v1beta1

package
v0.32.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 29, 2023 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Not specified.
	PkixPublicKeySignatureAlgorithmSignatureAlgorithmUnspecified = PkixPublicKeySignatureAlgorithm("SIGNATURE_ALGORITHM_UNSPECIFIED")
	// RSASSA-PSS 2048 bit key with a SHA256 digest.
	PkixPublicKeySignatureAlgorithmRsaPss2048Sha256 = PkixPublicKeySignatureAlgorithm("RSA_PSS_2048_SHA256")
	// RSASSA-PSS 2048 bit key with a SHA256 digest.
	PkixPublicKeySignatureAlgorithmRsaSignPss2048Sha256 = PkixPublicKeySignatureAlgorithm("RSA_SIGN_PSS_2048_SHA256")
	// RSASSA-PSS 3072 bit key with a SHA256 digest.
	PkixPublicKeySignatureAlgorithmRsaPss3072Sha256 = PkixPublicKeySignatureAlgorithm("RSA_PSS_3072_SHA256")
	// RSASSA-PSS 3072 bit key with a SHA256 digest.
	PkixPublicKeySignatureAlgorithmRsaSignPss3072Sha256 = PkixPublicKeySignatureAlgorithm("RSA_SIGN_PSS_3072_SHA256")
	// RSASSA-PSS 4096 bit key with a SHA256 digest.
	PkixPublicKeySignatureAlgorithmRsaPss4096Sha256 = PkixPublicKeySignatureAlgorithm("RSA_PSS_4096_SHA256")
	// RSASSA-PSS 4096 bit key with a SHA256 digest.
	PkixPublicKeySignatureAlgorithmRsaSignPss4096Sha256 = PkixPublicKeySignatureAlgorithm("RSA_SIGN_PSS_4096_SHA256")
	// RSASSA-PSS 4096 bit key with a SHA512 digest.
	PkixPublicKeySignatureAlgorithmRsaPss4096Sha512 = PkixPublicKeySignatureAlgorithm("RSA_PSS_4096_SHA512")
	// RSASSA-PSS 4096 bit key with a SHA512 digest.
	PkixPublicKeySignatureAlgorithmRsaSignPss4096Sha512 = PkixPublicKeySignatureAlgorithm("RSA_SIGN_PSS_4096_SHA512")
	// RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
	PkixPublicKeySignatureAlgorithmRsaSignPkcs12048Sha256 = PkixPublicKeySignatureAlgorithm("RSA_SIGN_PKCS1_2048_SHA256")
	// RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
	PkixPublicKeySignatureAlgorithmRsaSignPkcs13072Sha256 = PkixPublicKeySignatureAlgorithm("RSA_SIGN_PKCS1_3072_SHA256")
	// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
	PkixPublicKeySignatureAlgorithmRsaSignPkcs14096Sha256 = PkixPublicKeySignatureAlgorithm("RSA_SIGN_PKCS1_4096_SHA256")
	// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
	PkixPublicKeySignatureAlgorithmRsaSignPkcs14096Sha512 = PkixPublicKeySignatureAlgorithm("RSA_SIGN_PKCS1_4096_SHA512")
	// ECDSA on the NIST P-256 curve with a SHA256 digest.
	PkixPublicKeySignatureAlgorithmEcdsaP256Sha256 = PkixPublicKeySignatureAlgorithm("ECDSA_P256_SHA256")
	// ECDSA on the NIST P-256 curve with a SHA256 digest.
	PkixPublicKeySignatureAlgorithmEcSignP256Sha256 = PkixPublicKeySignatureAlgorithm("EC_SIGN_P256_SHA256")
	// ECDSA on the NIST P-384 curve with a SHA384 digest.
	PkixPublicKeySignatureAlgorithmEcdsaP384Sha384 = PkixPublicKeySignatureAlgorithm("ECDSA_P384_SHA384")
	// ECDSA on the NIST P-384 curve with a SHA384 digest.
	PkixPublicKeySignatureAlgorithmEcSignP384Sha384 = PkixPublicKeySignatureAlgorithm("EC_SIGN_P384_SHA384")
	// ECDSA on the NIST P-521 curve with a SHA512 digest.
	PkixPublicKeySignatureAlgorithmEcdsaP521Sha512 = PkixPublicKeySignatureAlgorithm("ECDSA_P521_SHA512")
	// ECDSA on the NIST P-521 curve with a SHA512 digest.
	PkixPublicKeySignatureAlgorithmEcSignP521Sha512 = PkixPublicKeySignatureAlgorithm("EC_SIGN_P521_SHA512")
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Attestor 

type Attestor struct {
	pulumi.CustomResourceState

	// Required. The attestors ID.
	AttestorId pulumi.StringOutput `pulumi:"attestorId"`
	// Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
	Description pulumi.StringOutput `pulumi:"description"`
	// Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The resource name, in the format: `projects/*/attestors/*`. This field may not be updated.
	Name    pulumi.StringOutput `pulumi:"name"`
	Project pulumi.StringOutput `pulumi:"project"`
	// Time when the attestor was last updated.
	UpdateTime pulumi.StringOutput `pulumi:"updateTime"`
	// A Drydock ATTESTATION_AUTHORITY Note, created by the user.
	UserOwnedDrydockNote UserOwnedDrydockNoteResponseOutput `pulumi:"userOwnedDrydockNote"`
}

Creates an attestor, and returns a copy of the new attestor. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the attestor already exists.

func GetAttestor 

func GetAttestor(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AttestorState, opts ...pulumi.ResourceOption) (*Attestor, error)

GetAttestor gets an existing Attestor resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAttestor 

func NewAttestor(ctx *pulumi.Context,
	name string, args *AttestorArgs, opts ...pulumi.ResourceOption) (*Attestor, error)

NewAttestor registers a new resource with the given unique name, arguments, and options.

func (*Attestor) ElementType 

func (*Attestor) ElementType() reflect.Type

func (*Attestor) ToAttestorOutput 

func (i *Attestor) ToAttestorOutput() AttestorOutput

func (*Attestor) ToAttestorOutputWithContext 

func (i *Attestor) ToAttestorOutputWithContext(ctx context.Context) AttestorOutput

type AttestorArgs 

type AttestorArgs struct {
	// Required. The attestors ID.
	AttestorId pulumi.StringInput
	// Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
	Description pulumi.StringPtrInput
	// Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
	Etag pulumi.StringPtrInput
	// The resource name, in the format: `projects/*/attestors/*`. This field may not be updated.
	Name    pulumi.StringPtrInput
	Project pulumi.StringPtrInput
	// A Drydock ATTESTATION_AUTHORITY Note, created by the user.
	UserOwnedDrydockNote UserOwnedDrydockNotePtrInput
}

The set of arguments for constructing a Attestor resource.

func (AttestorArgs) ElementType 

func (AttestorArgs) ElementType() reflect.Type

type AttestorIamBinding added in v0.26.0 

type AttestorIamBinding struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition iam.ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Identities that will be granted the privilege in role. Each entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one `IamBinding` can be used per role.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

func GetAttestorIamBinding added in v0.26.0 

func GetAttestorIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AttestorIamBindingState, opts ...pulumi.ResourceOption) (*AttestorIamBinding, error)

GetAttestorIamBinding gets an existing AttestorIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAttestorIamBinding added in v0.26.0 

func NewAttestorIamBinding(ctx *pulumi.Context,
	name string, args *AttestorIamBindingArgs, opts ...pulumi.ResourceOption) (*AttestorIamBinding, error)

NewAttestorIamBinding registers a new resource with the given unique name, arguments, and options.

func (*AttestorIamBinding) ElementType added in v0.26.0 

func (*AttestorIamBinding) ElementType() reflect.Type

func (*AttestorIamBinding) ToAttestorIamBindingOutput added in v0.26.0 

func (i *AttestorIamBinding) ToAttestorIamBindingOutput() AttestorIamBindingOutput

func (*AttestorIamBinding) ToAttestorIamBindingOutputWithContext added in v0.26.0 

func (i *AttestorIamBinding) ToAttestorIamBindingOutputWithContext(ctx context.Context) AttestorIamBindingOutput

type AttestorIamBindingArgs added in v0.26.0 

type AttestorIamBindingArgs struct {
	// An IAM Condition for a given binding.
	Condition iam.ConditionPtrInput
	// Identities that will be granted the privilege in role. Each entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied. Only one `IamBinding` can be used per role.
	Role pulumi.StringInput
}

The set of arguments for constructing a AttestorIamBinding resource.

func (AttestorIamBindingArgs) ElementType added in v0.26.0 

func (AttestorIamBindingArgs) ElementType() reflect.Type

type AttestorIamBindingInput added in v0.26.0 

type AttestorIamBindingInput interface {
	pulumi.Input

	ToAttestorIamBindingOutput() AttestorIamBindingOutput
	ToAttestorIamBindingOutputWithContext(ctx context.Context) AttestorIamBindingOutput
}

type AttestorIamBindingOutput added in v0.26.0 

type AttestorIamBindingOutput struct{ *pulumi.OutputState }

func (AttestorIamBindingOutput) Condition added in v0.26.0 

func (o AttestorIamBindingOutput) Condition() iam.ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (AttestorIamBindingOutput) ElementType added in v0.26.0 

func (AttestorIamBindingOutput) ElementType() reflect.Type

func (AttestorIamBindingOutput) Etag added in v0.26.0 

func (o AttestorIamBindingOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (AttestorIamBindingOutput) Members added in v0.26.0 

func (o AttestorIamBindingOutput) Members() pulumi.StringArrayOutput

Identities that will be granted the privilege in role. Each entry can have one of the following values:

  • user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
  • serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
  • domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

func (AttestorIamBindingOutput) Name added in v0.26.0 

func (o AttestorIamBindingOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (AttestorIamBindingOutput) Project added in v0.26.0 

func (o AttestorIamBindingOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (AttestorIamBindingOutput) Role added in v0.26.0 

func (o AttestorIamBindingOutput) Role() pulumi.StringOutput

The role that should be applied. Only one `IamBinding` can be used per role.

func (AttestorIamBindingOutput) ToAttestorIamBindingOutput added in v0.26.0 

func (o AttestorIamBindingOutput) ToAttestorIamBindingOutput() AttestorIamBindingOutput

func (AttestorIamBindingOutput) ToAttestorIamBindingOutputWithContext added in v0.26.0 

func (o AttestorIamBindingOutput) ToAttestorIamBindingOutputWithContext(ctx context.Context) AttestorIamBindingOutput

type AttestorIamBindingState added in v0.26.0 

type AttestorIamBindingState struct {
}

func (AttestorIamBindingState) ElementType added in v0.26.0 

func (AttestorIamBindingState) ElementType() reflect.Type

type AttestorIamMember added in v0.26.0 

type AttestorIamMember struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition iam.ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Identity that will be granted the privilege in role. The entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringOutput `pulumi:"member"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

func GetAttestorIamMember added in v0.26.0 

func GetAttestorIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AttestorIamMemberState, opts ...pulumi.ResourceOption) (*AttestorIamMember, error)

GetAttestorIamMember gets an existing AttestorIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAttestorIamMember added in v0.26.0 

func NewAttestorIamMember(ctx *pulumi.Context,
	name string, args *AttestorIamMemberArgs, opts ...pulumi.ResourceOption) (*AttestorIamMember, error)

NewAttestorIamMember registers a new resource with the given unique name, arguments, and options.

func (*AttestorIamMember) ElementType added in v0.26.0 

func (*AttestorIamMember) ElementType() reflect.Type

func (*AttestorIamMember) ToAttestorIamMemberOutput added in v0.26.0 

func (i *AttestorIamMember) ToAttestorIamMemberOutput() AttestorIamMemberOutput

func (*AttestorIamMember) ToAttestorIamMemberOutputWithContext added in v0.26.0 

func (i *AttestorIamMember) ToAttestorIamMemberOutputWithContext(ctx context.Context) AttestorIamMemberOutput

type AttestorIamMemberArgs added in v0.26.0 

type AttestorIamMemberArgs struct {
	// An IAM Condition for a given binding.
	Condition iam.ConditionPtrInput
	// Identity that will be granted the privilege in role. The entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied.
	Role pulumi.StringInput
}

The set of arguments for constructing a AttestorIamMember resource.

func (AttestorIamMemberArgs) ElementType added in v0.26.0 

func (AttestorIamMemberArgs) ElementType() reflect.Type

type AttestorIamMemberInput added in v0.26.0 

type AttestorIamMemberInput interface {
	pulumi.Input

	ToAttestorIamMemberOutput() AttestorIamMemberOutput
	ToAttestorIamMemberOutputWithContext(ctx context.Context) AttestorIamMemberOutput
}

type AttestorIamMemberOutput added in v0.26.0 

type AttestorIamMemberOutput struct{ *pulumi.OutputState }

func (AttestorIamMemberOutput) Condition added in v0.26.0 

func (o AttestorIamMemberOutput) Condition() iam.ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (AttestorIamMemberOutput) ElementType added in v0.26.0 

func (AttestorIamMemberOutput) ElementType() reflect.Type

func (AttestorIamMemberOutput) Etag added in v0.26.0 

func (o AttestorIamMemberOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (AttestorIamMemberOutput) Member added in v0.26.0 

func (o AttestorIamMemberOutput) Member() pulumi.StringOutput

Identity that will be granted the privilege in role. The entry can have one of the following values:

  • user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
  • serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
  • domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

func (AttestorIamMemberOutput) Name added in v0.26.0 

func (o AttestorIamMemberOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (AttestorIamMemberOutput) Project added in v0.26.0 

func (o AttestorIamMemberOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (AttestorIamMemberOutput) Role added in v0.26.0 

func (o AttestorIamMemberOutput) Role() pulumi.StringOutput

The role that should be applied.

func (AttestorIamMemberOutput) ToAttestorIamMemberOutput added in v0.26.0 

func (o AttestorIamMemberOutput) ToAttestorIamMemberOutput() AttestorIamMemberOutput

func (AttestorIamMemberOutput) ToAttestorIamMemberOutputWithContext added in v0.26.0 

func (o AttestorIamMemberOutput) ToAttestorIamMemberOutputWithContext(ctx context.Context) AttestorIamMemberOutput

type AttestorIamMemberState added in v0.26.0 

type AttestorIamMemberState struct {
}

func (AttestorIamMemberState) ElementType added in v0.26.0 

func (AttestorIamMemberState) ElementType() reflect.Type

type AttestorIamPolicy 

type AttestorIamPolicy struct {
	pulumi.CustomResourceState

	AttestorId pulumi.StringOutput `pulumi:"attestorId"`
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingResponseArrayOutput `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag    pulumi.StringOutput `pulumi:"etag"`
	Project pulumi.StringOutput `pulumi:"project"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntOutput `pulumi:"version"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

func GetAttestorIamPolicy 

func GetAttestorIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AttestorIamPolicyState, opts ...pulumi.ResourceOption) (*AttestorIamPolicy, error)

GetAttestorIamPolicy gets an existing AttestorIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAttestorIamPolicy 

func NewAttestorIamPolicy(ctx *pulumi.Context,
	name string, args *AttestorIamPolicyArgs, opts ...pulumi.ResourceOption) (*AttestorIamPolicy, error)

NewAttestorIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*AttestorIamPolicy) ElementType 

func (*AttestorIamPolicy) ElementType() reflect.Type

func (*AttestorIamPolicy) ToAttestorIamPolicyOutput 

func (i *AttestorIamPolicy) ToAttestorIamPolicyOutput() AttestorIamPolicyOutput

func (*AttestorIamPolicy) ToAttestorIamPolicyOutputWithContext 

func (i *AttestorIamPolicy) ToAttestorIamPolicyOutputWithContext(ctx context.Context) AttestorIamPolicyOutput

type AttestorIamPolicyArgs 

type AttestorIamPolicyArgs struct {
	AttestorId pulumi.StringInput
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingArrayInput
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag    pulumi.StringPtrInput
	Project pulumi.StringPtrInput
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntPtrInput
}

The set of arguments for constructing a AttestorIamPolicy resource.

func (AttestorIamPolicyArgs) ElementType 

func (AttestorIamPolicyArgs) ElementType() reflect.Type

type AttestorIamPolicyInput 

type AttestorIamPolicyInput interface {
	pulumi.Input

	ToAttestorIamPolicyOutput() AttestorIamPolicyOutput
	ToAttestorIamPolicyOutputWithContext(ctx context.Context) AttestorIamPolicyOutput
}

type AttestorIamPolicyOutput 

type AttestorIamPolicyOutput struct{ *pulumi.OutputState }

func (AttestorIamPolicyOutput) AttestorId added in v0.21.0 

func (o AttestorIamPolicyOutput) AttestorId() pulumi.StringOutput

func (AttestorIamPolicyOutput) Bindings added in v0.19.0 

func (o AttestorIamPolicyOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (AttestorIamPolicyOutput) ElementType 

func (AttestorIamPolicyOutput) ElementType() reflect.Type

func (AttestorIamPolicyOutput) Etag added in v0.19.0 

func (o AttestorIamPolicyOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (AttestorIamPolicyOutput) Project added in v0.21.0 

func (o AttestorIamPolicyOutput) Project() pulumi.StringOutput

func (AttestorIamPolicyOutput) ToAttestorIamPolicyOutput 

func (o AttestorIamPolicyOutput) ToAttestorIamPolicyOutput() AttestorIamPolicyOutput

func (AttestorIamPolicyOutput) ToAttestorIamPolicyOutputWithContext 

func (o AttestorIamPolicyOutput) ToAttestorIamPolicyOutputWithContext(ctx context.Context) AttestorIamPolicyOutput

func (AttestorIamPolicyOutput) Version added in v0.19.0 

func (o AttestorIamPolicyOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type AttestorIamPolicyState 

type AttestorIamPolicyState struct {
}

func (AttestorIamPolicyState) ElementType 

func (AttestorIamPolicyState) ElementType() reflect.Type

type AttestorInput 

type AttestorInput interface {
	pulumi.Input

	ToAttestorOutput() AttestorOutput
	ToAttestorOutputWithContext(ctx context.Context) AttestorOutput
}

type AttestorOutput 

type AttestorOutput struct{ *pulumi.OutputState }

func (AttestorOutput) AttestorId added in v0.21.0 

func (o AttestorOutput) AttestorId() pulumi.StringOutput

Required. The attestors ID.

func (AttestorOutput) Description added in v0.19.0 

func (o AttestorOutput) Description() pulumi.StringOutput

Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.

func (AttestorOutput) ElementType 

func (AttestorOutput) ElementType() reflect.Type

func (AttestorOutput) Etag added in v0.19.0 

func (o AttestorOutput) Etag() pulumi.StringOutput

Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.

func (AttestorOutput) Name added in v0.19.0 

func (o AttestorOutput) Name() pulumi.StringOutput

The resource name, in the format: `projects/*/attestors/*`. This field may not be updated.

func (AttestorOutput) Project added in v0.21.0 

func (o AttestorOutput) Project() pulumi.StringOutput

func (AttestorOutput) ToAttestorOutput 

func (o AttestorOutput) ToAttestorOutput() AttestorOutput

func (AttestorOutput) ToAttestorOutputWithContext 

func (o AttestorOutput) ToAttestorOutputWithContext(ctx context.Context) AttestorOutput

func (AttestorOutput) UpdateTime added in v0.19.0 

func (o AttestorOutput) UpdateTime() pulumi.StringOutput

Time when the attestor was last updated.

func (AttestorOutput) UserOwnedDrydockNote added in v0.19.0 

func (o AttestorOutput) UserOwnedDrydockNote() UserOwnedDrydockNoteResponseOutput

A Drydock ATTESTATION_AUTHORITY Note, created by the user.

type AttestorPublicKey 

type AttestorPublicKey struct {
	// ASCII-armored representation of a PGP public key, as the entire output by the command `gpg --export --armor foo@example.com` (either LF or CRLF line endings). When using this field, `id` should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is provided by the caller, it will be overwritten by the API-calculated ID.
	AsciiArmoredPgpPublicKey *string `pulumi:"asciiArmoredPgpPublicKey"`
	// Optional. A descriptive comment. This field may be updated.
	Comment *string `pulumi:"comment"`
	// The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on `public_key` cases below for details.
	Id *string `pulumi:"id"`
	// A raw PKIX SubjectPublicKeyInfo format public key. NOTE: `id` may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If `id` is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
	PkixPublicKey *PkixPublicKey `pulumi:"pkixPublicKey"`
}

An attestor public key that will be used to verify attestations signed by this attestor.

type AttestorPublicKeyArgs 

type AttestorPublicKeyArgs struct {
	// ASCII-armored representation of a PGP public key, as the entire output by the command `gpg --export --armor foo@example.com` (either LF or CRLF line endings). When using this field, `id` should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is provided by the caller, it will be overwritten by the API-calculated ID.
	AsciiArmoredPgpPublicKey pulumi.StringPtrInput `pulumi:"asciiArmoredPgpPublicKey"`
	// Optional. A descriptive comment. This field may be updated.
	Comment pulumi.StringPtrInput `pulumi:"comment"`
	// The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on `public_key` cases below for details.
	Id pulumi.StringPtrInput `pulumi:"id"`
	// A raw PKIX SubjectPublicKeyInfo format public key. NOTE: `id` may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If `id` is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
	PkixPublicKey PkixPublicKeyPtrInput `pulumi:"pkixPublicKey"`
}

An attestor public key that will be used to verify attestations signed by this attestor.

func (AttestorPublicKeyArgs) ElementType 

func (AttestorPublicKeyArgs) ElementType() reflect.Type

func (AttestorPublicKeyArgs) ToAttestorPublicKeyOutput 

func (i AttestorPublicKeyArgs) ToAttestorPublicKeyOutput() AttestorPublicKeyOutput

func (AttestorPublicKeyArgs) ToAttestorPublicKeyOutputWithContext 

func (i AttestorPublicKeyArgs) ToAttestorPublicKeyOutputWithContext(ctx context.Context) AttestorPublicKeyOutput

type AttestorPublicKeyArray 

type AttestorPublicKeyArray []AttestorPublicKeyInput

func (AttestorPublicKeyArray) ElementType 

func (AttestorPublicKeyArray) ElementType() reflect.Type

func (AttestorPublicKeyArray) ToAttestorPublicKeyArrayOutput 

func (i AttestorPublicKeyArray) ToAttestorPublicKeyArrayOutput() AttestorPublicKeyArrayOutput

func (AttestorPublicKeyArray) ToAttestorPublicKeyArrayOutputWithContext 

func (i AttestorPublicKeyArray) ToAttestorPublicKeyArrayOutputWithContext(ctx context.Context) AttestorPublicKeyArrayOutput

type AttestorPublicKeyArrayInput 

type AttestorPublicKeyArrayInput interface {
	pulumi.Input

	ToAttestorPublicKeyArrayOutput() AttestorPublicKeyArrayOutput
	ToAttestorPublicKeyArrayOutputWithContext(context.Context) AttestorPublicKeyArrayOutput
}

AttestorPublicKeyArrayInput is an input type that accepts AttestorPublicKeyArray and AttestorPublicKeyArrayOutput values. You can construct a concrete instance of `AttestorPublicKeyArrayInput` via: 

AttestorPublicKeyArray{ AttestorPublicKeyArgs{...} }

type AttestorPublicKeyArrayOutput 

type AttestorPublicKeyArrayOutput struct{ *pulumi.OutputState }

func (AttestorPublicKeyArrayOutput) ElementType 

func (AttestorPublicKeyArrayOutput) ElementType() reflect.Type

func (AttestorPublicKeyArrayOutput) Index 

func (o AttestorPublicKeyArrayOutput) Index(i pulumi.IntInput) AttestorPublicKeyOutput

func (AttestorPublicKeyArrayOutput) ToAttestorPublicKeyArrayOutput 

func (o AttestorPublicKeyArrayOutput) ToAttestorPublicKeyArrayOutput() AttestorPublicKeyArrayOutput

func (AttestorPublicKeyArrayOutput) ToAttestorPublicKeyArrayOutputWithContext 

func (o AttestorPublicKeyArrayOutput) ToAttestorPublicKeyArrayOutputWithContext(ctx context.Context) AttestorPublicKeyArrayOutput

type AttestorPublicKeyInput 

type AttestorPublicKeyInput interface {
	pulumi.Input

	ToAttestorPublicKeyOutput() AttestorPublicKeyOutput
	ToAttestorPublicKeyOutputWithContext(context.Context) AttestorPublicKeyOutput
}

AttestorPublicKeyInput is an input type that accepts AttestorPublicKeyArgs and AttestorPublicKeyOutput values. You can construct a concrete instance of `AttestorPublicKeyInput` via: 

AttestorPublicKeyArgs{...}

type AttestorPublicKeyOutput 

type AttestorPublicKeyOutput struct{ *pulumi.OutputState }

An attestor public key that will be used to verify attestations signed by this attestor.

func (AttestorPublicKeyOutput) AsciiArmoredPgpPublicKey 

func (o AttestorPublicKeyOutput) AsciiArmoredPgpPublicKey() pulumi.StringPtrOutput

ASCII-armored representation of a PGP public key, as the entire output by the command `gpg --export --armor foo@example.com` (either LF or CRLF line endings). When using this field, `id` should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is provided by the caller, it will be overwritten by the API-calculated ID.

func (AttestorPublicKeyOutput) Comment 

func (o AttestorPublicKeyOutput) Comment() pulumi.StringPtrOutput

Optional. A descriptive comment. This field may be updated.

func (AttestorPublicKeyOutput) ElementType 

func (AttestorPublicKeyOutput) ElementType() reflect.Type

func (AttestorPublicKeyOutput) Id 

func (o AttestorPublicKeyOutput) Id() pulumi.StringPtrOutput

The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on `public_key` cases below for details.

func (AttestorPublicKeyOutput) PkixPublicKey 

func (o AttestorPublicKeyOutput) PkixPublicKey() PkixPublicKeyPtrOutput

A raw PKIX SubjectPublicKeyInfo format public key. NOTE: `id` may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If `id` is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

func (AttestorPublicKeyOutput) ToAttestorPublicKeyOutput 

func (o AttestorPublicKeyOutput) ToAttestorPublicKeyOutput() AttestorPublicKeyOutput

func (AttestorPublicKeyOutput) ToAttestorPublicKeyOutputWithContext 

func (o AttestorPublicKeyOutput) ToAttestorPublicKeyOutputWithContext(ctx context.Context) AttestorPublicKeyOutput

type AttestorPublicKeyResponse 

type AttestorPublicKeyResponse struct {
	// ASCII-armored representation of a PGP public key, as the entire output by the command `gpg --export --armor foo@example.com` (either LF or CRLF line endings). When using this field, `id` should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is provided by the caller, it will be overwritten by the API-calculated ID.
	AsciiArmoredPgpPublicKey string `pulumi:"asciiArmoredPgpPublicKey"`
	// Optional. A descriptive comment. This field may be updated.
	Comment string `pulumi:"comment"`
	// A raw PKIX SubjectPublicKeyInfo format public key. NOTE: `id` may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If `id` is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
	PkixPublicKey PkixPublicKeyResponse `pulumi:"pkixPublicKey"`
}

An attestor public key that will be used to verify attestations signed by this attestor.

type AttestorPublicKeyResponseArrayOutput 

type AttestorPublicKeyResponseArrayOutput struct{ *pulumi.OutputState }

func (AttestorPublicKeyResponseArrayOutput) ElementType 

func (AttestorPublicKeyResponseArrayOutput) ElementType() reflect.Type

func (AttestorPublicKeyResponseArrayOutput) Index 

func (o AttestorPublicKeyResponseArrayOutput) Index(i pulumi.IntInput) AttestorPublicKeyResponseOutput

func (AttestorPublicKeyResponseArrayOutput) ToAttestorPublicKeyResponseArrayOutput 

func (o AttestorPublicKeyResponseArrayOutput) ToAttestorPublicKeyResponseArrayOutput() AttestorPublicKeyResponseArrayOutput

func (AttestorPublicKeyResponseArrayOutput) ToAttestorPublicKeyResponseArrayOutputWithContext 

func (o AttestorPublicKeyResponseArrayOutput) ToAttestorPublicKeyResponseArrayOutputWithContext(ctx context.Context) AttestorPublicKeyResponseArrayOutput

type AttestorPublicKeyResponseOutput 

type AttestorPublicKeyResponseOutput struct{ *pulumi.OutputState }

An attestor public key that will be used to verify attestations signed by this attestor.

func (AttestorPublicKeyResponseOutput) AsciiArmoredPgpPublicKey 

func (o AttestorPublicKeyResponseOutput) AsciiArmoredPgpPublicKey() pulumi.StringOutput

ASCII-armored representation of a PGP public key, as the entire output by the command `gpg --export --armor foo@example.com` (either LF or CRLF line endings). When using this field, `id` should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is provided by the caller, it will be overwritten by the API-calculated ID.

func (AttestorPublicKeyResponseOutput) Comment 

func (o AttestorPublicKeyResponseOutput) Comment() pulumi.StringOutput

Optional. A descriptive comment. This field may be updated.

func (AttestorPublicKeyResponseOutput) ElementType 

func (AttestorPublicKeyResponseOutput) ElementType() reflect.Type

func (AttestorPublicKeyResponseOutput) PkixPublicKey 

func (o AttestorPublicKeyResponseOutput) PkixPublicKey() PkixPublicKeyResponseOutput

A raw PKIX SubjectPublicKeyInfo format public key. NOTE: `id` may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If `id` is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

func (AttestorPublicKeyResponseOutput) ToAttestorPublicKeyResponseOutput 

func (o AttestorPublicKeyResponseOutput) ToAttestorPublicKeyResponseOutput() AttestorPublicKeyResponseOutput

func (AttestorPublicKeyResponseOutput) ToAttestorPublicKeyResponseOutputWithContext 

func (o AttestorPublicKeyResponseOutput) ToAttestorPublicKeyResponseOutputWithContext(ctx context.Context) AttestorPublicKeyResponseOutput

type AttestorState 

type AttestorState struct {
}

func (AttestorState) ElementType 

func (AttestorState) ElementType() reflect.Type

type Binding 

type Binding struct {
	// The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Condition *Expr `pulumi:"condition"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members []string `pulumi:"members"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role *string `pulumi:"role"`
}

Associates `members`, or principals, with a `role`.

type BindingArgs 

type BindingArgs struct {
	// The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Condition ExprPtrInput `pulumi:"condition"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members pulumi.StringArrayInput `pulumi:"members"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringPtrInput `pulumi:"role"`
}

Associates `members`, or principals, with a `role`.

func (BindingArgs) ElementType 

func (BindingArgs) ElementType() reflect.Type

func (BindingArgs) ToBindingOutput 

func (i BindingArgs) ToBindingOutput() BindingOutput

func (BindingArgs) ToBindingOutputWithContext 

func (i BindingArgs) ToBindingOutputWithContext(ctx context.Context) BindingOutput

type BindingArray 

type BindingArray []BindingInput

func (BindingArray) ElementType 

func (BindingArray) ElementType() reflect.Type

func (BindingArray) ToBindingArrayOutput 

func (i BindingArray) ToBindingArrayOutput() BindingArrayOutput

func (BindingArray) ToBindingArrayOutputWithContext 

func (i BindingArray) ToBindingArrayOutputWithContext(ctx context.Context) BindingArrayOutput

type BindingArrayInput 

type BindingArrayInput interface {
	pulumi.Input

	ToBindingArrayOutput() BindingArrayOutput
	ToBindingArrayOutputWithContext(context.Context) BindingArrayOutput
}

BindingArrayInput is an input type that accepts BindingArray and BindingArrayOutput values. You can construct a concrete instance of `BindingArrayInput` via: 

BindingArray{ BindingArgs{...} }

type BindingArrayOutput 

type BindingArrayOutput struct{ *pulumi.OutputState }

func (BindingArrayOutput) ElementType 

func (BindingArrayOutput) ElementType() reflect.Type

func (BindingArrayOutput) Index 

func (o BindingArrayOutput) Index(i pulumi.IntInput) BindingOutput

func (BindingArrayOutput) ToBindingArrayOutput 

func (o BindingArrayOutput) ToBindingArrayOutput() BindingArrayOutput

func (BindingArrayOutput) ToBindingArrayOutputWithContext 

func (o BindingArrayOutput) ToBindingArrayOutputWithContext(ctx context.Context) BindingArrayOutput

type BindingInput 

type BindingInput interface {
	pulumi.Input

	ToBindingOutput() BindingOutput
	ToBindingOutputWithContext(context.Context) BindingOutput
}

BindingInput is an input type that accepts BindingArgs and BindingOutput values. You can construct a concrete instance of `BindingInput` via: 

BindingArgs{...}

type BindingOutput 

type BindingOutput struct{ *pulumi.OutputState }

Associates `members`, or principals, with a `role`.

func (BindingOutput) Condition 

func (o BindingOutput) Condition() ExprPtrOutput

The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

func (BindingOutput) ElementType 

func (BindingOutput) ElementType() reflect.Type

func (BindingOutput) Members 

func (o BindingOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (BindingOutput) Role 

func (o BindingOutput) Role() pulumi.StringPtrOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (BindingOutput) ToBindingOutput 

func (o BindingOutput) ToBindingOutput() BindingOutput

func (BindingOutput) ToBindingOutputWithContext 

func (o BindingOutput) ToBindingOutputWithContext(ctx context.Context) BindingOutput

type BindingResponse 

type BindingResponse struct {
	// The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Condition ExprResponse `pulumi:"condition"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members []string `pulumi:"members"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role string `pulumi:"role"`
}

Associates `members`, or principals, with a `role`.

type BindingResponseArrayOutput 

type BindingResponseArrayOutput struct{ *pulumi.OutputState }

func (BindingResponseArrayOutput) ElementType 

func (BindingResponseArrayOutput) ElementType() reflect.Type

func (BindingResponseArrayOutput) Index 

func (o BindingResponseArrayOutput) Index(i pulumi.IntInput) BindingResponseOutput

func (BindingResponseArrayOutput) ToBindingResponseArrayOutput 

func (o BindingResponseArrayOutput) ToBindingResponseArrayOutput() BindingResponseArrayOutput

func (BindingResponseArrayOutput) ToBindingResponseArrayOutputWithContext 

func (o BindingResponseArrayOutput) ToBindingResponseArrayOutputWithContext(ctx context.Context) BindingResponseArrayOutput

type BindingResponseOutput 

type BindingResponseOutput struct{ *pulumi.OutputState }

Associates `members`, or principals, with a `role`.

func (BindingResponseOutput) Condition 

func (o BindingResponseOutput) Condition() ExprResponseOutput

The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

func (BindingResponseOutput) ElementType 

func (BindingResponseOutput) ElementType() reflect.Type

func (BindingResponseOutput) Members 

func (o BindingResponseOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (BindingResponseOutput) Role 

func (o BindingResponseOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (BindingResponseOutput) ToBindingResponseOutput 

func (o BindingResponseOutput) ToBindingResponseOutput() BindingResponseOutput

func (BindingResponseOutput) ToBindingResponseOutputWithContext 

func (o BindingResponseOutput) ToBindingResponseOutputWithContext(ctx context.Context) BindingResponseOutput

type Expr 

type Expr struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression *string `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location *string `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title *string `pulumi:"title"`
}

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

type ExprArgs 

type ExprArgs struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringPtrInput `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location pulumi.StringPtrInput `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title pulumi.StringPtrInput `pulumi:"title"`
}

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

func (ExprArgs) ElementType 

func (ExprArgs) ElementType() reflect.Type

func (ExprArgs) ToExprOutput 

func (i ExprArgs) ToExprOutput() ExprOutput

func (ExprArgs) ToExprOutputWithContext 

func (i ExprArgs) ToExprOutputWithContext(ctx context.Context) ExprOutput

func (ExprArgs) ToExprPtrOutput 

func (i ExprArgs) ToExprPtrOutput() ExprPtrOutput

func (ExprArgs) ToExprPtrOutputWithContext 

func (i ExprArgs) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput

type ExprInput 

type ExprInput interface {
	pulumi.Input

	ToExprOutput() ExprOutput
	ToExprOutputWithContext(context.Context) ExprOutput
}

ExprInput is an input type that accepts ExprArgs and ExprOutput values. You can construct a concrete instance of `ExprInput` via: 

ExprArgs{...}

type ExprOutput 

type ExprOutput struct{ *pulumi.OutputState }

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

func (ExprOutput) Description 

func (o ExprOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (ExprOutput) ElementType 

func (ExprOutput) ElementType() reflect.Type

func (ExprOutput) Expression 

func (o ExprOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (ExprOutput) Location 

func (o ExprOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (ExprOutput) Title 

func (o ExprOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (ExprOutput) ToExprOutput 

func (o ExprOutput) ToExprOutput() ExprOutput

func (ExprOutput) ToExprOutputWithContext 

func (o ExprOutput) ToExprOutputWithContext(ctx context.Context) ExprOutput

func (ExprOutput) ToExprPtrOutput 

func (o ExprOutput) ToExprPtrOutput() ExprPtrOutput

func (ExprOutput) ToExprPtrOutputWithContext 

func (o ExprOutput) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput

type ExprPtrInput 

type ExprPtrInput interface {
	pulumi.Input

	ToExprPtrOutput() ExprPtrOutput
	ToExprPtrOutputWithContext(context.Context) ExprPtrOutput
}

ExprPtrInput is an input type that accepts ExprArgs, ExprPtr and ExprPtrOutput values. You can construct a concrete instance of `ExprPtrInput` via: 

        ExprArgs{...}

or:

        nil

func ExprPtr 

func ExprPtr(v *ExprArgs) ExprPtrInput

type ExprPtrOutput 

type ExprPtrOutput struct{ *pulumi.OutputState }

func (ExprPtrOutput) Description 

func (o ExprPtrOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (ExprPtrOutput) Elem 

func (o ExprPtrOutput) Elem() ExprOutput

func (ExprPtrOutput) ElementType 

func (ExprPtrOutput) ElementType() reflect.Type

func (ExprPtrOutput) Expression 

func (o ExprPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (ExprPtrOutput) Location 

func (o ExprPtrOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (ExprPtrOutput) Title 

func (o ExprPtrOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (ExprPtrOutput) ToExprPtrOutput 

func (o ExprPtrOutput) ToExprPtrOutput() ExprPtrOutput

func (ExprPtrOutput) ToExprPtrOutputWithContext 

func (o ExprPtrOutput) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput

type ExprResponse 

type ExprResponse struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location string `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title string `pulumi:"title"`
}

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

type ExprResponseOutput 

type ExprResponseOutput struct{ *pulumi.OutputState }

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

func (ExprResponseOutput) Description 

func (o ExprResponseOutput) Description() pulumi.StringOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (ExprResponseOutput) ElementType 

func (ExprResponseOutput) ElementType() reflect.Type

func (ExprResponseOutput) Expression 

func (o ExprResponseOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (ExprResponseOutput) Location 

func (o ExprResponseOutput) Location() pulumi.StringOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (ExprResponseOutput) Title 

func (o ExprResponseOutput) Title() pulumi.StringOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (ExprResponseOutput) ToExprResponseOutput 

func (o ExprResponseOutput) ToExprResponseOutput() ExprResponseOutput

func (ExprResponseOutput) ToExprResponseOutputWithContext 

func (o ExprResponseOutput) ToExprResponseOutputWithContext(ctx context.Context) ExprResponseOutput

type LookupAttestorArgs added in v0.4.0 

type LookupAttestorArgs struct {
	AttestorId string  `pulumi:"attestorId"`
	Project    *string `pulumi:"project"`
}

type LookupAttestorIamPolicyArgs added in v0.4.0 

type LookupAttestorIamPolicyArgs struct {
	AttestorId                    string  `pulumi:"attestorId"`
	OptionsRequestedPolicyVersion *int    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       *string `pulumi:"project"`
}

type LookupAttestorIamPolicyOutputArgs added in v0.8.0 

type LookupAttestorIamPolicyOutputArgs struct {
	AttestorId                    pulumi.StringInput    `pulumi:"attestorId"`
	OptionsRequestedPolicyVersion pulumi.IntPtrInput    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       pulumi.StringPtrInput `pulumi:"project"`
}

func (LookupAttestorIamPolicyOutputArgs) ElementType added in v0.8.0 

func (LookupAttestorIamPolicyOutputArgs) ElementType() reflect.Type

type LookupAttestorIamPolicyResult added in v0.4.0 

type LookupAttestorIamPolicyResult struct {
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings []BindingResponse `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag string `pulumi:"etag"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version int `pulumi:"version"`
}

func LookupAttestorIamPolicy added in v0.4.0 

func LookupAttestorIamPolicy(ctx *pulumi.Context, args *LookupAttestorIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupAttestorIamPolicyResult, error)

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

type LookupAttestorIamPolicyResultOutput added in v0.8.0 

type LookupAttestorIamPolicyResultOutput struct{ *pulumi.OutputState }

func LookupAttestorIamPolicyOutput added in v0.8.0 

func LookupAttestorIamPolicyOutput(ctx *pulumi.Context, args LookupAttestorIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupAttestorIamPolicyResultOutput

func (LookupAttestorIamPolicyResultOutput) Bindings added in v0.8.0 

func (o LookupAttestorIamPolicyResultOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (LookupAttestorIamPolicyResultOutput) ElementType added in v0.8.0 

func (LookupAttestorIamPolicyResultOutput) ElementType() reflect.Type

func (LookupAttestorIamPolicyResultOutput) Etag added in v0.8.0 

func (o LookupAttestorIamPolicyResultOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (LookupAttestorIamPolicyResultOutput) ToLookupAttestorIamPolicyResultOutput added in v0.8.0 

func (o LookupAttestorIamPolicyResultOutput) ToLookupAttestorIamPolicyResultOutput() LookupAttestorIamPolicyResultOutput

func (LookupAttestorIamPolicyResultOutput) ToLookupAttestorIamPolicyResultOutputWithContext added in v0.8.0 

func (o LookupAttestorIamPolicyResultOutput) ToLookupAttestorIamPolicyResultOutputWithContext(ctx context.Context) LookupAttestorIamPolicyResultOutput

func (LookupAttestorIamPolicyResultOutput) Version added in v0.8.0 

func (o LookupAttestorIamPolicyResultOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type LookupAttestorOutputArgs added in v0.8.0 

type LookupAttestorOutputArgs struct {
	AttestorId pulumi.StringInput    `pulumi:"attestorId"`
	Project    pulumi.StringPtrInput `pulumi:"project"`
}

func (LookupAttestorOutputArgs) ElementType added in v0.8.0 

func (LookupAttestorOutputArgs) ElementType() reflect.Type

type LookupAttestorResult added in v0.4.0 

type LookupAttestorResult struct {
	// Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
	Description string `pulumi:"description"`
	// Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
	Etag string `pulumi:"etag"`
	// The resource name, in the format: `projects/*/attestors/*`. This field may not be updated.
	Name string `pulumi:"name"`
	// Time when the attestor was last updated.
	UpdateTime string `pulumi:"updateTime"`
	// A Drydock ATTESTATION_AUTHORITY Note, created by the user.
	UserOwnedDrydockNote UserOwnedDrydockNoteResponse `pulumi:"userOwnedDrydockNote"`
}

func LookupAttestor added in v0.4.0 

func LookupAttestor(ctx *pulumi.Context, args *LookupAttestorArgs, opts ...pulumi.InvokeOption) (*LookupAttestorResult, error)

Gets an attestor. Returns NOT_FOUND if the attestor does not exist.

type LookupAttestorResultOutput added in v0.8.0 

type LookupAttestorResultOutput struct{ *pulumi.OutputState }

func LookupAttestorOutput added in v0.8.0 

func LookupAttestorOutput(ctx *pulumi.Context, args LookupAttestorOutputArgs, opts ...pulumi.InvokeOption) LookupAttestorResultOutput

func (LookupAttestorResultOutput) Description added in v0.8.0 

func (o LookupAttestorResultOutput) Description() pulumi.StringOutput

Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.

func (LookupAttestorResultOutput) ElementType added in v0.8.0 

func (LookupAttestorResultOutput) ElementType() reflect.Type

func (LookupAttestorResultOutput) Etag added in v0.16.0 

func (o LookupAttestorResultOutput) Etag() pulumi.StringOutput

Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.

func (LookupAttestorResultOutput) Name added in v0.8.0 

func (o LookupAttestorResultOutput) Name() pulumi.StringOutput

The resource name, in the format: `projects/*/attestors/*`. This field may not be updated.

func (LookupAttestorResultOutput) ToLookupAttestorResultOutput added in v0.8.0 

func (o LookupAttestorResultOutput) ToLookupAttestorResultOutput() LookupAttestorResultOutput

func (LookupAttestorResultOutput) ToLookupAttestorResultOutputWithContext added in v0.8.0 

func (o LookupAttestorResultOutput) ToLookupAttestorResultOutputWithContext(ctx context.Context) LookupAttestorResultOutput

func (LookupAttestorResultOutput) UpdateTime added in v0.8.0 

func (o LookupAttestorResultOutput) UpdateTime() pulumi.StringOutput

Time when the attestor was last updated.

func (LookupAttestorResultOutput) UserOwnedDrydockNote added in v0.8.0 

func (o LookupAttestorResultOutput) UserOwnedDrydockNote() UserOwnedDrydockNoteResponseOutput

A Drydock ATTESTATION_AUTHORITY Note, created by the user.

type LookupPolicyIamPolicyArgs added in v0.4.0 

type LookupPolicyIamPolicyArgs struct {
	OptionsRequestedPolicyVersion *int    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       *string `pulumi:"project"`
}

type LookupPolicyIamPolicyOutputArgs added in v0.8.0 

type LookupPolicyIamPolicyOutputArgs struct {
	OptionsRequestedPolicyVersion pulumi.IntPtrInput    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       pulumi.StringPtrInput `pulumi:"project"`
}

func (LookupPolicyIamPolicyOutputArgs) ElementType added in v0.8.0 

func (LookupPolicyIamPolicyOutputArgs) ElementType() reflect.Type

type LookupPolicyIamPolicyResult added in v0.4.0 

type LookupPolicyIamPolicyResult struct {
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings []BindingResponse `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag string `pulumi:"etag"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version int `pulumi:"version"`
}

func LookupPolicyIamPolicy added in v0.4.0 

func LookupPolicyIamPolicy(ctx *pulumi.Context, args *LookupPolicyIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupPolicyIamPolicyResult, error)

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

type LookupPolicyIamPolicyResultOutput added in v0.8.0 

type LookupPolicyIamPolicyResultOutput struct{ *pulumi.OutputState }

func LookupPolicyIamPolicyOutput added in v0.8.0 

func LookupPolicyIamPolicyOutput(ctx *pulumi.Context, args LookupPolicyIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupPolicyIamPolicyResultOutput

func (LookupPolicyIamPolicyResultOutput) Bindings added in v0.8.0 

func (o LookupPolicyIamPolicyResultOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (LookupPolicyIamPolicyResultOutput) ElementType added in v0.8.0 

func (LookupPolicyIamPolicyResultOutput) ElementType() reflect.Type

func (LookupPolicyIamPolicyResultOutput) Etag added in v0.8.0 

func (o LookupPolicyIamPolicyResultOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (LookupPolicyIamPolicyResultOutput) ToLookupPolicyIamPolicyResultOutput added in v0.8.0 

func (o LookupPolicyIamPolicyResultOutput) ToLookupPolicyIamPolicyResultOutput() LookupPolicyIamPolicyResultOutput

func (LookupPolicyIamPolicyResultOutput) ToLookupPolicyIamPolicyResultOutputWithContext added in v0.8.0 

func (o LookupPolicyIamPolicyResultOutput) ToLookupPolicyIamPolicyResultOutputWithContext(ctx context.Context) LookupPolicyIamPolicyResultOutput

func (LookupPolicyIamPolicyResultOutput) Version added in v0.8.0 

func (o LookupPolicyIamPolicyResultOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type PkixPublicKey 

type PkixPublicKey struct {
	// A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
	PublicKeyPem *string `pulumi:"publicKeyPem"`
	// The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key).
	SignatureAlgorithm *PkixPublicKeySignatureAlgorithm `pulumi:"signatureAlgorithm"`
}

A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.

type PkixPublicKeyArgs 

type PkixPublicKeyArgs struct {
	// A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
	PublicKeyPem pulumi.StringPtrInput `pulumi:"publicKeyPem"`
	// The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key).
	SignatureAlgorithm PkixPublicKeySignatureAlgorithmPtrInput `pulumi:"signatureAlgorithm"`
}

A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.

func (PkixPublicKeyArgs) ElementType 

func (PkixPublicKeyArgs) ElementType() reflect.Type

func (PkixPublicKeyArgs) ToPkixPublicKeyOutput 

func (i PkixPublicKeyArgs) ToPkixPublicKeyOutput() PkixPublicKeyOutput

func (PkixPublicKeyArgs) ToPkixPublicKeyOutputWithContext 

func (i PkixPublicKeyArgs) ToPkixPublicKeyOutputWithContext(ctx context.Context) PkixPublicKeyOutput

func (PkixPublicKeyArgs) ToPkixPublicKeyPtrOutput 

func (i PkixPublicKeyArgs) ToPkixPublicKeyPtrOutput() PkixPublicKeyPtrOutput

func (PkixPublicKeyArgs) ToPkixPublicKeyPtrOutputWithContext 

func (i PkixPublicKeyArgs) ToPkixPublicKeyPtrOutputWithContext(ctx context.Context) PkixPublicKeyPtrOutput

type PkixPublicKeyInput 

type PkixPublicKeyInput interface {
	pulumi.Input

	ToPkixPublicKeyOutput() PkixPublicKeyOutput
	ToPkixPublicKeyOutputWithContext(context.Context) PkixPublicKeyOutput
}

PkixPublicKeyInput is an input type that accepts PkixPublicKeyArgs and PkixPublicKeyOutput values. You can construct a concrete instance of `PkixPublicKeyInput` via: 

PkixPublicKeyArgs{...}

type PkixPublicKeyOutput 

type PkixPublicKeyOutput struct{ *pulumi.OutputState }

A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.

func (PkixPublicKeyOutput) ElementType 

func (PkixPublicKeyOutput) ElementType() reflect.Type

func (PkixPublicKeyOutput) PublicKeyPem 

func (o PkixPublicKeyOutput) PublicKeyPem() pulumi.StringPtrOutput

A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

func (PkixPublicKeyOutput) SignatureAlgorithm 

func (o PkixPublicKeyOutput) SignatureAlgorithm() PkixPublicKeySignatureAlgorithmPtrOutput

The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key).

func (PkixPublicKeyOutput) ToPkixPublicKeyOutput 

func (o PkixPublicKeyOutput) ToPkixPublicKeyOutput() PkixPublicKeyOutput

func (PkixPublicKeyOutput) ToPkixPublicKeyOutputWithContext 

func (o PkixPublicKeyOutput) ToPkixPublicKeyOutputWithContext(ctx context.Context) PkixPublicKeyOutput

func (PkixPublicKeyOutput) ToPkixPublicKeyPtrOutput 

func (o PkixPublicKeyOutput) ToPkixPublicKeyPtrOutput() PkixPublicKeyPtrOutput

func (PkixPublicKeyOutput) ToPkixPublicKeyPtrOutputWithContext 

func (o PkixPublicKeyOutput) ToPkixPublicKeyPtrOutputWithContext(ctx context.Context) PkixPublicKeyPtrOutput

type PkixPublicKeyPtrInput 

type PkixPublicKeyPtrInput interface {
	pulumi.Input

	ToPkixPublicKeyPtrOutput() PkixPublicKeyPtrOutput
	ToPkixPublicKeyPtrOutputWithContext(context.Context) PkixPublicKeyPtrOutput
}

PkixPublicKeyPtrInput is an input type that accepts PkixPublicKeyArgs, PkixPublicKeyPtr and PkixPublicKeyPtrOutput values. You can construct a concrete instance of `PkixPublicKeyPtrInput` via: 

        PkixPublicKeyArgs{...}

or:

        nil

func PkixPublicKeyPtr 

func PkixPublicKeyPtr(v *PkixPublicKeyArgs) PkixPublicKeyPtrInput

type PkixPublicKeyPtrOutput 

type PkixPublicKeyPtrOutput struct{ *pulumi.OutputState }

func (PkixPublicKeyPtrOutput) Elem 

func (o PkixPublicKeyPtrOutput) Elem() PkixPublicKeyOutput

func (PkixPublicKeyPtrOutput) ElementType 

func (PkixPublicKeyPtrOutput) ElementType() reflect.Type

func (PkixPublicKeyPtrOutput) PublicKeyPem 

func (o PkixPublicKeyPtrOutput) PublicKeyPem() pulumi.StringPtrOutput

A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

func (PkixPublicKeyPtrOutput) SignatureAlgorithm 

func (o PkixPublicKeyPtrOutput) SignatureAlgorithm() PkixPublicKeySignatureAlgorithmPtrOutput

The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key).

func (PkixPublicKeyPtrOutput) ToPkixPublicKeyPtrOutput 

func (o PkixPublicKeyPtrOutput) ToPkixPublicKeyPtrOutput() PkixPublicKeyPtrOutput

func (PkixPublicKeyPtrOutput) ToPkixPublicKeyPtrOutputWithContext 

func (o PkixPublicKeyPtrOutput) ToPkixPublicKeyPtrOutputWithContext(ctx context.Context) PkixPublicKeyPtrOutput

type PkixPublicKeyResponse 

type PkixPublicKeyResponse struct {
	// A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
	PublicKeyPem string `pulumi:"publicKeyPem"`
	// The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key).
	SignatureAlgorithm string `pulumi:"signatureAlgorithm"`
}

A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.

type PkixPublicKeyResponseOutput 

type PkixPublicKeyResponseOutput struct{ *pulumi.OutputState }

A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.

func (PkixPublicKeyResponseOutput) ElementType 

func (PkixPublicKeyResponseOutput) ElementType() reflect.Type

func (PkixPublicKeyResponseOutput) PublicKeyPem 

func (o PkixPublicKeyResponseOutput) PublicKeyPem() pulumi.StringOutput

A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

func (PkixPublicKeyResponseOutput) SignatureAlgorithm 

func (o PkixPublicKeyResponseOutput) SignatureAlgorithm() pulumi.StringOutput

The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key).

func (PkixPublicKeyResponseOutput) ToPkixPublicKeyResponseOutput 

func (o PkixPublicKeyResponseOutput) ToPkixPublicKeyResponseOutput() PkixPublicKeyResponseOutput

func (PkixPublicKeyResponseOutput) ToPkixPublicKeyResponseOutputWithContext 

func (o PkixPublicKeyResponseOutput) ToPkixPublicKeyResponseOutputWithContext(ctx context.Context) PkixPublicKeyResponseOutput

type PkixPublicKeySignatureAlgorithm added in v0.4.0 

type PkixPublicKeySignatureAlgorithm string

The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key).

func (PkixPublicKeySignatureAlgorithm) ElementType added in v0.4.0 

func (PkixPublicKeySignatureAlgorithm) ElementType() reflect.Type

func (PkixPublicKeySignatureAlgorithm) ToPkixPublicKeySignatureAlgorithmOutput added in v0.6.0 

func (e PkixPublicKeySignatureAlgorithm) ToPkixPublicKeySignatureAlgorithmOutput() PkixPublicKeySignatureAlgorithmOutput

func (PkixPublicKeySignatureAlgorithm) ToPkixPublicKeySignatureAlgorithmOutputWithContext added in v0.6.0 

func (e PkixPublicKeySignatureAlgorithm) ToPkixPublicKeySignatureAlgorithmOutputWithContext(ctx context.Context) PkixPublicKeySignatureAlgorithmOutput

func (PkixPublicKeySignatureAlgorithm) ToPkixPublicKeySignatureAlgorithmPtrOutput added in v0.6.0 

func (e PkixPublicKeySignatureAlgorithm) ToPkixPublicKeySignatureAlgorithmPtrOutput() PkixPublicKeySignatureAlgorithmPtrOutput

func (PkixPublicKeySignatureAlgorithm) ToPkixPublicKeySignatureAlgorithmPtrOutputWithContext added in v0.6.0 

func (e PkixPublicKeySignatureAlgorithm) ToPkixPublicKeySignatureAlgorithmPtrOutputWithContext(ctx context.Context) PkixPublicKeySignatureAlgorithmPtrOutput

func (PkixPublicKeySignatureAlgorithm) ToStringOutput added in v0.4.0 

func (e PkixPublicKeySignatureAlgorithm) ToStringOutput() pulumi.StringOutput

func (PkixPublicKeySignatureAlgorithm) ToStringOutputWithContext added in v0.4.0 

func (e PkixPublicKeySignatureAlgorithm) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (PkixPublicKeySignatureAlgorithm) ToStringPtrOutput added in v0.4.0 

func (e PkixPublicKeySignatureAlgorithm) ToStringPtrOutput() pulumi.StringPtrOutput

func (PkixPublicKeySignatureAlgorithm) ToStringPtrOutputWithContext added in v0.4.0 

func (e PkixPublicKeySignatureAlgorithm) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type PkixPublicKeySignatureAlgorithmInput added in v0.6.0 

type PkixPublicKeySignatureAlgorithmInput interface {
	pulumi.Input

	ToPkixPublicKeySignatureAlgorithmOutput() PkixPublicKeySignatureAlgorithmOutput
	ToPkixPublicKeySignatureAlgorithmOutputWithContext(context.Context) PkixPublicKeySignatureAlgorithmOutput
}

PkixPublicKeySignatureAlgorithmInput is an input type that accepts PkixPublicKeySignatureAlgorithmArgs and PkixPublicKeySignatureAlgorithmOutput values. You can construct a concrete instance of `PkixPublicKeySignatureAlgorithmInput` via: 

PkixPublicKeySignatureAlgorithmArgs{...}

type PkixPublicKeySignatureAlgorithmOutput added in v0.6.0 

type PkixPublicKeySignatureAlgorithmOutput struct{ *pulumi.OutputState }

func (PkixPublicKeySignatureAlgorithmOutput) ElementType added in v0.6.0 

func (PkixPublicKeySignatureAlgorithmOutput) ElementType() reflect.Type

func (PkixPublicKeySignatureAlgorithmOutput) ToPkixPublicKeySignatureAlgorithmOutput added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmOutput) ToPkixPublicKeySignatureAlgorithmOutput() PkixPublicKeySignatureAlgorithmOutput

func (PkixPublicKeySignatureAlgorithmOutput) ToPkixPublicKeySignatureAlgorithmOutputWithContext added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmOutput) ToPkixPublicKeySignatureAlgorithmOutputWithContext(ctx context.Context) PkixPublicKeySignatureAlgorithmOutput

func (PkixPublicKeySignatureAlgorithmOutput) ToPkixPublicKeySignatureAlgorithmPtrOutput added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmOutput) ToPkixPublicKeySignatureAlgorithmPtrOutput() PkixPublicKeySignatureAlgorithmPtrOutput

func (PkixPublicKeySignatureAlgorithmOutput) ToPkixPublicKeySignatureAlgorithmPtrOutputWithContext added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmOutput) ToPkixPublicKeySignatureAlgorithmPtrOutputWithContext(ctx context.Context) PkixPublicKeySignatureAlgorithmPtrOutput

func (PkixPublicKeySignatureAlgorithmOutput) ToStringOutput added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmOutput) ToStringOutput() pulumi.StringOutput

func (PkixPublicKeySignatureAlgorithmOutput) ToStringOutputWithContext added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (PkixPublicKeySignatureAlgorithmOutput) ToStringPtrOutput added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (PkixPublicKeySignatureAlgorithmOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type PkixPublicKeySignatureAlgorithmPtrInput added in v0.6.0 

type PkixPublicKeySignatureAlgorithmPtrInput interface {
	pulumi.Input

	ToPkixPublicKeySignatureAlgorithmPtrOutput() PkixPublicKeySignatureAlgorithmPtrOutput
	ToPkixPublicKeySignatureAlgorithmPtrOutputWithContext(context.Context) PkixPublicKeySignatureAlgorithmPtrOutput
}

func PkixPublicKeySignatureAlgorithmPtr added in v0.6.0 

func PkixPublicKeySignatureAlgorithmPtr(v string) PkixPublicKeySignatureAlgorithmPtrInput

type PkixPublicKeySignatureAlgorithmPtrOutput added in v0.6.0 

type PkixPublicKeySignatureAlgorithmPtrOutput struct{ *pulumi.OutputState }

func (PkixPublicKeySignatureAlgorithmPtrOutput) Elem added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmPtrOutput) Elem() PkixPublicKeySignatureAlgorithmOutput

func (PkixPublicKeySignatureAlgorithmPtrOutput) ElementType added in v0.6.0 

func (PkixPublicKeySignatureAlgorithmPtrOutput) ElementType() reflect.Type

func (PkixPublicKeySignatureAlgorithmPtrOutput) ToPkixPublicKeySignatureAlgorithmPtrOutput added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmPtrOutput) ToPkixPublicKeySignatureAlgorithmPtrOutput() PkixPublicKeySignatureAlgorithmPtrOutput

func (PkixPublicKeySignatureAlgorithmPtrOutput) ToPkixPublicKeySignatureAlgorithmPtrOutputWithContext added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmPtrOutput) ToPkixPublicKeySignatureAlgorithmPtrOutputWithContext(ctx context.Context) PkixPublicKeySignatureAlgorithmPtrOutput

func (PkixPublicKeySignatureAlgorithmPtrOutput) ToStringPtrOutput added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmPtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (PkixPublicKeySignatureAlgorithmPtrOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmPtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type PolicyIamBinding added in v0.26.0 

type PolicyIamBinding struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition iam.ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Identities that will be granted the privilege in role. Each entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one `IamBinding` can be used per role.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

func GetPolicyIamBinding added in v0.26.0 

func GetPolicyIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *PolicyIamBindingState, opts ...pulumi.ResourceOption) (*PolicyIamBinding, error)

GetPolicyIamBinding gets an existing PolicyIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewPolicyIamBinding added in v0.26.0 

func NewPolicyIamBinding(ctx *pulumi.Context,
	name string, args *PolicyIamBindingArgs, opts ...pulumi.ResourceOption) (*PolicyIamBinding, error)

NewPolicyIamBinding registers a new resource with the given unique name, arguments, and options.

func (*PolicyIamBinding) ElementType added in v0.26.0 

func (*PolicyIamBinding) ElementType() reflect.Type

func (*PolicyIamBinding) ToPolicyIamBindingOutput added in v0.26.0 

func (i *PolicyIamBinding) ToPolicyIamBindingOutput() PolicyIamBindingOutput

func (*PolicyIamBinding) ToPolicyIamBindingOutputWithContext added in v0.26.0 

func (i *PolicyIamBinding) ToPolicyIamBindingOutputWithContext(ctx context.Context) PolicyIamBindingOutput

type PolicyIamBindingArgs added in v0.26.0 

type PolicyIamBindingArgs struct {
	// An IAM Condition for a given binding.
	Condition iam.ConditionPtrInput
	// Identities that will be granted the privilege in role. Each entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied. Only one `IamBinding` can be used per role.
	Role pulumi.StringInput
}

The set of arguments for constructing a PolicyIamBinding resource.

func (PolicyIamBindingArgs) ElementType added in v0.26.0 

func (PolicyIamBindingArgs) ElementType() reflect.Type

type PolicyIamBindingInput added in v0.26.0 

type PolicyIamBindingInput interface {
	pulumi.Input

	ToPolicyIamBindingOutput() PolicyIamBindingOutput
	ToPolicyIamBindingOutputWithContext(ctx context.Context) PolicyIamBindingOutput
}

type PolicyIamBindingOutput added in v0.26.0 

type PolicyIamBindingOutput struct{ *pulumi.OutputState }

func (PolicyIamBindingOutput) Condition added in v0.26.0 

func (o PolicyIamBindingOutput) Condition() iam.ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (PolicyIamBindingOutput) ElementType added in v0.26.0 

func (PolicyIamBindingOutput) ElementType() reflect.Type

func (PolicyIamBindingOutput) Etag added in v0.26.0 

func (o PolicyIamBindingOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (PolicyIamBindingOutput) Members added in v0.26.0 

func (o PolicyIamBindingOutput) Members() pulumi.StringArrayOutput

Identities that will be granted the privilege in role. Each entry can have one of the following values:

  • user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
  • serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
  • domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

func (PolicyIamBindingOutput) Name added in v0.26.0 

func (o PolicyIamBindingOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (PolicyIamBindingOutput) Project added in v0.26.0 

func (o PolicyIamBindingOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (PolicyIamBindingOutput) Role added in v0.26.0 

func (o PolicyIamBindingOutput) Role() pulumi.StringOutput

The role that should be applied. Only one `IamBinding` can be used per role.

func (PolicyIamBindingOutput) ToPolicyIamBindingOutput added in v0.26.0 

func (o PolicyIamBindingOutput) ToPolicyIamBindingOutput() PolicyIamBindingOutput

func (PolicyIamBindingOutput) ToPolicyIamBindingOutputWithContext added in v0.26.0 

func (o PolicyIamBindingOutput) ToPolicyIamBindingOutputWithContext(ctx context.Context) PolicyIamBindingOutput

type PolicyIamBindingState added in v0.26.0 

type PolicyIamBindingState struct {
}

func (PolicyIamBindingState) ElementType added in v0.26.0 

func (PolicyIamBindingState) ElementType() reflect.Type

type PolicyIamMember added in v0.26.0 

type PolicyIamMember struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition iam.ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Identity that will be granted the privilege in role. The entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringOutput `pulumi:"member"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

func GetPolicyIamMember added in v0.26.0 

func GetPolicyIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *PolicyIamMemberState, opts ...pulumi.ResourceOption) (*PolicyIamMember, error)

GetPolicyIamMember gets an existing PolicyIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewPolicyIamMember added in v0.26.0 

func NewPolicyIamMember(ctx *pulumi.Context,
	name string, args *PolicyIamMemberArgs, opts ...pulumi.ResourceOption) (*PolicyIamMember, error)

NewPolicyIamMember registers a new resource with the given unique name, arguments, and options.

func (*PolicyIamMember) ElementType added in v0.26.0 

func (*PolicyIamMember) ElementType() reflect.Type

func (*PolicyIamMember) ToPolicyIamMemberOutput added in v0.26.0 

func (i *PolicyIamMember) ToPolicyIamMemberOutput() PolicyIamMemberOutput

func (*PolicyIamMember) ToPolicyIamMemberOutputWithContext added in v0.26.0 

func (i *PolicyIamMember) ToPolicyIamMemberOutputWithContext(ctx context.Context) PolicyIamMemberOutput

type PolicyIamMemberArgs added in v0.26.0 

type PolicyIamMemberArgs struct {
	// An IAM Condition for a given binding.
	Condition iam.ConditionPtrInput
	// Identity that will be granted the privilege in role. The entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied.
	Role pulumi.StringInput
}

The set of arguments for constructing a PolicyIamMember resource.

func (PolicyIamMemberArgs) ElementType added in v0.26.0 

func (PolicyIamMemberArgs) ElementType() reflect.Type

type PolicyIamMemberInput added in v0.26.0 

type PolicyIamMemberInput interface {
	pulumi.Input

	ToPolicyIamMemberOutput() PolicyIamMemberOutput
	ToPolicyIamMemberOutputWithContext(ctx context.Context) PolicyIamMemberOutput
}

type PolicyIamMemberOutput added in v0.26.0 

type PolicyIamMemberOutput struct{ *pulumi.OutputState }

func (PolicyIamMemberOutput) Condition added in v0.26.0 

func (o PolicyIamMemberOutput) Condition() iam.ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (PolicyIamMemberOutput) ElementType added in v0.26.0 

func (PolicyIamMemberOutput) ElementType() reflect.Type

func (PolicyIamMemberOutput) Etag added in v0.26.0 

func (o PolicyIamMemberOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (PolicyIamMemberOutput) Member added in v0.26.0 

func (o PolicyIamMemberOutput) Member() pulumi.StringOutput

Identity that will be granted the privilege in role. The entry can have one of the following values:

  • user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
  • serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
  • domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

func (PolicyIamMemberOutput) Name added in v0.26.0 

func (o PolicyIamMemberOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (PolicyIamMemberOutput) Project added in v0.26.0 

func (o PolicyIamMemberOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (PolicyIamMemberOutput) Role added in v0.26.0 

func (o PolicyIamMemberOutput) Role() pulumi.StringOutput

The role that should be applied.

func (PolicyIamMemberOutput) ToPolicyIamMemberOutput added in v0.26.0 

func (o PolicyIamMemberOutput) ToPolicyIamMemberOutput() PolicyIamMemberOutput

func (PolicyIamMemberOutput) ToPolicyIamMemberOutputWithContext added in v0.26.0 

func (o PolicyIamMemberOutput) ToPolicyIamMemberOutputWithContext(ctx context.Context) PolicyIamMemberOutput

type PolicyIamMemberState added in v0.26.0 

type PolicyIamMemberState struct {
}

func (PolicyIamMemberState) ElementType added in v0.26.0 

func (PolicyIamMemberState) ElementType() reflect.Type

type PolicyIamPolicy 

type PolicyIamPolicy struct {
	pulumi.CustomResourceState

	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingResponseArrayOutput `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag    pulumi.StringOutput `pulumi:"etag"`
	Project pulumi.StringOutput `pulumi:"project"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntOutput `pulumi:"version"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

func GetPolicyIamPolicy 

func GetPolicyIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *PolicyIamPolicyState, opts ...pulumi.ResourceOption) (*PolicyIamPolicy, error)

GetPolicyIamPolicy gets an existing PolicyIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewPolicyIamPolicy 

func NewPolicyIamPolicy(ctx *pulumi.Context,
	name string, args *PolicyIamPolicyArgs, opts ...pulumi.ResourceOption) (*PolicyIamPolicy, error)

NewPolicyIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*PolicyIamPolicy) ElementType 

func (*PolicyIamPolicy) ElementType() reflect.Type

func (*PolicyIamPolicy) ToPolicyIamPolicyOutput 

func (i *PolicyIamPolicy) ToPolicyIamPolicyOutput() PolicyIamPolicyOutput

func (*PolicyIamPolicy) ToPolicyIamPolicyOutputWithContext 

func (i *PolicyIamPolicy) ToPolicyIamPolicyOutputWithContext(ctx context.Context) PolicyIamPolicyOutput

type PolicyIamPolicyArgs 

type PolicyIamPolicyArgs struct {
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingArrayInput
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag    pulumi.StringPtrInput
	Project pulumi.StringPtrInput
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntPtrInput
}

The set of arguments for constructing a PolicyIamPolicy resource.

func (PolicyIamPolicyArgs) ElementType 

func (PolicyIamPolicyArgs) ElementType() reflect.Type

type PolicyIamPolicyInput 

type PolicyIamPolicyInput interface {
	pulumi.Input

	ToPolicyIamPolicyOutput() PolicyIamPolicyOutput
	ToPolicyIamPolicyOutputWithContext(ctx context.Context) PolicyIamPolicyOutput
}

type PolicyIamPolicyOutput 

type PolicyIamPolicyOutput struct{ *pulumi.OutputState }

func (PolicyIamPolicyOutput) Bindings added in v0.19.0 

func (o PolicyIamPolicyOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (PolicyIamPolicyOutput) ElementType 

func (PolicyIamPolicyOutput) ElementType() reflect.Type

func (PolicyIamPolicyOutput) Etag added in v0.19.0 

func (o PolicyIamPolicyOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (PolicyIamPolicyOutput) Project added in v0.21.0 

func (o PolicyIamPolicyOutput) Project() pulumi.StringOutput

func (PolicyIamPolicyOutput) ToPolicyIamPolicyOutput 

func (o PolicyIamPolicyOutput) ToPolicyIamPolicyOutput() PolicyIamPolicyOutput

func (PolicyIamPolicyOutput) ToPolicyIamPolicyOutputWithContext 

func (o PolicyIamPolicyOutput) ToPolicyIamPolicyOutputWithContext(ctx context.Context) PolicyIamPolicyOutput

func (PolicyIamPolicyOutput) Version added in v0.19.0 

func (o PolicyIamPolicyOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type PolicyIamPolicyState 

type PolicyIamPolicyState struct {
}

func (PolicyIamPolicyState) ElementType 

func (PolicyIamPolicyState) ElementType() reflect.Type

type UserOwnedDrydockNote 

type UserOwnedDrydockNote struct {
	// The Drydock resource name of a ATTESTATION_AUTHORITY Note, created by the user, in the format: `projects/*/notes/*` (or the legacy `providers/*/notes/*`). This field may not be updated. An attestation by this attestor is stored as a Drydock ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note. Drydock is an external dependency.
	NoteReference string `pulumi:"noteReference"`
	// Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
	PublicKeys []AttestorPublicKey `pulumi:"publicKeys"`
}

An user owned drydock note references a Drydock ATTESTATION_AUTHORITY Note created by the user.

type UserOwnedDrydockNoteArgs 

type UserOwnedDrydockNoteArgs struct {
	// The Drydock resource name of a ATTESTATION_AUTHORITY Note, created by the user, in the format: `projects/*/notes/*` (or the legacy `providers/*/notes/*`). This field may not be updated. An attestation by this attestor is stored as a Drydock ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note. Drydock is an external dependency.
	NoteReference pulumi.StringInput `pulumi:"noteReference"`
	// Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
	PublicKeys AttestorPublicKeyArrayInput `pulumi:"publicKeys"`
}

An user owned drydock note references a Drydock ATTESTATION_AUTHORITY Note created by the user.

func (UserOwnedDrydockNoteArgs) ElementType 

func (UserOwnedDrydockNoteArgs) ElementType() reflect.Type

func (UserOwnedDrydockNoteArgs) ToUserOwnedDrydockNoteOutput 

func (i UserOwnedDrydockNoteArgs) ToUserOwnedDrydockNoteOutput() UserOwnedDrydockNoteOutput

func (UserOwnedDrydockNoteArgs) ToUserOwnedDrydockNoteOutputWithContext 

func (i UserOwnedDrydockNoteArgs) ToUserOwnedDrydockNoteOutputWithContext(ctx context.Context) UserOwnedDrydockNoteOutput

func (UserOwnedDrydockNoteArgs) ToUserOwnedDrydockNotePtrOutput 

func (i UserOwnedDrydockNoteArgs) ToUserOwnedDrydockNotePtrOutput() UserOwnedDrydockNotePtrOutput

func (UserOwnedDrydockNoteArgs) ToUserOwnedDrydockNotePtrOutputWithContext 

func (i UserOwnedDrydockNoteArgs) ToUserOwnedDrydockNotePtrOutputWithContext(ctx context.Context) UserOwnedDrydockNotePtrOutput

type UserOwnedDrydockNoteInput 

type UserOwnedDrydockNoteInput interface {
	pulumi.Input

	ToUserOwnedDrydockNoteOutput() UserOwnedDrydockNoteOutput
	ToUserOwnedDrydockNoteOutputWithContext(context.Context) UserOwnedDrydockNoteOutput
}

UserOwnedDrydockNoteInput is an input type that accepts UserOwnedDrydockNoteArgs and UserOwnedDrydockNoteOutput values. You can construct a concrete instance of `UserOwnedDrydockNoteInput` via: 

UserOwnedDrydockNoteArgs{...}

type UserOwnedDrydockNoteOutput 

type UserOwnedDrydockNoteOutput struct{ *pulumi.OutputState }

An user owned drydock note references a Drydock ATTESTATION_AUTHORITY Note created by the user.

func (UserOwnedDrydockNoteOutput) ElementType 

func (UserOwnedDrydockNoteOutput) ElementType() reflect.Type

func (UserOwnedDrydockNoteOutput) NoteReference 

func (o UserOwnedDrydockNoteOutput) NoteReference() pulumi.StringOutput

The Drydock resource name of a ATTESTATION_AUTHORITY Note, created by the user, in the format: `projects/*/notes/*` (or the legacy `providers/*/notes/*`). This field may not be updated. An attestation by this attestor is stored as a Drydock ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note. Drydock is an external dependency.

func (UserOwnedDrydockNoteOutput) PublicKeys 

func (o UserOwnedDrydockNoteOutput) PublicKeys() AttestorPublicKeyArrayOutput

Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

func (UserOwnedDrydockNoteOutput) ToUserOwnedDrydockNoteOutput 

func (o UserOwnedDrydockNoteOutput) ToUserOwnedDrydockNoteOutput() UserOwnedDrydockNoteOutput

func (UserOwnedDrydockNoteOutput) ToUserOwnedDrydockNoteOutputWithContext 

func (o UserOwnedDrydockNoteOutput) ToUserOwnedDrydockNoteOutputWithContext(ctx context.Context) UserOwnedDrydockNoteOutput

func (UserOwnedDrydockNoteOutput) ToUserOwnedDrydockNotePtrOutput 

func (o UserOwnedDrydockNoteOutput) ToUserOwnedDrydockNotePtrOutput() UserOwnedDrydockNotePtrOutput

func (UserOwnedDrydockNoteOutput) ToUserOwnedDrydockNotePtrOutputWithContext 

func (o UserOwnedDrydockNoteOutput) ToUserOwnedDrydockNotePtrOutputWithContext(ctx context.Context) UserOwnedDrydockNotePtrOutput

type UserOwnedDrydockNotePtrInput 

type UserOwnedDrydockNotePtrInput interface {
	pulumi.Input

	ToUserOwnedDrydockNotePtrOutput() UserOwnedDrydockNotePtrOutput
	ToUserOwnedDrydockNotePtrOutputWithContext(context.Context) UserOwnedDrydockNotePtrOutput
}

UserOwnedDrydockNotePtrInput is an input type that accepts UserOwnedDrydockNoteArgs, UserOwnedDrydockNotePtr and UserOwnedDrydockNotePtrOutput values. You can construct a concrete instance of `UserOwnedDrydockNotePtrInput` via: 

        UserOwnedDrydockNoteArgs{...}

or:

        nil

func UserOwnedDrydockNotePtr 

func UserOwnedDrydockNotePtr(v *UserOwnedDrydockNoteArgs) UserOwnedDrydockNotePtrInput

type UserOwnedDrydockNotePtrOutput 

type UserOwnedDrydockNotePtrOutput struct{ *pulumi.OutputState }

func (UserOwnedDrydockNotePtrOutput) Elem 

func (o UserOwnedDrydockNotePtrOutput) Elem() UserOwnedDrydockNoteOutput

func (UserOwnedDrydockNotePtrOutput) ElementType 

func (UserOwnedDrydockNotePtrOutput) ElementType() reflect.Type

func (UserOwnedDrydockNotePtrOutput) NoteReference 

func (o UserOwnedDrydockNotePtrOutput) NoteReference() pulumi.StringPtrOutput

The Drydock resource name of a ATTESTATION_AUTHORITY Note, created by the user, in the format: `projects/*/notes/*` (or the legacy `providers/*/notes/*`). This field may not be updated. An attestation by this attestor is stored as a Drydock ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note. Drydock is an external dependency.

func (UserOwnedDrydockNotePtrOutput) PublicKeys 

func (o UserOwnedDrydockNotePtrOutput) PublicKeys() AttestorPublicKeyArrayOutput

Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

func (UserOwnedDrydockNotePtrOutput) ToUserOwnedDrydockNotePtrOutput 

func (o UserOwnedDrydockNotePtrOutput) ToUserOwnedDrydockNotePtrOutput() UserOwnedDrydockNotePtrOutput

func (UserOwnedDrydockNotePtrOutput) ToUserOwnedDrydockNotePtrOutputWithContext 

func (o UserOwnedDrydockNotePtrOutput) ToUserOwnedDrydockNotePtrOutputWithContext(ctx context.Context) UserOwnedDrydockNotePtrOutput

type UserOwnedDrydockNoteResponse 

type UserOwnedDrydockNoteResponse struct {
	// This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (`containeranalysis.notes.occurrences.viewer`). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
	DelegationServiceAccountEmail string `pulumi:"delegationServiceAccountEmail"`
	// The Drydock resource name of a ATTESTATION_AUTHORITY Note, created by the user, in the format: `projects/*/notes/*` (or the legacy `providers/*/notes/*`). This field may not be updated. An attestation by this attestor is stored as a Drydock ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note. Drydock is an external dependency.
	NoteReference string `pulumi:"noteReference"`
	// Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
	PublicKeys []AttestorPublicKeyResponse `pulumi:"publicKeys"`
}

An user owned drydock note references a Drydock ATTESTATION_AUTHORITY Note created by the user.

type UserOwnedDrydockNoteResponseOutput 

type UserOwnedDrydockNoteResponseOutput struct{ *pulumi.OutputState }

An user owned drydock note references a Drydock ATTESTATION_AUTHORITY Note created by the user.

func (UserOwnedDrydockNoteResponseOutput) DelegationServiceAccountEmail 

func (o UserOwnedDrydockNoteResponseOutput) DelegationServiceAccountEmail() pulumi.StringOutput

This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (`containeranalysis.notes.occurrences.viewer`). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.

func (UserOwnedDrydockNoteResponseOutput) ElementType 

func (UserOwnedDrydockNoteResponseOutput) ElementType() reflect.Type

func (UserOwnedDrydockNoteResponseOutput) NoteReference 

func (o UserOwnedDrydockNoteResponseOutput) NoteReference() pulumi.StringOutput

The Drydock resource name of a ATTESTATION_AUTHORITY Note, created by the user, in the format: `projects/*/notes/*` (or the legacy `providers/*/notes/*`). This field may not be updated. An attestation by this attestor is stored as a Drydock ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note. Drydock is an external dependency.

func (UserOwnedDrydockNoteResponseOutput) PublicKeys 

func (o UserOwnedDrydockNoteResponseOutput) PublicKeys() AttestorPublicKeyResponseArrayOutput

Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

func (UserOwnedDrydockNoteResponseOutput) ToUserOwnedDrydockNoteResponseOutput 

func (o UserOwnedDrydockNoteResponseOutput) ToUserOwnedDrydockNoteResponseOutput() UserOwnedDrydockNoteResponseOutput

func (UserOwnedDrydockNoteResponseOutput) ToUserOwnedDrydockNoteResponseOutputWithContext 

func (o UserOwnedDrydockNoteResponseOutput) ToUserOwnedDrydockNoteResponseOutputWithContext(ctx context.Context) UserOwnedDrydockNoteResponseOutput

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.