Documentation ¶
Index ¶
- Constants
- type AuditConfig
- type AuditConfigArgs
- type AuditConfigArray
- type AuditConfigArrayInput
- type AuditConfigArrayOutput
- func (AuditConfigArrayOutput) ElementType() reflect.Type
- func (o AuditConfigArrayOutput) Index(i pulumi.IntInput) AuditConfigOutput
- func (o AuditConfigArrayOutput) ToAuditConfigArrayOutput() AuditConfigArrayOutput
- func (o AuditConfigArrayOutput) ToAuditConfigArrayOutputWithContext(ctx context.Context) AuditConfigArrayOutput
- type AuditConfigInput
- type AuditConfigOutput
- func (o AuditConfigOutput) AuditLogConfigs() AuditLogConfigArrayOutput
- func (AuditConfigOutput) ElementType() reflect.Type
- func (o AuditConfigOutput) Service() pulumi.StringPtrOutput
- func (o AuditConfigOutput) ToAuditConfigOutput() AuditConfigOutput
- func (o AuditConfigOutput) ToAuditConfigOutputWithContext(ctx context.Context) AuditConfigOutput
- type AuditConfigResponse
- type AuditConfigResponseArrayOutput
- func (AuditConfigResponseArrayOutput) ElementType() reflect.Type
- func (o AuditConfigResponseArrayOutput) Index(i pulumi.IntInput) AuditConfigResponseOutput
- func (o AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutput() AuditConfigResponseArrayOutput
- func (o AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutputWithContext(ctx context.Context) AuditConfigResponseArrayOutput
- type AuditConfigResponseOutput
- func (o AuditConfigResponseOutput) AuditLogConfigs() AuditLogConfigResponseArrayOutput
- func (AuditConfigResponseOutput) ElementType() reflect.Type
- func (o AuditConfigResponseOutput) Service() pulumi.StringOutput
- func (o AuditConfigResponseOutput) ToAuditConfigResponseOutput() AuditConfigResponseOutput
- func (o AuditConfigResponseOutput) ToAuditConfigResponseOutputWithContext(ctx context.Context) AuditConfigResponseOutput
- type AuditLogConfig
- type AuditLogConfigArgs
- type AuditLogConfigArray
- type AuditLogConfigArrayInput
- type AuditLogConfigArrayOutput
- func (AuditLogConfigArrayOutput) ElementType() reflect.Type
- func (o AuditLogConfigArrayOutput) Index(i pulumi.IntInput) AuditLogConfigOutput
- func (o AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutput() AuditLogConfigArrayOutput
- func (o AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutputWithContext(ctx context.Context) AuditLogConfigArrayOutput
- type AuditLogConfigInput
- type AuditLogConfigLogType
- func (AuditLogConfigLogType) ElementType() reflect.Type
- func (e AuditLogConfigLogType) ToAuditLogConfigLogTypeOutput() AuditLogConfigLogTypeOutput
- func (e AuditLogConfigLogType) ToAuditLogConfigLogTypeOutputWithContext(ctx context.Context) AuditLogConfigLogTypeOutput
- func (e AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput
- func (e AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutputWithContext(ctx context.Context) AuditLogConfigLogTypePtrOutput
- func (e AuditLogConfigLogType) ToStringOutput() pulumi.StringOutput
- func (e AuditLogConfigLogType) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput
- func (e AuditLogConfigLogType) ToStringPtrOutput() pulumi.StringPtrOutput
- func (e AuditLogConfigLogType) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput
- type AuditLogConfigLogTypeInput
- type AuditLogConfigLogTypeOutput
- func (AuditLogConfigLogTypeOutput) ElementType() reflect.Type
- func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutput() AuditLogConfigLogTypeOutput
- func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutputWithContext(ctx context.Context) AuditLogConfigLogTypeOutput
- func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput
- func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutputWithContext(ctx context.Context) AuditLogConfigLogTypePtrOutput
- func (o AuditLogConfigLogTypeOutput) ToStringOutput() pulumi.StringOutput
- func (o AuditLogConfigLogTypeOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput
- func (o AuditLogConfigLogTypeOutput) ToStringPtrOutput() pulumi.StringPtrOutput
- func (o AuditLogConfigLogTypeOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput
- type AuditLogConfigLogTypePtrInput
- type AuditLogConfigLogTypePtrOutput
- func (o AuditLogConfigLogTypePtrOutput) Elem() AuditLogConfigLogTypeOutput
- func (AuditLogConfigLogTypePtrOutput) ElementType() reflect.Type
- func (o AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput
- func (o AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutputWithContext(ctx context.Context) AuditLogConfigLogTypePtrOutput
- func (o AuditLogConfigLogTypePtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput
- func (o AuditLogConfigLogTypePtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput
- type AuditLogConfigOutput
- func (AuditLogConfigOutput) ElementType() reflect.Type
- func (o AuditLogConfigOutput) ExemptedMembers() pulumi.StringArrayOutput
- func (o AuditLogConfigOutput) LogType() AuditLogConfigLogTypePtrOutput
- func (o AuditLogConfigOutput) ToAuditLogConfigOutput() AuditLogConfigOutput
- func (o AuditLogConfigOutput) ToAuditLogConfigOutputWithContext(ctx context.Context) AuditLogConfigOutput
- type AuditLogConfigResponse
- type AuditLogConfigResponseArrayOutput
- func (AuditLogConfigResponseArrayOutput) ElementType() reflect.Type
- func (o AuditLogConfigResponseArrayOutput) Index(i pulumi.IntInput) AuditLogConfigResponseOutput
- func (o AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutput() AuditLogConfigResponseArrayOutput
- func (o AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutputWithContext(ctx context.Context) AuditLogConfigResponseArrayOutput
- type AuditLogConfigResponseOutput
- func (AuditLogConfigResponseOutput) ElementType() reflect.Type
- func (o AuditLogConfigResponseOutput) ExemptedMembers() pulumi.StringArrayOutput
- func (o AuditLogConfigResponseOutput) LogType() pulumi.StringOutput
- func (o AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutput() AuditLogConfigResponseOutput
- func (o AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutputWithContext(ctx context.Context) AuditLogConfigResponseOutput
- type Binding
- type BindingArgs
- type BindingArray
- type BindingArrayInput
- type BindingArrayOutput
- type BindingInput
- type BindingOutput
- func (o BindingOutput) Condition() ExprPtrOutput
- func (BindingOutput) ElementType() reflect.Type
- func (o BindingOutput) Members() pulumi.StringArrayOutput
- func (o BindingOutput) Role() pulumi.StringPtrOutput
- func (o BindingOutput) ToBindingOutput() BindingOutput
- func (o BindingOutput) ToBindingOutputWithContext(ctx context.Context) BindingOutput
- type BindingResponse
- type BindingResponseArrayOutput
- func (BindingResponseArrayOutput) ElementType() reflect.Type
- func (o BindingResponseArrayOutput) Index(i pulumi.IntInput) BindingResponseOutput
- func (o BindingResponseArrayOutput) ToBindingResponseArrayOutput() BindingResponseArrayOutput
- func (o BindingResponseArrayOutput) ToBindingResponseArrayOutputWithContext(ctx context.Context) BindingResponseArrayOutput
- type BindingResponseOutput
- func (o BindingResponseOutput) Condition() ExprResponseOutput
- func (BindingResponseOutput) ElementType() reflect.Type
- func (o BindingResponseOutput) Members() pulumi.StringArrayOutput
- func (o BindingResponseOutput) Role() pulumi.StringOutput
- func (o BindingResponseOutput) ToBindingResponseOutput() BindingResponseOutput
- func (o BindingResponseOutput) ToBindingResponseOutputWithContext(ctx context.Context) BindingResponseOutput
- type Expr
- type ExprArgs
- type ExprInput
- type ExprOutput
- func (o ExprOutput) Description() pulumi.StringPtrOutput
- func (ExprOutput) ElementType() reflect.Type
- func (o ExprOutput) Expression() pulumi.StringPtrOutput
- func (o ExprOutput) Location() pulumi.StringPtrOutput
- func (o ExprOutput) Title() pulumi.StringPtrOutput
- func (o ExprOutput) ToExprOutput() ExprOutput
- func (o ExprOutput) ToExprOutputWithContext(ctx context.Context) ExprOutput
- func (o ExprOutput) ToExprPtrOutput() ExprPtrOutput
- func (o ExprOutput) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput
- type ExprPtrInput
- type ExprPtrOutput
- func (o ExprPtrOutput) Description() pulumi.StringPtrOutput
- func (o ExprPtrOutput) Elem() ExprOutput
- func (ExprPtrOutput) ElementType() reflect.Type
- func (o ExprPtrOutput) Expression() pulumi.StringPtrOutput
- func (o ExprPtrOutput) Location() pulumi.StringPtrOutput
- func (o ExprPtrOutput) Title() pulumi.StringPtrOutput
- func (o ExprPtrOutput) ToExprPtrOutput() ExprPtrOutput
- func (o ExprPtrOutput) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput
- type ExprResponse
- type ExprResponseOutput
- func (o ExprResponseOutput) Description() pulumi.StringOutput
- func (ExprResponseOutput) ElementType() reflect.Type
- func (o ExprResponseOutput) Expression() pulumi.StringOutput
- func (o ExprResponseOutput) Location() pulumi.StringOutput
- func (o ExprResponseOutput) Title() pulumi.StringOutput
- func (o ExprResponseOutput) ToExprResponseOutput() ExprResponseOutput
- func (o ExprResponseOutput) ToExprResponseOutputWithContext(ctx context.Context) ExprResponseOutput
- type Folder
- type FolderArgs
- type FolderIamBinding
- type FolderIamBindingArgs
- type FolderIamBindingInput
- type FolderIamBindingOutput
- func (o FolderIamBindingOutput) Condition() iam.ConditionPtrOutput
- func (FolderIamBindingOutput) ElementType() reflect.Type
- func (o FolderIamBindingOutput) Etag() pulumi.StringOutput
- func (o FolderIamBindingOutput) Members() pulumi.StringArrayOutput
- func (o FolderIamBindingOutput) Name() pulumi.StringOutput
- func (o FolderIamBindingOutput) Project() pulumi.StringOutput
- func (o FolderIamBindingOutput) Role() pulumi.StringOutput
- func (o FolderIamBindingOutput) ToFolderIamBindingOutput() FolderIamBindingOutput
- func (o FolderIamBindingOutput) ToFolderIamBindingOutputWithContext(ctx context.Context) FolderIamBindingOutput
- type FolderIamBindingState
- type FolderIamMember
- type FolderIamMemberArgs
- type FolderIamMemberInput
- type FolderIamMemberOutput
- func (o FolderIamMemberOutput) Condition() iam.ConditionPtrOutput
- func (FolderIamMemberOutput) ElementType() reflect.Type
- func (o FolderIamMemberOutput) Etag() pulumi.StringOutput
- func (o FolderIamMemberOutput) Member() pulumi.StringOutput
- func (o FolderIamMemberOutput) Name() pulumi.StringOutput
- func (o FolderIamMemberOutput) Project() pulumi.StringOutput
- func (o FolderIamMemberOutput) Role() pulumi.StringOutput
- func (o FolderIamMemberOutput) ToFolderIamMemberOutput() FolderIamMemberOutput
- func (o FolderIamMemberOutput) ToFolderIamMemberOutputWithContext(ctx context.Context) FolderIamMemberOutput
- type FolderIamMemberState
- type FolderIamPolicy
- type FolderIamPolicyArgs
- type FolderIamPolicyInput
- type FolderIamPolicyOutput
- func (o FolderIamPolicyOutput) AuditConfigs() AuditConfigResponseArrayOutput
- func (o FolderIamPolicyOutput) Bindings() BindingResponseArrayOutput
- func (FolderIamPolicyOutput) ElementType() reflect.Type
- func (o FolderIamPolicyOutput) Etag() pulumi.StringOutput
- func (o FolderIamPolicyOutput) FolderId() pulumi.StringOutput
- func (o FolderIamPolicyOutput) ToFolderIamPolicyOutput() FolderIamPolicyOutput
- func (o FolderIamPolicyOutput) ToFolderIamPolicyOutputWithContext(ctx context.Context) FolderIamPolicyOutput
- func (o FolderIamPolicyOutput) Version() pulumi.IntOutput
- type FolderIamPolicyState
- type FolderInput
- type FolderOutput
- func (o FolderOutput) CreateTime() pulumi.StringOutput
- func (o FolderOutput) DeleteTime() pulumi.StringOutput
- func (o FolderOutput) DisplayName() pulumi.StringOutput
- func (FolderOutput) ElementType() reflect.Type
- func (o FolderOutput) Etag() pulumi.StringOutput
- func (o FolderOutput) Name() pulumi.StringOutput
- func (o FolderOutput) Parent() pulumi.StringOutput
- func (o FolderOutput) State() pulumi.StringOutput
- func (o FolderOutput) ToFolderOutput() FolderOutput
- func (o FolderOutput) ToFolderOutputWithContext(ctx context.Context) FolderOutput
- func (o FolderOutput) UpdateTime() pulumi.StringOutput
- type FolderState
- type Lien
- type LienArgs
- type LienInput
- type LienOutput
- func (o LienOutput) CreateTime() pulumi.StringOutput
- func (LienOutput) ElementType() reflect.Type
- func (o LienOutput) Name() pulumi.StringOutput
- func (o LienOutput) Origin() pulumi.StringOutput
- func (o LienOutput) Parent() pulumi.StringOutput
- func (o LienOutput) Reason() pulumi.StringOutput
- func (o LienOutput) Restrictions() pulumi.StringArrayOutput
- func (o LienOutput) ToLienOutput() LienOutput
- func (o LienOutput) ToLienOutputWithContext(ctx context.Context) LienOutput
- type LienState
- type LookupFolderArgs
- type LookupFolderIamPolicyArgs
- type LookupFolderIamPolicyOutputArgs
- type LookupFolderIamPolicyResult
- type LookupFolderIamPolicyResultOutput
- func (o LookupFolderIamPolicyResultOutput) AuditConfigs() AuditConfigResponseArrayOutput
- func (o LookupFolderIamPolicyResultOutput) Bindings() BindingResponseArrayOutput
- func (LookupFolderIamPolicyResultOutput) ElementType() reflect.Type
- func (o LookupFolderIamPolicyResultOutput) Etag() pulumi.StringOutput
- func (o LookupFolderIamPolicyResultOutput) ToLookupFolderIamPolicyResultOutput() LookupFolderIamPolicyResultOutput
- func (o LookupFolderIamPolicyResultOutput) ToLookupFolderIamPolicyResultOutputWithContext(ctx context.Context) LookupFolderIamPolicyResultOutput
- func (o LookupFolderIamPolicyResultOutput) Version() pulumi.IntOutput
- type LookupFolderOutputArgs
- type LookupFolderResult
- type LookupFolderResultOutput
- func (o LookupFolderResultOutput) CreateTime() pulumi.StringOutput
- func (o LookupFolderResultOutput) DeleteTime() pulumi.StringOutput
- func (o LookupFolderResultOutput) DisplayName() pulumi.StringOutput
- func (LookupFolderResultOutput) ElementType() reflect.Type
- func (o LookupFolderResultOutput) Etag() pulumi.StringOutput
- func (o LookupFolderResultOutput) Name() pulumi.StringOutput
- func (o LookupFolderResultOutput) Parent() pulumi.StringOutput
- func (o LookupFolderResultOutput) State() pulumi.StringOutput
- func (o LookupFolderResultOutput) ToLookupFolderResultOutput() LookupFolderResultOutput
- func (o LookupFolderResultOutput) ToLookupFolderResultOutputWithContext(ctx context.Context) LookupFolderResultOutput
- func (o LookupFolderResultOutput) UpdateTime() pulumi.StringOutput
- type LookupLienArgs
- type LookupLienOutputArgs
- type LookupLienResult
- type LookupLienResultOutput
- func (o LookupLienResultOutput) CreateTime() pulumi.StringOutput
- func (LookupLienResultOutput) ElementType() reflect.Type
- func (o LookupLienResultOutput) Name() pulumi.StringOutput
- func (o LookupLienResultOutput) Origin() pulumi.StringOutput
- func (o LookupLienResultOutput) Parent() pulumi.StringOutput
- func (o LookupLienResultOutput) Reason() pulumi.StringOutput
- func (o LookupLienResultOutput) Restrictions() pulumi.StringArrayOutput
- func (o LookupLienResultOutput) ToLookupLienResultOutput() LookupLienResultOutput
- func (o LookupLienResultOutput) ToLookupLienResultOutputWithContext(ctx context.Context) LookupLienResultOutput
- type LookupOrganizationIamPolicyArgs
- type LookupOrganizationIamPolicyOutputArgs
- type LookupOrganizationIamPolicyResult
- type LookupOrganizationIamPolicyResultOutput
- func (o LookupOrganizationIamPolicyResultOutput) AuditConfigs() AuditConfigResponseArrayOutput
- func (o LookupOrganizationIamPolicyResultOutput) Bindings() BindingResponseArrayOutput
- func (LookupOrganizationIamPolicyResultOutput) ElementType() reflect.Type
- func (o LookupOrganizationIamPolicyResultOutput) Etag() pulumi.StringOutput
- func (o LookupOrganizationIamPolicyResultOutput) ToLookupOrganizationIamPolicyResultOutput() LookupOrganizationIamPolicyResultOutput
- func (o LookupOrganizationIamPolicyResultOutput) ToLookupOrganizationIamPolicyResultOutputWithContext(ctx context.Context) LookupOrganizationIamPolicyResultOutput
- func (o LookupOrganizationIamPolicyResultOutput) Version() pulumi.IntOutput
- type LookupProjectArgs
- type LookupProjectIamPolicyArgs
- type LookupProjectIamPolicyOutputArgs
- type LookupProjectIamPolicyResult
- type LookupProjectIamPolicyResultOutput
- func (o LookupProjectIamPolicyResultOutput) AuditConfigs() AuditConfigResponseArrayOutput
- func (o LookupProjectIamPolicyResultOutput) Bindings() BindingResponseArrayOutput
- func (LookupProjectIamPolicyResultOutput) ElementType() reflect.Type
- func (o LookupProjectIamPolicyResultOutput) Etag() pulumi.StringOutput
- func (o LookupProjectIamPolicyResultOutput) ToLookupProjectIamPolicyResultOutput() LookupProjectIamPolicyResultOutput
- func (o LookupProjectIamPolicyResultOutput) ToLookupProjectIamPolicyResultOutputWithContext(ctx context.Context) LookupProjectIamPolicyResultOutput
- func (o LookupProjectIamPolicyResultOutput) Version() pulumi.IntOutput
- type LookupProjectOutputArgs
- type LookupProjectResult
- type LookupProjectResultOutput
- func (o LookupProjectResultOutput) CreateTime() pulumi.StringOutput
- func (o LookupProjectResultOutput) DeleteTime() pulumi.StringOutput
- func (o LookupProjectResultOutput) DisplayName() pulumi.StringOutput
- func (LookupProjectResultOutput) ElementType() reflect.Type
- func (o LookupProjectResultOutput) Etag() pulumi.StringOutput
- func (o LookupProjectResultOutput) Labels() pulumi.StringMapOutput
- func (o LookupProjectResultOutput) Name() pulumi.StringOutput
- func (o LookupProjectResultOutput) Parent() pulumi.StringOutput
- func (o LookupProjectResultOutput) ProjectId() pulumi.StringOutput
- func (o LookupProjectResultOutput) State() pulumi.StringOutput
- func (o LookupProjectResultOutput) ToLookupProjectResultOutput() LookupProjectResultOutput
- func (o LookupProjectResultOutput) ToLookupProjectResultOutputWithContext(ctx context.Context) LookupProjectResultOutput
- func (o LookupProjectResultOutput) UpdateTime() pulumi.StringOutput
- type LookupTagKeyArgs
- type LookupTagKeyIamPolicyArgs
- type LookupTagKeyIamPolicyOutputArgs
- type LookupTagKeyIamPolicyResult
- type LookupTagKeyIamPolicyResultOutput
- func (o LookupTagKeyIamPolicyResultOutput) AuditConfigs() AuditConfigResponseArrayOutput
- func (o LookupTagKeyIamPolicyResultOutput) Bindings() BindingResponseArrayOutput
- func (LookupTagKeyIamPolicyResultOutput) ElementType() reflect.Type
- func (o LookupTagKeyIamPolicyResultOutput) Etag() pulumi.StringOutput
- func (o LookupTagKeyIamPolicyResultOutput) ToLookupTagKeyIamPolicyResultOutput() LookupTagKeyIamPolicyResultOutput
- func (o LookupTagKeyIamPolicyResultOutput) ToLookupTagKeyIamPolicyResultOutputWithContext(ctx context.Context) LookupTagKeyIamPolicyResultOutput
- func (o LookupTagKeyIamPolicyResultOutput) Version() pulumi.IntOutput
- type LookupTagKeyOutputArgs
- type LookupTagKeyResult
- type LookupTagKeyResultOutput
- func (o LookupTagKeyResultOutput) CreateTime() pulumi.StringOutput
- func (o LookupTagKeyResultOutput) Description() pulumi.StringOutput
- func (LookupTagKeyResultOutput) ElementType() reflect.Type
- func (o LookupTagKeyResultOutput) Etag() pulumi.StringOutput
- func (o LookupTagKeyResultOutput) Name() pulumi.StringOutput
- func (o LookupTagKeyResultOutput) NamespacedName() pulumi.StringOutput
- func (o LookupTagKeyResultOutput) Parent() pulumi.StringOutput
- func (o LookupTagKeyResultOutput) Purpose() pulumi.StringOutput
- func (o LookupTagKeyResultOutput) PurposeData() pulumi.StringMapOutput
- func (o LookupTagKeyResultOutput) ShortName() pulumi.StringOutput
- func (o LookupTagKeyResultOutput) ToLookupTagKeyResultOutput() LookupTagKeyResultOutput
- func (o LookupTagKeyResultOutput) ToLookupTagKeyResultOutputWithContext(ctx context.Context) LookupTagKeyResultOutput
- func (o LookupTagKeyResultOutput) UpdateTime() pulumi.StringOutput
- type LookupTagValueArgs
- type LookupTagValueIamPolicyArgs
- type LookupTagValueIamPolicyOutputArgs
- type LookupTagValueIamPolicyResult
- type LookupTagValueIamPolicyResultOutput
- func (o LookupTagValueIamPolicyResultOutput) AuditConfigs() AuditConfigResponseArrayOutput
- func (o LookupTagValueIamPolicyResultOutput) Bindings() BindingResponseArrayOutput
- func (LookupTagValueIamPolicyResultOutput) ElementType() reflect.Type
- func (o LookupTagValueIamPolicyResultOutput) Etag() pulumi.StringOutput
- func (o LookupTagValueIamPolicyResultOutput) ToLookupTagValueIamPolicyResultOutput() LookupTagValueIamPolicyResultOutput
- func (o LookupTagValueIamPolicyResultOutput) ToLookupTagValueIamPolicyResultOutputWithContext(ctx context.Context) LookupTagValueIamPolicyResultOutput
- func (o LookupTagValueIamPolicyResultOutput) Version() pulumi.IntOutput
- type LookupTagValueOutputArgs
- type LookupTagValueResult
- type LookupTagValueResultOutput
- func (o LookupTagValueResultOutput) CreateTime() pulumi.StringOutput
- func (o LookupTagValueResultOutput) Description() pulumi.StringOutput
- func (LookupTagValueResultOutput) ElementType() reflect.Type
- func (o LookupTagValueResultOutput) Etag() pulumi.StringOutput
- func (o LookupTagValueResultOutput) Name() pulumi.StringOutput
- func (o LookupTagValueResultOutput) NamespacedName() pulumi.StringOutput
- func (o LookupTagValueResultOutput) Parent() pulumi.StringOutput
- func (o LookupTagValueResultOutput) ShortName() pulumi.StringOutput
- func (o LookupTagValueResultOutput) ToLookupTagValueResultOutput() LookupTagValueResultOutput
- func (o LookupTagValueResultOutput) ToLookupTagValueResultOutputWithContext(ctx context.Context) LookupTagValueResultOutput
- func (o LookupTagValueResultOutput) UpdateTime() pulumi.StringOutput
- type OrganizationIamBinding
- type OrganizationIamBindingArgs
- type OrganizationIamBindingInput
- type OrganizationIamBindingOutput
- func (o OrganizationIamBindingOutput) Condition() iam.ConditionPtrOutput
- func (OrganizationIamBindingOutput) ElementType() reflect.Type
- func (o OrganizationIamBindingOutput) Etag() pulumi.StringOutput
- func (o OrganizationIamBindingOutput) Members() pulumi.StringArrayOutput
- func (o OrganizationIamBindingOutput) Name() pulumi.StringOutput
- func (o OrganizationIamBindingOutput) Project() pulumi.StringOutput
- func (o OrganizationIamBindingOutput) Role() pulumi.StringOutput
- func (o OrganizationIamBindingOutput) ToOrganizationIamBindingOutput() OrganizationIamBindingOutput
- func (o OrganizationIamBindingOutput) ToOrganizationIamBindingOutputWithContext(ctx context.Context) OrganizationIamBindingOutput
- type OrganizationIamBindingState
- type OrganizationIamMember
- type OrganizationIamMemberArgs
- type OrganizationIamMemberInput
- type OrganizationIamMemberOutput
- func (o OrganizationIamMemberOutput) Condition() iam.ConditionPtrOutput
- func (OrganizationIamMemberOutput) ElementType() reflect.Type
- func (o OrganizationIamMemberOutput) Etag() pulumi.StringOutput
- func (o OrganizationIamMemberOutput) Member() pulumi.StringOutput
- func (o OrganizationIamMemberOutput) Name() pulumi.StringOutput
- func (o OrganizationIamMemberOutput) Project() pulumi.StringOutput
- func (o OrganizationIamMemberOutput) Role() pulumi.StringOutput
- func (o OrganizationIamMemberOutput) ToOrganizationIamMemberOutput() OrganizationIamMemberOutput
- func (o OrganizationIamMemberOutput) ToOrganizationIamMemberOutputWithContext(ctx context.Context) OrganizationIamMemberOutput
- type OrganizationIamMemberState
- type OrganizationIamPolicy
- type OrganizationIamPolicyArgs
- type OrganizationIamPolicyInput
- type OrganizationIamPolicyOutput
- func (o OrganizationIamPolicyOutput) AuditConfigs() AuditConfigResponseArrayOutput
- func (o OrganizationIamPolicyOutput) Bindings() BindingResponseArrayOutput
- func (OrganizationIamPolicyOutput) ElementType() reflect.Type
- func (o OrganizationIamPolicyOutput) Etag() pulumi.StringOutput
- func (o OrganizationIamPolicyOutput) OrganizationId() pulumi.StringOutput
- func (o OrganizationIamPolicyOutput) ToOrganizationIamPolicyOutput() OrganizationIamPolicyOutput
- func (o OrganizationIamPolicyOutput) ToOrganizationIamPolicyOutputWithContext(ctx context.Context) OrganizationIamPolicyOutput
- func (o OrganizationIamPolicyOutput) Version() pulumi.IntOutput
- type OrganizationIamPolicyState
- type Project
- type ProjectArgs
- type ProjectIamBinding
- type ProjectIamBindingArgs
- type ProjectIamBindingInput
- type ProjectIamBindingOutput
- func (o ProjectIamBindingOutput) Condition() iam.ConditionPtrOutput
- func (ProjectIamBindingOutput) ElementType() reflect.Type
- func (o ProjectIamBindingOutput) Etag() pulumi.StringOutput
- func (o ProjectIamBindingOutput) Members() pulumi.StringArrayOutput
- func (o ProjectIamBindingOutput) Name() pulumi.StringOutput
- func (o ProjectIamBindingOutput) Project() pulumi.StringOutput
- func (o ProjectIamBindingOutput) Role() pulumi.StringOutput
- func (o ProjectIamBindingOutput) ToProjectIamBindingOutput() ProjectIamBindingOutput
- func (o ProjectIamBindingOutput) ToProjectIamBindingOutputWithContext(ctx context.Context) ProjectIamBindingOutput
- type ProjectIamBindingState
- type ProjectIamMember
- type ProjectIamMemberArgs
- type ProjectIamMemberInput
- type ProjectIamMemberOutput
- func (o ProjectIamMemberOutput) Condition() iam.ConditionPtrOutput
- func (ProjectIamMemberOutput) ElementType() reflect.Type
- func (o ProjectIamMemberOutput) Etag() pulumi.StringOutput
- func (o ProjectIamMemberOutput) Member() pulumi.StringOutput
- func (o ProjectIamMemberOutput) Name() pulumi.StringOutput
- func (o ProjectIamMemberOutput) Project() pulumi.StringOutput
- func (o ProjectIamMemberOutput) Role() pulumi.StringOutput
- func (o ProjectIamMemberOutput) ToProjectIamMemberOutput() ProjectIamMemberOutput
- func (o ProjectIamMemberOutput) ToProjectIamMemberOutputWithContext(ctx context.Context) ProjectIamMemberOutput
- type ProjectIamMemberState
- type ProjectIamPolicy
- type ProjectIamPolicyArgs
- type ProjectIamPolicyInput
- type ProjectIamPolicyOutput
- func (o ProjectIamPolicyOutput) AuditConfigs() AuditConfigResponseArrayOutput
- func (o ProjectIamPolicyOutput) Bindings() BindingResponseArrayOutput
- func (ProjectIamPolicyOutput) ElementType() reflect.Type
- func (o ProjectIamPolicyOutput) Etag() pulumi.StringOutput
- func (o ProjectIamPolicyOutput) Project() pulumi.StringOutput
- func (o ProjectIamPolicyOutput) ToProjectIamPolicyOutput() ProjectIamPolicyOutput
- func (o ProjectIamPolicyOutput) ToProjectIamPolicyOutputWithContext(ctx context.Context) ProjectIamPolicyOutput
- func (o ProjectIamPolicyOutput) Version() pulumi.IntOutput
- type ProjectIamPolicyState
- type ProjectInput
- type ProjectOutput
- func (o ProjectOutput) CreateTime() pulumi.StringOutput
- func (o ProjectOutput) DeleteTime() pulumi.StringOutput
- func (o ProjectOutput) DisplayName() pulumi.StringOutput
- func (ProjectOutput) ElementType() reflect.Type
- func (o ProjectOutput) Etag() pulumi.StringOutput
- func (o ProjectOutput) Labels() pulumi.StringMapOutput
- func (o ProjectOutput) Name() pulumi.StringOutput
- func (o ProjectOutput) Parent() pulumi.StringOutput
- func (o ProjectOutput) ProjectId() pulumi.StringOutput
- func (o ProjectOutput) State() pulumi.StringOutput
- func (o ProjectOutput) ToProjectOutput() ProjectOutput
- func (o ProjectOutput) ToProjectOutputWithContext(ctx context.Context) ProjectOutput
- func (o ProjectOutput) UpdateTime() pulumi.StringOutput
- type ProjectState
- type TagKey
- type TagKeyArgs
- type TagKeyIamBinding
- type TagKeyIamBindingArgs
- type TagKeyIamBindingInput
- type TagKeyIamBindingOutput
- func (o TagKeyIamBindingOutput) Condition() iam.ConditionPtrOutput
- func (TagKeyIamBindingOutput) ElementType() reflect.Type
- func (o TagKeyIamBindingOutput) Etag() pulumi.StringOutput
- func (o TagKeyIamBindingOutput) Members() pulumi.StringArrayOutput
- func (o TagKeyIamBindingOutput) Name() pulumi.StringOutput
- func (o TagKeyIamBindingOutput) Project() pulumi.StringOutput
- func (o TagKeyIamBindingOutput) Role() pulumi.StringOutput
- func (o TagKeyIamBindingOutput) ToTagKeyIamBindingOutput() TagKeyIamBindingOutput
- func (o TagKeyIamBindingOutput) ToTagKeyIamBindingOutputWithContext(ctx context.Context) TagKeyIamBindingOutput
- type TagKeyIamBindingState
- type TagKeyIamMember
- type TagKeyIamMemberArgs
- type TagKeyIamMemberInput
- type TagKeyIamMemberOutput
- func (o TagKeyIamMemberOutput) Condition() iam.ConditionPtrOutput
- func (TagKeyIamMemberOutput) ElementType() reflect.Type
- func (o TagKeyIamMemberOutput) Etag() pulumi.StringOutput
- func (o TagKeyIamMemberOutput) Member() pulumi.StringOutput
- func (o TagKeyIamMemberOutput) Name() pulumi.StringOutput
- func (o TagKeyIamMemberOutput) Project() pulumi.StringOutput
- func (o TagKeyIamMemberOutput) Role() pulumi.StringOutput
- func (o TagKeyIamMemberOutput) ToTagKeyIamMemberOutput() TagKeyIamMemberOutput
- func (o TagKeyIamMemberOutput) ToTagKeyIamMemberOutputWithContext(ctx context.Context) TagKeyIamMemberOutput
- type TagKeyIamMemberState
- type TagKeyIamPolicy
- type TagKeyIamPolicyArgs
- type TagKeyIamPolicyInput
- type TagKeyIamPolicyOutput
- func (o TagKeyIamPolicyOutput) AuditConfigs() AuditConfigResponseArrayOutput
- func (o TagKeyIamPolicyOutput) Bindings() BindingResponseArrayOutput
- func (TagKeyIamPolicyOutput) ElementType() reflect.Type
- func (o TagKeyIamPolicyOutput) Etag() pulumi.StringOutput
- func (o TagKeyIamPolicyOutput) TagKeyId() pulumi.StringOutput
- func (o TagKeyIamPolicyOutput) ToTagKeyIamPolicyOutput() TagKeyIamPolicyOutput
- func (o TagKeyIamPolicyOutput) ToTagKeyIamPolicyOutputWithContext(ctx context.Context) TagKeyIamPolicyOutput
- func (o TagKeyIamPolicyOutput) Version() pulumi.IntOutput
- type TagKeyIamPolicyState
- type TagKeyInput
- type TagKeyOutput
- func (o TagKeyOutput) CreateTime() pulumi.StringOutput
- func (o TagKeyOutput) Description() pulumi.StringOutput
- func (TagKeyOutput) ElementType() reflect.Type
- func (o TagKeyOutput) Etag() pulumi.StringOutput
- func (o TagKeyOutput) Name() pulumi.StringOutput
- func (o TagKeyOutput) NamespacedName() pulumi.StringOutput
- func (o TagKeyOutput) Parent() pulumi.StringOutput
- func (o TagKeyOutput) Purpose() pulumi.StringOutput
- func (o TagKeyOutput) PurposeData() pulumi.StringMapOutput
- func (o TagKeyOutput) ShortName() pulumi.StringOutput
- func (o TagKeyOutput) ToTagKeyOutput() TagKeyOutput
- func (o TagKeyOutput) ToTagKeyOutputWithContext(ctx context.Context) TagKeyOutput
- func (o TagKeyOutput) UpdateTime() pulumi.StringOutput
- type TagKeyPurpose
- func (TagKeyPurpose) ElementType() reflect.Type
- func (e TagKeyPurpose) ToStringOutput() pulumi.StringOutput
- func (e TagKeyPurpose) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput
- func (e TagKeyPurpose) ToStringPtrOutput() pulumi.StringPtrOutput
- func (e TagKeyPurpose) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput
- func (e TagKeyPurpose) ToTagKeyPurposeOutput() TagKeyPurposeOutput
- func (e TagKeyPurpose) ToTagKeyPurposeOutputWithContext(ctx context.Context) TagKeyPurposeOutput
- func (e TagKeyPurpose) ToTagKeyPurposePtrOutput() TagKeyPurposePtrOutput
- func (e TagKeyPurpose) ToTagKeyPurposePtrOutputWithContext(ctx context.Context) TagKeyPurposePtrOutput
- type TagKeyPurposeInput
- type TagKeyPurposeOutput
- func (TagKeyPurposeOutput) ElementType() reflect.Type
- func (o TagKeyPurposeOutput) ToStringOutput() pulumi.StringOutput
- func (o TagKeyPurposeOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput
- func (o TagKeyPurposeOutput) ToStringPtrOutput() pulumi.StringPtrOutput
- func (o TagKeyPurposeOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput
- func (o TagKeyPurposeOutput) ToTagKeyPurposeOutput() TagKeyPurposeOutput
- func (o TagKeyPurposeOutput) ToTagKeyPurposeOutputWithContext(ctx context.Context) TagKeyPurposeOutput
- func (o TagKeyPurposeOutput) ToTagKeyPurposePtrOutput() TagKeyPurposePtrOutput
- func (o TagKeyPurposeOutput) ToTagKeyPurposePtrOutputWithContext(ctx context.Context) TagKeyPurposePtrOutput
- type TagKeyPurposePtrInput
- type TagKeyPurposePtrOutput
- func (o TagKeyPurposePtrOutput) Elem() TagKeyPurposeOutput
- func (TagKeyPurposePtrOutput) ElementType() reflect.Type
- func (o TagKeyPurposePtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput
- func (o TagKeyPurposePtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput
- func (o TagKeyPurposePtrOutput) ToTagKeyPurposePtrOutput() TagKeyPurposePtrOutput
- func (o TagKeyPurposePtrOutput) ToTagKeyPurposePtrOutputWithContext(ctx context.Context) TagKeyPurposePtrOutput
- type TagKeyState
- type TagValue
- type TagValueArgs
- type TagValueIamBinding
- type TagValueIamBindingArgs
- type TagValueIamBindingInput
- type TagValueIamBindingOutput
- func (o TagValueIamBindingOutput) Condition() iam.ConditionPtrOutput
- func (TagValueIamBindingOutput) ElementType() reflect.Type
- func (o TagValueIamBindingOutput) Etag() pulumi.StringOutput
- func (o TagValueIamBindingOutput) Members() pulumi.StringArrayOutput
- func (o TagValueIamBindingOutput) Name() pulumi.StringOutput
- func (o TagValueIamBindingOutput) Project() pulumi.StringOutput
- func (o TagValueIamBindingOutput) Role() pulumi.StringOutput
- func (o TagValueIamBindingOutput) ToTagValueIamBindingOutput() TagValueIamBindingOutput
- func (o TagValueIamBindingOutput) ToTagValueIamBindingOutputWithContext(ctx context.Context) TagValueIamBindingOutput
- type TagValueIamBindingState
- type TagValueIamMember
- type TagValueIamMemberArgs
- type TagValueIamMemberInput
- type TagValueIamMemberOutput
- func (o TagValueIamMemberOutput) Condition() iam.ConditionPtrOutput
- func (TagValueIamMemberOutput) ElementType() reflect.Type
- func (o TagValueIamMemberOutput) Etag() pulumi.StringOutput
- func (o TagValueIamMemberOutput) Member() pulumi.StringOutput
- func (o TagValueIamMemberOutput) Name() pulumi.StringOutput
- func (o TagValueIamMemberOutput) Project() pulumi.StringOutput
- func (o TagValueIamMemberOutput) Role() pulumi.StringOutput
- func (o TagValueIamMemberOutput) ToTagValueIamMemberOutput() TagValueIamMemberOutput
- func (o TagValueIamMemberOutput) ToTagValueIamMemberOutputWithContext(ctx context.Context) TagValueIamMemberOutput
- type TagValueIamMemberState
- type TagValueIamPolicy
- type TagValueIamPolicyArgs
- type TagValueIamPolicyInput
- type TagValueIamPolicyOutput
- func (o TagValueIamPolicyOutput) AuditConfigs() AuditConfigResponseArrayOutput
- func (o TagValueIamPolicyOutput) Bindings() BindingResponseArrayOutput
- func (TagValueIamPolicyOutput) ElementType() reflect.Type
- func (o TagValueIamPolicyOutput) Etag() pulumi.StringOutput
- func (o TagValueIamPolicyOutput) TagValueId() pulumi.StringOutput
- func (o TagValueIamPolicyOutput) ToTagValueIamPolicyOutput() TagValueIamPolicyOutput
- func (o TagValueIamPolicyOutput) ToTagValueIamPolicyOutputWithContext(ctx context.Context) TagValueIamPolicyOutput
- func (o TagValueIamPolicyOutput) Version() pulumi.IntOutput
- type TagValueIamPolicyState
- type TagValueInput
- type TagValueOutput
- func (o TagValueOutput) CreateTime() pulumi.StringOutput
- func (o TagValueOutput) Description() pulumi.StringOutput
- func (TagValueOutput) ElementType() reflect.Type
- func (o TagValueOutput) Etag() pulumi.StringOutput
- func (o TagValueOutput) Name() pulumi.StringOutput
- func (o TagValueOutput) NamespacedName() pulumi.StringOutput
- func (o TagValueOutput) Parent() pulumi.StringOutput
- func (o TagValueOutput) ShortName() pulumi.StringOutput
- func (o TagValueOutput) ToTagValueOutput() TagValueOutput
- func (o TagValueOutput) ToTagValueOutputWithContext(ctx context.Context) TagValueOutput
- func (o TagValueOutput) UpdateTime() pulumi.StringOutput
- type TagValueState
Constants ¶
const ( // Default case. Should never be this. AuditLogConfigLogTypeLogTypeUnspecified = AuditLogConfigLogType("LOG_TYPE_UNSPECIFIED") // Admin reads. Example: CloudIAM getIamPolicy AuditLogConfigLogTypeAdminRead = AuditLogConfigLogType("ADMIN_READ") // Data writes. Example: CloudSQL Users create AuditLogConfigLogTypeDataWrite = AuditLogConfigLogType("DATA_WRITE") // Data reads. Example: CloudSQL Users list AuditLogConfigLogTypeDataRead = AuditLogConfigLogType("DATA_READ") )
const ( // Unspecified purpose. TagKeyPurposePurposeUnspecified = TagKeyPurpose("PURPOSE_UNSPECIFIED") // Purpose for Compute Engine firewalls. A corresponding `purpose_data` should be set for the network the tag is intended for. The key should be `network` and the value should be in ## either of these two formats: `https://www.googleapis.com/compute/{compute_version}/projects/{project_id}/global/networks/{network_id}` - `{project_id}/{network_name}` ## Examples: `https://www.googleapis.com/compute/staging_v1/projects/fail-closed-load-testing/global/networks/6992953698831725600` - `fail-closed-load-testing/load-testing-network` TagKeyPurposeGceFirewall = TagKeyPurpose("GCE_FIREWALL") // Purpose for data governance. Tag Values created under a key with this purpose may have Tag Value children. No `purpose_data` should be set. TagKeyPurposeDataGovernance = TagKeyPurpose("DATA_GOVERNANCE") )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuditConfig ¶
type AuditConfig struct { // The configuration for logging of each type of permission. AuditLogConfigs []AuditLogConfig `pulumi:"auditLogConfigs"` // Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. Service *string `pulumi:"service"` }
Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.
type AuditConfigArgs ¶
type AuditConfigArgs struct { // The configuration for logging of each type of permission. AuditLogConfigs AuditLogConfigArrayInput `pulumi:"auditLogConfigs"` // Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. Service pulumi.StringPtrInput `pulumi:"service"` }
Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.
func (AuditConfigArgs) ElementType ¶
func (AuditConfigArgs) ElementType() reflect.Type
func (AuditConfigArgs) ToAuditConfigOutput ¶
func (i AuditConfigArgs) ToAuditConfigOutput() AuditConfigOutput
func (AuditConfigArgs) ToAuditConfigOutputWithContext ¶
func (i AuditConfigArgs) ToAuditConfigOutputWithContext(ctx context.Context) AuditConfigOutput
type AuditConfigArray ¶
type AuditConfigArray []AuditConfigInput
func (AuditConfigArray) ElementType ¶
func (AuditConfigArray) ElementType() reflect.Type
func (AuditConfigArray) ToAuditConfigArrayOutput ¶
func (i AuditConfigArray) ToAuditConfigArrayOutput() AuditConfigArrayOutput
func (AuditConfigArray) ToAuditConfigArrayOutputWithContext ¶
func (i AuditConfigArray) ToAuditConfigArrayOutputWithContext(ctx context.Context) AuditConfigArrayOutput
type AuditConfigArrayInput ¶
type AuditConfigArrayInput interface { pulumi.Input ToAuditConfigArrayOutput() AuditConfigArrayOutput ToAuditConfigArrayOutputWithContext(context.Context) AuditConfigArrayOutput }
AuditConfigArrayInput is an input type that accepts AuditConfigArray and AuditConfigArrayOutput values. You can construct a concrete instance of `AuditConfigArrayInput` via:
AuditConfigArray{ AuditConfigArgs{...} }
type AuditConfigArrayOutput ¶
type AuditConfigArrayOutput struct{ *pulumi.OutputState }
func (AuditConfigArrayOutput) ElementType ¶
func (AuditConfigArrayOutput) ElementType() reflect.Type
func (AuditConfigArrayOutput) Index ¶
func (o AuditConfigArrayOutput) Index(i pulumi.IntInput) AuditConfigOutput
func (AuditConfigArrayOutput) ToAuditConfigArrayOutput ¶
func (o AuditConfigArrayOutput) ToAuditConfigArrayOutput() AuditConfigArrayOutput
func (AuditConfigArrayOutput) ToAuditConfigArrayOutputWithContext ¶
func (o AuditConfigArrayOutput) ToAuditConfigArrayOutputWithContext(ctx context.Context) AuditConfigArrayOutput
type AuditConfigInput ¶
type AuditConfigInput interface { pulumi.Input ToAuditConfigOutput() AuditConfigOutput ToAuditConfigOutputWithContext(context.Context) AuditConfigOutput }
AuditConfigInput is an input type that accepts AuditConfigArgs and AuditConfigOutput values. You can construct a concrete instance of `AuditConfigInput` via:
AuditConfigArgs{...}
type AuditConfigOutput ¶
type AuditConfigOutput struct{ *pulumi.OutputState }
Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.
func (AuditConfigOutput) AuditLogConfigs ¶
func (o AuditConfigOutput) AuditLogConfigs() AuditLogConfigArrayOutput
The configuration for logging of each type of permission.
func (AuditConfigOutput) ElementType ¶
func (AuditConfigOutput) ElementType() reflect.Type
func (AuditConfigOutput) Service ¶
func (o AuditConfigOutput) Service() pulumi.StringPtrOutput
Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
func (AuditConfigOutput) ToAuditConfigOutput ¶
func (o AuditConfigOutput) ToAuditConfigOutput() AuditConfigOutput
func (AuditConfigOutput) ToAuditConfigOutputWithContext ¶
func (o AuditConfigOutput) ToAuditConfigOutputWithContext(ctx context.Context) AuditConfigOutput
type AuditConfigResponse ¶
type AuditConfigResponse struct { // The configuration for logging of each type of permission. AuditLogConfigs []AuditLogConfigResponse `pulumi:"auditLogConfigs"` // Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. Service string `pulumi:"service"` }
Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.
type AuditConfigResponseArrayOutput ¶
type AuditConfigResponseArrayOutput struct{ *pulumi.OutputState }
func (AuditConfigResponseArrayOutput) ElementType ¶
func (AuditConfigResponseArrayOutput) ElementType() reflect.Type
func (AuditConfigResponseArrayOutput) Index ¶
func (o AuditConfigResponseArrayOutput) Index(i pulumi.IntInput) AuditConfigResponseOutput
func (AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutput ¶
func (o AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutput() AuditConfigResponseArrayOutput
func (AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutputWithContext ¶
func (o AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutputWithContext(ctx context.Context) AuditConfigResponseArrayOutput
type AuditConfigResponseOutput ¶
type AuditConfigResponseOutput struct{ *pulumi.OutputState }
Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.
func (AuditConfigResponseOutput) AuditLogConfigs ¶
func (o AuditConfigResponseOutput) AuditLogConfigs() AuditLogConfigResponseArrayOutput
The configuration for logging of each type of permission.
func (AuditConfigResponseOutput) ElementType ¶
func (AuditConfigResponseOutput) ElementType() reflect.Type
func (AuditConfigResponseOutput) Service ¶
func (o AuditConfigResponseOutput) Service() pulumi.StringOutput
Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
func (AuditConfigResponseOutput) ToAuditConfigResponseOutput ¶
func (o AuditConfigResponseOutput) ToAuditConfigResponseOutput() AuditConfigResponseOutput
func (AuditConfigResponseOutput) ToAuditConfigResponseOutputWithContext ¶
func (o AuditConfigResponseOutput) ToAuditConfigResponseOutputWithContext(ctx context.Context) AuditConfigResponseOutput
type AuditLogConfig ¶
type AuditLogConfig struct { // Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. ExemptedMembers []string `pulumi:"exemptedMembers"` // The log type that this config enables. LogType *AuditLogConfigLogType `pulumi:"logType"` }
Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.
type AuditLogConfigArgs ¶
type AuditLogConfigArgs struct { // Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. ExemptedMembers pulumi.StringArrayInput `pulumi:"exemptedMembers"` // The log type that this config enables. LogType AuditLogConfigLogTypePtrInput `pulumi:"logType"` }
Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.
func (AuditLogConfigArgs) ElementType ¶
func (AuditLogConfigArgs) ElementType() reflect.Type
func (AuditLogConfigArgs) ToAuditLogConfigOutput ¶
func (i AuditLogConfigArgs) ToAuditLogConfigOutput() AuditLogConfigOutput
func (AuditLogConfigArgs) ToAuditLogConfigOutputWithContext ¶
func (i AuditLogConfigArgs) ToAuditLogConfigOutputWithContext(ctx context.Context) AuditLogConfigOutput
type AuditLogConfigArray ¶
type AuditLogConfigArray []AuditLogConfigInput
func (AuditLogConfigArray) ElementType ¶
func (AuditLogConfigArray) ElementType() reflect.Type
func (AuditLogConfigArray) ToAuditLogConfigArrayOutput ¶
func (i AuditLogConfigArray) ToAuditLogConfigArrayOutput() AuditLogConfigArrayOutput
func (AuditLogConfigArray) ToAuditLogConfigArrayOutputWithContext ¶
func (i AuditLogConfigArray) ToAuditLogConfigArrayOutputWithContext(ctx context.Context) AuditLogConfigArrayOutput
type AuditLogConfigArrayInput ¶
type AuditLogConfigArrayInput interface { pulumi.Input ToAuditLogConfigArrayOutput() AuditLogConfigArrayOutput ToAuditLogConfigArrayOutputWithContext(context.Context) AuditLogConfigArrayOutput }
AuditLogConfigArrayInput is an input type that accepts AuditLogConfigArray and AuditLogConfigArrayOutput values. You can construct a concrete instance of `AuditLogConfigArrayInput` via:
AuditLogConfigArray{ AuditLogConfigArgs{...} }
type AuditLogConfigArrayOutput ¶
type AuditLogConfigArrayOutput struct{ *pulumi.OutputState }
func (AuditLogConfigArrayOutput) ElementType ¶
func (AuditLogConfigArrayOutput) ElementType() reflect.Type
func (AuditLogConfigArrayOutput) Index ¶
func (o AuditLogConfigArrayOutput) Index(i pulumi.IntInput) AuditLogConfigOutput
func (AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutput ¶
func (o AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutput() AuditLogConfigArrayOutput
func (AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutputWithContext ¶
func (o AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutputWithContext(ctx context.Context) AuditLogConfigArrayOutput
type AuditLogConfigInput ¶
type AuditLogConfigInput interface { pulumi.Input ToAuditLogConfigOutput() AuditLogConfigOutput ToAuditLogConfigOutputWithContext(context.Context) AuditLogConfigOutput }
AuditLogConfigInput is an input type that accepts AuditLogConfigArgs and AuditLogConfigOutput values. You can construct a concrete instance of `AuditLogConfigInput` via:
AuditLogConfigArgs{...}
type AuditLogConfigLogType ¶ added in v0.4.0
type AuditLogConfigLogType string
The log type that this config enables.
func (AuditLogConfigLogType) ElementType ¶ added in v0.4.0
func (AuditLogConfigLogType) ElementType() reflect.Type
func (AuditLogConfigLogType) ToAuditLogConfigLogTypeOutput ¶ added in v0.6.0
func (e AuditLogConfigLogType) ToAuditLogConfigLogTypeOutput() AuditLogConfigLogTypeOutput
func (AuditLogConfigLogType) ToAuditLogConfigLogTypeOutputWithContext ¶ added in v0.6.0
func (e AuditLogConfigLogType) ToAuditLogConfigLogTypeOutputWithContext(ctx context.Context) AuditLogConfigLogTypeOutput
func (AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutput ¶ added in v0.6.0
func (e AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput
func (AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutputWithContext ¶ added in v0.6.0
func (e AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutputWithContext(ctx context.Context) AuditLogConfigLogTypePtrOutput
func (AuditLogConfigLogType) ToStringOutput ¶ added in v0.4.0
func (e AuditLogConfigLogType) ToStringOutput() pulumi.StringOutput
func (AuditLogConfigLogType) ToStringOutputWithContext ¶ added in v0.4.0
func (e AuditLogConfigLogType) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput
func (AuditLogConfigLogType) ToStringPtrOutput ¶ added in v0.4.0
func (e AuditLogConfigLogType) ToStringPtrOutput() pulumi.StringPtrOutput
func (AuditLogConfigLogType) ToStringPtrOutputWithContext ¶ added in v0.4.0
func (e AuditLogConfigLogType) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput
type AuditLogConfigLogTypeInput ¶ added in v0.6.0
type AuditLogConfigLogTypeInput interface { pulumi.Input ToAuditLogConfigLogTypeOutput() AuditLogConfigLogTypeOutput ToAuditLogConfigLogTypeOutputWithContext(context.Context) AuditLogConfigLogTypeOutput }
AuditLogConfigLogTypeInput is an input type that accepts AuditLogConfigLogTypeArgs and AuditLogConfigLogTypeOutput values. You can construct a concrete instance of `AuditLogConfigLogTypeInput` via:
AuditLogConfigLogTypeArgs{...}
type AuditLogConfigLogTypeOutput ¶ added in v0.6.0
type AuditLogConfigLogTypeOutput struct{ *pulumi.OutputState }
func (AuditLogConfigLogTypeOutput) ElementType ¶ added in v0.6.0
func (AuditLogConfigLogTypeOutput) ElementType() reflect.Type
func (AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutput ¶ added in v0.6.0
func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutput() AuditLogConfigLogTypeOutput
func (AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutputWithContext ¶ added in v0.6.0
func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutputWithContext(ctx context.Context) AuditLogConfigLogTypeOutput
func (AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutput ¶ added in v0.6.0
func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput
func (AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutputWithContext ¶ added in v0.6.0
func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutputWithContext(ctx context.Context) AuditLogConfigLogTypePtrOutput
func (AuditLogConfigLogTypeOutput) ToStringOutput ¶ added in v0.6.0
func (o AuditLogConfigLogTypeOutput) ToStringOutput() pulumi.StringOutput
func (AuditLogConfigLogTypeOutput) ToStringOutputWithContext ¶ added in v0.6.0
func (o AuditLogConfigLogTypeOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput
func (AuditLogConfigLogTypeOutput) ToStringPtrOutput ¶ added in v0.6.0
func (o AuditLogConfigLogTypeOutput) ToStringPtrOutput() pulumi.StringPtrOutput
func (AuditLogConfigLogTypeOutput) ToStringPtrOutputWithContext ¶ added in v0.6.0
func (o AuditLogConfigLogTypeOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput
type AuditLogConfigLogTypePtrInput ¶ added in v0.6.0
type AuditLogConfigLogTypePtrInput interface { pulumi.Input ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput ToAuditLogConfigLogTypePtrOutputWithContext(context.Context) AuditLogConfigLogTypePtrOutput }
func AuditLogConfigLogTypePtr ¶ added in v0.6.0
func AuditLogConfigLogTypePtr(v string) AuditLogConfigLogTypePtrInput
type AuditLogConfigLogTypePtrOutput ¶ added in v0.6.0
type AuditLogConfigLogTypePtrOutput struct{ *pulumi.OutputState }
func (AuditLogConfigLogTypePtrOutput) Elem ¶ added in v0.6.0
func (o AuditLogConfigLogTypePtrOutput) Elem() AuditLogConfigLogTypeOutput
func (AuditLogConfigLogTypePtrOutput) ElementType ¶ added in v0.6.0
func (AuditLogConfigLogTypePtrOutput) ElementType() reflect.Type
func (AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutput ¶ added in v0.6.0
func (o AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput
func (AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutputWithContext ¶ added in v0.6.0
func (o AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutputWithContext(ctx context.Context) AuditLogConfigLogTypePtrOutput
func (AuditLogConfigLogTypePtrOutput) ToStringPtrOutput ¶ added in v0.6.0
func (o AuditLogConfigLogTypePtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput
func (AuditLogConfigLogTypePtrOutput) ToStringPtrOutputWithContext ¶ added in v0.6.0
func (o AuditLogConfigLogTypePtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput
type AuditLogConfigOutput ¶
type AuditLogConfigOutput struct{ *pulumi.OutputState }
Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.
func (AuditLogConfigOutput) ElementType ¶
func (AuditLogConfigOutput) ElementType() reflect.Type
func (AuditLogConfigOutput) ExemptedMembers ¶
func (o AuditLogConfigOutput) ExemptedMembers() pulumi.StringArrayOutput
Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
func (AuditLogConfigOutput) LogType ¶
func (o AuditLogConfigOutput) LogType() AuditLogConfigLogTypePtrOutput
The log type that this config enables.
func (AuditLogConfigOutput) ToAuditLogConfigOutput ¶
func (o AuditLogConfigOutput) ToAuditLogConfigOutput() AuditLogConfigOutput
func (AuditLogConfigOutput) ToAuditLogConfigOutputWithContext ¶
func (o AuditLogConfigOutput) ToAuditLogConfigOutputWithContext(ctx context.Context) AuditLogConfigOutput
type AuditLogConfigResponse ¶
type AuditLogConfigResponse struct { // Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. ExemptedMembers []string `pulumi:"exemptedMembers"` // The log type that this config enables. LogType string `pulumi:"logType"` }
Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.
type AuditLogConfigResponseArrayOutput ¶
type AuditLogConfigResponseArrayOutput struct{ *pulumi.OutputState }
func (AuditLogConfigResponseArrayOutput) ElementType ¶
func (AuditLogConfigResponseArrayOutput) ElementType() reflect.Type
func (AuditLogConfigResponseArrayOutput) Index ¶
func (o AuditLogConfigResponseArrayOutput) Index(i pulumi.IntInput) AuditLogConfigResponseOutput
func (AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutput ¶
func (o AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutput() AuditLogConfigResponseArrayOutput
func (AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutputWithContext ¶
func (o AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutputWithContext(ctx context.Context) AuditLogConfigResponseArrayOutput
type AuditLogConfigResponseOutput ¶
type AuditLogConfigResponseOutput struct{ *pulumi.OutputState }
Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.
func (AuditLogConfigResponseOutput) ElementType ¶
func (AuditLogConfigResponseOutput) ElementType() reflect.Type
func (AuditLogConfigResponseOutput) ExemptedMembers ¶
func (o AuditLogConfigResponseOutput) ExemptedMembers() pulumi.StringArrayOutput
Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
func (AuditLogConfigResponseOutput) LogType ¶
func (o AuditLogConfigResponseOutput) LogType() pulumi.StringOutput
The log type that this config enables.
func (AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutput ¶
func (o AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutput() AuditLogConfigResponseOutput
func (AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutputWithContext ¶
func (o AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutputWithContext(ctx context.Context) AuditLogConfigResponseOutput
type Binding ¶
type Binding struct { // The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). Condition *Expr `pulumi:"condition"` // Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. Members []string `pulumi:"members"` // Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Role *string `pulumi:"role"` }
Associates `members`, or principals, with a `role`.
type BindingArgs ¶
type BindingArgs struct { // The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). Condition ExprPtrInput `pulumi:"condition"` // Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. Members pulumi.StringArrayInput `pulumi:"members"` // Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Role pulumi.StringPtrInput `pulumi:"role"` }
Associates `members`, or principals, with a `role`.
func (BindingArgs) ElementType ¶
func (BindingArgs) ElementType() reflect.Type
func (BindingArgs) ToBindingOutput ¶
func (i BindingArgs) ToBindingOutput() BindingOutput
func (BindingArgs) ToBindingOutputWithContext ¶
func (i BindingArgs) ToBindingOutputWithContext(ctx context.Context) BindingOutput
type BindingArray ¶
type BindingArray []BindingInput
func (BindingArray) ElementType ¶
func (BindingArray) ElementType() reflect.Type
func (BindingArray) ToBindingArrayOutput ¶
func (i BindingArray) ToBindingArrayOutput() BindingArrayOutput
func (BindingArray) ToBindingArrayOutputWithContext ¶
func (i BindingArray) ToBindingArrayOutputWithContext(ctx context.Context) BindingArrayOutput
type BindingArrayInput ¶
type BindingArrayInput interface { pulumi.Input ToBindingArrayOutput() BindingArrayOutput ToBindingArrayOutputWithContext(context.Context) BindingArrayOutput }
BindingArrayInput is an input type that accepts BindingArray and BindingArrayOutput values. You can construct a concrete instance of `BindingArrayInput` via:
BindingArray{ BindingArgs{...} }
type BindingArrayOutput ¶
type BindingArrayOutput struct{ *pulumi.OutputState }
func (BindingArrayOutput) ElementType ¶
func (BindingArrayOutput) ElementType() reflect.Type
func (BindingArrayOutput) Index ¶
func (o BindingArrayOutput) Index(i pulumi.IntInput) BindingOutput
func (BindingArrayOutput) ToBindingArrayOutput ¶
func (o BindingArrayOutput) ToBindingArrayOutput() BindingArrayOutput
func (BindingArrayOutput) ToBindingArrayOutputWithContext ¶
func (o BindingArrayOutput) ToBindingArrayOutputWithContext(ctx context.Context) BindingArrayOutput
type BindingInput ¶
type BindingInput interface { pulumi.Input ToBindingOutput() BindingOutput ToBindingOutputWithContext(context.Context) BindingOutput }
BindingInput is an input type that accepts BindingArgs and BindingOutput values. You can construct a concrete instance of `BindingInput` via:
BindingArgs{...}
type BindingOutput ¶
type BindingOutput struct{ *pulumi.OutputState }
Associates `members`, or principals, with a `role`.
func (BindingOutput) Condition ¶
func (o BindingOutput) Condition() ExprPtrOutput
The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
func (BindingOutput) ElementType ¶
func (BindingOutput) ElementType() reflect.Type
func (BindingOutput) Members ¶
func (o BindingOutput) Members() pulumi.StringArrayOutput
Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
func (BindingOutput) Role ¶
func (o BindingOutput) Role() pulumi.StringPtrOutput
Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
func (BindingOutput) ToBindingOutput ¶
func (o BindingOutput) ToBindingOutput() BindingOutput
func (BindingOutput) ToBindingOutputWithContext ¶
func (o BindingOutput) ToBindingOutputWithContext(ctx context.Context) BindingOutput
type BindingResponse ¶
type BindingResponse struct { // The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). Condition ExprResponse `pulumi:"condition"` // Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. Members []string `pulumi:"members"` // Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Role string `pulumi:"role"` }
Associates `members`, or principals, with a `role`.
type BindingResponseArrayOutput ¶
type BindingResponseArrayOutput struct{ *pulumi.OutputState }
func (BindingResponseArrayOutput) ElementType ¶
func (BindingResponseArrayOutput) ElementType() reflect.Type
func (BindingResponseArrayOutput) Index ¶
func (o BindingResponseArrayOutput) Index(i pulumi.IntInput) BindingResponseOutput
func (BindingResponseArrayOutput) ToBindingResponseArrayOutput ¶
func (o BindingResponseArrayOutput) ToBindingResponseArrayOutput() BindingResponseArrayOutput
func (BindingResponseArrayOutput) ToBindingResponseArrayOutputWithContext ¶
func (o BindingResponseArrayOutput) ToBindingResponseArrayOutputWithContext(ctx context.Context) BindingResponseArrayOutput
type BindingResponseOutput ¶
type BindingResponseOutput struct{ *pulumi.OutputState }
Associates `members`, or principals, with a `role`.
func (BindingResponseOutput) Condition ¶
func (o BindingResponseOutput) Condition() ExprResponseOutput
The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
func (BindingResponseOutput) ElementType ¶
func (BindingResponseOutput) ElementType() reflect.Type
func (BindingResponseOutput) Members ¶
func (o BindingResponseOutput) Members() pulumi.StringArrayOutput
Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
func (BindingResponseOutput) Role ¶
func (o BindingResponseOutput) Role() pulumi.StringOutput
Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
func (BindingResponseOutput) ToBindingResponseOutput ¶
func (o BindingResponseOutput) ToBindingResponseOutput() BindingResponseOutput
func (BindingResponseOutput) ToBindingResponseOutputWithContext ¶
func (o BindingResponseOutput) ToBindingResponseOutputWithContext(ctx context.Context) BindingResponseOutput
type Expr ¶
type Expr struct { // Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression *string `pulumi:"expression"` // Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. Location *string `pulumi:"location"` // Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. Title *string `pulumi:"title"` }
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
type ExprArgs ¶
type ExprArgs struct { // Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringPtrInput `pulumi:"expression"` // Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. Location pulumi.StringPtrInput `pulumi:"location"` // Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. Title pulumi.StringPtrInput `pulumi:"title"` }
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
func (ExprArgs) ElementType ¶
func (ExprArgs) ToExprOutput ¶
func (i ExprArgs) ToExprOutput() ExprOutput
func (ExprArgs) ToExprOutputWithContext ¶
func (i ExprArgs) ToExprOutputWithContext(ctx context.Context) ExprOutput
func (ExprArgs) ToExprPtrOutput ¶
func (i ExprArgs) ToExprPtrOutput() ExprPtrOutput
func (ExprArgs) ToExprPtrOutputWithContext ¶
func (i ExprArgs) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput
type ExprInput ¶
type ExprInput interface { pulumi.Input ToExprOutput() ExprOutput ToExprOutputWithContext(context.Context) ExprOutput }
ExprInput is an input type that accepts ExprArgs and ExprOutput values. You can construct a concrete instance of `ExprInput` via:
ExprArgs{...}
type ExprOutput ¶
type ExprOutput struct{ *pulumi.OutputState }
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
func (ExprOutput) Description ¶
func (o ExprOutput) Description() pulumi.StringPtrOutput
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (ExprOutput) ElementType ¶
func (ExprOutput) ElementType() reflect.Type
func (ExprOutput) Expression ¶
func (o ExprOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (ExprOutput) Location ¶
func (o ExprOutput) Location() pulumi.StringPtrOutput
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
func (ExprOutput) Title ¶
func (o ExprOutput) Title() pulumi.StringPtrOutput
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
func (ExprOutput) ToExprOutput ¶
func (o ExprOutput) ToExprOutput() ExprOutput
func (ExprOutput) ToExprOutputWithContext ¶
func (o ExprOutput) ToExprOutputWithContext(ctx context.Context) ExprOutput
func (ExprOutput) ToExprPtrOutput ¶
func (o ExprOutput) ToExprPtrOutput() ExprPtrOutput
func (ExprOutput) ToExprPtrOutputWithContext ¶
func (o ExprOutput) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput
type ExprPtrInput ¶
type ExprPtrInput interface { pulumi.Input ToExprPtrOutput() ExprPtrOutput ToExprPtrOutputWithContext(context.Context) ExprPtrOutput }
ExprPtrInput is an input type that accepts ExprArgs, ExprPtr and ExprPtrOutput values. You can construct a concrete instance of `ExprPtrInput` via:
ExprArgs{...} or: nil
func ExprPtr ¶
func ExprPtr(v *ExprArgs) ExprPtrInput
type ExprPtrOutput ¶
type ExprPtrOutput struct{ *pulumi.OutputState }
func (ExprPtrOutput) Description ¶
func (o ExprPtrOutput) Description() pulumi.StringPtrOutput
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (ExprPtrOutput) Elem ¶
func (o ExprPtrOutput) Elem() ExprOutput
func (ExprPtrOutput) ElementType ¶
func (ExprPtrOutput) ElementType() reflect.Type
func (ExprPtrOutput) Expression ¶
func (o ExprPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (ExprPtrOutput) Location ¶
func (o ExprPtrOutput) Location() pulumi.StringPtrOutput
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
func (ExprPtrOutput) Title ¶
func (o ExprPtrOutput) Title() pulumi.StringPtrOutput
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
func (ExprPtrOutput) ToExprPtrOutput ¶
func (o ExprPtrOutput) ToExprPtrOutput() ExprPtrOutput
func (ExprPtrOutput) ToExprPtrOutputWithContext ¶
func (o ExprPtrOutput) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput
type ExprResponse ¶
type ExprResponse struct { // Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. Description string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. Location string `pulumi:"location"` // Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. Title string `pulumi:"title"` }
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
type ExprResponseOutput ¶
type ExprResponseOutput struct{ *pulumi.OutputState }
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
func (ExprResponseOutput) Description ¶
func (o ExprResponseOutput) Description() pulumi.StringOutput
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
func (ExprResponseOutput) ElementType ¶
func (ExprResponseOutput) ElementType() reflect.Type
func (ExprResponseOutput) Expression ¶
func (o ExprResponseOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (ExprResponseOutput) Location ¶
func (o ExprResponseOutput) Location() pulumi.StringOutput
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
func (ExprResponseOutput) Title ¶
func (o ExprResponseOutput) Title() pulumi.StringOutput
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
func (ExprResponseOutput) ToExprResponseOutput ¶
func (o ExprResponseOutput) ToExprResponseOutput() ExprResponseOutput
func (ExprResponseOutput) ToExprResponseOutputWithContext ¶
func (o ExprResponseOutput) ToExprResponseOutputWithContext(ctx context.Context) ExprResponseOutput
type Folder ¶
type Folder struct { pulumi.CustomResourceState // Timestamp when the folder was created. CreateTime pulumi.StringOutput `pulumi:"createTime"` // Timestamp when the folder was requested to be deleted. DeleteTime pulumi.StringOutput `pulumi:"deleteTime"` // The folder's display name. A folder's display name must be unique amongst its siblings. For example, no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters. This is captured by the regular expression: `[\p{L}\p{N}]([\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?`. DisplayName pulumi.StringOutput `pulumi:"displayName"` // A checksum computed by the server based on the current value of the folder resource. This may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. Etag pulumi.StringOutput `pulumi:"etag"` // The resource name of the folder. Its format is `folders/{folder_id}`, for example: "folders/1234". Name pulumi.StringOutput `pulumi:"name"` // The folder's parent's resource name. Updates to the folder's parent must be performed using MoveFolder. Parent pulumi.StringOutput `pulumi:"parent"` // The lifecycle state of the folder. Updates to the state must be performed using DeleteFolder and UndeleteFolder. State pulumi.StringOutput `pulumi:"state"` // Timestamp when the folder was last modified. UpdateTime pulumi.StringOutput `pulumi:"updateTime"` }
Creates a folder in the resource hierarchy. Returns an `Operation` which can be used to track the progress of the folder creation workflow. Upon success, the `Operation.response` field will be populated with the created Folder. In order to succeed, the addition of this new folder must not violate the folder naming, height, or fanout constraints. + The folder's `display_name` must be distinct from all other folders that share its parent. + The addition of the folder must not cause the active folder hierarchy to exceed a height of 10. Note, the full active + deleted folder hierarchy is allowed to reach a height of 20; this provides additional headroom when moving folders that contain deleted folders. + The addition of the folder must not cause the total number of folders under its parent to exceed 300. If the operation fails due to a folder constraint violation, some errors may be returned by the `CreateFolder` request, with status code `FAILED_PRECONDITION` and an error description. Other folder constraint violations will be communicated in the `Operation`, with the specific `PreconditionFailure` returned in the details list in the `Operation.error` field. The caller must have `resourcemanager.folders.create` permission on the identified parent. Auto-naming is currently not supported for this resource.
func GetFolder ¶
func GetFolder(ctx *pulumi.Context, name string, id pulumi.IDInput, state *FolderState, opts ...pulumi.ResourceOption) (*Folder, error)
GetFolder gets an existing Folder resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewFolder ¶
func NewFolder(ctx *pulumi.Context, name string, args *FolderArgs, opts ...pulumi.ResourceOption) (*Folder, error)
NewFolder registers a new resource with the given unique name, arguments, and options.
func (*Folder) ElementType ¶
func (*Folder) ToFolderOutput ¶
func (i *Folder) ToFolderOutput() FolderOutput
func (*Folder) ToFolderOutputWithContext ¶
func (i *Folder) ToFolderOutputWithContext(ctx context.Context) FolderOutput
type FolderArgs ¶
type FolderArgs struct { // The folder's display name. A folder's display name must be unique amongst its siblings. For example, no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters. This is captured by the regular expression: `[\p{L}\p{N}]([\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?`. DisplayName pulumi.StringPtrInput // The folder's parent's resource name. Updates to the folder's parent must be performed using MoveFolder. Parent pulumi.StringInput }
The set of arguments for constructing a Folder resource.
func (FolderArgs) ElementType ¶
func (FolderArgs) ElementType() reflect.Type
type FolderIamBinding ¶ added in v0.26.0
type FolderIamBinding struct { pulumi.CustomResourceState // An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details. Condition iam.ConditionPtrOutput `pulumi:"condition"` // The etag of the resource's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. Members pulumi.StringArrayOutput `pulumi:"members"` // The name of the resource to manage IAM policies for. Name pulumi.StringOutput `pulumi:"name"` // The project in which the resource belongs. If it is not provided, a default will be supplied. Project pulumi.StringOutput `pulumi:"project"` // Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Role pulumi.StringOutput `pulumi:"role"` }
Sets the access control policy on a folder, replacing any existing policy. The `resource` field should be the folder's resource name, for example: "folders/1234". The caller must have `resourcemanager.folders.setIamPolicy` permission on the identified folder.
func GetFolderIamBinding ¶ added in v0.26.0
func GetFolderIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *FolderIamBindingState, opts ...pulumi.ResourceOption) (*FolderIamBinding, error)
GetFolderIamBinding gets an existing FolderIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewFolderIamBinding ¶ added in v0.26.0
func NewFolderIamBinding(ctx *pulumi.Context, name string, args *FolderIamBindingArgs, opts ...pulumi.ResourceOption) (*FolderIamBinding, error)
NewFolderIamBinding registers a new resource with the given unique name, arguments, and options.
func (*FolderIamBinding) ElementType ¶ added in v0.26.0
func (*FolderIamBinding) ElementType() reflect.Type
func (*FolderIamBinding) ToFolderIamBindingOutput ¶ added in v0.26.0
func (i *FolderIamBinding) ToFolderIamBindingOutput() FolderIamBindingOutput
func (*FolderIamBinding) ToFolderIamBindingOutputWithContext ¶ added in v0.26.0
func (i *FolderIamBinding) ToFolderIamBindingOutputWithContext(ctx context.Context) FolderIamBindingOutput
type FolderIamBindingArgs ¶ added in v0.26.0
type FolderIamBindingArgs struct { // An IAM Condition for a given binding. Condition iam.ConditionPtrInput // Identities that will be granted the privilege in role. Each entry can have one of the following values: // // * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. // * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Members pulumi.StringArrayInput // The name of the resource to manage IAM policies for. Name pulumi.StringInput // The role that should be applied. Only one `IamBinding` can be used per role. Role pulumi.StringInput }
The set of arguments for constructing a FolderIamBinding resource.
func (FolderIamBindingArgs) ElementType ¶ added in v0.26.0
func (FolderIamBindingArgs) ElementType() reflect.Type
type FolderIamBindingInput ¶ added in v0.26.0
type FolderIamBindingInput interface { pulumi.Input ToFolderIamBindingOutput() FolderIamBindingOutput ToFolderIamBindingOutputWithContext(ctx context.Context) FolderIamBindingOutput }
type FolderIamBindingOutput ¶ added in v0.26.0
type FolderIamBindingOutput struct{ *pulumi.OutputState }
func (FolderIamBindingOutput) Condition ¶ added in v0.26.0
func (o FolderIamBindingOutput) Condition() iam.ConditionPtrOutput
An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
func (FolderIamBindingOutput) ElementType ¶ added in v0.26.0
func (FolderIamBindingOutput) ElementType() reflect.Type
func (FolderIamBindingOutput) Etag ¶ added in v0.26.0
func (o FolderIamBindingOutput) Etag() pulumi.StringOutput
The etag of the resource's IAM policy.
func (FolderIamBindingOutput) Members ¶ added in v0.26.0
func (o FolderIamBindingOutput) Members() pulumi.StringArrayOutput
Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
func (FolderIamBindingOutput) Name ¶ added in v0.26.0
func (o FolderIamBindingOutput) Name() pulumi.StringOutput
The name of the resource to manage IAM policies for.
func (FolderIamBindingOutput) Project ¶ added in v0.26.0
func (o FolderIamBindingOutput) Project() pulumi.StringOutput
The project in which the resource belongs. If it is not provided, a default will be supplied.
func (FolderIamBindingOutput) Role ¶ added in v0.26.0
func (o FolderIamBindingOutput) Role() pulumi.StringOutput
Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
func (FolderIamBindingOutput) ToFolderIamBindingOutput ¶ added in v0.26.0
func (o FolderIamBindingOutput) ToFolderIamBindingOutput() FolderIamBindingOutput
func (FolderIamBindingOutput) ToFolderIamBindingOutputWithContext ¶ added in v0.26.0
func (o FolderIamBindingOutput) ToFolderIamBindingOutputWithContext(ctx context.Context) FolderIamBindingOutput
type FolderIamBindingState ¶ added in v0.26.0
type FolderIamBindingState struct { }
func (FolderIamBindingState) ElementType ¶ added in v0.26.0
func (FolderIamBindingState) ElementType() reflect.Type
type FolderIamMember ¶ added in v0.26.0
type FolderIamMember struct { pulumi.CustomResourceState // An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details. Condition iam.ConditionPtrOutput `pulumi:"condition"` // The etag of the resource's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. Member pulumi.StringOutput `pulumi:"member"` // The name of the resource to manage IAM policies for. Name pulumi.StringOutput `pulumi:"name"` // The project in which the resource belongs. If it is not provided, a default will be supplied. Project pulumi.StringOutput `pulumi:"project"` // Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Role pulumi.StringOutput `pulumi:"role"` }
Sets the access control policy on a folder, replacing any existing policy. The `resource` field should be the folder's resource name, for example: "folders/1234". The caller must have `resourcemanager.folders.setIamPolicy` permission on the identified folder.
func GetFolderIamMember ¶ added in v0.26.0
func GetFolderIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *FolderIamMemberState, opts ...pulumi.ResourceOption) (*FolderIamMember, error)
GetFolderIamMember gets an existing FolderIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewFolderIamMember ¶ added in v0.26.0
func NewFolderIamMember(ctx *pulumi.Context, name string, args *FolderIamMemberArgs, opts ...pulumi.ResourceOption) (*FolderIamMember, error)
NewFolderIamMember registers a new resource with the given unique name, arguments, and options.
func (*FolderIamMember) ElementType ¶ added in v0.26.0
func (*FolderIamMember) ElementType() reflect.Type
func (*FolderIamMember) ToFolderIamMemberOutput ¶ added in v0.26.0
func (i *FolderIamMember) ToFolderIamMemberOutput() FolderIamMemberOutput
func (*FolderIamMember) ToFolderIamMemberOutputWithContext ¶ added in v0.26.0
func (i *FolderIamMember) ToFolderIamMemberOutputWithContext(ctx context.Context) FolderIamMemberOutput
type FolderIamMemberArgs ¶ added in v0.26.0
type FolderIamMemberArgs struct { // An IAM Condition for a given binding. Condition iam.ConditionPtrInput // Identity that will be granted the privilege in role. The entry can have one of the following values: // // * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. // * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringInput // The name of the resource to manage IAM policies for. Name pulumi.StringInput // The role that should be applied. Role pulumi.StringInput }
The set of arguments for constructing a FolderIamMember resource.
func (FolderIamMemberArgs) ElementType ¶ added in v0.26.0
func (FolderIamMemberArgs) ElementType() reflect.Type
type FolderIamMemberInput ¶ added in v0.26.0
type FolderIamMemberInput interface { pulumi.Input ToFolderIamMemberOutput() FolderIamMemberOutput ToFolderIamMemberOutputWithContext(ctx context.Context) FolderIamMemberOutput }
type FolderIamMemberOutput ¶ added in v0.26.0
type FolderIamMemberOutput struct{ *pulumi.OutputState }
func (FolderIamMemberOutput) Condition ¶ added in v0.26.0
func (o FolderIamMemberOutput) Condition() iam.ConditionPtrOutput
An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
func (FolderIamMemberOutput) ElementType ¶ added in v0.26.0
func (FolderIamMemberOutput) ElementType() reflect.Type
func (FolderIamMemberOutput) Etag ¶ added in v0.26.0
func (o FolderIamMemberOutput) Etag() pulumi.StringOutput
The etag of the resource's IAM policy.
func (FolderIamMemberOutput) Member ¶ added in v0.26.0
func (o FolderIamMemberOutput) Member() pulumi.StringOutput
Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
func (FolderIamMemberOutput) Name ¶ added in v0.26.0
func (o FolderIamMemberOutput) Name() pulumi.StringOutput
The name of the resource to manage IAM policies for.
func (FolderIamMemberOutput) Project ¶ added in v0.26.0
func (o FolderIamMemberOutput) Project() pulumi.StringOutput
The project in which the resource belongs. If it is not provided, a default will be supplied.
func (FolderIamMemberOutput) Role ¶ added in v0.26.0
func (o FolderIamMemberOutput) Role() pulumi.StringOutput
Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
func (FolderIamMemberOutput) ToFolderIamMemberOutput ¶ added in v0.26.0
func (o FolderIamMemberOutput) ToFolderIamMemberOutput() FolderIamMemberOutput
func (FolderIamMemberOutput) ToFolderIamMemberOutputWithContext ¶ added in v0.26.0
func (o FolderIamMemberOutput) ToFolderIamMemberOutputWithContext(ctx context.Context) FolderIamMemberOutput
type FolderIamMemberState ¶ added in v0.26.0
type FolderIamMemberState struct { }
func (FolderIamMemberState) ElementType ¶ added in v0.26.0
func (FolderIamMemberState) ElementType() reflect.Type
type FolderIamPolicy ¶
type FolderIamPolicy struct { pulumi.CustomResourceState // Specifies cloud audit logging configuration for this policy. AuditConfigs AuditConfigResponseArrayOutput `pulumi:"auditConfigs"` // Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. Bindings BindingResponseArrayOutput `pulumi:"bindings"` // `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. Etag pulumi.StringOutput `pulumi:"etag"` FolderId pulumi.StringOutput `pulumi:"folderId"` // Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). Version pulumi.IntOutput `pulumi:"version"` }
Sets the access control policy on a folder, replacing any existing policy. The `resource` field should be the folder's resource name, for example: "folders/1234". The caller must have `resourcemanager.folders.setIamPolicy` permission on the identified folder. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.
func GetFolderIamPolicy ¶
func GetFolderIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *FolderIamPolicyState, opts ...pulumi.ResourceOption) (*FolderIamPolicy, error)
GetFolderIamPolicy gets an existing FolderIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewFolderIamPolicy ¶
func NewFolderIamPolicy(ctx *pulumi.Context, name string, args *FolderIamPolicyArgs, opts ...pulumi.ResourceOption) (*FolderIamPolicy, error)
NewFolderIamPolicy registers a new resource with the given unique name, arguments, and options.
func (*FolderIamPolicy) ElementType ¶
func (*FolderIamPolicy) ElementType() reflect.Type
func (*FolderIamPolicy) ToFolderIamPolicyOutput ¶
func (i *FolderIamPolicy) ToFolderIamPolicyOutput() FolderIamPolicyOutput
func (*FolderIamPolicy) ToFolderIamPolicyOutputWithContext ¶
func (i *FolderIamPolicy) ToFolderIamPolicyOutputWithContext(ctx context.Context) FolderIamPolicyOutput
type FolderIamPolicyArgs ¶
type FolderIamPolicyArgs struct { // Specifies cloud audit logging configuration for this policy. AuditConfigs AuditConfigArrayInput // Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. Bindings BindingArrayInput // `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. Etag pulumi.StringPtrInput FolderId pulumi.StringInput // OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: "bindings, etag"` UpdateMask pulumi.StringPtrInput // Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). Version pulumi.IntPtrInput }
The set of arguments for constructing a FolderIamPolicy resource.
func (FolderIamPolicyArgs) ElementType ¶
func (FolderIamPolicyArgs) ElementType() reflect.Type
type FolderIamPolicyInput ¶
type FolderIamPolicyInput interface { pulumi.Input ToFolderIamPolicyOutput() FolderIamPolicyOutput ToFolderIamPolicyOutputWithContext(ctx context.Context) FolderIamPolicyOutput }
type FolderIamPolicyOutput ¶
type FolderIamPolicyOutput struct{ *pulumi.OutputState }
func (FolderIamPolicyOutput) AuditConfigs ¶ added in v0.19.0
func (o FolderIamPolicyOutput) AuditConfigs() AuditConfigResponseArrayOutput
Specifies cloud audit logging configuration for this policy.
func (FolderIamPolicyOutput) Bindings ¶ added in v0.19.0
func (o FolderIamPolicyOutput) Bindings() BindingResponseArrayOutput
Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
func (FolderIamPolicyOutput) ElementType ¶
func (FolderIamPolicyOutput) ElementType() reflect.Type
func (FolderIamPolicyOutput) Etag ¶ added in v0.19.0
func (o FolderIamPolicyOutput) Etag() pulumi.StringOutput
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
func (FolderIamPolicyOutput) FolderId ¶ added in v0.21.0
func (o FolderIamPolicyOutput) FolderId() pulumi.StringOutput
func (FolderIamPolicyOutput) ToFolderIamPolicyOutput ¶
func (o FolderIamPolicyOutput) ToFolderIamPolicyOutput() FolderIamPolicyOutput
func (FolderIamPolicyOutput) ToFolderIamPolicyOutputWithContext ¶
func (o FolderIamPolicyOutput) ToFolderIamPolicyOutputWithContext(ctx context.Context) FolderIamPolicyOutput
func (FolderIamPolicyOutput) Version ¶ added in v0.19.0
func (o FolderIamPolicyOutput) Version() pulumi.IntOutput
Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
type FolderIamPolicyState ¶
type FolderIamPolicyState struct { }
func (FolderIamPolicyState) ElementType ¶
func (FolderIamPolicyState) ElementType() reflect.Type
type FolderInput ¶
type FolderInput interface { pulumi.Input ToFolderOutput() FolderOutput ToFolderOutputWithContext(ctx context.Context) FolderOutput }
type FolderOutput ¶
type FolderOutput struct{ *pulumi.OutputState }
func (FolderOutput) CreateTime ¶ added in v0.19.0
func (o FolderOutput) CreateTime() pulumi.StringOutput
Timestamp when the folder was created.
func (FolderOutput) DeleteTime ¶ added in v0.19.0
func (o FolderOutput) DeleteTime() pulumi.StringOutput
Timestamp when the folder was requested to be deleted.
func (FolderOutput) DisplayName ¶ added in v0.19.0
func (o FolderOutput) DisplayName() pulumi.StringOutput
The folder's display name. A folder's display name must be unique amongst its siblings. For example, no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters. This is captured by the regular expression: `[\p{L}\p{N}]([\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?`.
func (FolderOutput) ElementType ¶
func (FolderOutput) ElementType() reflect.Type
func (FolderOutput) Etag ¶ added in v0.19.0
func (o FolderOutput) Etag() pulumi.StringOutput
A checksum computed by the server based on the current value of the folder resource. This may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.
func (FolderOutput) Name ¶ added in v0.19.0
func (o FolderOutput) Name() pulumi.StringOutput
The resource name of the folder. Its format is `folders/{folder_id}`, for example: "folders/1234".
func (FolderOutput) Parent ¶ added in v0.19.0
func (o FolderOutput) Parent() pulumi.StringOutput
The folder's parent's resource name. Updates to the folder's parent must be performed using MoveFolder.
func (FolderOutput) State ¶ added in v0.19.0
func (o FolderOutput) State() pulumi.StringOutput
The lifecycle state of the folder. Updates to the state must be performed using DeleteFolder and UndeleteFolder.
func (FolderOutput) ToFolderOutput ¶
func (o FolderOutput) ToFolderOutput() FolderOutput
func (FolderOutput) ToFolderOutputWithContext ¶
func (o FolderOutput) ToFolderOutputWithContext(ctx context.Context) FolderOutput
func (FolderOutput) UpdateTime ¶ added in v0.19.0
func (o FolderOutput) UpdateTime() pulumi.StringOutput
Timestamp when the folder was last modified.
type FolderState ¶
type FolderState struct { }
func (FolderState) ElementType ¶
func (FolderState) ElementType() reflect.Type
type Lien ¶
type Lien struct { pulumi.CustomResourceState // The creation time of this Lien. CreateTime pulumi.StringOutput `pulumi:"createTime"` // A system-generated unique identifier for this Lien. Example: `liens/1234abcd` Name pulumi.StringOutput `pulumi:"name"` // A stable, user-visible/meaningful string identifying the origin of the Lien, intended to be inspected programmatically. Maximum length of 200 characters. Example: 'compute.googleapis.com' Origin pulumi.StringOutput `pulumi:"origin"` // A reference to the resource this Lien is attached to. The server will validate the parent against those for which Liens are supported. Example: `projects/1234` Parent pulumi.StringOutput `pulumi:"parent"` // Concise user-visible strings indicating why an action cannot be performed on a resource. Maximum length of 200 characters. Example: 'Holds production API key' Reason pulumi.StringOutput `pulumi:"reason"` // The types of operations which should be blocked as a result of this Lien. Each value should correspond to an IAM permission. The server will validate the permissions against those for which Liens are supported. An empty list is meaningless and will be rejected. Example: ['resourcemanager.projects.delete'] Restrictions pulumi.StringArrayOutput `pulumi:"restrictions"` }
Create a Lien which applies to the resource denoted by the `parent` field. Callers of this method will require permission on the `parent` resource. For example, applying to `projects/1234` requires permission `resourcemanager.projects.updateLiens`. NOTE: Some resources may limit the number of Liens which may be applied.
func GetLien ¶
func GetLien(ctx *pulumi.Context, name string, id pulumi.IDInput, state *LienState, opts ...pulumi.ResourceOption) (*Lien, error)
GetLien gets an existing Lien resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewLien ¶
func NewLien(ctx *pulumi.Context, name string, args *LienArgs, opts ...pulumi.ResourceOption) (*Lien, error)
NewLien registers a new resource with the given unique name, arguments, and options.
func (*Lien) ElementType ¶
func (*Lien) ToLienOutput ¶
func (i *Lien) ToLienOutput() LienOutput
func (*Lien) ToLienOutputWithContext ¶
func (i *Lien) ToLienOutputWithContext(ctx context.Context) LienOutput
type LienArgs ¶
type LienArgs struct { // The creation time of this Lien. CreateTime pulumi.StringPtrInput // A system-generated unique identifier for this Lien. Example: `liens/1234abcd` Name pulumi.StringPtrInput // A stable, user-visible/meaningful string identifying the origin of the Lien, intended to be inspected programmatically. Maximum length of 200 characters. Example: 'compute.googleapis.com' Origin pulumi.StringPtrInput // A reference to the resource this Lien is attached to. The server will validate the parent against those for which Liens are supported. Example: `projects/1234` Parent pulumi.StringPtrInput // Concise user-visible strings indicating why an action cannot be performed on a resource. Maximum length of 200 characters. Example: 'Holds production API key' Reason pulumi.StringPtrInput // The types of operations which should be blocked as a result of this Lien. Each value should correspond to an IAM permission. The server will validate the permissions against those for which Liens are supported. An empty list is meaningless and will be rejected. Example: ['resourcemanager.projects.delete'] Restrictions pulumi.StringArrayInput }
The set of arguments for constructing a Lien resource.
func (LienArgs) ElementType ¶
type LienInput ¶
type LienInput interface { pulumi.Input ToLienOutput() LienOutput ToLienOutputWithContext(ctx context.Context) LienOutput }
type LienOutput ¶
type LienOutput struct{ *pulumi.OutputState }
func (LienOutput) CreateTime ¶ added in v0.19.0
func (o LienOutput) CreateTime() pulumi.StringOutput
The creation time of this Lien.
func (LienOutput) ElementType ¶
func (LienOutput) ElementType() reflect.Type
func (LienOutput) Name ¶ added in v0.19.0
func (o LienOutput) Name() pulumi.StringOutput
A system-generated unique identifier for this Lien. Example: `liens/1234abcd`
func (LienOutput) Origin ¶ added in v0.19.0
func (o LienOutput) Origin() pulumi.StringOutput
A stable, user-visible/meaningful string identifying the origin of the Lien, intended to be inspected programmatically. Maximum length of 200 characters. Example: 'compute.googleapis.com'
func (LienOutput) Parent ¶ added in v0.19.0
func (o LienOutput) Parent() pulumi.StringOutput
A reference to the resource this Lien is attached to. The server will validate the parent against those for which Liens are supported. Example: `projects/1234`
func (LienOutput) Reason ¶ added in v0.19.0
func (o LienOutput) Reason() pulumi.StringOutput
Concise user-visible strings indicating why an action cannot be performed on a resource. Maximum length of 200 characters. Example: 'Holds production API key'
func (LienOutput) Restrictions ¶ added in v0.19.0
func (o LienOutput) Restrictions() pulumi.StringArrayOutput
The types of operations which should be blocked as a result of this Lien. Each value should correspond to an IAM permission. The server will validate the permissions against those for which Liens are supported. An empty list is meaningless and will be rejected. Example: ['resourcemanager.projects.delete']
func (LienOutput) ToLienOutput ¶
func (o LienOutput) ToLienOutput() LienOutput
func (LienOutput) ToLienOutputWithContext ¶
func (o LienOutput) ToLienOutputWithContext(ctx context.Context) LienOutput
type LookupFolderArgs ¶ added in v0.4.0
type LookupFolderArgs struct {
FolderId string `pulumi:"folderId"`
}
type LookupFolderIamPolicyArgs ¶ added in v0.4.0
type LookupFolderIamPolicyArgs struct {
FolderId string `pulumi:"folderId"`
}
type LookupFolderIamPolicyOutputArgs ¶ added in v0.8.0
type LookupFolderIamPolicyOutputArgs struct {
FolderId pulumi.StringInput `pulumi:"folderId"`
}
func (LookupFolderIamPolicyOutputArgs) ElementType ¶ added in v0.8.0
func (LookupFolderIamPolicyOutputArgs) ElementType() reflect.Type
type LookupFolderIamPolicyResult ¶ added in v0.4.0
type LookupFolderIamPolicyResult struct { // Specifies cloud audit logging configuration for this policy. AuditConfigs []AuditConfigResponse `pulumi:"auditConfigs"` // Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. Bindings []BindingResponse `pulumi:"bindings"` // `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. Etag string `pulumi:"etag"` // Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). Version int `pulumi:"version"` }
func LookupFolderIamPolicy ¶ added in v0.4.0
func LookupFolderIamPolicy(ctx *pulumi.Context, args *LookupFolderIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupFolderIamPolicyResult, error)
Gets the access control policy for a folder. The returned policy may be empty if no such policy or resource exists. The `resource` field should be the folder's resource name, for example: "folders/1234". The caller must have `resourcemanager.folders.getIamPolicy` permission on the identified folder.
type LookupFolderIamPolicyResultOutput ¶ added in v0.8.0
type LookupFolderIamPolicyResultOutput struct{ *pulumi.OutputState }
func LookupFolderIamPolicyOutput ¶ added in v0.8.0
func LookupFolderIamPolicyOutput(ctx *pulumi.Context, args LookupFolderIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupFolderIamPolicyResultOutput
func (LookupFolderIamPolicyResultOutput) AuditConfigs ¶ added in v0.8.0
func (o LookupFolderIamPolicyResultOutput) AuditConfigs() AuditConfigResponseArrayOutput
Specifies cloud audit logging configuration for this policy.
func (LookupFolderIamPolicyResultOutput) Bindings ¶ added in v0.8.0
func (o LookupFolderIamPolicyResultOutput) Bindings() BindingResponseArrayOutput
Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
func (LookupFolderIamPolicyResultOutput) ElementType ¶ added in v0.8.0
func (LookupFolderIamPolicyResultOutput) ElementType() reflect.Type
func (LookupFolderIamPolicyResultOutput) Etag ¶ added in v0.8.0
func (o LookupFolderIamPolicyResultOutput) Etag() pulumi.StringOutput
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
func (LookupFolderIamPolicyResultOutput) ToLookupFolderIamPolicyResultOutput ¶ added in v0.8.0
func (o LookupFolderIamPolicyResultOutput) ToLookupFolderIamPolicyResultOutput() LookupFolderIamPolicyResultOutput
func (LookupFolderIamPolicyResultOutput) ToLookupFolderIamPolicyResultOutputWithContext ¶ added in v0.8.0
func (o LookupFolderIamPolicyResultOutput) ToLookupFolderIamPolicyResultOutputWithContext(ctx context.Context) LookupFolderIamPolicyResultOutput
func (LookupFolderIamPolicyResultOutput) Version ¶ added in v0.8.0
func (o LookupFolderIamPolicyResultOutput) Version() pulumi.IntOutput
Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
type LookupFolderOutputArgs ¶ added in v0.8.0
type LookupFolderOutputArgs struct {
FolderId pulumi.StringInput `pulumi:"folderId"`
}
func (LookupFolderOutputArgs) ElementType ¶ added in v0.8.0
func (LookupFolderOutputArgs) ElementType() reflect.Type
type LookupFolderResult ¶ added in v0.4.0
type LookupFolderResult struct { // Timestamp when the folder was created. CreateTime string `pulumi:"createTime"` // Timestamp when the folder was requested to be deleted. DeleteTime string `pulumi:"deleteTime"` // The folder's display name. A folder's display name must be unique amongst its siblings. For example, no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters. This is captured by the regular expression: `[\p{L}\p{N}]([\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?`. DisplayName string `pulumi:"displayName"` // A checksum computed by the server based on the current value of the folder resource. This may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. Etag string `pulumi:"etag"` // The resource name of the folder. Its format is `folders/{folder_id}`, for example: "folders/1234". Name string `pulumi:"name"` // The folder's parent's resource name. Updates to the folder's parent must be performed using MoveFolder. Parent string `pulumi:"parent"` // The lifecycle state of the folder. Updates to the state must be performed using DeleteFolder and UndeleteFolder. State string `pulumi:"state"` // Timestamp when the folder was last modified. UpdateTime string `pulumi:"updateTime"` }
func LookupFolder ¶ added in v0.4.0
func LookupFolder(ctx *pulumi.Context, args *LookupFolderArgs, opts ...pulumi.InvokeOption) (*LookupFolderResult, error)
Retrieves a folder identified by the supplied resource name. Valid folder resource names have the format `folders/{folder_id}` (for example, `folders/1234`). The caller must have `resourcemanager.folders.get` permission on the identified folder.
type LookupFolderResultOutput ¶ added in v0.8.0
type LookupFolderResultOutput struct{ *pulumi.OutputState }
func LookupFolderOutput ¶ added in v0.8.0
func LookupFolderOutput(ctx *pulumi.Context, args LookupFolderOutputArgs, opts ...pulumi.InvokeOption) LookupFolderResultOutput
func (LookupFolderResultOutput) CreateTime ¶ added in v0.8.0
func (o LookupFolderResultOutput) CreateTime() pulumi.StringOutput
Timestamp when the folder was created.
func (LookupFolderResultOutput) DeleteTime ¶ added in v0.8.0
func (o LookupFolderResultOutput) DeleteTime() pulumi.StringOutput
Timestamp when the folder was requested to be deleted.
func (LookupFolderResultOutput) DisplayName ¶ added in v0.8.0
func (o LookupFolderResultOutput) DisplayName() pulumi.StringOutput
The folder's display name. A folder's display name must be unique amongst its siblings. For example, no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters. This is captured by the regular expression: `[\p{L}\p{N}]([\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?`.
func (LookupFolderResultOutput) ElementType ¶ added in v0.8.0
func (LookupFolderResultOutput) ElementType() reflect.Type
func (LookupFolderResultOutput) Etag ¶ added in v0.8.0
func (o LookupFolderResultOutput) Etag() pulumi.StringOutput
A checksum computed by the server based on the current value of the folder resource. This may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.
func (LookupFolderResultOutput) Name ¶ added in v0.8.0
func (o LookupFolderResultOutput) Name() pulumi.StringOutput
The resource name of the folder. Its format is `folders/{folder_id}`, for example: "folders/1234".
func (LookupFolderResultOutput) Parent ¶ added in v0.8.0
func (o LookupFolderResultOutput) Parent() pulumi.StringOutput
The folder's parent's resource name. Updates to the folder's parent must be performed using MoveFolder.
func (LookupFolderResultOutput) State ¶ added in v0.8.0
func (o LookupFolderResultOutput) State() pulumi.StringOutput
The lifecycle state of the folder. Updates to the state must be performed using DeleteFolder and UndeleteFolder.
func (LookupFolderResultOutput) ToLookupFolderResultOutput ¶ added in v0.8.0
func (o LookupFolderResultOutput) ToLookupFolderResultOutput() LookupFolderResultOutput
func (LookupFolderResultOutput) ToLookupFolderResultOutputWithContext ¶ added in v0.8.0
func (o LookupFolderResultOutput) ToLookupFolderResultOutputWithContext(ctx context.Context) LookupFolderResultOutput
func (LookupFolderResultOutput) UpdateTime ¶ added in v0.8.0
func (o LookupFolderResultOutput) UpdateTime() pulumi.StringOutput
Timestamp when the folder was last modified.
type LookupLienArgs ¶ added in v0.4.0
type LookupLienArgs struct {
LienId string `pulumi:"lienId"`
}
type LookupLienOutputArgs ¶ added in v0.8.0
type LookupLienOutputArgs struct {
LienId pulumi.StringInput `pulumi:"lienId"`
}
func (LookupLienOutputArgs) ElementType ¶ added in v0.8.0
func (LookupLienOutputArgs) ElementType() reflect.Type
type LookupLienResult ¶ added in v0.4.0
type LookupLienResult struct { // The creation time of this Lien. CreateTime string `pulumi:"createTime"` // A system-generated unique identifier for this Lien. Example: `liens/1234abcd` Name string `pulumi:"name"` // A stable, user-visible/meaningful string identifying the origin of the Lien, intended to be inspected programmatically. Maximum length of 200 characters. Example: 'compute.googleapis.com' Origin string `pulumi:"origin"` // A reference to the resource this Lien is attached to. The server will validate the parent against those for which Liens are supported. Example: `projects/1234` Parent string `pulumi:"parent"` // Concise user-visible strings indicating why an action cannot be performed on a resource. Maximum length of 200 characters. Example: 'Holds production API key' Reason string `pulumi:"reason"` // The types of operations which should be blocked as a result of this Lien. Each value should correspond to an IAM permission. The server will validate the permissions against those for which Liens are supported. An empty list is meaningless and will be rejected. Example: ['resourcemanager.projects.delete'] Restrictions []string `pulumi:"restrictions"` }
func LookupLien ¶ added in v0.4.0
func LookupLien(ctx *pulumi.Context, args *LookupLienArgs, opts ...pulumi.InvokeOption) (*LookupLienResult, error)
Retrieve a Lien by `name`. Callers of this method will require permission on the `parent` resource. For example, a Lien with a `parent` of `projects/1234` requires permission `resourcemanager.projects.get`
type LookupLienResultOutput ¶ added in v0.8.0
type LookupLienResultOutput struct{ *pulumi.OutputState }
func LookupLienOutput ¶ added in v0.8.0
func LookupLienOutput(ctx *pulumi.Context, args LookupLienOutputArgs, opts ...pulumi.InvokeOption) LookupLienResultOutput
func (LookupLienResultOutput) CreateTime ¶ added in v0.8.0
func (o LookupLienResultOutput) CreateTime() pulumi.StringOutput
The creation time of this Lien.
func (LookupLienResultOutput) ElementType ¶ added in v0.8.0
func (LookupLienResultOutput) ElementType() reflect.Type
func (LookupLienResultOutput) Name ¶ added in v0.8.0
func (o LookupLienResultOutput) Name() pulumi.StringOutput
A system-generated unique identifier for this Lien. Example: `liens/1234abcd`
func (LookupLienResultOutput) Origin ¶ added in v0.8.0
func (o LookupLienResultOutput) Origin() pulumi.StringOutput
A stable, user-visible/meaningful string identifying the origin of the Lien, intended to be inspected programmatically. Maximum length of 200 characters. Example: 'compute.googleapis.com'
func (LookupLienResultOutput) Parent ¶ added in v0.8.0
func (o LookupLienResultOutput) Parent() pulumi.StringOutput
A reference to the resource this Lien is attached to. The server will validate the parent against those for which Liens are supported. Example: `projects/1234`
func (LookupLienResultOutput) Reason ¶ added in v0.8.0
func (o LookupLienResultOutput) Reason() pulumi.StringOutput
Concise user-visible strings indicating why an action cannot be performed on a resource. Maximum length of 200 characters. Example: 'Holds production API key'
func (LookupLienResultOutput) Restrictions ¶ added in v0.8.0
func (o LookupLienResultOutput) Restrictions() pulumi.StringArrayOutput
The types of operations which should be blocked as a result of this Lien. Each value should correspond to an IAM permission. The server will validate the permissions against those for which Liens are supported. An empty list is meaningless and will be rejected. Example: ['resourcemanager.projects.delete']
func (LookupLienResultOutput) ToLookupLienResultOutput ¶ added in v0.8.0
func (o LookupLienResultOutput) ToLookupLienResultOutput() LookupLienResultOutput
func (LookupLienResultOutput) ToLookupLienResultOutputWithContext ¶ added in v0.8.0
func (o LookupLienResultOutput) ToLookupLienResultOutputWithContext(ctx context.Context) LookupLienResultOutput
type LookupOrganizationIamPolicyArgs ¶ added in v0.4.0
type LookupOrganizationIamPolicyArgs struct {
OrganizationId string `pulumi:"organizationId"`
}
type LookupOrganizationIamPolicyOutputArgs ¶ added in v0.8.0
type LookupOrganizationIamPolicyOutputArgs struct {
OrganizationId pulumi.StringInput `pulumi:"organizationId"`
}
func (LookupOrganizationIamPolicyOutputArgs) ElementType ¶ added in v0.8.0
func (LookupOrganizationIamPolicyOutputArgs) ElementType() reflect.Type
type LookupOrganizationIamPolicyResult ¶ added in v0.4.0
type LookupOrganizationIamPolicyResult struct { // Specifies cloud audit logging configuration for this policy. AuditConfigs []AuditConfigResponse `pulumi:"auditConfigs"` // Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. Bindings []BindingResponse `pulumi:"bindings"` // `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. Etag string `pulumi:"etag"` // Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). Version int `pulumi:"version"` }
func LookupOrganizationIamPolicy ¶ added in v0.4.0
func LookupOrganizationIamPolicy(ctx *pulumi.Context, args *LookupOrganizationIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupOrganizationIamPolicyResult, error)
Gets the access control policy for an organization resource. The policy may be empty if no such policy or resource exists. The `resource` field should be the organization's resource name, for example: "organizations/123". Authorization requires the IAM permission `resourcemanager.organizations.getIamPolicy` on the specified organization.
type LookupOrganizationIamPolicyResultOutput ¶ added in v0.8.0
type LookupOrganizationIamPolicyResultOutput struct{ *pulumi.OutputState }
func LookupOrganizationIamPolicyOutput ¶ added in v0.8.0
func LookupOrganizationIamPolicyOutput(ctx *pulumi.Context, args LookupOrganizationIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupOrganizationIamPolicyResultOutput
func (LookupOrganizationIamPolicyResultOutput) AuditConfigs ¶ added in v0.8.0
func (o LookupOrganizationIamPolicyResultOutput) AuditConfigs() AuditConfigResponseArrayOutput
Specifies cloud audit logging configuration for this policy.
func (LookupOrganizationIamPolicyResultOutput) Bindings ¶ added in v0.8.0
func (o LookupOrganizationIamPolicyResultOutput) Bindings() BindingResponseArrayOutput
Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
func (LookupOrganizationIamPolicyResultOutput) ElementType ¶ added in v0.8.0
func (LookupOrganizationIamPolicyResultOutput) ElementType() reflect.Type
func (LookupOrganizationIamPolicyResultOutput) Etag ¶ added in v0.8.0
func (o LookupOrganizationIamPolicyResultOutput) Etag() pulumi.StringOutput
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
func (LookupOrganizationIamPolicyResultOutput) ToLookupOrganizationIamPolicyResultOutput ¶ added in v0.8.0
func (o LookupOrganizationIamPolicyResultOutput) ToLookupOrganizationIamPolicyResultOutput() LookupOrganizationIamPolicyResultOutput
func (LookupOrganizationIamPolicyResultOutput) ToLookupOrganizationIamPolicyResultOutputWithContext ¶ added in v0.8.0
func (o LookupOrganizationIamPolicyResultOutput) ToLookupOrganizationIamPolicyResultOutputWithContext(ctx context.Context) LookupOrganizationIamPolicyResultOutput
func (LookupOrganizationIamPolicyResultOutput) Version ¶ added in v0.8.0
func (o LookupOrganizationIamPolicyResultOutput) Version() pulumi.IntOutput
Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
type LookupProjectArgs ¶ added in v0.4.0
type LookupProjectArgs struct {
Project *string `pulumi:"project"`
}
type LookupProjectIamPolicyArgs ¶ added in v0.4.0
type LookupProjectIamPolicyArgs struct {
Project *string `pulumi:"project"`
}
type LookupProjectIamPolicyOutputArgs ¶ added in v0.8.0
type LookupProjectIamPolicyOutputArgs struct {
Project pulumi.StringPtrInput `pulumi:"project"`
}
func (LookupProjectIamPolicyOutputArgs) ElementType ¶ added in v0.8.0
func (LookupProjectIamPolicyOutputArgs) ElementType() reflect.Type
type LookupProjectIamPolicyResult ¶ added in v0.4.0
type LookupProjectIamPolicyResult struct { // Specifies cloud audit logging configuration for this policy. AuditConfigs []AuditConfigResponse `pulumi:"auditConfigs"` // Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. Bindings []BindingResponse `pulumi:"bindings"` // `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. Etag string `pulumi:"etag"` // Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). Version int `pulumi:"version"` }
func LookupProjectIamPolicy ¶ added in v0.4.0
func LookupProjectIamPolicy(ctx *pulumi.Context, args *LookupProjectIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupProjectIamPolicyResult, error)
Returns the IAM access control policy for the specified project, in the format `projects/{ProjectIdOrNumber}` e.g. projects/123. Permission is denied if the policy or the resource do not exist.
type LookupProjectIamPolicyResultOutput ¶ added in v0.8.0
type LookupProjectIamPolicyResultOutput struct{ *pulumi.OutputState }
func LookupProjectIamPolicyOutput ¶ added in v0.8.0
func LookupProjectIamPolicyOutput(ctx *pulumi.Context, args LookupProjectIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupProjectIamPolicyResultOutput
func (LookupProjectIamPolicyResultOutput) AuditConfigs ¶ added in v0.8.0
func (o LookupProjectIamPolicyResultOutput) AuditConfigs() AuditConfigResponseArrayOutput
Specifies cloud audit logging configuration for this policy.
func (LookupProjectIamPolicyResultOutput) Bindings ¶ added in v0.8.0
func (o LookupProjectIamPolicyResultOutput) Bindings() BindingResponseArrayOutput
Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
func (LookupProjectIamPolicyResultOutput) ElementType ¶ added in v0.8.0
func (LookupProjectIamPolicyResultOutput) ElementType() reflect.Type
func (LookupProjectIamPolicyResultOutput) Etag ¶ added in v0.8.0
func (o LookupProjectIamPolicyResultOutput) Etag() pulumi.StringOutput
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
func (LookupProjectIamPolicyResultOutput) ToLookupProjectIamPolicyResultOutput ¶ added in v0.8.0
func (o LookupProjectIamPolicyResultOutput) ToLookupProjectIamPolicyResultOutput() LookupProjectIamPolicyResultOutput
func (LookupProjectIamPolicyResultOutput) ToLookupProjectIamPolicyResultOutputWithContext ¶ added in v0.8.0
func (o LookupProjectIamPolicyResultOutput) ToLookupProjectIamPolicyResultOutputWithContext(ctx context.Context) LookupProjectIamPolicyResultOutput
func (LookupProjectIamPolicyResultOutput) Version ¶ added in v0.8.0
func (o LookupProjectIamPolicyResultOutput) Version() pulumi.IntOutput
Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
type LookupProjectOutputArgs ¶ added in v0.8.0
type LookupProjectOutputArgs struct {
Project pulumi.StringPtrInput `pulumi:"project"`
}
func (LookupProjectOutputArgs) ElementType ¶ added in v0.8.0
func (LookupProjectOutputArgs) ElementType() reflect.Type
type LookupProjectResult ¶ added in v0.4.0
type LookupProjectResult struct { // Creation time. CreateTime string `pulumi:"createTime"` // The time at which this resource was requested for deletion. DeleteTime string `pulumi:"deleteTime"` // Optional. A user-assigned display name of the project. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point. Example: `My Project` DisplayName string `pulumi:"displayName"` // A checksum computed by the server based on the current value of the Project resource. This may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. Etag string `pulumi:"etag"` // Optional. The labels associated with this project. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?. Label values must be between 0 and 63 characters long and must conform to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?. No more than 64 labels can be associated with a given resource. Clients should store labels in a representation such as JSON that does not depend on specific characters being disallowed. Example: `"myBusinessDimension" : "businessValue"` Labels map[string]string `pulumi:"labels"` // The unique resource name of the project. It is an int64 generated number prefixed by "projects/". Example: `projects/415104041262` Name string `pulumi:"name"` // Optional. A reference to a parent Resource. eg., `organizations/123` or `folders/876`. Parent string `pulumi:"parent"` // Immutable. The unique, user-assigned id of the project. It must be 6 to 30 lowercase ASCII letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited. Example: `tokyo-rain-123` ProjectId string `pulumi:"projectId"` // The project lifecycle state. State string `pulumi:"state"` // The most recent time this resource was modified. UpdateTime string `pulumi:"updateTime"` }
func LookupProject ¶ added in v0.4.0
func LookupProject(ctx *pulumi.Context, args *LookupProjectArgs, opts ...pulumi.InvokeOption) (*LookupProjectResult, error)
Retrieves the project identified by the specified `name` (for example, `projects/415104041262`). The caller must have `resourcemanager.projects.get` permission for this project.
type LookupProjectResultOutput ¶ added in v0.8.0
type LookupProjectResultOutput struct{ *pulumi.OutputState }
func LookupProjectOutput ¶ added in v0.8.0
func LookupProjectOutput(ctx *pulumi.Context, args LookupProjectOutputArgs, opts ...pulumi.InvokeOption) LookupProjectResultOutput
func (LookupProjectResultOutput) CreateTime ¶ added in v0.8.0
func (o LookupProjectResultOutput) CreateTime() pulumi.StringOutput
Creation time.
func (LookupProjectResultOutput) DeleteTime ¶ added in v0.8.0
func (o LookupProjectResultOutput) DeleteTime() pulumi.StringOutput
The time at which this resource was requested for deletion.
func (LookupProjectResultOutput) DisplayName ¶ added in v0.8.0
func (o LookupProjectResultOutput) DisplayName() pulumi.StringOutput
Optional. A user-assigned display name of the project. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point. Example: `My Project`
func (LookupProjectResultOutput) ElementType ¶ added in v0.8.0
func (LookupProjectResultOutput) ElementType() reflect.Type
func (LookupProjectResultOutput) Etag ¶ added in v0.8.0
func (o LookupProjectResultOutput) Etag() pulumi.StringOutput
A checksum computed by the server based on the current value of the Project resource. This may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.
func (LookupProjectResultOutput) Labels ¶ added in v0.8.0
func (o LookupProjectResultOutput) Labels() pulumi.StringMapOutput
Optional. The labels associated with this project. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?. Label values must be between 0 and 63 characters long and must conform to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?. No more than 64 labels can be associated with a given resource. Clients should store labels in a representation such as JSON that does not depend on specific characters being disallowed. Example: `"myBusinessDimension" : "businessValue"`
func (LookupProjectResultOutput) Name ¶ added in v0.8.0
func (o LookupProjectResultOutput) Name() pulumi.StringOutput
The unique resource name of the project. It is an int64 generated number prefixed by "projects/". Example: `projects/415104041262`
func (LookupProjectResultOutput) Parent ¶ added in v0.8.0
func (o LookupProjectResultOutput) Parent() pulumi.StringOutput
Optional. A reference to a parent Resource. eg., `organizations/123` or `folders/876`.
func (LookupProjectResultOutput) ProjectId ¶ added in v0.11.0
func (o LookupProjectResultOutput) ProjectId() pulumi.StringOutput
Immutable. The unique, user-assigned id of the project. It must be 6 to 30 lowercase ASCII letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited. Example: `tokyo-rain-123`
func (LookupProjectResultOutput) State ¶ added in v0.8.0
func (o LookupProjectResultOutput) State() pulumi.StringOutput
The project lifecycle state.
func (LookupProjectResultOutput) ToLookupProjectResultOutput ¶ added in v0.8.0
func (o LookupProjectResultOutput) ToLookupProjectResultOutput() LookupProjectResultOutput
func (LookupProjectResultOutput) ToLookupProjectResultOutputWithContext ¶ added in v0.8.0
func (o LookupProjectResultOutput) ToLookupProjectResultOutputWithContext(ctx context.Context) LookupProjectResultOutput
func (LookupProjectResultOutput) UpdateTime ¶ added in v0.8.0
func (o LookupProjectResultOutput) UpdateTime() pulumi.StringOutput
The most recent time this resource was modified.
type LookupTagKeyArgs ¶ added in v0.4.0
type LookupTagKeyArgs struct {
TagKeyId string `pulumi:"tagKeyId"`
}
type LookupTagKeyIamPolicyArgs ¶ added in v0.4.0
type LookupTagKeyIamPolicyArgs struct {
TagKeyId string `pulumi:"tagKeyId"`
}
type LookupTagKeyIamPolicyOutputArgs ¶ added in v0.8.0
type LookupTagKeyIamPolicyOutputArgs struct {
TagKeyId pulumi.StringInput `pulumi:"tagKeyId"`
}
func (LookupTagKeyIamPolicyOutputArgs) ElementType ¶ added in v0.8.0
func (LookupTagKeyIamPolicyOutputArgs) ElementType() reflect.Type
type LookupTagKeyIamPolicyResult ¶ added in v0.4.0
type LookupTagKeyIamPolicyResult struct { // Specifies cloud audit logging configuration for this policy. AuditConfigs []AuditConfigResponse `pulumi:"auditConfigs"` // Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. Bindings []BindingResponse `pulumi:"bindings"` // `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. Etag string `pulumi:"etag"` // Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). Version int `pulumi:"version"` }
func LookupTagKeyIamPolicy ¶ added in v0.4.0
func LookupTagKeyIamPolicy(ctx *pulumi.Context, args *LookupTagKeyIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupTagKeyIamPolicyResult, error)
Gets the access control policy for a TagKey. The returned policy may be empty if no such policy or resource exists. The `resource` field should be the TagKey's resource name. For example, "tagKeys/1234". The caller must have `cloudresourcemanager.googleapis.com/tagKeys.getIamPolicy` permission on the specified TagKey.
type LookupTagKeyIamPolicyResultOutput ¶ added in v0.8.0
type LookupTagKeyIamPolicyResultOutput struct{ *pulumi.OutputState }
func LookupTagKeyIamPolicyOutput ¶ added in v0.8.0
func LookupTagKeyIamPolicyOutput(ctx *pulumi.Context, args LookupTagKeyIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupTagKeyIamPolicyResultOutput
func (LookupTagKeyIamPolicyResultOutput) AuditConfigs ¶ added in v0.8.0
func (o LookupTagKeyIamPolicyResultOutput) AuditConfigs() AuditConfigResponseArrayOutput
Specifies cloud audit logging configuration for this policy.
func (LookupTagKeyIamPolicyResultOutput) Bindings ¶ added in v0.8.0
func (o LookupTagKeyIamPolicyResultOutput) Bindings() BindingResponseArrayOutput
Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
func (LookupTagKeyIamPolicyResultOutput) ElementType ¶ added in v0.8.0
func (LookupTagKeyIamPolicyResultOutput) ElementType() reflect.Type
func (LookupTagKeyIamPolicyResultOutput) Etag ¶ added in v0.8.0
func (o LookupTagKeyIamPolicyResultOutput) Etag() pulumi.StringOutput
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
func (LookupTagKeyIamPolicyResultOutput) ToLookupTagKeyIamPolicyResultOutput ¶ added in v0.8.0
func (o LookupTagKeyIamPolicyResultOutput) ToLookupTagKeyIamPolicyResultOutput() LookupTagKeyIamPolicyResultOutput
func (LookupTagKeyIamPolicyResultOutput) ToLookupTagKeyIamPolicyResultOutputWithContext ¶ added in v0.8.0
func (o LookupTagKeyIamPolicyResultOutput) ToLookupTagKeyIamPolicyResultOutputWithContext(ctx context.Context) LookupTagKeyIamPolicyResultOutput
func (LookupTagKeyIamPolicyResultOutput) Version ¶ added in v0.8.0
func (o LookupTagKeyIamPolicyResultOutput) Version() pulumi.IntOutput
Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
type LookupTagKeyOutputArgs ¶ added in v0.8.0
type LookupTagKeyOutputArgs struct {
TagKeyId pulumi.StringInput `pulumi:"tagKeyId"`
}
func (LookupTagKeyOutputArgs) ElementType ¶ added in v0.8.0
func (LookupTagKeyOutputArgs) ElementType() reflect.Type
type LookupTagKeyResult ¶ added in v0.4.0
type LookupTagKeyResult struct { // Creation time. CreateTime string `pulumi:"createTime"` // Optional. User-assigned description of the TagKey. Must not exceed 256 characters. Read-write. Description string `pulumi:"description"` // Optional. Entity tag which users can pass to prevent race conditions. This field is always set in server responses. See UpdateTagKeyRequest for details. Etag string `pulumi:"etag"` // Immutable. The resource name for a TagKey. Must be in the format `tagKeys/{tag_key_id}`, where `tag_key_id` is the generated numeric id for the TagKey. Name string `pulumi:"name"` // Immutable. Namespaced name of the TagKey. NamespacedName string `pulumi:"namespacedName"` // Immutable. The resource name of the TagKey's parent. A TagKey can be parented by an Organization or a Project. For a TagKey parented by an Organization, its parent must be in the form `organizations/{org_id}`. For a TagKey parented by a Project, its parent can be in the form `projects/{project_id}` or `projects/{project_number}`. Parent string `pulumi:"parent"` // Optional. A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. A purpose does not grant a policy engine exclusive rights to the Tag, and it may be referenced by other policy engines. A purpose cannot be changed once set. Purpose string `pulumi:"purpose"` // Optional. Purpose data corresponds to the policy system that the tag is intended for. See documentation for `Purpose` for formatting of this field. Purpose data cannot be changed once set. PurposeData map[string]string `pulumi:"purposeData"` // Immutable. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. ShortName string `pulumi:"shortName"` // Update time. UpdateTime string `pulumi:"updateTime"` }
func LookupTagKey ¶ added in v0.4.0
func LookupTagKey(ctx *pulumi.Context, args *LookupTagKeyArgs, opts ...pulumi.InvokeOption) (*LookupTagKeyResult, error)
Retrieves a TagKey. This method will return `PERMISSION_DENIED` if the key does not exist or the user does not have permission to view it.
type LookupTagKeyResultOutput ¶ added in v0.8.0
type LookupTagKeyResultOutput struct{ *pulumi.OutputState }
func LookupTagKeyOutput ¶ added in v0.8.0
func LookupTagKeyOutput(ctx *pulumi.Context, args LookupTagKeyOutputArgs, opts ...pulumi.InvokeOption) LookupTagKeyResultOutput
func (LookupTagKeyResultOutput) CreateTime ¶ added in v0.8.0
func (o LookupTagKeyResultOutput) CreateTime() pulumi.StringOutput
Creation time.
func (LookupTagKeyResultOutput) Description ¶ added in v0.8.0
func (o LookupTagKeyResultOutput) Description() pulumi.StringOutput
Optional. User-assigned description of the TagKey. Must not exceed 256 characters. Read-write.
func (LookupTagKeyResultOutput) ElementType ¶ added in v0.8.0
func (LookupTagKeyResultOutput) ElementType() reflect.Type
func (LookupTagKeyResultOutput) Etag ¶ added in v0.8.0
func (o LookupTagKeyResultOutput) Etag() pulumi.StringOutput
Optional. Entity tag which users can pass to prevent race conditions. This field is always set in server responses. See UpdateTagKeyRequest for details.
func (LookupTagKeyResultOutput) Name ¶ added in v0.8.0
func (o LookupTagKeyResultOutput) Name() pulumi.StringOutput
Immutable. The resource name for a TagKey. Must be in the format `tagKeys/{tag_key_id}`, where `tag_key_id` is the generated numeric id for the TagKey.
func (LookupTagKeyResultOutput) NamespacedName ¶ added in v0.8.0
func (o LookupTagKeyResultOutput) NamespacedName() pulumi.StringOutput
Immutable. Namespaced name of the TagKey.
func (LookupTagKeyResultOutput) Parent ¶ added in v0.8.0
func (o LookupTagKeyResultOutput) Parent() pulumi.StringOutput
Immutable. The resource name of the TagKey's parent. A TagKey can be parented by an Organization or a Project. For a TagKey parented by an Organization, its parent must be in the form `organizations/{org_id}`. For a TagKey parented by a Project, its parent can be in the form `projects/{project_id}` or `projects/{project_number}`.
func (LookupTagKeyResultOutput) Purpose ¶ added in v0.21.0
func (o LookupTagKeyResultOutput) Purpose() pulumi.StringOutput
Optional. A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. A purpose does not grant a policy engine exclusive rights to the Tag, and it may be referenced by other policy engines. A purpose cannot be changed once set.
func (LookupTagKeyResultOutput) PurposeData ¶ added in v0.21.0
func (o LookupTagKeyResultOutput) PurposeData() pulumi.StringMapOutput
Optional. Purpose data corresponds to the policy system that the tag is intended for. See documentation for `Purpose` for formatting of this field. Purpose data cannot be changed once set.
func (LookupTagKeyResultOutput) ShortName ¶ added in v0.8.0
func (o LookupTagKeyResultOutput) ShortName() pulumi.StringOutput
Immutable. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between.
func (LookupTagKeyResultOutput) ToLookupTagKeyResultOutput ¶ added in v0.8.0
func (o LookupTagKeyResultOutput) ToLookupTagKeyResultOutput() LookupTagKeyResultOutput
func (LookupTagKeyResultOutput) ToLookupTagKeyResultOutputWithContext ¶ added in v0.8.0
func (o LookupTagKeyResultOutput) ToLookupTagKeyResultOutputWithContext(ctx context.Context) LookupTagKeyResultOutput
func (LookupTagKeyResultOutput) UpdateTime ¶ added in v0.8.0
func (o LookupTagKeyResultOutput) UpdateTime() pulumi.StringOutput
Update time.
type LookupTagValueArgs ¶ added in v0.4.0
type LookupTagValueArgs struct {
TagValueId string `pulumi:"tagValueId"`
}
type LookupTagValueIamPolicyArgs ¶ added in v0.4.0
type LookupTagValueIamPolicyArgs struct {
TagValueId string `pulumi:"tagValueId"`
}
type LookupTagValueIamPolicyOutputArgs ¶ added in v0.8.0
type LookupTagValueIamPolicyOutputArgs struct {
TagValueId pulumi.StringInput `pulumi:"tagValueId"`
}
func (LookupTagValueIamPolicyOutputArgs) ElementType ¶ added in v0.8.0
func (LookupTagValueIamPolicyOutputArgs) ElementType() reflect.Type
type LookupTagValueIamPolicyResult ¶ added in v0.4.0
type LookupTagValueIamPolicyResult struct { // Specifies cloud audit logging configuration for this policy. AuditConfigs []AuditConfigResponse `pulumi:"auditConfigs"` // Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. Bindings []BindingResponse `pulumi:"bindings"` // `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. Etag string `pulumi:"etag"` // Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). Version int `pulumi:"version"` }
func LookupTagValueIamPolicy ¶ added in v0.4.0
func LookupTagValueIamPolicy(ctx *pulumi.Context, args *LookupTagValueIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupTagValueIamPolicyResult, error)
Gets the access control policy for a TagValue. The returned policy may be empty if no such policy or resource exists. The `resource` field should be the TagValue's resource name. For example: `tagValues/1234`. The caller must have the `cloudresourcemanager.googleapis.com/tagValues.getIamPolicy` permission on the identified TagValue to get the access control policy.
type LookupTagValueIamPolicyResultOutput ¶ added in v0.8.0
type LookupTagValueIamPolicyResultOutput struct{ *pulumi.OutputState }
func LookupTagValueIamPolicyOutput ¶ added in v0.8.0
func LookupTagValueIamPolicyOutput(ctx *pulumi.Context, args LookupTagValueIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupTagValueIamPolicyResultOutput
func (LookupTagValueIamPolicyResultOutput) AuditConfigs ¶ added in v0.8.0
func (o LookupTagValueIamPolicyResultOutput) AuditConfigs() AuditConfigResponseArrayOutput
Specifies cloud audit logging configuration for this policy.
func (LookupTagValueIamPolicyResultOutput) Bindings ¶ added in v0.8.0
func (o LookupTagValueIamPolicyResultOutput) Bindings() BindingResponseArrayOutput
Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
func (LookupTagValueIamPolicyResultOutput) ElementType ¶ added in v0.8.0
func (LookupTagValueIamPolicyResultOutput) ElementType() reflect.Type
func (LookupTagValueIamPolicyResultOutput) Etag ¶ added in v0.8.0
func (o LookupTagValueIamPolicyResultOutput) Etag() pulumi.StringOutput
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
func (LookupTagValueIamPolicyResultOutput) ToLookupTagValueIamPolicyResultOutput ¶ added in v0.8.0
func (o LookupTagValueIamPolicyResultOutput) ToLookupTagValueIamPolicyResultOutput() LookupTagValueIamPolicyResultOutput
func (LookupTagValueIamPolicyResultOutput) ToLookupTagValueIamPolicyResultOutputWithContext ¶ added in v0.8.0
func (o LookupTagValueIamPolicyResultOutput) ToLookupTagValueIamPolicyResultOutputWithContext(ctx context.Context) LookupTagValueIamPolicyResultOutput
func (LookupTagValueIamPolicyResultOutput) Version ¶ added in v0.8.0
func (o LookupTagValueIamPolicyResultOutput) Version() pulumi.IntOutput
Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
type LookupTagValueOutputArgs ¶ added in v0.8.0
type LookupTagValueOutputArgs struct {
TagValueId pulumi.StringInput `pulumi:"tagValueId"`
}
func (LookupTagValueOutputArgs) ElementType ¶ added in v0.8.0
func (LookupTagValueOutputArgs) ElementType() reflect.Type
type LookupTagValueResult ¶ added in v0.4.0
type LookupTagValueResult struct { // Creation time. CreateTime string `pulumi:"createTime"` // Optional. User-assigned description of the TagValue. Must not exceed 256 characters. Read-write. Description string `pulumi:"description"` // Optional. Entity tag which users can pass to prevent race conditions. This field is always set in server responses. See UpdateTagValueRequest for details. Etag string `pulumi:"etag"` // Immutable. Resource name for TagValue in the format `tagValues/456`. Name string `pulumi:"name"` // The namespaced name of the TagValue. Can be in the form `{organization_id}/{tag_key_short_name}/{tag_value_short_name}` or `{project_id}/{tag_key_short_name}/{tag_value_short_name}` or `{project_number}/{tag_key_short_name}/{tag_value_short_name}`. NamespacedName string `pulumi:"namespacedName"` // Immutable. The resource name of the new TagValue's parent TagKey. Must be of the form `tagKeys/{tag_key_id}`. Parent string `pulumi:"parent"` // Immutable. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. ShortName string `pulumi:"shortName"` // Update time. UpdateTime string `pulumi:"updateTime"` }
func LookupTagValue ¶ added in v0.4.0
func LookupTagValue(ctx *pulumi.Context, args *LookupTagValueArgs, opts ...pulumi.InvokeOption) (*LookupTagValueResult, error)
Retrieves a TagValue. This method will return `PERMISSION_DENIED` if the value does not exist or the user does not have permission to view it.
type LookupTagValueResultOutput ¶ added in v0.8.0
type LookupTagValueResultOutput struct{ *pulumi.OutputState }
func LookupTagValueOutput ¶ added in v0.8.0
func LookupTagValueOutput(ctx *pulumi.Context, args LookupTagValueOutputArgs, opts ...pulumi.InvokeOption) LookupTagValueResultOutput
func (LookupTagValueResultOutput) CreateTime ¶ added in v0.8.0
func (o LookupTagValueResultOutput) CreateTime() pulumi.StringOutput
Creation time.
func (LookupTagValueResultOutput) Description ¶ added in v0.8.0
func (o LookupTagValueResultOutput) Description() pulumi.StringOutput
Optional. User-assigned description of the TagValue. Must not exceed 256 characters. Read-write.
func (LookupTagValueResultOutput) ElementType ¶ added in v0.8.0
func (LookupTagValueResultOutput) ElementType() reflect.Type
func (LookupTagValueResultOutput) Etag ¶ added in v0.8.0
func (o LookupTagValueResultOutput) Etag() pulumi.StringOutput
Optional. Entity tag which users can pass to prevent race conditions. This field is always set in server responses. See UpdateTagValueRequest for details.
func (LookupTagValueResultOutput) Name ¶ added in v0.8.0
func (o LookupTagValueResultOutput) Name() pulumi.StringOutput
Immutable. Resource name for TagValue in the format `tagValues/456`.
func (LookupTagValueResultOutput) NamespacedName ¶ added in v0.8.0
func (o LookupTagValueResultOutput) NamespacedName() pulumi.StringOutput
The namespaced name of the TagValue. Can be in the form `{organization_id}/{tag_key_short_name}/{tag_value_short_name}` or `{project_id}/{tag_key_short_name}/{tag_value_short_name}` or `{project_number}/{tag_key_short_name}/{tag_value_short_name}`.
func (LookupTagValueResultOutput) Parent ¶ added in v0.8.0
func (o LookupTagValueResultOutput) Parent() pulumi.StringOutput
Immutable. The resource name of the new TagValue's parent TagKey. Must be of the form `tagKeys/{tag_key_id}`.
func (LookupTagValueResultOutput) ShortName ¶ added in v0.8.0
func (o LookupTagValueResultOutput) ShortName() pulumi.StringOutput
Immutable. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between.
func (LookupTagValueResultOutput) ToLookupTagValueResultOutput ¶ added in v0.8.0
func (o LookupTagValueResultOutput) ToLookupTagValueResultOutput() LookupTagValueResultOutput
func (LookupTagValueResultOutput) ToLookupTagValueResultOutputWithContext ¶ added in v0.8.0
func (o LookupTagValueResultOutput) ToLookupTagValueResultOutputWithContext(ctx context.Context) LookupTagValueResultOutput
func (LookupTagValueResultOutput) UpdateTime ¶ added in v0.8.0
func (o LookupTagValueResultOutput) UpdateTime() pulumi.StringOutput
Update time.
type OrganizationIamBinding ¶ added in v0.26.0
type OrganizationIamBinding struct { pulumi.CustomResourceState // An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details. Condition iam.ConditionPtrOutput `pulumi:"condition"` // The etag of the resource's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. Members pulumi.StringArrayOutput `pulumi:"members"` // The name of the resource to manage IAM policies for. Name pulumi.StringOutput `pulumi:"name"` // The project in which the resource belongs. If it is not provided, a default will be supplied. Project pulumi.StringOutput `pulumi:"project"` // Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Role pulumi.StringOutput `pulumi:"role"` }
Sets the access control policy on an organization resource. Replaces any existing policy. The `resource` field should be the organization's resource name, for example: "organizations/123". Authorization requires the IAM permission `resourcemanager.organizations.setIamPolicy` on the specified organization.
func GetOrganizationIamBinding ¶ added in v0.26.0
func GetOrganizationIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *OrganizationIamBindingState, opts ...pulumi.ResourceOption) (*OrganizationIamBinding, error)
GetOrganizationIamBinding gets an existing OrganizationIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewOrganizationIamBinding ¶ added in v0.26.0
func NewOrganizationIamBinding(ctx *pulumi.Context, name string, args *OrganizationIamBindingArgs, opts ...pulumi.ResourceOption) (*OrganizationIamBinding, error)
NewOrganizationIamBinding registers a new resource with the given unique name, arguments, and options.
func (*OrganizationIamBinding) ElementType ¶ added in v0.26.0
func (*OrganizationIamBinding) ElementType() reflect.Type
func (*OrganizationIamBinding) ToOrganizationIamBindingOutput ¶ added in v0.26.0
func (i *OrganizationIamBinding) ToOrganizationIamBindingOutput() OrganizationIamBindingOutput
func (*OrganizationIamBinding) ToOrganizationIamBindingOutputWithContext ¶ added in v0.26.0
func (i *OrganizationIamBinding) ToOrganizationIamBindingOutputWithContext(ctx context.Context) OrganizationIamBindingOutput
type OrganizationIamBindingArgs ¶ added in v0.26.0
type OrganizationIamBindingArgs struct { // An IAM Condition for a given binding. Condition iam.ConditionPtrInput // Identities that will be granted the privilege in role. Each entry can have one of the following values: // // * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. // * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Members pulumi.StringArrayInput // The name of the resource to manage IAM policies for. Name pulumi.StringInput // The role that should be applied. Only one `IamBinding` can be used per role. Role pulumi.StringInput }
The set of arguments for constructing a OrganizationIamBinding resource.
func (OrganizationIamBindingArgs) ElementType ¶ added in v0.26.0
func (OrganizationIamBindingArgs) ElementType() reflect.Type
type OrganizationIamBindingInput ¶ added in v0.26.0
type OrganizationIamBindingInput interface { pulumi.Input ToOrganizationIamBindingOutput() OrganizationIamBindingOutput ToOrganizationIamBindingOutputWithContext(ctx context.Context) OrganizationIamBindingOutput }
type OrganizationIamBindingOutput ¶ added in v0.26.0
type OrganizationIamBindingOutput struct{ *pulumi.OutputState }
func (OrganizationIamBindingOutput) Condition ¶ added in v0.26.0
func (o OrganizationIamBindingOutput) Condition() iam.ConditionPtrOutput
An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
func (OrganizationIamBindingOutput) ElementType ¶ added in v0.26.0
func (OrganizationIamBindingOutput) ElementType() reflect.Type
func (OrganizationIamBindingOutput) Etag ¶ added in v0.26.0
func (o OrganizationIamBindingOutput) Etag() pulumi.StringOutput
The etag of the resource's IAM policy.
func (OrganizationIamBindingOutput) Members ¶ added in v0.26.0
func (o OrganizationIamBindingOutput) Members() pulumi.StringArrayOutput
Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
func (OrganizationIamBindingOutput) Name ¶ added in v0.26.0
func (o OrganizationIamBindingOutput) Name() pulumi.StringOutput
The name of the resource to manage IAM policies for.
func (OrganizationIamBindingOutput) Project ¶ added in v0.26.0
func (o OrganizationIamBindingOutput) Project() pulumi.StringOutput
The project in which the resource belongs. If it is not provided, a default will be supplied.
func (OrganizationIamBindingOutput) Role ¶ added in v0.26.0
func (o OrganizationIamBindingOutput) Role() pulumi.StringOutput
Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
func (OrganizationIamBindingOutput) ToOrganizationIamBindingOutput ¶ added in v0.26.0
func (o OrganizationIamBindingOutput) ToOrganizationIamBindingOutput() OrganizationIamBindingOutput
func (OrganizationIamBindingOutput) ToOrganizationIamBindingOutputWithContext ¶ added in v0.26.0
func (o OrganizationIamBindingOutput) ToOrganizationIamBindingOutputWithContext(ctx context.Context) OrganizationIamBindingOutput
type OrganizationIamBindingState ¶ added in v0.26.0
type OrganizationIamBindingState struct { }
func (OrganizationIamBindingState) ElementType ¶ added in v0.26.0
func (OrganizationIamBindingState) ElementType() reflect.Type
type OrganizationIamMember ¶ added in v0.26.0
type OrganizationIamMember struct { pulumi.CustomResourceState // An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details. Condition iam.ConditionPtrOutput `pulumi:"condition"` // The etag of the resource's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. Member pulumi.StringOutput `pulumi:"member"` // The name of the resource to manage IAM policies for. Name pulumi.StringOutput `pulumi:"name"` // The project in which the resource belongs. If it is not provided, a default will be supplied. Project pulumi.StringOutput `pulumi:"project"` // Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Role pulumi.StringOutput `pulumi:"role"` }
Sets the access control policy on an organization resource. Replaces any existing policy. The `resource` field should be the organization's resource name, for example: "organizations/123". Authorization requires the IAM permission `resourcemanager.organizations.setIamPolicy` on the specified organization.
func GetOrganizationIamMember ¶ added in v0.26.0
func GetOrganizationIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *OrganizationIamMemberState, opts ...pulumi.ResourceOption) (*OrganizationIamMember, error)
GetOrganizationIamMember gets an existing OrganizationIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewOrganizationIamMember ¶ added in v0.26.0
func NewOrganizationIamMember(ctx *pulumi.Context, name string, args *OrganizationIamMemberArgs, opts ...pulumi.ResourceOption) (*OrganizationIamMember, error)
NewOrganizationIamMember registers a new resource with the given unique name, arguments, and options.
func (*OrganizationIamMember) ElementType ¶ added in v0.26.0
func (*OrganizationIamMember) ElementType() reflect.Type
func (*OrganizationIamMember) ToOrganizationIamMemberOutput ¶ added in v0.26.0
func (i *OrganizationIamMember) ToOrganizationIamMemberOutput() OrganizationIamMemberOutput
func (*OrganizationIamMember) ToOrganizationIamMemberOutputWithContext ¶ added in v0.26.0
func (i *OrganizationIamMember) ToOrganizationIamMemberOutputWithContext(ctx context.Context) OrganizationIamMemberOutput
type OrganizationIamMemberArgs ¶ added in v0.26.0
type OrganizationIamMemberArgs struct { // An IAM Condition for a given binding. Condition iam.ConditionPtrInput // Identity that will be granted the privilege in role. The entry can have one of the following values: // // * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. // * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringInput // The name of the resource to manage IAM policies for. Name pulumi.StringInput // The role that should be applied. Role pulumi.StringInput }
The set of arguments for constructing a OrganizationIamMember resource.
func (OrganizationIamMemberArgs) ElementType ¶ added in v0.26.0
func (OrganizationIamMemberArgs) ElementType() reflect.Type
type OrganizationIamMemberInput ¶ added in v0.26.0
type OrganizationIamMemberInput interface { pulumi.Input ToOrganizationIamMemberOutput() OrganizationIamMemberOutput ToOrganizationIamMemberOutputWithContext(ctx context.Context) OrganizationIamMemberOutput }
type OrganizationIamMemberOutput ¶ added in v0.26.0
type OrganizationIamMemberOutput struct{ *pulumi.OutputState }
func (OrganizationIamMemberOutput) Condition ¶ added in v0.26.0
func (o OrganizationIamMemberOutput) Condition() iam.ConditionPtrOutput
An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
func (OrganizationIamMemberOutput) ElementType ¶ added in v0.26.0
func (OrganizationIamMemberOutput) ElementType() reflect.Type
func (OrganizationIamMemberOutput) Etag ¶ added in v0.26.0
func (o OrganizationIamMemberOutput) Etag() pulumi.StringOutput
The etag of the resource's IAM policy.
func (OrganizationIamMemberOutput) Member ¶ added in v0.26.0
func (o OrganizationIamMemberOutput) Member() pulumi.StringOutput
Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
func (OrganizationIamMemberOutput) Name ¶ added in v0.26.0
func (o OrganizationIamMemberOutput) Name() pulumi.StringOutput
The name of the resource to manage IAM policies for.
func (OrganizationIamMemberOutput) Project ¶ added in v0.26.0
func (o OrganizationIamMemberOutput) Project() pulumi.StringOutput
The project in which the resource belongs. If it is not provided, a default will be supplied.
func (OrganizationIamMemberOutput) Role ¶ added in v0.26.0
func (o OrganizationIamMemberOutput) Role() pulumi.StringOutput
Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
func (OrganizationIamMemberOutput) ToOrganizationIamMemberOutput ¶ added in v0.26.0
func (o OrganizationIamMemberOutput) ToOrganizationIamMemberOutput() OrganizationIamMemberOutput
func (OrganizationIamMemberOutput) ToOrganizationIamMemberOutputWithContext ¶ added in v0.26.0
func (o OrganizationIamMemberOutput) ToOrganizationIamMemberOutputWithContext(ctx context.Context) OrganizationIamMemberOutput
type OrganizationIamMemberState ¶ added in v0.26.0
type OrganizationIamMemberState struct { }
func (OrganizationIamMemberState) ElementType ¶ added in v0.26.0
func (OrganizationIamMemberState) ElementType() reflect.Type
type OrganizationIamPolicy ¶
type OrganizationIamPolicy struct { pulumi.CustomResourceState // Specifies cloud audit logging configuration for this policy. AuditConfigs AuditConfigResponseArrayOutput `pulumi:"auditConfigs"` // Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. Bindings BindingResponseArrayOutput `pulumi:"bindings"` // `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. Etag pulumi.StringOutput `pulumi:"etag"` OrganizationId pulumi.StringOutput `pulumi:"organizationId"` // Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). Version pulumi.IntOutput `pulumi:"version"` }
Sets the access control policy on an organization resource. Replaces any existing policy. The `resource` field should be the organization's resource name, for example: "organizations/123". Authorization requires the IAM permission `resourcemanager.organizations.setIamPolicy` on the specified organization. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.
func GetOrganizationIamPolicy ¶
func GetOrganizationIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *OrganizationIamPolicyState, opts ...pulumi.ResourceOption) (*OrganizationIamPolicy, error)
GetOrganizationIamPolicy gets an existing OrganizationIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewOrganizationIamPolicy ¶
func NewOrganizationIamPolicy(ctx *pulumi.Context, name string, args *OrganizationIamPolicyArgs, opts ...pulumi.ResourceOption) (*OrganizationIamPolicy, error)
NewOrganizationIamPolicy registers a new resource with the given unique name, arguments, and options.
func (*OrganizationIamPolicy) ElementType ¶
func (*OrganizationIamPolicy) ElementType() reflect.Type
func (*OrganizationIamPolicy) ToOrganizationIamPolicyOutput ¶
func (i *OrganizationIamPolicy) ToOrganizationIamPolicyOutput() OrganizationIamPolicyOutput
func (*OrganizationIamPolicy) ToOrganizationIamPolicyOutputWithContext ¶
func (i *OrganizationIamPolicy) ToOrganizationIamPolicyOutputWithContext(ctx context.Context) OrganizationIamPolicyOutput
type OrganizationIamPolicyArgs ¶
type OrganizationIamPolicyArgs struct { // Specifies cloud audit logging configuration for this policy. AuditConfigs AuditConfigArrayInput // Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. Bindings BindingArrayInput // `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. Etag pulumi.StringPtrInput OrganizationId pulumi.StringInput // OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: "bindings, etag"` UpdateMask pulumi.StringPtrInput // Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). Version pulumi.IntPtrInput }
The set of arguments for constructing a OrganizationIamPolicy resource.
func (OrganizationIamPolicyArgs) ElementType ¶
func (OrganizationIamPolicyArgs) ElementType() reflect.Type
type OrganizationIamPolicyInput ¶
type OrganizationIamPolicyInput interface { pulumi.Input ToOrganizationIamPolicyOutput() OrganizationIamPolicyOutput ToOrganizationIamPolicyOutputWithContext(ctx context.Context) OrganizationIamPolicyOutput }
type OrganizationIamPolicyOutput ¶
type OrganizationIamPolicyOutput struct{ *pulumi.OutputState }
func (OrganizationIamPolicyOutput) AuditConfigs ¶ added in v0.19.0
func (o OrganizationIamPolicyOutput) AuditConfigs() AuditConfigResponseArrayOutput
Specifies cloud audit logging configuration for this policy.
func (OrganizationIamPolicyOutput) Bindings ¶ added in v0.19.0
func (o OrganizationIamPolicyOutput) Bindings() BindingResponseArrayOutput
Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
func (OrganizationIamPolicyOutput) ElementType ¶
func (OrganizationIamPolicyOutput) ElementType() reflect.Type
func (OrganizationIamPolicyOutput) Etag ¶ added in v0.19.0
func (o OrganizationIamPolicyOutput) Etag() pulumi.StringOutput
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
func (OrganizationIamPolicyOutput) OrganizationId ¶ added in v0.21.0
func (o OrganizationIamPolicyOutput) OrganizationId() pulumi.StringOutput
func (OrganizationIamPolicyOutput) ToOrganizationIamPolicyOutput ¶
func (o OrganizationIamPolicyOutput) ToOrganizationIamPolicyOutput() OrganizationIamPolicyOutput
func (OrganizationIamPolicyOutput) ToOrganizationIamPolicyOutputWithContext ¶
func (o OrganizationIamPolicyOutput) ToOrganizationIamPolicyOutputWithContext(ctx context.Context) OrganizationIamPolicyOutput
func (OrganizationIamPolicyOutput) Version ¶ added in v0.19.0
func (o OrganizationIamPolicyOutput) Version() pulumi.IntOutput
Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
type OrganizationIamPolicyState ¶
type OrganizationIamPolicyState struct { }
func (OrganizationIamPolicyState) ElementType ¶
func (OrganizationIamPolicyState) ElementType() reflect.Type
type Project ¶
type Project struct { pulumi.CustomResourceState // Creation time. CreateTime pulumi.StringOutput `pulumi:"createTime"` // The time at which this resource was requested for deletion. DeleteTime pulumi.StringOutput `pulumi:"deleteTime"` // Optional. A user-assigned display name of the project. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point. Example: `My Project` DisplayName pulumi.StringOutput `pulumi:"displayName"` // A checksum computed by the server based on the current value of the Project resource. This may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. Etag pulumi.StringOutput `pulumi:"etag"` // Optional. The labels associated with this project. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?. Label values must be between 0 and 63 characters long and must conform to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?. No more than 64 labels can be associated with a given resource. Clients should store labels in a representation such as JSON that does not depend on specific characters being disallowed. Example: `"myBusinessDimension" : "businessValue"` Labels pulumi.StringMapOutput `pulumi:"labels"` // The unique resource name of the project. It is an int64 generated number prefixed by "projects/". Example: `projects/415104041262` Name pulumi.StringOutput `pulumi:"name"` // Optional. A reference to a parent Resource. eg., `organizations/123` or `folders/876`. Parent pulumi.StringOutput `pulumi:"parent"` // Immutable. The unique, user-assigned id of the project. It must be 6 to 30 lowercase ASCII letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited. Example: `tokyo-rain-123` ProjectId pulumi.StringOutput `pulumi:"projectId"` // The project lifecycle state. State pulumi.StringOutput `pulumi:"state"` // The most recent time this resource was modified. UpdateTime pulumi.StringOutput `pulumi:"updateTime"` }
Request that a new project be created. The result is an `Operation` which can be used to track the creation process. This process usually takes a few seconds, but can sometimes take much longer. The tracking `Operation` is automatically deleted after a few hours, so there is no need to call `DeleteOperation`. Auto-naming is currently not supported for this resource.
func GetProject ¶
func GetProject(ctx *pulumi.Context, name string, id pulumi.IDInput, state *ProjectState, opts ...pulumi.ResourceOption) (*Project, error)
GetProject gets an existing Project resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewProject ¶
func NewProject(ctx *pulumi.Context, name string, args *ProjectArgs, opts ...pulumi.ResourceOption) (*Project, error)
NewProject registers a new resource with the given unique name, arguments, and options.
func (*Project) ElementType ¶
func (*Project) ToProjectOutput ¶
func (i *Project) ToProjectOutput() ProjectOutput
func (*Project) ToProjectOutputWithContext ¶
func (i *Project) ToProjectOutputWithContext(ctx context.Context) ProjectOutput
type ProjectArgs ¶
type ProjectArgs struct { // Optional. A user-assigned display name of the project. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point. Example: `My Project` DisplayName pulumi.StringPtrInput // Optional. The labels associated with this project. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?. Label values must be between 0 and 63 characters long and must conform to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?. No more than 64 labels can be associated with a given resource. Clients should store labels in a representation such as JSON that does not depend on specific characters being disallowed. Example: `"myBusinessDimension" : "businessValue"` Labels pulumi.StringMapInput // Optional. A reference to a parent Resource. eg., `organizations/123` or `folders/876`. Parent pulumi.StringPtrInput // Immutable. The unique, user-assigned id of the project. It must be 6 to 30 lowercase ASCII letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited. Example: `tokyo-rain-123` ProjectId pulumi.StringPtrInput }
The set of arguments for constructing a Project resource.
func (ProjectArgs) ElementType ¶
func (ProjectArgs) ElementType() reflect.Type
type ProjectIamBinding ¶ added in v0.26.0
type ProjectIamBinding struct { pulumi.CustomResourceState // An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details. Condition iam.ConditionPtrOutput `pulumi:"condition"` // The etag of the resource's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. Members pulumi.StringArrayOutput `pulumi:"members"` // The name of the resource to manage IAM policies for. Name pulumi.StringOutput `pulumi:"name"` // The project in which the resource belongs. If it is not provided, a default will be supplied. Project pulumi.StringOutput `pulumi:"project"` // Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Role pulumi.StringOutput `pulumi:"role"` }
Sets the IAM access control policy for the specified project, in the format `projects/{ProjectIdOrNumber}` e.g. projects/123. CAUTION: This method will replace the existing policy, and cannot be used to append additional IAM settings. Note: Removing service accounts from policies or changing their roles can render services completely inoperable. It is important to understand how the service account is being used before removing or updating its roles. The following constraints apply when using `setIamPolicy()`: + Project does not support `allUsers` and `allAuthenticatedUsers` as `members` in a `Binding` of a `Policy`. + The owner role can be granted to a `user`, `serviceAccount`, or a group that is part of an organization. For example, group@myownpersonaldomain.com could be added as an owner to a project in the myownpersonaldomain.com organization, but not the examplepetstore.com organization. + Service accounts can be made owners of a project directly without any restrictions. However, to be added as an owner, a user must be invited using the Cloud Platform console and must accept the invitation. + A user cannot be granted the owner role using `setIamPolicy()`. The user must be granted the owner role using the Cloud Platform Console and must explicitly accept the invitation. + Invitations to grant the owner role cannot be sent using `setIamPolicy()`; they must be sent only using the Cloud Platform Console. + If the project is not part of an organization, there must be at least one owner who has accepted the Terms of Service (ToS) agreement in the policy. Calling `setIamPolicy()` to remove the last ToS-accepted owner from the policy will fail. This restriction also applies to legacy projects that no longer have owners who have accepted the ToS. Edits to IAM policies will be rejected until the lack of a ToS-accepting owner is rectified. If the project is part of an organization, you can remove all owners, potentially making the organization inaccessible.
func GetProjectIamBinding ¶ added in v0.26.0
func GetProjectIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *ProjectIamBindingState, opts ...pulumi.ResourceOption) (*ProjectIamBinding, error)
GetProjectIamBinding gets an existing ProjectIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewProjectIamBinding ¶ added in v0.26.0
func NewProjectIamBinding(ctx *pulumi.Context, name string, args *ProjectIamBindingArgs, opts ...pulumi.ResourceOption) (*ProjectIamBinding, error)
NewProjectIamBinding registers a new resource with the given unique name, arguments, and options.
func (*ProjectIamBinding) ElementType ¶ added in v0.26.0
func (*ProjectIamBinding) ElementType() reflect.Type
func (*ProjectIamBinding) ToProjectIamBindingOutput ¶ added in v0.26.0
func (i *ProjectIamBinding) ToProjectIamBindingOutput() ProjectIamBindingOutput
func (*ProjectIamBinding) ToProjectIamBindingOutputWithContext ¶ added in v0.26.0
func (i *ProjectIamBinding) ToProjectIamBindingOutputWithContext(ctx context.Context) ProjectIamBindingOutput
type ProjectIamBindingArgs ¶ added in v0.26.0
type ProjectIamBindingArgs struct { // An IAM Condition for a given binding. Condition iam.ConditionPtrInput // Identities that will be granted the privilege in role. Each entry can have one of the following values: // // * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. // * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Members pulumi.StringArrayInput // The name of the resource to manage IAM policies for. Name pulumi.StringInput // The role that should be applied. Only one `IamBinding` can be used per role. Role pulumi.StringInput }
The set of arguments for constructing a ProjectIamBinding resource.
func (ProjectIamBindingArgs) ElementType ¶ added in v0.26.0
func (ProjectIamBindingArgs) ElementType() reflect.Type
type ProjectIamBindingInput ¶ added in v0.26.0
type ProjectIamBindingInput interface { pulumi.Input ToProjectIamBindingOutput() ProjectIamBindingOutput ToProjectIamBindingOutputWithContext(ctx context.Context) ProjectIamBindingOutput }
type ProjectIamBindingOutput ¶ added in v0.26.0
type ProjectIamBindingOutput struct{ *pulumi.OutputState }
func (ProjectIamBindingOutput) Condition ¶ added in v0.26.0
func (o ProjectIamBindingOutput) Condition() iam.ConditionPtrOutput
An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
func (ProjectIamBindingOutput) ElementType ¶ added in v0.26.0
func (ProjectIamBindingOutput) ElementType() reflect.Type
func (ProjectIamBindingOutput) Etag ¶ added in v0.26.0
func (o ProjectIamBindingOutput) Etag() pulumi.StringOutput
The etag of the resource's IAM policy.
func (ProjectIamBindingOutput) Members ¶ added in v0.26.0
func (o ProjectIamBindingOutput) Members() pulumi.StringArrayOutput
Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
func (ProjectIamBindingOutput) Name ¶ added in v0.26.0
func (o ProjectIamBindingOutput) Name() pulumi.StringOutput
The name of the resource to manage IAM policies for.
func (ProjectIamBindingOutput) Project ¶ added in v0.26.0
func (o ProjectIamBindingOutput) Project() pulumi.StringOutput
The project in which the resource belongs. If it is not provided, a default will be supplied.
func (ProjectIamBindingOutput) Role ¶ added in v0.26.0
func (o ProjectIamBindingOutput) Role() pulumi.StringOutput
Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
func (ProjectIamBindingOutput) ToProjectIamBindingOutput ¶ added in v0.26.0
func (o ProjectIamBindingOutput) ToProjectIamBindingOutput() ProjectIamBindingOutput
func (ProjectIamBindingOutput) ToProjectIamBindingOutputWithContext ¶ added in v0.26.0
func (o ProjectIamBindingOutput) ToProjectIamBindingOutputWithContext(ctx context.Context) ProjectIamBindingOutput
type ProjectIamBindingState ¶ added in v0.26.0
type ProjectIamBindingState struct { }
func (ProjectIamBindingState) ElementType ¶ added in v0.26.0
func (ProjectIamBindingState) ElementType() reflect.Type
type ProjectIamMember ¶ added in v0.26.0
type ProjectIamMember struct { pulumi.CustomResourceState // An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details. Condition iam.ConditionPtrOutput `pulumi:"condition"` // The etag of the resource's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. Member pulumi.StringOutput `pulumi:"member"` // The name of the resource to manage IAM policies for. Name pulumi.StringOutput `pulumi:"name"` // The project in which the resource belongs. If it is not provided, a default will be supplied. Project pulumi.StringOutput `pulumi:"project"` // Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Role pulumi.StringOutput `pulumi:"role"` }
Sets the IAM access control policy for the specified project, in the format `projects/{ProjectIdOrNumber}` e.g. projects/123. CAUTION: This method will replace the existing policy, and cannot be used to append additional IAM settings. Note: Removing service accounts from policies or changing their roles can render services completely inoperable. It is important to understand how the service account is being used before removing or updating its roles. The following constraints apply when using `setIamPolicy()`: + Project does not support `allUsers` and `allAuthenticatedUsers` as `members` in a `Binding` of a `Policy`. + The owner role can be granted to a `user`, `serviceAccount`, or a group that is part of an organization. For example, group@myownpersonaldomain.com could be added as an owner to a project in the myownpersonaldomain.com organization, but not the examplepetstore.com organization. + Service accounts can be made owners of a project directly without any restrictions. However, to be added as an owner, a user must be invited using the Cloud Platform console and must accept the invitation. + A user cannot be granted the owner role using `setIamPolicy()`. The user must be granted the owner role using the Cloud Platform Console and must explicitly accept the invitation. + Invitations to grant the owner role cannot be sent using `setIamPolicy()`; they must be sent only using the Cloud Platform Console. + If the project is not part of an organization, there must be at least one owner who has accepted the Terms of Service (ToS) agreement in the policy. Calling `setIamPolicy()` to remove the last ToS-accepted owner from the policy will fail. This restriction also applies to legacy projects that no longer have owners who have accepted the ToS. Edits to IAM policies will be rejected until the lack of a ToS-accepting owner is rectified. If the project is part of an organization, you can remove all owners, potentially making the organization inaccessible.
func GetProjectIamMember ¶ added in v0.26.0
func GetProjectIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *ProjectIamMemberState, opts ...pulumi.ResourceOption) (*ProjectIamMember, error)
GetProjectIamMember gets an existing ProjectIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewProjectIamMember ¶ added in v0.26.0
func NewProjectIamMember(ctx *pulumi.Context, name string, args *ProjectIamMemberArgs, opts ...pulumi.ResourceOption) (*ProjectIamMember, error)
NewProjectIamMember registers a new resource with the given unique name, arguments, and options.
func (*ProjectIamMember) ElementType ¶ added in v0.26.0
func (*ProjectIamMember) ElementType() reflect.Type
func (*ProjectIamMember) ToProjectIamMemberOutput ¶ added in v0.26.0
func (i *ProjectIamMember) ToProjectIamMemberOutput() ProjectIamMemberOutput
func (*ProjectIamMember) ToProjectIamMemberOutputWithContext ¶ added in v0.26.0
func (i *ProjectIamMember) ToProjectIamMemberOutputWithContext(ctx context.Context) ProjectIamMemberOutput
type ProjectIamMemberArgs ¶ added in v0.26.0
type ProjectIamMemberArgs struct { // An IAM Condition for a given binding. Condition iam.ConditionPtrInput // Identity that will be granted the privilege in role. The entry can have one of the following values: // // * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. // * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringInput // The name of the resource to manage IAM policies for. Name pulumi.StringInput // The role that should be applied. Role pulumi.StringInput }
The set of arguments for constructing a ProjectIamMember resource.
func (ProjectIamMemberArgs) ElementType ¶ added in v0.26.0
func (ProjectIamMemberArgs) ElementType() reflect.Type
type ProjectIamMemberInput ¶ added in v0.26.0
type ProjectIamMemberInput interface { pulumi.Input ToProjectIamMemberOutput() ProjectIamMemberOutput ToProjectIamMemberOutputWithContext(ctx context.Context) ProjectIamMemberOutput }
type ProjectIamMemberOutput ¶ added in v0.26.0
type ProjectIamMemberOutput struct{ *pulumi.OutputState }
func (ProjectIamMemberOutput) Condition ¶ added in v0.26.0
func (o ProjectIamMemberOutput) Condition() iam.ConditionPtrOutput
An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
func (ProjectIamMemberOutput) ElementType ¶ added in v0.26.0
func (ProjectIamMemberOutput) ElementType() reflect.Type
func (ProjectIamMemberOutput) Etag ¶ added in v0.26.0
func (o ProjectIamMemberOutput) Etag() pulumi.StringOutput
The etag of the resource's IAM policy.
func (ProjectIamMemberOutput) Member ¶ added in v0.26.0
func (o ProjectIamMemberOutput) Member() pulumi.StringOutput
Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
func (ProjectIamMemberOutput) Name ¶ added in v0.26.0
func (o ProjectIamMemberOutput) Name() pulumi.StringOutput
The name of the resource to manage IAM policies for.
func (ProjectIamMemberOutput) Project ¶ added in v0.26.0
func (o ProjectIamMemberOutput) Project() pulumi.StringOutput
The project in which the resource belongs. If it is not provided, a default will be supplied.
func (ProjectIamMemberOutput) Role ¶ added in v0.26.0
func (o ProjectIamMemberOutput) Role() pulumi.StringOutput
Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
func (ProjectIamMemberOutput) ToProjectIamMemberOutput ¶ added in v0.26.0
func (o ProjectIamMemberOutput) ToProjectIamMemberOutput() ProjectIamMemberOutput
func (ProjectIamMemberOutput) ToProjectIamMemberOutputWithContext ¶ added in v0.26.0
func (o ProjectIamMemberOutput) ToProjectIamMemberOutputWithContext(ctx context.Context) ProjectIamMemberOutput
type ProjectIamMemberState ¶ added in v0.26.0
type ProjectIamMemberState struct { }
func (ProjectIamMemberState) ElementType ¶ added in v0.26.0
func (ProjectIamMemberState) ElementType() reflect.Type
type ProjectIamPolicy ¶
type ProjectIamPolicy struct { pulumi.CustomResourceState // Specifies cloud audit logging configuration for this policy. AuditConfigs AuditConfigResponseArrayOutput `pulumi:"auditConfigs"` // Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. Bindings BindingResponseArrayOutput `pulumi:"bindings"` // `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. Etag pulumi.StringOutput `pulumi:"etag"` Project pulumi.StringOutput `pulumi:"project"` // Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). Version pulumi.IntOutput `pulumi:"version"` }
Sets the IAM access control policy for the specified project, in the format `projects/{ProjectIdOrNumber}` e.g. projects/123. CAUTION: This method will replace the existing policy, and cannot be used to append additional IAM settings. Note: Removing service accounts from policies or changing their roles can render services completely inoperable. It is important to understand how the service account is being used before removing or updating its roles. The following constraints apply when using `setIamPolicy()`: + Project does not support `allUsers` and `allAuthenticatedUsers` as `members` in a `Binding` of a `Policy`. + The owner role can be granted to a `user`, `serviceAccount`, or a group that is part of an organization. For example, group@myownpersonaldomain.com could be added as an owner to a project in the myownpersonaldomain.com organization, but not the examplepetstore.com organization. + Service accounts can be made owners of a project directly without any restrictions. However, to be added as an owner, a user must be invited using the Cloud Platform console and must accept the invitation. + A user cannot be granted the owner role using `setIamPolicy()`. The user must be granted the owner role using the Cloud Platform Console and must explicitly accept the invitation. + Invitations to grant the owner role cannot be sent using `setIamPolicy()`; they must be sent only using the Cloud Platform Console. + If the project is not part of an organization, there must be at least one owner who has accepted the Terms of Service (ToS) agreement in the policy. Calling `setIamPolicy()` to remove the last ToS-accepted owner from the policy will fail. This restriction also applies to legacy projects that no longer have owners who have accepted the ToS. Edits to IAM policies will be rejected until the lack of a ToS-accepting owner is rectified. If the project is part of an organization, you can remove all owners, potentially making the organization inaccessible. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.
func GetProjectIamPolicy ¶
func GetProjectIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *ProjectIamPolicyState, opts ...pulumi.ResourceOption) (*ProjectIamPolicy, error)
GetProjectIamPolicy gets an existing ProjectIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewProjectIamPolicy ¶
func NewProjectIamPolicy(ctx *pulumi.Context, name string, args *ProjectIamPolicyArgs, opts ...pulumi.ResourceOption) (*ProjectIamPolicy, error)
NewProjectIamPolicy registers a new resource with the given unique name, arguments, and options.
func (*ProjectIamPolicy) ElementType ¶
func (*ProjectIamPolicy) ElementType() reflect.Type
func (*ProjectIamPolicy) ToProjectIamPolicyOutput ¶
func (i *ProjectIamPolicy) ToProjectIamPolicyOutput() ProjectIamPolicyOutput
func (*ProjectIamPolicy) ToProjectIamPolicyOutputWithContext ¶
func (i *ProjectIamPolicy) ToProjectIamPolicyOutputWithContext(ctx context.Context) ProjectIamPolicyOutput
type ProjectIamPolicyArgs ¶
type ProjectIamPolicyArgs struct { // Specifies cloud audit logging configuration for this policy. AuditConfigs AuditConfigArrayInput // Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. Bindings BindingArrayInput // `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. Etag pulumi.StringPtrInput Project pulumi.StringPtrInput // OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: "bindings, etag"` UpdateMask pulumi.StringPtrInput // Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). Version pulumi.IntPtrInput }
The set of arguments for constructing a ProjectIamPolicy resource.
func (ProjectIamPolicyArgs) ElementType ¶
func (ProjectIamPolicyArgs) ElementType() reflect.Type
type ProjectIamPolicyInput ¶
type ProjectIamPolicyInput interface { pulumi.Input ToProjectIamPolicyOutput() ProjectIamPolicyOutput ToProjectIamPolicyOutputWithContext(ctx context.Context) ProjectIamPolicyOutput }
type ProjectIamPolicyOutput ¶
type ProjectIamPolicyOutput struct{ *pulumi.OutputState }
func (ProjectIamPolicyOutput) AuditConfigs ¶ added in v0.19.0
func (o ProjectIamPolicyOutput) AuditConfigs() AuditConfigResponseArrayOutput
Specifies cloud audit logging configuration for this policy.
func (ProjectIamPolicyOutput) Bindings ¶ added in v0.19.0
func (o ProjectIamPolicyOutput) Bindings() BindingResponseArrayOutput
Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
func (ProjectIamPolicyOutput) ElementType ¶
func (ProjectIamPolicyOutput) ElementType() reflect.Type
func (ProjectIamPolicyOutput) Etag ¶ added in v0.19.0
func (o ProjectIamPolicyOutput) Etag() pulumi.StringOutput
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
func (ProjectIamPolicyOutput) Project ¶ added in v0.21.0
func (o ProjectIamPolicyOutput) Project() pulumi.StringOutput
func (ProjectIamPolicyOutput) ToProjectIamPolicyOutput ¶
func (o ProjectIamPolicyOutput) ToProjectIamPolicyOutput() ProjectIamPolicyOutput
func (ProjectIamPolicyOutput) ToProjectIamPolicyOutputWithContext ¶
func (o ProjectIamPolicyOutput) ToProjectIamPolicyOutputWithContext(ctx context.Context) ProjectIamPolicyOutput
func (ProjectIamPolicyOutput) Version ¶ added in v0.19.0
func (o ProjectIamPolicyOutput) Version() pulumi.IntOutput
Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
type ProjectIamPolicyState ¶
type ProjectIamPolicyState struct { }
func (ProjectIamPolicyState) ElementType ¶
func (ProjectIamPolicyState) ElementType() reflect.Type
type ProjectInput ¶
type ProjectInput interface { pulumi.Input ToProjectOutput() ProjectOutput ToProjectOutputWithContext(ctx context.Context) ProjectOutput }
type ProjectOutput ¶
type ProjectOutput struct{ *pulumi.OutputState }
func (ProjectOutput) CreateTime ¶ added in v0.19.0
func (o ProjectOutput) CreateTime() pulumi.StringOutput
Creation time.
func (ProjectOutput) DeleteTime ¶ added in v0.19.0
func (o ProjectOutput) DeleteTime() pulumi.StringOutput
The time at which this resource was requested for deletion.
func (ProjectOutput) DisplayName ¶ added in v0.19.0
func (o ProjectOutput) DisplayName() pulumi.StringOutput
Optional. A user-assigned display name of the project. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point. Example: `My Project`
func (ProjectOutput) ElementType ¶
func (ProjectOutput) ElementType() reflect.Type
func (ProjectOutput) Etag ¶ added in v0.19.0
func (o ProjectOutput) Etag() pulumi.StringOutput
A checksum computed by the server based on the current value of the Project resource. This may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.
func (ProjectOutput) Labels ¶ added in v0.19.0
func (o ProjectOutput) Labels() pulumi.StringMapOutput
Optional. The labels associated with this project. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?. Label values must be between 0 and 63 characters long and must conform to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?. No more than 64 labels can be associated with a given resource. Clients should store labels in a representation such as JSON that does not depend on specific characters being disallowed. Example: `"myBusinessDimension" : "businessValue"`
func (ProjectOutput) Name ¶ added in v0.19.0
func (o ProjectOutput) Name() pulumi.StringOutput
The unique resource name of the project. It is an int64 generated number prefixed by "projects/". Example: `projects/415104041262`
func (ProjectOutput) Parent ¶ added in v0.19.0
func (o ProjectOutput) Parent() pulumi.StringOutput
Optional. A reference to a parent Resource. eg., `organizations/123` or `folders/876`.
func (ProjectOutput) ProjectId ¶ added in v0.19.0
func (o ProjectOutput) ProjectId() pulumi.StringOutput
Immutable. The unique, user-assigned id of the project. It must be 6 to 30 lowercase ASCII letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited. Example: `tokyo-rain-123`
func (ProjectOutput) State ¶ added in v0.19.0
func (o ProjectOutput) State() pulumi.StringOutput
The project lifecycle state.
func (ProjectOutput) ToProjectOutput ¶
func (o ProjectOutput) ToProjectOutput() ProjectOutput
func (ProjectOutput) ToProjectOutputWithContext ¶
func (o ProjectOutput) ToProjectOutputWithContext(ctx context.Context) ProjectOutput
func (ProjectOutput) UpdateTime ¶ added in v0.19.0
func (o ProjectOutput) UpdateTime() pulumi.StringOutput
The most recent time this resource was modified.
type ProjectState ¶
type ProjectState struct { }
func (ProjectState) ElementType ¶
func (ProjectState) ElementType() reflect.Type
type TagKey ¶
type TagKey struct { pulumi.CustomResourceState // Creation time. CreateTime pulumi.StringOutput `pulumi:"createTime"` // Optional. User-assigned description of the TagKey. Must not exceed 256 characters. Read-write. Description pulumi.StringOutput `pulumi:"description"` // Optional. Entity tag which users can pass to prevent race conditions. This field is always set in server responses. See UpdateTagKeyRequest for details. Etag pulumi.StringOutput `pulumi:"etag"` // Immutable. The resource name for a TagKey. Must be in the format `tagKeys/{tag_key_id}`, where `tag_key_id` is the generated numeric id for the TagKey. Name pulumi.StringOutput `pulumi:"name"` // Immutable. Namespaced name of the TagKey. NamespacedName pulumi.StringOutput `pulumi:"namespacedName"` // Immutable. The resource name of the TagKey's parent. A TagKey can be parented by an Organization or a Project. For a TagKey parented by an Organization, its parent must be in the form `organizations/{org_id}`. For a TagKey parented by a Project, its parent can be in the form `projects/{project_id}` or `projects/{project_number}`. Parent pulumi.StringOutput `pulumi:"parent"` // Optional. A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. A purpose does not grant a policy engine exclusive rights to the Tag, and it may be referenced by other policy engines. A purpose cannot be changed once set. Purpose pulumi.StringOutput `pulumi:"purpose"` // Optional. Purpose data corresponds to the policy system that the tag is intended for. See documentation for `Purpose` for formatting of this field. Purpose data cannot be changed once set. PurposeData pulumi.StringMapOutput `pulumi:"purposeData"` // Immutable. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. ShortName pulumi.StringOutput `pulumi:"shortName"` // Update time. UpdateTime pulumi.StringOutput `pulumi:"updateTime"` }
Creates a new TagKey. If another request with the same parameters is sent while the original request is in process, the second request will receive an error. A maximum of 1000 TagKeys can exist under a parent at any given time.
func GetTagKey ¶
func GetTagKey(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TagKeyState, opts ...pulumi.ResourceOption) (*TagKey, error)
GetTagKey gets an existing TagKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewTagKey ¶
func NewTagKey(ctx *pulumi.Context, name string, args *TagKeyArgs, opts ...pulumi.ResourceOption) (*TagKey, error)
NewTagKey registers a new resource with the given unique name, arguments, and options.
func (*TagKey) ElementType ¶
func (*TagKey) ToTagKeyOutput ¶
func (i *TagKey) ToTagKeyOutput() TagKeyOutput
func (*TagKey) ToTagKeyOutputWithContext ¶
func (i *TagKey) ToTagKeyOutputWithContext(ctx context.Context) TagKeyOutput
type TagKeyArgs ¶
type TagKeyArgs struct { // Optional. User-assigned description of the TagKey. Must not exceed 256 characters. Read-write. Description pulumi.StringPtrInput // Optional. Entity tag which users can pass to prevent race conditions. This field is always set in server responses. See UpdateTagKeyRequest for details. Etag pulumi.StringPtrInput // Immutable. The resource name for a TagKey. Must be in the format `tagKeys/{tag_key_id}`, where `tag_key_id` is the generated numeric id for the TagKey. Name pulumi.StringPtrInput // Immutable. The resource name of the TagKey's parent. A TagKey can be parented by an Organization or a Project. For a TagKey parented by an Organization, its parent must be in the form `organizations/{org_id}`. For a TagKey parented by a Project, its parent can be in the form `projects/{project_id}` or `projects/{project_number}`. Parent pulumi.StringPtrInput // Optional. A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. A purpose does not grant a policy engine exclusive rights to the Tag, and it may be referenced by other policy engines. A purpose cannot be changed once set. Purpose TagKeyPurposePtrInput // Optional. Purpose data corresponds to the policy system that the tag is intended for. See documentation for `Purpose` for formatting of this field. Purpose data cannot be changed once set. PurposeData pulumi.StringMapInput // Immutable. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. ShortName pulumi.StringInput }
The set of arguments for constructing a TagKey resource.
func (TagKeyArgs) ElementType ¶
func (TagKeyArgs) ElementType() reflect.Type
type TagKeyIamBinding ¶ added in v0.26.0
type TagKeyIamBinding struct { pulumi.CustomResourceState // An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details. Condition iam.ConditionPtrOutput `pulumi:"condition"` // The etag of the resource's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. Members pulumi.StringArrayOutput `pulumi:"members"` // The name of the resource to manage IAM policies for. Name pulumi.StringOutput `pulumi:"name"` // The project in which the resource belongs. If it is not provided, a default will be supplied. Project pulumi.StringOutput `pulumi:"project"` // Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Role pulumi.StringOutput `pulumi:"role"` }
Sets the access control policy on a TagKey, replacing any existing policy. The `resource` field should be the TagKey's resource name. For example, "tagKeys/1234". The caller must have `resourcemanager.tagKeys.setIamPolicy` permission on the identified tagValue.
func GetTagKeyIamBinding ¶ added in v0.26.0
func GetTagKeyIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TagKeyIamBindingState, opts ...pulumi.ResourceOption) (*TagKeyIamBinding, error)
GetTagKeyIamBinding gets an existing TagKeyIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewTagKeyIamBinding ¶ added in v0.26.0
func NewTagKeyIamBinding(ctx *pulumi.Context, name string, args *TagKeyIamBindingArgs, opts ...pulumi.ResourceOption) (*TagKeyIamBinding, error)
NewTagKeyIamBinding registers a new resource with the given unique name, arguments, and options.
func (*TagKeyIamBinding) ElementType ¶ added in v0.26.0
func (*TagKeyIamBinding) ElementType() reflect.Type
func (*TagKeyIamBinding) ToTagKeyIamBindingOutput ¶ added in v0.26.0
func (i *TagKeyIamBinding) ToTagKeyIamBindingOutput() TagKeyIamBindingOutput
func (*TagKeyIamBinding) ToTagKeyIamBindingOutputWithContext ¶ added in v0.26.0
func (i *TagKeyIamBinding) ToTagKeyIamBindingOutputWithContext(ctx context.Context) TagKeyIamBindingOutput
type TagKeyIamBindingArgs ¶ added in v0.26.0
type TagKeyIamBindingArgs struct { // An IAM Condition for a given binding. Condition iam.ConditionPtrInput // Identities that will be granted the privilege in role. Each entry can have one of the following values: // // * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. // * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Members pulumi.StringArrayInput // The name of the resource to manage IAM policies for. Name pulumi.StringInput // The role that should be applied. Only one `IamBinding` can be used per role. Role pulumi.StringInput }
The set of arguments for constructing a TagKeyIamBinding resource.
func (TagKeyIamBindingArgs) ElementType ¶ added in v0.26.0
func (TagKeyIamBindingArgs) ElementType() reflect.Type
type TagKeyIamBindingInput ¶ added in v0.26.0
type TagKeyIamBindingInput interface { pulumi.Input ToTagKeyIamBindingOutput() TagKeyIamBindingOutput ToTagKeyIamBindingOutputWithContext(ctx context.Context) TagKeyIamBindingOutput }
type TagKeyIamBindingOutput ¶ added in v0.26.0
type TagKeyIamBindingOutput struct{ *pulumi.OutputState }
func (TagKeyIamBindingOutput) Condition ¶ added in v0.26.0
func (o TagKeyIamBindingOutput) Condition() iam.ConditionPtrOutput
An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
func (TagKeyIamBindingOutput) ElementType ¶ added in v0.26.0
func (TagKeyIamBindingOutput) ElementType() reflect.Type
func (TagKeyIamBindingOutput) Etag ¶ added in v0.26.0
func (o TagKeyIamBindingOutput) Etag() pulumi.StringOutput
The etag of the resource's IAM policy.
func (TagKeyIamBindingOutput) Members ¶ added in v0.26.0
func (o TagKeyIamBindingOutput) Members() pulumi.StringArrayOutput
Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
func (TagKeyIamBindingOutput) Name ¶ added in v0.26.0
func (o TagKeyIamBindingOutput) Name() pulumi.StringOutput
The name of the resource to manage IAM policies for.
func (TagKeyIamBindingOutput) Project ¶ added in v0.26.0
func (o TagKeyIamBindingOutput) Project() pulumi.StringOutput
The project in which the resource belongs. If it is not provided, a default will be supplied.
func (TagKeyIamBindingOutput) Role ¶ added in v0.26.0
func (o TagKeyIamBindingOutput) Role() pulumi.StringOutput
Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
func (TagKeyIamBindingOutput) ToTagKeyIamBindingOutput ¶ added in v0.26.0
func (o TagKeyIamBindingOutput) ToTagKeyIamBindingOutput() TagKeyIamBindingOutput
func (TagKeyIamBindingOutput) ToTagKeyIamBindingOutputWithContext ¶ added in v0.26.0
func (o TagKeyIamBindingOutput) ToTagKeyIamBindingOutputWithContext(ctx context.Context) TagKeyIamBindingOutput
type TagKeyIamBindingState ¶ added in v0.26.0
type TagKeyIamBindingState struct { }
func (TagKeyIamBindingState) ElementType ¶ added in v0.26.0
func (TagKeyIamBindingState) ElementType() reflect.Type
type TagKeyIamMember ¶ added in v0.26.0
type TagKeyIamMember struct { pulumi.CustomResourceState // An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details. Condition iam.ConditionPtrOutput `pulumi:"condition"` // The etag of the resource's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. Member pulumi.StringOutput `pulumi:"member"` // The name of the resource to manage IAM policies for. Name pulumi.StringOutput `pulumi:"name"` // The project in which the resource belongs. If it is not provided, a default will be supplied. Project pulumi.StringOutput `pulumi:"project"` // Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Role pulumi.StringOutput `pulumi:"role"` }
Sets the access control policy on a TagKey, replacing any existing policy. The `resource` field should be the TagKey's resource name. For example, "tagKeys/1234". The caller must have `resourcemanager.tagKeys.setIamPolicy` permission on the identified tagValue.
func GetTagKeyIamMember ¶ added in v0.26.0
func GetTagKeyIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TagKeyIamMemberState, opts ...pulumi.ResourceOption) (*TagKeyIamMember, error)
GetTagKeyIamMember gets an existing TagKeyIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewTagKeyIamMember ¶ added in v0.26.0
func NewTagKeyIamMember(ctx *pulumi.Context, name string, args *TagKeyIamMemberArgs, opts ...pulumi.ResourceOption) (*TagKeyIamMember, error)
NewTagKeyIamMember registers a new resource with the given unique name, arguments, and options.
func (*TagKeyIamMember) ElementType ¶ added in v0.26.0
func (*TagKeyIamMember) ElementType() reflect.Type
func (*TagKeyIamMember) ToTagKeyIamMemberOutput ¶ added in v0.26.0
func (i *TagKeyIamMember) ToTagKeyIamMemberOutput() TagKeyIamMemberOutput
func (*TagKeyIamMember) ToTagKeyIamMemberOutputWithContext ¶ added in v0.26.0
func (i *TagKeyIamMember) ToTagKeyIamMemberOutputWithContext(ctx context.Context) TagKeyIamMemberOutput
type TagKeyIamMemberArgs ¶ added in v0.26.0
type TagKeyIamMemberArgs struct { // An IAM Condition for a given binding. Condition iam.ConditionPtrInput // Identity that will be granted the privilege in role. The entry can have one of the following values: // // * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. // * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringInput // The name of the resource to manage IAM policies for. Name pulumi.StringInput // The role that should be applied. Role pulumi.StringInput }
The set of arguments for constructing a TagKeyIamMember resource.
func (TagKeyIamMemberArgs) ElementType ¶ added in v0.26.0
func (TagKeyIamMemberArgs) ElementType() reflect.Type
type TagKeyIamMemberInput ¶ added in v0.26.0
type TagKeyIamMemberInput interface { pulumi.Input ToTagKeyIamMemberOutput() TagKeyIamMemberOutput ToTagKeyIamMemberOutputWithContext(ctx context.Context) TagKeyIamMemberOutput }
type TagKeyIamMemberOutput ¶ added in v0.26.0
type TagKeyIamMemberOutput struct{ *pulumi.OutputState }
func (TagKeyIamMemberOutput) Condition ¶ added in v0.26.0
func (o TagKeyIamMemberOutput) Condition() iam.ConditionPtrOutput
An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
func (TagKeyIamMemberOutput) ElementType ¶ added in v0.26.0
func (TagKeyIamMemberOutput) ElementType() reflect.Type
func (TagKeyIamMemberOutput) Etag ¶ added in v0.26.0
func (o TagKeyIamMemberOutput) Etag() pulumi.StringOutput
The etag of the resource's IAM policy.
func (TagKeyIamMemberOutput) Member ¶ added in v0.26.0
func (o TagKeyIamMemberOutput) Member() pulumi.StringOutput
Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
func (TagKeyIamMemberOutput) Name ¶ added in v0.26.0
func (o TagKeyIamMemberOutput) Name() pulumi.StringOutput
The name of the resource to manage IAM policies for.
func (TagKeyIamMemberOutput) Project ¶ added in v0.26.0
func (o TagKeyIamMemberOutput) Project() pulumi.StringOutput
The project in which the resource belongs. If it is not provided, a default will be supplied.
func (TagKeyIamMemberOutput) Role ¶ added in v0.26.0
func (o TagKeyIamMemberOutput) Role() pulumi.StringOutput
Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
func (TagKeyIamMemberOutput) ToTagKeyIamMemberOutput ¶ added in v0.26.0
func (o TagKeyIamMemberOutput) ToTagKeyIamMemberOutput() TagKeyIamMemberOutput
func (TagKeyIamMemberOutput) ToTagKeyIamMemberOutputWithContext ¶ added in v0.26.0
func (o TagKeyIamMemberOutput) ToTagKeyIamMemberOutputWithContext(ctx context.Context) TagKeyIamMemberOutput
type TagKeyIamMemberState ¶ added in v0.26.0
type TagKeyIamMemberState struct { }
func (TagKeyIamMemberState) ElementType ¶ added in v0.26.0
func (TagKeyIamMemberState) ElementType() reflect.Type
type TagKeyIamPolicy ¶
type TagKeyIamPolicy struct { pulumi.CustomResourceState // Specifies cloud audit logging configuration for this policy. AuditConfigs AuditConfigResponseArrayOutput `pulumi:"auditConfigs"` // Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. Bindings BindingResponseArrayOutput `pulumi:"bindings"` // `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. Etag pulumi.StringOutput `pulumi:"etag"` TagKeyId pulumi.StringOutput `pulumi:"tagKeyId"` // Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). Version pulumi.IntOutput `pulumi:"version"` }
Sets the access control policy on a TagKey, replacing any existing policy. The `resource` field should be the TagKey's resource name. For example, "tagKeys/1234". The caller must have `resourcemanager.tagKeys.setIamPolicy` permission on the identified tagValue. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.
func GetTagKeyIamPolicy ¶
func GetTagKeyIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TagKeyIamPolicyState, opts ...pulumi.ResourceOption) (*TagKeyIamPolicy, error)
GetTagKeyIamPolicy gets an existing TagKeyIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewTagKeyIamPolicy ¶
func NewTagKeyIamPolicy(ctx *pulumi.Context, name string, args *TagKeyIamPolicyArgs, opts ...pulumi.ResourceOption) (*TagKeyIamPolicy, error)
NewTagKeyIamPolicy registers a new resource with the given unique name, arguments, and options.
func (*TagKeyIamPolicy) ElementType ¶
func (*TagKeyIamPolicy) ElementType() reflect.Type
func (*TagKeyIamPolicy) ToTagKeyIamPolicyOutput ¶
func (i *TagKeyIamPolicy) ToTagKeyIamPolicyOutput() TagKeyIamPolicyOutput
func (*TagKeyIamPolicy) ToTagKeyIamPolicyOutputWithContext ¶
func (i *TagKeyIamPolicy) ToTagKeyIamPolicyOutputWithContext(ctx context.Context) TagKeyIamPolicyOutput
type TagKeyIamPolicyArgs ¶
type TagKeyIamPolicyArgs struct { // Specifies cloud audit logging configuration for this policy. AuditConfigs AuditConfigArrayInput // Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. Bindings BindingArrayInput // `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. Etag pulumi.StringPtrInput TagKeyId pulumi.StringInput // OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: "bindings, etag"` UpdateMask pulumi.StringPtrInput // Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). Version pulumi.IntPtrInput }
The set of arguments for constructing a TagKeyIamPolicy resource.
func (TagKeyIamPolicyArgs) ElementType ¶
func (TagKeyIamPolicyArgs) ElementType() reflect.Type
type TagKeyIamPolicyInput ¶
type TagKeyIamPolicyInput interface { pulumi.Input ToTagKeyIamPolicyOutput() TagKeyIamPolicyOutput ToTagKeyIamPolicyOutputWithContext(ctx context.Context) TagKeyIamPolicyOutput }
type TagKeyIamPolicyOutput ¶
type TagKeyIamPolicyOutput struct{ *pulumi.OutputState }
func (TagKeyIamPolicyOutput) AuditConfigs ¶ added in v0.19.0
func (o TagKeyIamPolicyOutput) AuditConfigs() AuditConfigResponseArrayOutput
Specifies cloud audit logging configuration for this policy.
func (TagKeyIamPolicyOutput) Bindings ¶ added in v0.19.0
func (o TagKeyIamPolicyOutput) Bindings() BindingResponseArrayOutput
Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
func (TagKeyIamPolicyOutput) ElementType ¶
func (TagKeyIamPolicyOutput) ElementType() reflect.Type
func (TagKeyIamPolicyOutput) Etag ¶ added in v0.19.0
func (o TagKeyIamPolicyOutput) Etag() pulumi.StringOutput
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
func (TagKeyIamPolicyOutput) TagKeyId ¶ added in v0.21.0
func (o TagKeyIamPolicyOutput) TagKeyId() pulumi.StringOutput
func (TagKeyIamPolicyOutput) ToTagKeyIamPolicyOutput ¶
func (o TagKeyIamPolicyOutput) ToTagKeyIamPolicyOutput() TagKeyIamPolicyOutput
func (TagKeyIamPolicyOutput) ToTagKeyIamPolicyOutputWithContext ¶
func (o TagKeyIamPolicyOutput) ToTagKeyIamPolicyOutputWithContext(ctx context.Context) TagKeyIamPolicyOutput
func (TagKeyIamPolicyOutput) Version ¶ added in v0.19.0
func (o TagKeyIamPolicyOutput) Version() pulumi.IntOutput
Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
type TagKeyIamPolicyState ¶
type TagKeyIamPolicyState struct { }
func (TagKeyIamPolicyState) ElementType ¶
func (TagKeyIamPolicyState) ElementType() reflect.Type
type TagKeyInput ¶
type TagKeyInput interface { pulumi.Input ToTagKeyOutput() TagKeyOutput ToTagKeyOutputWithContext(ctx context.Context) TagKeyOutput }
type TagKeyOutput ¶
type TagKeyOutput struct{ *pulumi.OutputState }
func (TagKeyOutput) CreateTime ¶ added in v0.19.0
func (o TagKeyOutput) CreateTime() pulumi.StringOutput
Creation time.
func (TagKeyOutput) Description ¶ added in v0.19.0
func (o TagKeyOutput) Description() pulumi.StringOutput
Optional. User-assigned description of the TagKey. Must not exceed 256 characters. Read-write.
func (TagKeyOutput) ElementType ¶
func (TagKeyOutput) ElementType() reflect.Type
func (TagKeyOutput) Etag ¶ added in v0.19.0
func (o TagKeyOutput) Etag() pulumi.StringOutput
Optional. Entity tag which users can pass to prevent race conditions. This field is always set in server responses. See UpdateTagKeyRequest for details.
func (TagKeyOutput) Name ¶ added in v0.19.0
func (o TagKeyOutput) Name() pulumi.StringOutput
Immutable. The resource name for a TagKey. Must be in the format `tagKeys/{tag_key_id}`, where `tag_key_id` is the generated numeric id for the TagKey.
func (TagKeyOutput) NamespacedName ¶ added in v0.19.0
func (o TagKeyOutput) NamespacedName() pulumi.StringOutput
Immutable. Namespaced name of the TagKey.
func (TagKeyOutput) Parent ¶ added in v0.19.0
func (o TagKeyOutput) Parent() pulumi.StringOutput
Immutable. The resource name of the TagKey's parent. A TagKey can be parented by an Organization or a Project. For a TagKey parented by an Organization, its parent must be in the form `organizations/{org_id}`. For a TagKey parented by a Project, its parent can be in the form `projects/{project_id}` or `projects/{project_number}`.
func (TagKeyOutput) Purpose ¶ added in v0.21.0
func (o TagKeyOutput) Purpose() pulumi.StringOutput
Optional. A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. A purpose does not grant a policy engine exclusive rights to the Tag, and it may be referenced by other policy engines. A purpose cannot be changed once set.
func (TagKeyOutput) PurposeData ¶ added in v0.21.0
func (o TagKeyOutput) PurposeData() pulumi.StringMapOutput
Optional. Purpose data corresponds to the policy system that the tag is intended for. See documentation for `Purpose` for formatting of this field. Purpose data cannot be changed once set.
func (TagKeyOutput) ShortName ¶ added in v0.19.0
func (o TagKeyOutput) ShortName() pulumi.StringOutput
Immutable. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between.
func (TagKeyOutput) ToTagKeyOutput ¶
func (o TagKeyOutput) ToTagKeyOutput() TagKeyOutput
func (TagKeyOutput) ToTagKeyOutputWithContext ¶
func (o TagKeyOutput) ToTagKeyOutputWithContext(ctx context.Context) TagKeyOutput
func (TagKeyOutput) UpdateTime ¶ added in v0.19.0
func (o TagKeyOutput) UpdateTime() pulumi.StringOutput
Update time.
type TagKeyPurpose ¶ added in v0.21.0
type TagKeyPurpose string
Optional. A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. A purpose does not grant a policy engine exclusive rights to the Tag, and it may be referenced by other policy engines. A purpose cannot be changed once set.
func (TagKeyPurpose) ElementType ¶ added in v0.21.0
func (TagKeyPurpose) ElementType() reflect.Type
func (TagKeyPurpose) ToStringOutput ¶ added in v0.21.0
func (e TagKeyPurpose) ToStringOutput() pulumi.StringOutput
func (TagKeyPurpose) ToStringOutputWithContext ¶ added in v0.21.0
func (e TagKeyPurpose) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput
func (TagKeyPurpose) ToStringPtrOutput ¶ added in v0.21.0
func (e TagKeyPurpose) ToStringPtrOutput() pulumi.StringPtrOutput
func (TagKeyPurpose) ToStringPtrOutputWithContext ¶ added in v0.21.0
func (e TagKeyPurpose) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput
func (TagKeyPurpose) ToTagKeyPurposeOutput ¶ added in v0.21.0
func (e TagKeyPurpose) ToTagKeyPurposeOutput() TagKeyPurposeOutput
func (TagKeyPurpose) ToTagKeyPurposeOutputWithContext ¶ added in v0.21.0
func (e TagKeyPurpose) ToTagKeyPurposeOutputWithContext(ctx context.Context) TagKeyPurposeOutput
func (TagKeyPurpose) ToTagKeyPurposePtrOutput ¶ added in v0.21.0
func (e TagKeyPurpose) ToTagKeyPurposePtrOutput() TagKeyPurposePtrOutput
func (TagKeyPurpose) ToTagKeyPurposePtrOutputWithContext ¶ added in v0.21.0
func (e TagKeyPurpose) ToTagKeyPurposePtrOutputWithContext(ctx context.Context) TagKeyPurposePtrOutput
type TagKeyPurposeInput ¶ added in v0.21.0
type TagKeyPurposeInput interface { pulumi.Input ToTagKeyPurposeOutput() TagKeyPurposeOutput ToTagKeyPurposeOutputWithContext(context.Context) TagKeyPurposeOutput }
TagKeyPurposeInput is an input type that accepts TagKeyPurposeArgs and TagKeyPurposeOutput values. You can construct a concrete instance of `TagKeyPurposeInput` via:
TagKeyPurposeArgs{...}
type TagKeyPurposeOutput ¶ added in v0.21.0
type TagKeyPurposeOutput struct{ *pulumi.OutputState }
func (TagKeyPurposeOutput) ElementType ¶ added in v0.21.0
func (TagKeyPurposeOutput) ElementType() reflect.Type
func (TagKeyPurposeOutput) ToStringOutput ¶ added in v0.21.0
func (o TagKeyPurposeOutput) ToStringOutput() pulumi.StringOutput
func (TagKeyPurposeOutput) ToStringOutputWithContext ¶ added in v0.21.0
func (o TagKeyPurposeOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput
func (TagKeyPurposeOutput) ToStringPtrOutput ¶ added in v0.21.0
func (o TagKeyPurposeOutput) ToStringPtrOutput() pulumi.StringPtrOutput
func (TagKeyPurposeOutput) ToStringPtrOutputWithContext ¶ added in v0.21.0
func (o TagKeyPurposeOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput
func (TagKeyPurposeOutput) ToTagKeyPurposeOutput ¶ added in v0.21.0
func (o TagKeyPurposeOutput) ToTagKeyPurposeOutput() TagKeyPurposeOutput
func (TagKeyPurposeOutput) ToTagKeyPurposeOutputWithContext ¶ added in v0.21.0
func (o TagKeyPurposeOutput) ToTagKeyPurposeOutputWithContext(ctx context.Context) TagKeyPurposeOutput
func (TagKeyPurposeOutput) ToTagKeyPurposePtrOutput ¶ added in v0.21.0
func (o TagKeyPurposeOutput) ToTagKeyPurposePtrOutput() TagKeyPurposePtrOutput
func (TagKeyPurposeOutput) ToTagKeyPurposePtrOutputWithContext ¶ added in v0.21.0
func (o TagKeyPurposeOutput) ToTagKeyPurposePtrOutputWithContext(ctx context.Context) TagKeyPurposePtrOutput
type TagKeyPurposePtrInput ¶ added in v0.21.0
type TagKeyPurposePtrInput interface { pulumi.Input ToTagKeyPurposePtrOutput() TagKeyPurposePtrOutput ToTagKeyPurposePtrOutputWithContext(context.Context) TagKeyPurposePtrOutput }
func TagKeyPurposePtr ¶ added in v0.21.0
func TagKeyPurposePtr(v string) TagKeyPurposePtrInput
type TagKeyPurposePtrOutput ¶ added in v0.21.0
type TagKeyPurposePtrOutput struct{ *pulumi.OutputState }
func (TagKeyPurposePtrOutput) Elem ¶ added in v0.21.0
func (o TagKeyPurposePtrOutput) Elem() TagKeyPurposeOutput
func (TagKeyPurposePtrOutput) ElementType ¶ added in v0.21.0
func (TagKeyPurposePtrOutput) ElementType() reflect.Type
func (TagKeyPurposePtrOutput) ToStringPtrOutput ¶ added in v0.21.0
func (o TagKeyPurposePtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput
func (TagKeyPurposePtrOutput) ToStringPtrOutputWithContext ¶ added in v0.21.0
func (o TagKeyPurposePtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput
func (TagKeyPurposePtrOutput) ToTagKeyPurposePtrOutput ¶ added in v0.21.0
func (o TagKeyPurposePtrOutput) ToTagKeyPurposePtrOutput() TagKeyPurposePtrOutput
func (TagKeyPurposePtrOutput) ToTagKeyPurposePtrOutputWithContext ¶ added in v0.21.0
func (o TagKeyPurposePtrOutput) ToTagKeyPurposePtrOutputWithContext(ctx context.Context) TagKeyPurposePtrOutput
type TagKeyState ¶
type TagKeyState struct { }
func (TagKeyState) ElementType ¶
func (TagKeyState) ElementType() reflect.Type
type TagValue ¶
type TagValue struct { pulumi.CustomResourceState // Creation time. CreateTime pulumi.StringOutput `pulumi:"createTime"` // Optional. User-assigned description of the TagValue. Must not exceed 256 characters. Read-write. Description pulumi.StringOutput `pulumi:"description"` // Optional. Entity tag which users can pass to prevent race conditions. This field is always set in server responses. See UpdateTagValueRequest for details. Etag pulumi.StringOutput `pulumi:"etag"` // Immutable. Resource name for TagValue in the format `tagValues/456`. Name pulumi.StringOutput `pulumi:"name"` // The namespaced name of the TagValue. Can be in the form `{organization_id}/{tag_key_short_name}/{tag_value_short_name}` or `{project_id}/{tag_key_short_name}/{tag_value_short_name}` or `{project_number}/{tag_key_short_name}/{tag_value_short_name}`. NamespacedName pulumi.StringOutput `pulumi:"namespacedName"` // Immutable. The resource name of the new TagValue's parent TagKey. Must be of the form `tagKeys/{tag_key_id}`. Parent pulumi.StringOutput `pulumi:"parent"` // Immutable. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. ShortName pulumi.StringOutput `pulumi:"shortName"` // Update time. UpdateTime pulumi.StringOutput `pulumi:"updateTime"` }
Creates a TagValue as a child of the specified TagKey. If a another request with the same parameters is sent while the original request is in process the second request will receive an error. A maximum of 1000 TagValues can exist under a TagKey at any given time.
func GetTagValue ¶
func GetTagValue(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TagValueState, opts ...pulumi.ResourceOption) (*TagValue, error)
GetTagValue gets an existing TagValue resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewTagValue ¶
func NewTagValue(ctx *pulumi.Context, name string, args *TagValueArgs, opts ...pulumi.ResourceOption) (*TagValue, error)
NewTagValue registers a new resource with the given unique name, arguments, and options.
func (*TagValue) ElementType ¶
func (*TagValue) ToTagValueOutput ¶
func (i *TagValue) ToTagValueOutput() TagValueOutput
func (*TagValue) ToTagValueOutputWithContext ¶
func (i *TagValue) ToTagValueOutputWithContext(ctx context.Context) TagValueOutput
type TagValueArgs ¶
type TagValueArgs struct { // Optional. User-assigned description of the TagValue. Must not exceed 256 characters. Read-write. Description pulumi.StringPtrInput // Optional. Entity tag which users can pass to prevent race conditions. This field is always set in server responses. See UpdateTagValueRequest for details. Etag pulumi.StringPtrInput // Immutable. Resource name for TagValue in the format `tagValues/456`. Name pulumi.StringPtrInput // Immutable. The resource name of the new TagValue's parent TagKey. Must be of the form `tagKeys/{tag_key_id}`. Parent pulumi.StringPtrInput // Immutable. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. ShortName pulumi.StringInput }
The set of arguments for constructing a TagValue resource.
func (TagValueArgs) ElementType ¶
func (TagValueArgs) ElementType() reflect.Type
type TagValueIamBinding ¶ added in v0.26.0
type TagValueIamBinding struct { pulumi.CustomResourceState // An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details. Condition iam.ConditionPtrOutput `pulumi:"condition"` // The etag of the resource's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. Members pulumi.StringArrayOutput `pulumi:"members"` // The name of the resource to manage IAM policies for. Name pulumi.StringOutput `pulumi:"name"` // The project in which the resource belongs. If it is not provided, a default will be supplied. Project pulumi.StringOutput `pulumi:"project"` // Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Role pulumi.StringOutput `pulumi:"role"` }
Sets the access control policy on a TagValue, replacing any existing policy. The `resource` field should be the TagValue's resource name. For example: `tagValues/1234`. The caller must have `resourcemanager.tagValues.setIamPolicy` permission on the identified tagValue.
func GetTagValueIamBinding ¶ added in v0.26.0
func GetTagValueIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TagValueIamBindingState, opts ...pulumi.ResourceOption) (*TagValueIamBinding, error)
GetTagValueIamBinding gets an existing TagValueIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewTagValueIamBinding ¶ added in v0.26.0
func NewTagValueIamBinding(ctx *pulumi.Context, name string, args *TagValueIamBindingArgs, opts ...pulumi.ResourceOption) (*TagValueIamBinding, error)
NewTagValueIamBinding registers a new resource with the given unique name, arguments, and options.
func (*TagValueIamBinding) ElementType ¶ added in v0.26.0
func (*TagValueIamBinding) ElementType() reflect.Type
func (*TagValueIamBinding) ToTagValueIamBindingOutput ¶ added in v0.26.0
func (i *TagValueIamBinding) ToTagValueIamBindingOutput() TagValueIamBindingOutput
func (*TagValueIamBinding) ToTagValueIamBindingOutputWithContext ¶ added in v0.26.0
func (i *TagValueIamBinding) ToTagValueIamBindingOutputWithContext(ctx context.Context) TagValueIamBindingOutput
type TagValueIamBindingArgs ¶ added in v0.26.0
type TagValueIamBindingArgs struct { // An IAM Condition for a given binding. Condition iam.ConditionPtrInput // Identities that will be granted the privilege in role. Each entry can have one of the following values: // // * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. // * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Members pulumi.StringArrayInput // The name of the resource to manage IAM policies for. Name pulumi.StringInput // The role that should be applied. Only one `IamBinding` can be used per role. Role pulumi.StringInput }
The set of arguments for constructing a TagValueIamBinding resource.
func (TagValueIamBindingArgs) ElementType ¶ added in v0.26.0
func (TagValueIamBindingArgs) ElementType() reflect.Type
type TagValueIamBindingInput ¶ added in v0.26.0
type TagValueIamBindingInput interface { pulumi.Input ToTagValueIamBindingOutput() TagValueIamBindingOutput ToTagValueIamBindingOutputWithContext(ctx context.Context) TagValueIamBindingOutput }
type TagValueIamBindingOutput ¶ added in v0.26.0
type TagValueIamBindingOutput struct{ *pulumi.OutputState }
func (TagValueIamBindingOutput) Condition ¶ added in v0.26.0
func (o TagValueIamBindingOutput) Condition() iam.ConditionPtrOutput
An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
func (TagValueIamBindingOutput) ElementType ¶ added in v0.26.0
func (TagValueIamBindingOutput) ElementType() reflect.Type
func (TagValueIamBindingOutput) Etag ¶ added in v0.26.0
func (o TagValueIamBindingOutput) Etag() pulumi.StringOutput
The etag of the resource's IAM policy.
func (TagValueIamBindingOutput) Members ¶ added in v0.26.0
func (o TagValueIamBindingOutput) Members() pulumi.StringArrayOutput
Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
func (TagValueIamBindingOutput) Name ¶ added in v0.26.0
func (o TagValueIamBindingOutput) Name() pulumi.StringOutput
The name of the resource to manage IAM policies for.
func (TagValueIamBindingOutput) Project ¶ added in v0.26.0
func (o TagValueIamBindingOutput) Project() pulumi.StringOutput
The project in which the resource belongs. If it is not provided, a default will be supplied.
func (TagValueIamBindingOutput) Role ¶ added in v0.26.0
func (o TagValueIamBindingOutput) Role() pulumi.StringOutput
Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
func (TagValueIamBindingOutput) ToTagValueIamBindingOutput ¶ added in v0.26.0
func (o TagValueIamBindingOutput) ToTagValueIamBindingOutput() TagValueIamBindingOutput
func (TagValueIamBindingOutput) ToTagValueIamBindingOutputWithContext ¶ added in v0.26.0
func (o TagValueIamBindingOutput) ToTagValueIamBindingOutputWithContext(ctx context.Context) TagValueIamBindingOutput
type TagValueIamBindingState ¶ added in v0.26.0
type TagValueIamBindingState struct { }
func (TagValueIamBindingState) ElementType ¶ added in v0.26.0
func (TagValueIamBindingState) ElementType() reflect.Type
type TagValueIamMember ¶ added in v0.26.0
type TagValueIamMember struct { pulumi.CustomResourceState // An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details. Condition iam.ConditionPtrOutput `pulumi:"condition"` // The etag of the resource's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. Member pulumi.StringOutput `pulumi:"member"` // The name of the resource to manage IAM policies for. Name pulumi.StringOutput `pulumi:"name"` // The project in which the resource belongs. If it is not provided, a default will be supplied. Project pulumi.StringOutput `pulumi:"project"` // Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. Role pulumi.StringOutput `pulumi:"role"` }
Sets the access control policy on a TagValue, replacing any existing policy. The `resource` field should be the TagValue's resource name. For example: `tagValues/1234`. The caller must have `resourcemanager.tagValues.setIamPolicy` permission on the identified tagValue.
func GetTagValueIamMember ¶ added in v0.26.0
func GetTagValueIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TagValueIamMemberState, opts ...pulumi.ResourceOption) (*TagValueIamMember, error)
GetTagValueIamMember gets an existing TagValueIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewTagValueIamMember ¶ added in v0.26.0
func NewTagValueIamMember(ctx *pulumi.Context, name string, args *TagValueIamMemberArgs, opts ...pulumi.ResourceOption) (*TagValueIamMember, error)
NewTagValueIamMember registers a new resource with the given unique name, arguments, and options.
func (*TagValueIamMember) ElementType ¶ added in v0.26.0
func (*TagValueIamMember) ElementType() reflect.Type
func (*TagValueIamMember) ToTagValueIamMemberOutput ¶ added in v0.26.0
func (i *TagValueIamMember) ToTagValueIamMemberOutput() TagValueIamMemberOutput
func (*TagValueIamMember) ToTagValueIamMemberOutputWithContext ¶ added in v0.26.0
func (i *TagValueIamMember) ToTagValueIamMemberOutputWithContext(ctx context.Context) TagValueIamMemberOutput
type TagValueIamMemberArgs ¶ added in v0.26.0
type TagValueIamMemberArgs struct { // An IAM Condition for a given binding. Condition iam.ConditionPtrInput // Identity that will be granted the privilege in role. The entry can have one of the following values: // // * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. // * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringInput // The name of the resource to manage IAM policies for. Name pulumi.StringInput // The role that should be applied. Role pulumi.StringInput }
The set of arguments for constructing a TagValueIamMember resource.
func (TagValueIamMemberArgs) ElementType ¶ added in v0.26.0
func (TagValueIamMemberArgs) ElementType() reflect.Type
type TagValueIamMemberInput ¶ added in v0.26.0
type TagValueIamMemberInput interface { pulumi.Input ToTagValueIamMemberOutput() TagValueIamMemberOutput ToTagValueIamMemberOutputWithContext(ctx context.Context) TagValueIamMemberOutput }
type TagValueIamMemberOutput ¶ added in v0.26.0
type TagValueIamMemberOutput struct{ *pulumi.OutputState }
func (TagValueIamMemberOutput) Condition ¶ added in v0.26.0
func (o TagValueIamMemberOutput) Condition() iam.ConditionPtrOutput
An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
func (TagValueIamMemberOutput) ElementType ¶ added in v0.26.0
func (TagValueIamMemberOutput) ElementType() reflect.Type
func (TagValueIamMemberOutput) Etag ¶ added in v0.26.0
func (o TagValueIamMemberOutput) Etag() pulumi.StringOutput
The etag of the resource's IAM policy.
func (TagValueIamMemberOutput) Member ¶ added in v0.26.0
func (o TagValueIamMemberOutput) Member() pulumi.StringOutput
Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
func (TagValueIamMemberOutput) Name ¶ added in v0.26.0
func (o TagValueIamMemberOutput) Name() pulumi.StringOutput
The name of the resource to manage IAM policies for.
func (TagValueIamMemberOutput) Project ¶ added in v0.26.0
func (o TagValueIamMemberOutput) Project() pulumi.StringOutput
The project in which the resource belongs. If it is not provided, a default will be supplied.
func (TagValueIamMemberOutput) Role ¶ added in v0.26.0
func (o TagValueIamMemberOutput) Role() pulumi.StringOutput
Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
func (TagValueIamMemberOutput) ToTagValueIamMemberOutput ¶ added in v0.26.0
func (o TagValueIamMemberOutput) ToTagValueIamMemberOutput() TagValueIamMemberOutput
func (TagValueIamMemberOutput) ToTagValueIamMemberOutputWithContext ¶ added in v0.26.0
func (o TagValueIamMemberOutput) ToTagValueIamMemberOutputWithContext(ctx context.Context) TagValueIamMemberOutput
type TagValueIamMemberState ¶ added in v0.26.0
type TagValueIamMemberState struct { }
func (TagValueIamMemberState) ElementType ¶ added in v0.26.0
func (TagValueIamMemberState) ElementType() reflect.Type
type TagValueIamPolicy ¶
type TagValueIamPolicy struct { pulumi.CustomResourceState // Specifies cloud audit logging configuration for this policy. AuditConfigs AuditConfigResponseArrayOutput `pulumi:"auditConfigs"` // Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. Bindings BindingResponseArrayOutput `pulumi:"bindings"` // `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. Etag pulumi.StringOutput `pulumi:"etag"` TagValueId pulumi.StringOutput `pulumi:"tagValueId"` // Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). Version pulumi.IntOutput `pulumi:"version"` }
Sets the access control policy on a TagValue, replacing any existing policy. The `resource` field should be the TagValue's resource name. For example: `tagValues/1234`. The caller must have `resourcemanager.tagValues.setIamPolicy` permission on the identified tagValue. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.
func GetTagValueIamPolicy ¶
func GetTagValueIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TagValueIamPolicyState, opts ...pulumi.ResourceOption) (*TagValueIamPolicy, error)
GetTagValueIamPolicy gets an existing TagValueIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewTagValueIamPolicy ¶
func NewTagValueIamPolicy(ctx *pulumi.Context, name string, args *TagValueIamPolicyArgs, opts ...pulumi.ResourceOption) (*TagValueIamPolicy, error)
NewTagValueIamPolicy registers a new resource with the given unique name, arguments, and options.
func (*TagValueIamPolicy) ElementType ¶
func (*TagValueIamPolicy) ElementType() reflect.Type
func (*TagValueIamPolicy) ToTagValueIamPolicyOutput ¶
func (i *TagValueIamPolicy) ToTagValueIamPolicyOutput() TagValueIamPolicyOutput
func (*TagValueIamPolicy) ToTagValueIamPolicyOutputWithContext ¶
func (i *TagValueIamPolicy) ToTagValueIamPolicyOutputWithContext(ctx context.Context) TagValueIamPolicyOutput
type TagValueIamPolicyArgs ¶
type TagValueIamPolicyArgs struct { // Specifies cloud audit logging configuration for this policy. AuditConfigs AuditConfigArrayInput // Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. Bindings BindingArrayInput // `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. Etag pulumi.StringPtrInput TagValueId pulumi.StringInput // OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: "bindings, etag"` UpdateMask pulumi.StringPtrInput // Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). Version pulumi.IntPtrInput }
The set of arguments for constructing a TagValueIamPolicy resource.
func (TagValueIamPolicyArgs) ElementType ¶
func (TagValueIamPolicyArgs) ElementType() reflect.Type
type TagValueIamPolicyInput ¶
type TagValueIamPolicyInput interface { pulumi.Input ToTagValueIamPolicyOutput() TagValueIamPolicyOutput ToTagValueIamPolicyOutputWithContext(ctx context.Context) TagValueIamPolicyOutput }
type TagValueIamPolicyOutput ¶
type TagValueIamPolicyOutput struct{ *pulumi.OutputState }
func (TagValueIamPolicyOutput) AuditConfigs ¶ added in v0.19.0
func (o TagValueIamPolicyOutput) AuditConfigs() AuditConfigResponseArrayOutput
Specifies cloud audit logging configuration for this policy.
func (TagValueIamPolicyOutput) Bindings ¶ added in v0.19.0
func (o TagValueIamPolicyOutput) Bindings() BindingResponseArrayOutput
Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
func (TagValueIamPolicyOutput) ElementType ¶
func (TagValueIamPolicyOutput) ElementType() reflect.Type
func (TagValueIamPolicyOutput) Etag ¶ added in v0.19.0
func (o TagValueIamPolicyOutput) Etag() pulumi.StringOutput
`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
func (TagValueIamPolicyOutput) TagValueId ¶ added in v0.21.0
func (o TagValueIamPolicyOutput) TagValueId() pulumi.StringOutput
func (TagValueIamPolicyOutput) ToTagValueIamPolicyOutput ¶
func (o TagValueIamPolicyOutput) ToTagValueIamPolicyOutput() TagValueIamPolicyOutput
func (TagValueIamPolicyOutput) ToTagValueIamPolicyOutputWithContext ¶
func (o TagValueIamPolicyOutput) ToTagValueIamPolicyOutputWithContext(ctx context.Context) TagValueIamPolicyOutput
func (TagValueIamPolicyOutput) Version ¶ added in v0.19.0
func (o TagValueIamPolicyOutput) Version() pulumi.IntOutput
Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
type TagValueIamPolicyState ¶
type TagValueIamPolicyState struct { }
func (TagValueIamPolicyState) ElementType ¶
func (TagValueIamPolicyState) ElementType() reflect.Type
type TagValueInput ¶
type TagValueInput interface { pulumi.Input ToTagValueOutput() TagValueOutput ToTagValueOutputWithContext(ctx context.Context) TagValueOutput }
type TagValueOutput ¶
type TagValueOutput struct{ *pulumi.OutputState }
func (TagValueOutput) CreateTime ¶ added in v0.19.0
func (o TagValueOutput) CreateTime() pulumi.StringOutput
Creation time.
func (TagValueOutput) Description ¶ added in v0.19.0
func (o TagValueOutput) Description() pulumi.StringOutput
Optional. User-assigned description of the TagValue. Must not exceed 256 characters. Read-write.
func (TagValueOutput) ElementType ¶
func (TagValueOutput) ElementType() reflect.Type
func (TagValueOutput) Etag ¶ added in v0.19.0
func (o TagValueOutput) Etag() pulumi.StringOutput
Optional. Entity tag which users can pass to prevent race conditions. This field is always set in server responses. See UpdateTagValueRequest for details.
func (TagValueOutput) Name ¶ added in v0.19.0
func (o TagValueOutput) Name() pulumi.StringOutput
Immutable. Resource name for TagValue in the format `tagValues/456`.
func (TagValueOutput) NamespacedName ¶ added in v0.19.0
func (o TagValueOutput) NamespacedName() pulumi.StringOutput
The namespaced name of the TagValue. Can be in the form `{organization_id}/{tag_key_short_name}/{tag_value_short_name}` or `{project_id}/{tag_key_short_name}/{tag_value_short_name}` or `{project_number}/{tag_key_short_name}/{tag_value_short_name}`.
func (TagValueOutput) Parent ¶ added in v0.19.0
func (o TagValueOutput) Parent() pulumi.StringOutput
Immutable. The resource name of the new TagValue's parent TagKey. Must be of the form `tagKeys/{tag_key_id}`.
func (TagValueOutput) ShortName ¶ added in v0.19.0
func (o TagValueOutput) ShortName() pulumi.StringOutput
Immutable. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between.
func (TagValueOutput) ToTagValueOutput ¶
func (o TagValueOutput) ToTagValueOutput() TagValueOutput
func (TagValueOutput) ToTagValueOutputWithContext ¶
func (o TagValueOutput) ToTagValueOutputWithContext(ctx context.Context) TagValueOutput
func (TagValueOutput) UpdateTime ¶ added in v0.19.0
func (o TagValueOutput) UpdateTime() pulumi.StringOutput
Update time.
type TagValueState ¶
type TagValueState struct { }
func (TagValueState) ElementType ¶
func (TagValueState) ElementType() reflect.Type
Source Files ¶
- folder.go
- folderIamBinding.go
- folderIamMember.go
- folderIamPolicy.go
- getFolder.go
- getFolderIamPolicy.go
- getLien.go
- getOrganizationIamPolicy.go
- getProject.go
- getProjectIamPolicy.go
- getTagKey.go
- getTagKeyIamPolicy.go
- getTagValue.go
- getTagValueIamPolicy.go
- init.go
- lien.go
- organizationIamBinding.go
- organizationIamMember.go
- organizationIamPolicy.go
- project.go
- projectIamBinding.go
- projectIamMember.go
- projectIamPolicy.go
- pulumiEnums.go
- pulumiTypes.go
- tagKey.go
- tagKeyIamBinding.go
- tagKeyIamMember.go
- tagKeyIamPolicy.go
- tagValue.go
- tagValueIamBinding.go
- tagValueIamMember.go
- tagValueIamPolicy.go