTypeComputeIamPolicyArgs 

type WebTypeComputeIamPolicyArgs struct {
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
}

The set of arguments for constructing a WebTypeComputeIamPolicy resource.

func (WebTypeComputeIamPolicyArgs) ElementType 

func (WebTypeComputeIamPolicyArgs) ElementType() reflect.Type

type WebTypeComputeIamPolicyArray added in v4.11.1 

type WebTypeComputeIamPolicyArray []WebTypeComputeIamPolicyInput

func (WebTypeComputeIamPolicyArray) ElementType added in v4.11.1 

func (WebTypeComputeIamPolicyArray) ElementType() reflect.Type

func (WebTypeComputeIamPolicyArray) ToWebTypeComputeIamPolicyArrayOutput added in v4.11.1 

func (i WebTypeComputeIamPolicyArray) ToWebTypeComputeIamPolicyArrayOutput() WebTypeComputeIamPolicyArrayOutput

func (WebTypeComputeIamPolicyArray) ToWebTypeComputeIamPolicyArrayOutputWithContext added in v4.11.1 

func (i WebTypeComputeIamPolicyArray) ToWebTypeComputeIamPolicyArrayOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyArrayOutput

type WebTypeComputeIamPolicyArrayInput added in v4.11.1 

type WebTypeComputeIamPolicyArrayInput interface {
	pulumi.Input

	ToWebTypeComputeIamPolicyArrayOutput() WebTypeComputeIamPolicyArrayOutput
	ToWebTypeComputeIamPolicyArrayOutputWithContext(context.Context) WebTypeComputeIamPolicyArrayOutput
}

WebTypeComputeIamPolicyArrayInput is an input type that accepts WebTypeComputeIamPolicyArray and WebTypeComputeIamPolicyArrayOutput values. You can construct a concrete instance of `WebTypeComputeIamPolicyArrayInput` via: 

WebTypeComputeIamPolicyArray{ WebTypeComputeIamPolicyArgs{...} }

type WebTypeComputeIamPolicyArrayOutput added in v4.11.1 

type WebTypeComputeIamPolicyArrayOutput struct{ *pulumi.OutputState }

func (WebTypeComputeIamPolicyArrayOutput) ElementType added in v4.11.1 

func (WebTypeComputeIamPolicyArrayOutput) ElementType() reflect.Type

func (WebTypeComputeIamPolicyArrayOutput) Index added in v4.11.1 

func (o WebTypeComputeIamPolicyArrayOutput) Index(i pulumi.IntInput) WebTypeComputeIamPolicyOutput

func (WebTypeComputeIamPolicyArrayOutput) ToWebTypeComputeIamPolicyArrayOutput added in v4.11.1 

func (o WebTypeComputeIamPolicyArrayOutput) ToWebTypeComputeIamPolicyArrayOutput() WebTypeComputeIamPolicyArrayOutput

func (WebTypeComputeIamPolicyArrayOutput) ToWebTypeComputeIamPolicyArrayOutputWithContext added in v4.11.1 

func (o WebTypeComputeIamPolicyArrayOutput) ToWebTypeComputeIamPolicyArrayOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyArrayOutput

type WebTypeComputeIamPolicyInput added in v4.4.0 

type WebTypeComputeIamPolicyInput interface {
	pulumi.Input

	ToWebTypeComputeIamPolicyOutput() WebTypeComputeIamPolicyOutput
	ToWebTypeComputeIamPolicyOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyOutput
}

type WebTypeComputeIamPolicyMap added in v4.11.1 

type WebTypeComputeIamPolicyMap map[string]WebTypeComputeIamPolicyInput

func (WebTypeComputeIamPolicyMap) ElementType added in v4.11.1 

func (WebTypeComputeIamPolicyMap) ElementType() reflect.Type

func (WebTypeComputeIamPolicyMap) ToWebTypeComputeIamPolicyMapOutput added in v4.11.1 

func (i WebTypeComputeIamPolicyMap) ToWebTypeComputeIamPolicyMapOutput() WebTypeComputeIamPolicyMapOutput

func (WebTypeComputeIamPolicyMap) ToWebTypeComputeIamPolicyMapOutputWithContext added in v4.11.1 

func (i WebTypeComputeIamPolicyMap) ToWebTypeComputeIamPolicyMapOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyMapOutput

type WebTypeComputeIamPolicyMapInput added in v4.11.1 

type WebTypeComputeIamPolicyMapInput interface {
	pulumi.Input

	ToWebTypeComputeIamPolicyMapOutput() WebTypeComputeIamPolicyMapOutput
	ToWebTypeComputeIamPolicyMapOutputWithContext(context.Context) WebTypeComputeIamPolicyMapOutput
}

WebTypeComputeIamPolicyMapInput is an input type that accepts WebTypeComputeIamPolicyMap and WebTypeComputeIamPolicyMapOutput values. You can construct a concrete instance of `WebTypeComputeIamPolicyMapInput` via: 

WebTypeComputeIamPolicyMap{ "key": WebTypeComputeIamPolicyArgs{...} }

type WebTypeComputeIamPolicyMapOutput added in v4.11.1 

type WebTypeComputeIamPolicyMapOutput struct{ *pulumi.OutputState }

func (WebTypeComputeIamPolicyMapOutput) ElementType added in v4.11.1 

func (WebTypeComputeIamPolicyMapOutput) ElementType() reflect.Type

func (WebTypeComputeIamPolicyMapOutput) MapIndex added in v4.11.1 

func (o WebTypeComputeIamPolicyMapOutput) MapIndex(k pulumi.StringInput) WebTypeComputeIamPolicyOutput

func (WebTypeComputeIamPolicyMapOutput) ToWebTypeComputeIamPolicyMapOutput added in v4.11.1 

func (o WebTypeComputeIamPolicyMapOutput) ToWebTypeComputeIamPolicyMapOutput() WebTypeComputeIamPolicyMapOutput

func (WebTypeComputeIamPolicyMapOutput) ToWebTypeComputeIamPolicyMapOutputWithContext added in v4.11.1 

func (o WebTypeComputeIamPolicyMapOutput) ToWebTypeComputeIamPolicyMapOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyMapOutput

type WebTypeComputeIamPolicyOutput added in v4.4.0 

type WebTypeComputeIamPolicyOutput struct {
	*pulumi.OutputState
}

func (WebTypeComputeIamPolicyOutput) ElementType added in v4.4.0 

func (WebTypeComputeIamPolicyOutput) ElementType() reflect.Type

func (WebTypeComputeIamPolicyOutput) ToWebTypeComputeIamPolicyOutput added in v4.4.0 

func (o WebTypeComputeIamPolicyOutput) ToWebTypeComputeIamPolicyOutput() WebTypeComputeIamPolicyOutput

func (WebTypeComputeIamPolicyOutput) ToWebTypeComputeIamPolicyOutputWithContext added in v4.4.0 

func (o WebTypeComputeIamPolicyOutput) ToWebTypeComputeIamPolicyOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyOutput

func (WebTypeComputeIamPolicyOutput) ToWebTypeComputeIamPolicyPtrOutput added in v4.11.1 

func (o WebTypeComputeIamPolicyOutput) ToWebTypeComputeIamPolicyPtrOutput() WebTypeComputeIamPolicyPtrOutput

func (WebTypeComputeIamPolicyOutput) ToWebTypeComputeIamPolicyPtrOutputWithContext added in v4.11.1 

func (o WebTypeComputeIamPolicyOutput) ToWebTypeComputeIamPolicyPtrOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyPtrOutput

type WebTypeComputeIamPolicyPtrInput added in v4.11.1 

type WebTypeComputeIamPolicyPtrInput interface {
	pulumi.Input

	ToWebTypeComputeIamPolicyPtrOutput() WebTypeComputeIamPolicyPtrOutput
	ToWebTypeComputeIamPolicyPtrOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyPtrOutput
}

type WebTypeComputeIamPolicyPtrOutput added in v4.11.1 

type WebTypeComputeIamPolicyPtrOutput struct {
	*pulumi.OutputState
}

func (WebTypeComputeIamPolicyPtrOutput) ElementType added in v4.11.1 

func (WebTypeComputeIamPolicyPtrOutput) ElementType() reflect.Type

func (WebTypeComputeIamPolicyPtrOutput) ToWebTypeComputeIamPolicyPtrOutput added in v4.11.1 

func (o WebTypeComputeIamPolicyPtrOutput) ToWebTypeComputeIamPolicyPtrOutput() WebTypeComputeIamPolicyPtrOutput

func (WebTypeComputeIamPolicyPtrOutput) ToWebTypeComputeIamPolicyPtrOutputWithContext added in v4.11.1 

func (o WebTypeComputeIamPolicyPtrOutput) ToWebTypeComputeIamPolicyPtrOutputWithContext(ctx context.Context) WebTypeComputeIamPolicyPtrOutput

type WebTypeComputeIamPolicyState 

type WebTypeComputeIamPolicyState struct {
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringPtrInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
}

func (WebTypeComputeIamPolicyState) ElementType 

func (WebTypeComputeIamPolicyState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.